[Security] Move to GenericHost (#24282)
This commit is contained in:
Kahbazi
GitHub
parent
780d527f0b
commit
6097145096
|
|
@ -1,26 +1,30 @@
|
||||||
using Microsoft.AspNetCore;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.AspNetCore.Server.Kestrel.Https;
|
using Microsoft.AspNetCore.Server.Kestrel.Https;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
|
|
||||||
namespace Certificate.Sample
|
namespace Certificate.Sample
|
||||||
{
|
{
|
||||||
public class Program
|
public class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
BuildWebHost(args).Run();
|
var host = Host.CreateDefaultBuilder(args)
|
||||||
}
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
|
||||||
public static IWebHost BuildWebHost(string[] args)
|
|
||||||
=> WebHost.CreateDefaultBuilder(args)
|
|
||||||
.UseStartup<Startup>()
|
|
||||||
.ConfigureKestrel(options =>
|
|
||||||
{
|
|
||||||
options.ConfigureHttpsDefaults(opt =>
|
|
||||||
{
|
{
|
||||||
opt.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
|
webHostBuilder
|
||||||
});
|
.UseStartup<Startup>()
|
||||||
})
|
.ConfigureKestrel(options =>
|
||||||
.Build();
|
{
|
||||||
|
options.ConfigureHttpsDefaults(opt =>
|
||||||
|
{
|
||||||
|
opt.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
return host.RunAsync();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,26 +1,32 @@
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
|
|
||||||
namespace CookieSample
|
namespace CookieSample
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = new WebHostBuilder()
|
var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseKestrel()
|
||||||
|
.UseContentRoot(Directory.GetCurrentDirectory())
|
||||||
|
.UseIISIntegration()
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.ConfigureLogging(factory =>
|
.ConfigureLogging(factory =>
|
||||||
{
|
{
|
||||||
factory.AddConsole();
|
factory.AddConsole();
|
||||||
factory.AddFilter("Console", level => level >= LogLevel.Information);
|
factory.AddFilter("Console", level => level >= LogLevel.Information);
|
||||||
})
|
})
|
||||||
.UseKestrel()
|
|
||||||
.UseContentRoot(Directory.GetCurrentDirectory())
|
|
||||||
.UseIISIntegration()
|
|
||||||
.UseStartup<Startup>()
|
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,26 +1,32 @@
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
|
|
||||||
namespace CookieSessionSample
|
namespace CookieSessionSample
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = new WebHostBuilder()
|
var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseKestrel()
|
||||||
|
.UseContentRoot(Directory.GetCurrentDirectory())
|
||||||
|
.UseIISIntegration()
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.ConfigureLogging(factory =>
|
.ConfigureLogging(factory =>
|
||||||
{
|
{
|
||||||
factory.AddConsole();
|
factory.AddConsole();
|
||||||
factory.AddFilter("Console", level => level >= LogLevel.Information);
|
factory.AddFilter("Console", level => level >= LogLevel.Information);
|
||||||
})
|
})
|
||||||
.UseKestrel()
|
|
||||||
.UseContentRoot(Directory.GetCurrentDirectory())
|
|
||||||
.UseIISIntegration()
|
|
||||||
.UseStartup<Startup>()
|
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
using Microsoft.AspNetCore;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.Extensions.Hosting;
|
using Microsoft.Extensions.Hosting;
|
||||||
|
|
||||||
|
|
@ -6,13 +6,17 @@ namespace JwtBearerSample
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = WebHost.CreateDefaultBuilder(args)
|
var host = Host.CreateDefaultBuilder(args)
|
||||||
.UseStartup<Startup>()
|
.ConfigureWebHostDefaults(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,22 @@
|
||||||
using Microsoft.AspNetCore;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
|
|
||||||
namespace OpenIdConnect.AzureAdSample
|
namespace OpenIdConnect.AzureAdSample
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = WebHost.CreateDefaultBuilder(args)
|
var host = Host.CreateDefaultBuilder(args)
|
||||||
.UseStartup<Startup>()
|
.ConfigureWebHostDefaults(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,23 @@
|
||||||
|
|
||||||
using Microsoft.AspNetCore;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
|
|
||||||
namespace OpenIdConnectSample
|
namespace OpenIdConnectSample
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = WebHost.CreateDefaultBuilder(args)
|
var host = Host.CreateDefaultBuilder(args)
|
||||||
.UseStartup<Startup>()
|
.ConfigureWebHostDefaults(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,24 +1,36 @@
