Request Header
private void ConfigureAuth(IAppBuilder builder)
{
builder.Use((context, next) =>
{
if (context?.Request?.Headers["X-Teach"] == null)
{
context.Request.Headers.Add("X-Teach", new[] { "something" });
}
return next.Invoke();
});
}
Security
Remove information from requests in Web.config
:
<system.web>
<httpRuntime maxRequestLength="12288" enableVersionHeader="false" targetFramework="4.7.2" />
</system.web>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
In Global.asax
remove X-AspNetMvc-Version
MvcHandler.DisableMvcResponseHeader = true;
Add Content-Security-Policy
header in Web.config
:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'none'" />
</customHeaders>
</httpProtocol>
</system.webServer>
<system.web>
<httpCookies sameSite="Strict" requireSSL="true" />
<system.web>
Regedit check which .NET Framework is installed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
CORS for Angular Client
Old SignalR documentation https://docs.microsoft.com/en-us/aspnet/signalr/overview/guide-to-the-api/hubs-api-guide-javascript-client
using System.Web.Http.Cors;
public static class WebApiConfig {
public static void Register(HttpConfiguration aConfig) {
config.EnableCors(new EnableCorsAttribute("http://localhost:4200", "*", "*"));
}
}
QR Code Generator
Using the QRCoder
package. GitHub https://github.com/codebude/QRCoder
[HttpGet]
public HttpResponseMessage QrCode()
{
using (var stream = new MemoryStream())
using (var gen = new QRCodeGenerator())
using (var qrCode = new QRCode(gen.CreateQrCode("https://tea.ch/", QRCodeGenerator.ECCLevel.Q)))
{
qrCode.GetGraphic(10).Save(stream, ImageFormat.Png);
var result = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ByteArrayContent(stream.ToArray())
};
result.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
{
FileName = "teach-qr-code.png"
};
result.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
return result;
}
}
TOTP
NuGet Otp.NET
.
using OtpNet;
//...
var secret = Base32Encoding.ToString(KeyGeneration.GenerateRandomKey(20));
//...
var totp = new Totp(Base32Encoding.ToBytes(secret));
var isValid = totp.VerifyTotp(totpCode, out long windowMatched, new VerificationWindow(previous: 1, future: 1));
/* Optional: when we want to find the exact window:
var now = DateTime.UtcNow;
var window = Math.Floor((now - new DateTime(1970, 1, 1)).TotalSeconds / 30);
var nowTotpCode = totp.ComputeTotp(now);
// windowMatched == window // -1 +1
*/