none
Remove server response header at self hosted WCF

    Question

  • I know that there are a quite some posts online about removing the server header at http response, however, mostly I found out they are for IIS hosted WCF service. My application is hosting the WCF service. The object is ServiceHost, I added a behavior to the ServiceHost

    serviceHost.Description.Behaviors.Add(ModifyResponseBehavior);

    In the behavior,

    public void BeforeSendReply(ref Message reply, object correlationState)
    {
        var httpCtx = System.ServiceModel.Web.WebOperationContext.Current;
        if (httpCtx != null)
        {
            httpCtx.OutgoingResponse.Headers.Add("Server", string.Empty);
        }
    }

    I tried add empty server value, and remove server headers, neither of them remove the server header at response. Will any of you have a suggestion about this?

    Thank you very much!

    Friday, January 22, 2016 5:07 PM

Answers

  • Hi Cicely Zhang,

    According to this case, I test your code on my machine(but that is Restful Service), it works fine.

    I add the class project to my solution. Code is shown as below:

    namespace Mylib
    {       
        public class MyModifyResponseBehavior:IDispatchMessageInspector,IClientMessageInspector
        {
    
            void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
            {
                return null;                      
            }
    
            object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
            {
                return null;
            }
    
            object IDispatchMessageInspector.AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
            {
                return null;
            }
    
            void IDispatchMessageInspector.BeforeSendReply(ref Message reply, object correlationState)
            {
                var httpCtx = System.ServiceModel.Web.WebOperationContext.Current;
                if (httpCtx != null)
                {
                    httpCtx.OutgoingResponse.Headers.Add("Server",string.Empty);
                } 
            }           
        }
        public class MyEndPointBehavior : IEndpointBehavior
        {
            public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
            {  
                return;
            }
    
            public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
            {
                clientRuntime.ClientMessageInspectors.Add(new MyModifyResponseBehavior());
            }
    
            public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
            {          
                endpointDispatcher.DispatchRuntime.MessageInspectors.Add(new MyModifyResponseBehavior());
            }
    
            public void Validate(ServiceEndpoint endpoint)
            {
                return;
            }
    }
    }  

    In my host application:

    using (WebServiceHost host = new WebServiceHost(typeof(Class1)))
                    {
                        foreach (var endpoint in host.Description.Endpoints)
                        {
                            endpoint.EndpointBehaviors.Add(new Mylib.MyEndPointBehavior());
                        }
                        host.Opened += delegate
                        {
                            Console.WriteLine("Server is running...");
                        };
                        host.Open();
                        Console.ReadLine();
                    }

    Before Remove:

    After Remove:

    If your WCF service is Soap Service, I thought that he server header will be added by IIS Express or IIS.

    If you want to remove the header, you need to modify some configuration with IIS or IIS Express.

    For more information, please refer to the following links:

    1. http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx

    2. http://stackoverflow.com/questions/11155176/removing-headers-from-the-response

    ================================================================

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this

    information as a convenience to you. Microsoft does not control these sites and has not tested any

    software or information found on these sites; therefore, Microsoft cannot make any representations

    regarding the quality, safety, or suitability of any software or information found there. There are

    inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to

    make sure that you completely understand the risk before retrieving any software from the Internet.

    If I miss understood your question, please let me know.

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Wednesday, January 27, 2016 5:42 AM
    Moderator

All replies

  • Hi Cicely Zhang,

    According to this case, I test your code on my machine(but that is Restful Service), it works fine.

    I add the class project to my solution. Code is shown as below:

    namespace Mylib
    {       
        public class MyModifyResponseBehavior:IDispatchMessageInspector,IClientMessageInspector
        {
    
            void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
            {
                return null;                      
            }
    
            object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
            {
                return null;
            }
    
            object IDispatchMessageInspector.AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
            {
                return null;
            }
    
            void IDispatchMessageInspector.BeforeSendReply(ref Message reply, object correlationState)
            {
                var httpCtx = System.ServiceModel.Web.WebOperationContext.Current;
                if (httpCtx != null)
                {
                    httpCtx.OutgoingResponse.Headers.Add("Server",string.Empty);
                } 
            }           
        }
        public class MyEndPointBehavior : IEndpointBehavior
        {
            public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
            {  
                return;
            }
    
            public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
            {
                clientRuntime.ClientMessageInspectors.Add(new MyModifyResponseBehavior());
            }
    
            public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
            {          
                endpointDispatcher.DispatchRuntime.MessageInspectors.Add(new MyModifyResponseBehavior());
            }
    
            public void Validate(ServiceEndpoint endpoint)
            {
                return;
            }
    }
    }  

    In my host application:

    using (WebServiceHost host = new WebServiceHost(typeof(Class1)))
                    {
                        foreach (var endpoint in host.Description.Endpoints)
                        {
                            endpoint.EndpointBehaviors.Add(new Mylib.MyEndPointBehavior());
                        }
                        host.Opened += delegate
                        {
                            Console.WriteLine("Server is running...");
                        };
                        host.Open();
                        Console.ReadLine();
                    }

    Before Remove:

    After Remove:

    If your WCF service is Soap Service, I thought that he server header will be added by IIS Express or IIS.

    If you want to remove the header, you need to modify some configuration with IIS or IIS Express.

    For more information, please refer to the following links:

    1. http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx

    2. http://stackoverflow.com/questions/11155176/removing-headers-from-the-response

    ================================================================

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this

    information as a convenience to you. Microsoft does not control these sites and has not tested any

    software or information found on these sites; therefore, Microsoft cannot make any representations

    regarding the quality, safety, or suitability of any software or information found there. There are

    inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to

    make sure that you completely understand the risk before retrieving any software from the Internet.

    If I miss understood your question, please let me know.

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Wednesday, January 27, 2016 5:42 AM
    Moderator
  • Hello,

    Thank you very much for your reply. Right, I plug in your code and I can remove the header.

    However, I can only remove the header when the user is authenticated. If I got an unauthenticated call, the header is still there. I put the breakpoint, the code above is not get called if an user is unauthenticated. Will you able to get the header removed if unauthenticated?

    Thank you,

    Cicely

    Wednesday, February 10, 2016 4:00 PM