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
|
||||||
using System.Net;
|
using System.Net;
|
||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore;
|
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.Extensions.Configuration;
|
|
||||||
using Microsoft.Extensions.FileProviders;
|
using Microsoft.Extensions.FileProviders;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
|
|
||||||
namespace WsFedSample
|
namespace WsFedSample
|
||||||
{
|
{
|
||||||
public class Program
|
public class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = new WebHostBuilder()
|
var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseKestrel(options =>
|
||||||
|
{
|
||||||
|
options.Listen(IPAddress.Loopback, 44307, listenOptions =>
|
||||||
|
{
|
||||||
|
// Configure SSL
|
||||||
|
var serverCertificate = LoadCertificate();
|
||||||
|
listenOptions.UseHttps(serverCertificate);
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseContentRoot(Directory.GetCurrentDirectory())
|
||||||
|
.UseIISIntegration()
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.ConfigureLogging(factory =>
|
.ConfigureLogging(factory =>
|
||||||
{
|
{
|
||||||
factory.AddConsole();
|
factory.AddConsole();
|
||||||
|
|
@ -26,21 +38,9 @@ namespace WsFedSample
|
||||||
factory.AddFilter("Console", level => level >= LogLevel.Information);
|
factory.AddFilter("Console", level => level >= LogLevel.Information);
|
||||||
factory.AddFilter("Debug", level => level >= LogLevel.Information);
|
factory.AddFilter("Debug", level => level >= LogLevel.Information);
|
||||||
})
|
})
|
||||||
.UseKestrel(options =>
|
|
||||||
{
|
|
||||||
options.Listen(IPAddress.Loopback, 44307, listenOptions =>
|
|
||||||
{
|
|
||||||
// Configure SSL
|
|
||||||
var serverCertificate = LoadCertificate();
|
|
||||||
listenOptions.UseHttps(serverCertificate);
|
|
||||||
});
|
|
||||||
})
|
|
||||||
.UseContentRoot(Directory.GetCurrentDirectory())
|
|
||||||
.UseIISIntegration()
|
|
||||||
.UseStartup<Startup>()
|
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static X509Certificate2 LoadCertificate()
|
private static X509Certificate2 LoadCertificate()
|
||||||
|
|
|
||||||
|
|
@ -437,7 +437,22 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task MetadataAddressIsGeneratedFromAuthorityWhenMissing()
|
public async Task MetadataAddressIsGeneratedFromAuthorityWhenMissing()
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.Configure(app =>
|
||||||
|
{
|
||||||
|
app.UseAuthentication();
|
||||||
|
app.Run(async context =>
|
||||||
|
{
|
||||||
|
var resolver = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
|
||||||
|
var handler = await resolver.GetHandlerAsync(context, OpenIdConnectDefaults.AuthenticationScheme) as OpenIdConnectHandler;
|
||||||
|
Assert.Equal($"{TestServerBuilder.DefaultAuthority}/.well-known/openid-configuration", handler.Options.MetadataAddress);
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
.ConfigureServices(services =>
|
.ConfigureServices(services =>
|
||||||
{
|
{
|
||||||
services.AddAuthentication()
|
services.AddAuthentication()
|
||||||
|
|
@ -449,17 +464,11 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
|
||||||
o.SignInScheme = Guid.NewGuid().ToString();
|
o.SignInScheme = Guid.NewGuid().ToString();
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
.Configure(app =>
|
.Build();
|
||||||
{
|
|
||||||
app.UseAuthentication();
|
var server = host.GetTestServer();
|
||||||
app.Run(async context =>
|
|
||||||
{
|
await host.StartAsync();
|
||||||
var resolver = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
|
|
||||||
var handler = await resolver.GetHandlerAsync(context, OpenIdConnectDefaults.AuthenticationScheme) as OpenIdConnectHandler;
|
|
||||||
Assert.Equal($"{TestServerBuilder.DefaultAuthority}/.well-known/openid-configuration", handler.Options.MetadataAddress);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
var server = new TestServer(builder);
|
|
||||||
var transaction = await server.SendAsync(@"https://example.com");
|
var transaction = await server.SendAsync(@"https://example.com");
|
||||||
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
|
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.TestHost;
|
using Microsoft.AspNetCore.TestHost;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Xunit;
|
using Xunit;
|
||||||
|
|
||||||
namespace Microsoft.AspNetCore.Authentication
|
namespace Microsoft.AspNetCore.Authentication
|
||||||
|
|
