locked
Plugging global content sanitizer RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User525224122 posted

    For security reasons, I need to process body of each post request before it reaching destination hub.

    I assumed that the right approach is to implement custom OwinMiddleware and inside process body content.

    However, for some reason context.Request.Body length is always 0 (despite that message payload is actually reaching Hub).

    What do I miss?

    This is how my Middleware class looks like:

    public class SanitizeMiddleware : OwinMiddleware
{
 public SanitizeMiddleware(OwinMiddleware next)
  :base(next)
   {
   }

 public async override Task Invoke(IOwinContext context)
 {
  //context.Request.Body length is 0...

  await Next.Invoke(context);
 }
}



    Tuesday, October 16, 2018 10:38 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User525224122 posted

    Update: it looks like first three calls are intercepted by my middleware: 'negotiate', 'connect' and 'start'. They are GET so obviously there is no body.

    However, right after connection is established I sending from client to server a string (e.g. POST). 

    For some reason, that call doesn't intercepted by middleware at all, but I do receive request inside my hub.

    Any ideas?

    Tuesday, October 16, 2018 1:42 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User61956409 posted

    Hi illidian,

    Are you using ASP.NET SignalR or ASP.NET Core SignalR? If possible, please share the code of Startup.cs file.

    With Regards,

    Fei Han

    Wednesday, October 17, 2018 8:39 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User525224122 posted

    Hi,

    I'm using ASP.NET SignalR.

    My Startup.cs looks like the below:

    app.Map("/signalr", map =>
{
   map.HereSupposedToBeMyCustomMiddleware();

   var hubConfiguration = new HubConfiguration
   {
       Resolver = GlobalHost.DependencyResolver,
   };

   map.RunSignalR(hubConfiguration);
});

    Wednesday, October 17, 2018 11:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User61956409 posted

    Hi illidian,

    illidian

    it looks like first three calls are intercepted by my middleware: 'negotiate', 'connect' and 'start'. They are GET so obviously there is no body.

    Yes, as you mentioned, the 'negotiate', 'connect' and 'start' etc is http request when a client establishes a connection to your hub server, so you can capture these requests in your custom Middleware.

    If both your client and server supports WebSocket, after client established a connection to hub server, messages exchanged/communicated between client and hub sever will be via WebSocket Protocol. 

    illidian

    However, right after connection is established I sending from client to server a string (e.g. POST). 

    For some reason, that call doesn't intercepted by middleware at all, but I do receive request inside my hub.

    I do a test by explicitly specifying the transport method to Long polling, I can capture the request of sending message, and the request body is not null.

    public override async Task Invoke(IOwinContext context)
{

    string body = new StreamReader(context.Request.Body).ReadToEnd();

    byte[] requestData = Encoding.UTF8.GetBytes(body);
    context.Request.Body = new MemoryStream(requestData);

    await Next.Invoke(context);
}

    If I send a message "hello", I can capture this request in my custom Middleware:

    Decode the body, it is same as the data that I see in browser client:

    data={"H":"chathub","M":"Send","A":["Fei Han","hello"],"I":0}

    With Regards,

    Fei Han

    Friday, October 19, 2018 2:35 AM