Web Api .NET4.7:XSRF保护

时间:2018-11-07 12:59:15

标签: c# owin csrf-protection

我正在尝试实施防伪系统,但我无法弄清楚。

我在网上看到的大多数示例都是针对MVC或.NET Core的。

我的项目是一个简单的WebApi,目标是4.7,由Angular 5应用程序使用。我正在使用Owin进行启动配置:

using System.Configuration;
using BEL.Services.API.Infrastructure.Bootstrap;
using BEL.Services.API.Infrastructure.Bootstrap.Config;
using Microsoft.Owin;
using Owin;

[assembly: OwinStartup(typeof(Startup), "Configuration")]
namespace BEL.Services.API.Infrastructure.Bootstrap
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            AutofacConfig.ConfigureAutofac(app);
            WebApiConfig.ConfigureWebApi(app);
            MapperConfig.ConfigureAutoMapper(app);
            MigrationConfig.ConfigureMigrations(app);
        }
    }
}

我很确定魔术必须在ConfigureWebApi方法中发生:

namespace BEL.Services.API.Infrastructure.Bootstrap.Config
{
    using System.Configuration;
    using System.Web.Http;
    using System.Web.Http.Cors;
    using System.Web.Http.ExceptionHandling;
    using BEL.Services.API.Infrastructure.ErrorHandling;
    using BEL.Services.API.Infrastructure.Serialization;
    using Microsoft.Owin.Extensions;
    using Owin;
    using Swashbuckle.Application;

    internal static class WebApiConfig
    {
        internal static void ConfigureWebApi(IAppBuilder app)
        {
            var config = new HttpConfiguration();

            //// Enable Attribute based routing
            config.MapHttpAttributeRoutes();

            config.Services.Add(typeof(IExceptionLogger), new UnhandledExceptionLogger());

            // Configure JSON.NET
            config.Formatters.XmlFormatter.UseXmlSerializer = true;
            config.Formatters.JsonFormatter.SerializerSettings = JsonHelper.DefaultJsonSerializerSettings;

            var cors = new EnableCorsAttribute("*", "*", "*") { SupportsCredentials = true };
            config.EnableCors(cors);

            config.MessageHandlers.Add(new CorsPostHandler());

            app.UseAutofacWebApi(config);

            app.Map("", inner =>
            {
                // Configure Web API
                inner.UseWebApi(config);

                // Needed to fix some IIS issues
                inner.UseStageMarker(PipelineStage.MapHandler);
            });
        }
    }
}

任何示例或帮助都会有所帮助

0 个答案:

没有答案