@ -17,7 +18,7 @@ namespace Microsoft.AspNetCore.Authentication
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CanDispatch()
|
public async Task CanDispatch()
|
||||||
{
|
{
|
||||||
var server = CreateServer(services =>
|
using var server = await CreateServer(services =>
|
||||||
{
|
{
|
||||||
services.AddLogging().AddAuthentication(o =>
|
services.AddLogging().AddAuthentication(o =>
|
||||||
{
|
{
|
||||||
|
|
@ -333,7 +334,7 @@ namespace Microsoft.AspNetCore.Authentication
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CanDynamicTargetBasedOnQueryString()
|
public async Task CanDynamicTargetBasedOnQueryString()
|
||||||
{
|
{
|
||||||
var server = CreateServer(services =>
|
using var server = await CreateServer(services =>
|
||||||
{
|
{
|
||||||
services.AddAuthentication(o =>
|
services.AddAuthentication(o =>
|
||||||
{
|
{
|
||||||
|
|
@ -455,33 +456,44 @@ namespace Microsoft.AspNetCore.Authentication
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static TestServer CreateServer(Action<IServiceCollection> configure = null, string defaultScheme = null)
|
private static async Task<TestServer> CreateServer(Action<IServiceCollection> configure = null, string defaultScheme = null)
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
var host = new HostBuilder()
|
||||||
.Configure(app =>
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
{
|
{
|
||||||
app.UseAuthentication();
|
webHostBuilder
|
||||||
app.Use(async (context, next) =>
|
.Configure(app =>
|
||||||
{
|
|
||||||
var req = context.Request;
|
|
||||||
var res = context.Response;
|
|
||||||
if (req.Path.StartsWithSegments(new PathString("/auth"), out var remainder))
|
|
||||||
{
|
{
|
||||||
var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
|
app.UseAuthentication();
|
||||||
var result = await context.AuthenticateAsync(name);
|
app.Use(async (context, next) =>
|
||||||
await res.DescribeAsync(result?.Ticket?.Principal);
|
{
|
||||||
}
|
var req = context.Request;
|
||||||
else
|
var res = context.Response;
|
||||||
{
|
if (req.Path.StartsWithSegments(new PathString("/auth"), out var remainder))
|
||||||
await next();
|
{
|
||||||
}
|
var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
|
||||||
});
|
var result = await context.AuthenticateAsync(name);
|
||||||
|
await res.DescribeAsync(result?.Ticket?.Principal);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
await next();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
})
|
})
|
||||||
.ConfigureServices(services =>
|
.ConfigureServices(services =>
|
||||||
{
|
{
|
||||||
configure?.Invoke(services);
|
configure?.Invoke(services);
|
||||||
});
|
})
|
||||||
return new TestServer(builder);
|
.Build();
|
||||||
|
|
||||||
|
var server = host.GetTestServer();
|
||||||
|
|
||||||
|
await host.StartAsync();
|
||||||
|
|
||||||
|
return server;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,26 +1,32 @@
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
|
|
||||||
namespace CookiePolicySample
|
namespace CookiePolicySample
|
||||||
{
|
{
|
||||||
public static class Program
|
public static class Program
|
||||||
{
|
{
|
||||||
public static void Main(string[] args)
|
public static Task Main(string[] args)
|
||||||
{
|
{
|
||||||
var host = new WebHostBuilder()
|
var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.UseKestrel()
|
||||||
|
.UseContentRoot(Directory.GetCurrentDirectory())
|
||||||
|
.UseIISIntegration()
|
||||||
|
.UseStartup<Startup>();
|
||||||
|
})
|
||||||
.ConfigureLogging(factory =>
|
.ConfigureLogging(factory =>
|
||||||
{
|
{
|
||||||
factory.AddConsole();
|
factory.AddConsole();
|
||||||
factory.AddFilter("Microsoft", LogLevel.Trace);
|
factory.AddFilter("Microsoft", LogLevel.Trace);
|
||||||
})
|
})
|
||||||
.UseKestrel()
|
|
||||||
.UseContentRoot(Directory.GetCurrentDirectory())
|
|
||||||
.UseIISIntegration()
|
|
||||||
.UseStartup<Startup>()
|
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
host.Run();
|
return host.RunAsync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.Http.Features;
|
using Microsoft.AspNetCore.Http.Features;
|
||||||
using Microsoft.AspNetCore.TestHost;
|
using Microsoft.AspNetCore.TestHost;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Microsoft.Net.Http.Headers;
|
using Microsoft.Net.Http.Headers;
|
||||||
using Xunit;
|
using Xunit;
|
||||||
|
|
||||||
|
|
@ -641,20 +642,30 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
Assert.NotNull(manualCookie.Expires); // Expires may not exactly match to the second.
