Request Header
private void ConfigureAuth(IAppBuilder builder)
{
builder.Use((context, next) =>
{
if (context?.Request?.Headers["X-Teach"] == null)
{
context.Request.Headers.Add("X-Teach", new[] { "something" });
}
return next.Invoke();
});
}
Security
Remove information from requests in Web.config:
<system.web>
<httpRuntime maxRequestLength="12288" enableVersionHeader="false" targetFramework="4.7.2" />
</system.web>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
In Global.asax remove X-AspNetMvc-Version
MvcHandler.DisableMvcResponseHeader = true;
Add Content-Security-Policy header in Web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'none'" />
</customHeaders>
</httpProtocol>
</system.webServer>
<system.web>
<httpCookies sameSite="Strict" requireSSL="true" />
<system.web>
Regedit check which .NET Framework is installed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
CORS for Angular Client
Old SignalR documentation https://docs.microsoft.com/en-us/aspnet/signalr/overview/guide-to-the-api/hubs-api-guide-javascript-client
using System.Web.Http.Cors;
public static class WebApiConfig {
public static void Register(HttpConfiguration aConfig) {
config.EnableCors(new EnableCorsAttribute("http://localhost:4200", "*", "*"));
}
}