/// <summary> /// Adds the "Strict-Transport-Security" (STS) header with the given option to the response. /// </summary> /// <param name="builder">The IAppBuilder instance.</param> /// <param name="options">The Strict-Transport-Security options.</param> /// <returns>The IAppBuilder instance.</returns> public static IAppBuilder StrictTransportSecurity(this IAppBuilder builder, StrictTransportSecurityOptions options) { builder.MustNotNull("builder"); options.MustNotNull("options"); builder.UseOwin().StrictTransportSecurity(options); return(builder); }
public static HttpClient Create(StrictTransportSecurityOptions strictTransportSecurityOptions) { return(TestServer.Create(builder => { builder.UseOwin().StrictTransportSecurity(strictTransportSecurityOptions); builder.Use((context, next) => { context.Response.StatusCode = 200; context.Response.ReasonPhrase = "OK"; return Task.FromResult(0); }); }).HttpClient); }
public void Examples() { IAppBuilder appbuilder = null; BuildFunc buildFunc = null; // Remark: 31536000 = 1 year in seconds // Add Strict-Transport-Security: max-age=31536000;includeSubDomains buildFunc.StrictTransportSecurity(); appbuilder.StrictTransportSecurity(); // Add Strict-Transport-Security with the configured settings var config = new StrictTransportSecurityOptions { IncludeSubDomains = true, MaxAge = 31536000, RedirectToSecureTransport = true, RedirectUriBuilder = uri => "", // Only do this, when you want to replace the default behavior (from http to https). RedirectReasonPhrase = statusCode => "ResonPhrase" }; buildFunc.StrictTransportSecurity(config); appbuilder.StrictTransportSecurity(config); }
/// <summary> /// Adds the "Strict-Transport-Security" (STS) header with the given option to the response. /// </summary> /// <param name="builder">The IAppBuilder instance.</param> /// <param name="options">The Strict-Transport-Security options.</param> /// <returns>The IAppBuilder instance.</returns> public static IAppBuilder StrictTransportSecurity(this IAppBuilder builder, StrictTransportSecurityOptions options) { builder.MustNotNull("builder"); options.MustNotNull("options"); builder.UseOwin().StrictTransportSecurity(options); return builder; }
public void ConfigurePortal(IAppBuilder app) { var host = new PortalHostingEnvironment(); var webAppSettings = WebAppSettings.Instance; // For cache we create one subscription per instance of web app, that's why we use instance id as the subscription name. var cacheEventHubJobSettings = new EventHubJobSettings(webAppSettings.InstanceId, EventHubSubscriptionType.CacheSubscription); // For search we create one subscription per webapp, that's why we use site name as the subscription name. var searchEventHubJobSettings = new EventHubJobSettings(webAppSettings.SiteName, EventHubSubscriptionType.SearchSubscription); var requireSslOptions = new RequireSslOptions(webAppSettings); var warmupCacheSettings = new WarmupCacheSettings(); app.ConfigureApplicationLifecycleEvents(); app.UseETWMiddleware(); app.UseRequireSsl(requireSslOptions); app.UseAppInfo(); app.UseHealth(); app.UseScaleOutTelemetry(); app.UseRequestTelemetry(SetupConfig.IsPortalConfigured); app.UseApplicationRestartPluginMessage(new PluginMessageOptions()); app.UsePortalBus <ApplicationRestartPortalBusMessage>(webAppSettings, cacheEventHubJobSettings); app.UsePortalBus <CacheInvalidationPortalBusMessage>(webAppSettings, cacheEventHubJobSettings); app.CreatePerOwinContext <RequestElapsedTimeContext>(RequestElapsedTimeContext.Create); if (!SetupConfig.InitialSetupIsRunning() && !SetupConfig.ProvisioningInProgress()) { using (PerformanceProfiler.Instance.StartMarker(PerformanceMarkerName.Startup, PerformanceMarkerArea.Crm, PerformanceMarkerTagName.StartUpConfiguration)) { // indepdendent components app.CreatePerOwinContext(ApplicationDbContext.Create); var portalSolutions = app.ConfigurePortalSolutionsDetails(ApplicationDbContext.Create()); app.CreatePerOwinContext <ApplicationOrganizationManager>(ApplicationOrganizationManager.Create); app.CreatePerOwinContext <ApplicationWebsiteManager>(ApplicationWebsiteManager.Create); app.CreatePerOwinContext <CrmWebsite>((options, context) => ApplicationWebsite.Create(options, context, host)); // Set the culture for this request. app.UseCurrentThreadCulture(); ApplicationWebsiteManager websiteManager; try { var settings = new CrmEntityStoreSettings { PortalSolutions = portalSolutions }; websiteManager = ApplicationWebsiteManager.Create(ApplicationDbContext.Create(), settings); } catch { //We need to unload app domain in order to reinitialize owin during next request TelemetryState.ApplicationEndInfo = ApplicationEndFlags.Configuration; Adxstudio.Xrm.Web.Extensions.RestartWebApplication(); return; } var website = websiteManager.Find(HttpContext.Current.Request.RequestContext, host); var hstsOptions = new StrictTransportSecurityOptions(website); // components that depend on the website app.UpdatePrimaryDomainName(websiteManager, website, portalSolutions); app.ConfigureDisplayModes(website); app.UseWebsiteHeaderSettings(website); app.UseStrictTransportSecuritySettings(hstsOptions); app.ConfigureSearchProvider(website); var contentMapProvider = app.ConfigureContentMap(ApplicationDbContext.Create, website, cacheEventHubJobSettings, portalSolutions); // configure user dependencies this.ConfigureAuth(app, website); // components that depend on the user app.CreatePerOwinContext <ContextLanguageInfo>(ContextLanguageInfo.Create); // Complete the authentication stage prior to invoking page handler app.UseStageMarker(PipelineStage.Authenticate); // components that depend on content map app.ConfigureCulture(website, contentMapProvider, BundleTable.Bundles, BundleConfig.RegisterLanguageSpecificBundles); // tail end components app.ConfigureEventHubCacheInvalidation(website.Id, ApplicationDbContext.Create, cacheEventHubJobSettings, searchEventHubJobSettings, new CacheInvalidationJobSettings(webAppSettings)); app.WarmupCache(ApplicationDbContext.Create, warmupCacheSettings); app.StartupComplete(); } } }