|
Assert.NotNull(manualCookie.Expires); // Expires may not exactly match to the second.
|
||||||
}
|
}
|
||||||
|
|
||||||
private Task<HttpContext> RunTestAsync(Action<CookiePolicyOptions> configureOptions, Action<HttpContext> configureRequest, RequestDelegate handleRequest)
|
private async Task<HttpContext> RunTestAsync(Action<CookiePolicyOptions> configureOptions, Action<HttpContext> configureRequest, RequestDelegate handleRequest)
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.Configure(app =>
|
||||||
|
{
|
||||||
|
app.UseCookiePolicy();
|
||||||
|
app.Run(handleRequest);
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
.ConfigureServices(services =>
|
.ConfigureServices(services =>
|
||||||
{
|
{
|
||||||
services.Configure(configureOptions);
|
services.Configure(configureOptions);
|
||||||
})
|
})
|
||||||
.Configure(app =>
|
.Build();
|
||||||
{
|
|
||||||
app.UseCookiePolicy();
|
var server = host.GetTestServer();
|
||||||
app.Run(handleRequest);
|
|
||||||
});
|
await host.StartAsync();
|
||||||
var server = new TestServer(builder);
|
|
||||||
return server.SendAsync(configureRequest);
|
return await server.SendAsync(configureRequest);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.Http.Features;
|
using Microsoft.AspNetCore.Http.Features;
|
||||||
using Microsoft.AspNetCore.TestHost;
|
using Microsoft.AspNetCore.TestHost;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Hosting;
|
||||||
using Microsoft.Net.Http.Headers;
|
using Microsoft.Net.Http.Headers;
|
||||||
using Xunit;
|
using Xunit;
|
||||||
|
|
||||||
|
|
@ -244,23 +245,32 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CookiePolicyCanHijackAppend()
|
public async Task CookiePolicyCanHijackAppend()
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
.Configure(app =>
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
{
|
{
|
||||||
app.UseCookiePolicy(new CookiePolicyOptions
|
webHostBuilder
|
||||||
{
|
.Configure(app =>
|
||||||
OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao"
|
{
|
||||||
});
|
app.UseCookiePolicy(new CookiePolicyOptions
|
||||||
app.Run(context =>
|
{
|
||||||
{
|
OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao"
|
||||||
context.Response.Cookies.Append("A", "A");
|
});
|
||||||
context.Response.Cookies.Append("B", "B", new CookieOptions { Secure = false });
|
app.Run(context =>
|
||||||
context.Response.Cookies.Append("C", "C", new CookieOptions() { SameSite = Http.SameSiteMode.Strict });
|
{
|
||||||
context.Response.Cookies.Append("D", "D", new CookieOptions { Secure = true });
|
context.Response.Cookies.Append("A", "A");
|
||||||
return Task.FromResult(0);
|
context.Response.Cookies.Append("B", "B", new CookieOptions { Secure = false });
|
||||||
});
|
context.Response.Cookies.Append("C", "C", new CookieOptions() { SameSite = Http.SameSiteMode.Strict });
|
||||||
});
|
context.Response.Cookies.Append("D", "D", new CookieOptions { Secure = true });
|
||||||
var server = new TestServer(builder);
|
return Task.FromResult(0);
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
var server = host.GetTestServer();
|
||||||
|
|
||||||
|
await host.StartAsync();
|
||||||
|
|
||||||
var transaction = await server.SendAsync("http://example.com/login");
|
var transaction = await server.SendAsync("http://example.com/login");
|
||||||
|
|
||||||
|
|
@ -274,23 +284,32 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CookiePolicyCanHijackDelete()
|
public async Task CookiePolicyCanHijackDelete()
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
.Configure(app =>
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
{
|
|
||||||
app.UseCookiePolicy(new CookiePolicyOptions
|
|
||||||
{
|
{
|
||||||
OnDeleteCookie = ctx => ctx.CookieName = "A"
|
webHostBuilder
|
||||||
});
|
.Configure(app =>
|
||||||
app.Run(context =>
|
{
|
||||||
{
|
app.UseCookiePolicy(new CookiePolicyOptions
|
||||||
context.Response.Cookies.Delete("A");
|
{
|
||||||
context.Response.Cookies.Delete("B", new CookieOptions { Secure = false });
|
OnDeleteCookie = ctx => ctx.CookieName = "A"
|
||||||
