locked
Plugging global content sanitizer RRS feed

  • Question

  • User525224122 posted

    For security reasons, I need to process body of each post request before it reaching destination hub.

    I assumed that the right approach is to implement custom OwinMiddleware and inside process body content.

    However, for some reason context.Request.Body length is always 0 (despite that message payload is actually reaching Hub).

    What do I miss?

    This is how my Middleware class looks like:

    public class SanitizeMiddleware : OwinMiddleware
    {
     public SanitizeMiddleware(OwinMiddleware next)
      :base(next)
       {
       }
    
     public async override Task Invoke(IOwinContext context)
     {
      //context.Request.Body length is 0...
    
      await Next.Invoke(context);
     }
    }



    Tuesday, October 16, 2018 10:38 AM

All replies

  • User525224122 posted

    Update: it looks like first three calls are intercepted by my middleware: 'negotiate', 'connect' and 'start'. They are GET so obviously there is no body.

    However, right after connection is established I sending from client to server a string (e.g. POST). 

    For some reason, that call doesn't intercepted by middleware at all, but I do receive request inside my hub.

    Any ideas?

    Tuesday, October 16, 2018 1:42 PM
  • User61956409 posted

    Hi illidian,

    Are you using ASP.NET SignalR or ASP.NET Core SignalR? If possible, please share the code of Startup.cs file.

    With Regards,

    Fei Han

    Wednesday, October 17, 2018 8:39 AM
  • User525224122 posted

    Hi,

    I'm using ASP.NET SignalR.

    My Startup.cs looks like the below:

    app.Map("/signalr", map =>
    {
       map.HereSupposedToBeMyCustomMiddleware();
    
       var hubConfiguration = new HubConfiguration
       {
           Resolver = GlobalHost.DependencyResolver,
       };
    
       map.RunSignalR(hubConfiguration);
    });

    Wednesday, October 17, 2018 11:22 AM
  • User61956409 posted

    Hi illidian,

    illidian

    it looks like first three calls are intercepted by my middleware: 'negotiate', 'connect' and 'start'. They are GET so obviously there is no body.

    Yes, as you mentioned, the 'negotiate', 'connect' and 'start' etc is http request when a client establishes a connection to your hub server, so you can capture these requests in your custom Middleware.

    If both your client and server supports WebSocket, after client established a connection to hub server, messages exchanged/communicated between client and hub sever will be via WebSocket Protocol. 

    illidian

    However, right after connection is established I sending from client to server a string (e.g. POST). 

    For some reason, that call doesn't intercepted by middleware at all, but I do receive request inside my hub.

    I do a test by explicitly specifying the transport method to Long polling, I can capture the request of sending message, and the request body is not null.

    public override async Task Invoke(IOwinContext context)
    {
    
        string body = new StreamReader(context.Request.Body).ReadToEnd();
    
        byte[] requestData = Encoding.UTF8.GetBytes(body);
        context.Request.Body = new MemoryStream(requestData);
    
        await Next.Invoke(context);
    }

    If I send a message "hello", I can capture this request in my custom Middleware:

    Decode the body, it is same as the data that I see in browser client:

    data={"H":"chathub","M":"Send","A":["Fei Han","hello"],"I":0}

    With Regards,

    Fei Han

    Friday, October 19, 2018 2:35 AM