context.Response.Cookies.Delete("C", new CookieOptions());
|
});
|
||||||
context.Response.Cookies.Delete("D", new CookieOptions { Secure = true });
|
app.Run(context =>
|
||||||
return Task.FromResult(0);
|
{
|
||||||
});
|
context.Response.Cookies.Delete("A");
|
||||||
});
|
context.Response.Cookies.Delete("B", new CookieOptions { Secure = false });
|
||||||
var server = new TestServer(builder);
|
context.Response.Cookies.Delete("C", new CookieOptions());
|
||||||
|
context.Response.Cookies.Delete("D", new CookieOptions { Secure = true });
|
||||||
|
return Task.FromResult(0);
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
var server = host.GetTestServer();
|
||||||
|
|
||||||
|
await host.StartAsync();
|
||||||
|
|
||||||
var transaction = await server.SendAsync("http://example.com/login");
|
var transaction = await server.SendAsync("http://example.com/login");
|
||||||
|
|
||||||
|
|
@ -302,28 +321,37 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CookiePolicyCallsCookieFeature()
|
public async Task CookiePolicyCallsCookieFeature()
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
.Configure(app =>
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
{
|
|
||||||
app.Use(next => context =>
|
|
||||||
{
|
{
|
||||||
context.Features.Set<IResponseCookiesFeature>(new TestCookieFeature());
|
webHostBuilder
|
||||||
return next(context);
|
.Configure(app =>
|
||||||
});
|
{
|
||||||
app.UseCookiePolicy(new CookiePolicyOptions
|
app.Use(next => context =>
|
||||||
{
|
{
|
||||||
OnDeleteCookie = ctx => ctx.CookieName = "A"
|
context.Features.Set<IResponseCookiesFeature>(new TestCookieFeature());
|
||||||
});
|
return next(context);
|
||||||
app.Run(context =>
|
});
|
||||||
{
|
app.UseCookiePolicy(new CookiePolicyOptions
|
||||||
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A"));
|
{
|
||||||
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A", new CookieOptions()));
|
OnDeleteCookie = ctx => ctx.CookieName = "A"
|
||||||
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Append("A", "A"));
|
});
|
||||||
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Append("A", "A", new CookieOptions()));
|
app.Run(context =>
|
||||||
return context.Response.WriteAsync("Done");
|
{
|
||||||
});
|
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A"));
|
||||||
});
|
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A", new CookieOptions()));
|
||||||
var server = new TestServer(builder);
|
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Append("A", "A"));
|
||||||
|
Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Append("A", "A", new CookieOptions()));
|
||||||
|
return context.Response.WriteAsync("Done");
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
var server = host.GetTestServer();
|
||||||
|
|
||||||
|
await host.StartAsync();
|
||||||
|
|
||||||
var transaction = await server.SendAsync("http://example.com/login");
|
var transaction = await server.SendAsync("http://example.com/login");
|
||||||
Assert.Equal("Done", transaction.ResponseText);
|
Assert.Equal("Done", transaction.ResponseText);
|
||||||
|
|
@ -332,7 +360,26 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CookiePolicyAppliesToCookieAuth()
|
public async Task CookiePolicyAppliesToCookieAuth()
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.Configure(app =>
|
||||||
|
{
|
||||||
|
app.UseCookiePolicy(new CookiePolicyOptions
|
||||||
|
{
|
||||||
|
HttpOnly = HttpOnlyPolicy.Always,
|
||||||
|
Secure = CookieSecurePolicy.Always,
|
||||||
|
});
|
||||||
|
app.UseAuthentication();
|
||||||
|
app.Run(context =>
|
||||||
|
{
|
||||||
|
return context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
|
||||||
|
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("TestUser", "Cookies"))));
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
.ConfigureServices(services =>
|
.ConfigureServices(services =>
|
||||||
{
|
{
|
||||||
services.AddAuthentication().AddCookie(o =>
|
services.AddAuthentication().AddCookie(o =>
|
||||||
|
|
@ -342,21 +389,11 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
o.Cookie.SecurePolicy = CookieSecurePolicy.None;
|
o.Cookie.SecurePolicy = CookieSecurePolicy.None;
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
.Configure(app =>
|
.Build();
|
||||||
{
|
|
||||||
app.UseCookiePolicy(new CookiePolicyOptions
|
var server = host.GetTestServer();
|
||||||
{
|
|
||||||
HttpOnly = HttpOnlyPolicy.Always,
|
await host.StartAsync();
|
||||||
Secure = CookieSecurePolicy.Always,
|
|
||||||
});
|
|
||||||
app.UseAuthentication();
|
|
||||||
app.Run(context =>
|
|
||||||
{
|
|
||||||
return context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
|
|
||||||
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("TestUser", "Cookies"))));
|
|
||||||
});
|
|
||||||
});
|
|
||||||
var server = new TestServer(builder);
|
|
||||||
|
|
||||||
var transaction = await server.SendAsync("http://example.com/login");
|
var transaction = await server.SendAsync("http://example.com/login");
|
||||||
|
|
||||||
|
|
@ -372,7 +409,26 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task CookiePolicyAppliesToCookieAuthChunks()
|
public async Task CookiePolicyAppliesToCookieAuthChunks()
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
|
{
|
||||||
|
webHostBuilder
|
||||||
|
.Configure(app =>
|
||||||
|
{
|
||||||
|
app.UseCookiePolicy(new CookiePolicyOptions
|
||||||
|
{
|
||||||
|
HttpOnly = HttpOnlyPolicy.Always,
|
||||||
|
Secure = CookieSecurePolicy.Always,
|
||||||
|
});
|
||||||
|
app.UseAuthentication();
|
||||||
|
app.Run(context =>
|
||||||
|
{
|
||||||
|
return context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
|
||||||
|
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity(new string('c', 1024 * 5), "Cookies"))));
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
.ConfigureServices(services =>
|
.ConfigureServices(services =>
|
||||||
{
|
{
|
||||||
services.AddAuthentication().AddCookie(o =>
|
services.AddAuthentication().AddCookie(o =>
|
||||||
|
|
@ -382,21 +438,11 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
o.Cookie.SecurePolicy = CookieSecurePolicy.None;
|
o.Cookie.SecurePolicy = CookieSecurePolicy.None;
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
.Configure(app =>
|
.Build();
|
||||||
{
|
|
||||||
app.UseCookiePolicy(new CookiePolicyOptions
|
var server = host.GetTestServer();
|
||||||
{
|
|
||||||
HttpOnly = HttpOnlyPolicy.Always,
|
await host.StartAsync();
|
||||||
Secure = CookieSecurePolicy.Always,
|
|
||||||
});
|
|
||||||
app.UseAuthentication();
|
|
||||||
app.Run(context =>
|
|
||||||
{
|
|
||||||
return context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
|
|
||||||
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity(new string('c', 1024 * 5), "Cookies"))));
|
|
||||||
});
|
|
||||||
});
|
|
||||||
var server = new TestServer(builder);
|
|
||||||
|
|
||||||
var transaction = await server.SendAsync("http://example.com/login");
|
var transaction = await server.SendAsync("http://example.com/login");
|
||||||
|
|
||||||
|
|
@ -475,16 +521,26 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
|
||||||
RequestDelegate configureSetup,
|
RequestDelegate configureSetup,
|
||||||
params RequestTest[] tests)
|
params RequestTest[] tests)
|
||||||
{
|
{
|
||||||
var builder = new WebHostBuilder()
|
using var host = new HostBuilder()
|
||||||
.Configure(app =>
|
.ConfigureWebHost(webHostBuilder =>
|
||||||
{
|
{
|
||||||
app.Map(path, map =>
|
webHostBuilder
|
||||||
{
|
.Configure(app =>
|
||||||
map.UseCookiePolicy(cookiePolicy);
|
{
|
||||||
map.Run(configureSetup);
|
app.Map(path, map =>
|
||||||
});
|
{
|
||||||
});
|
map.UseCookiePolicy(cookiePolicy);
|
||||||
var server = new TestServer(builder);
|
map.Run(configureSetup);
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.UseTestServer();
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
var server = host.GetTestServer();
|
||||||
|
|
||||||
|
await host.StartAsync();
|
||||||
|
|
||||||
foreach (var test in tests)
|
foreach (var test in tests)
|
||||||
{
|
{
|
||||||
await test.Execute(server);
|
await test.Execute(server);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue