Add ForwardedHeaders to CreateDefaultBuilder #4135 (#10273)

Author: Tratcher

src/DefaultBuilder/samples/SampleApp/DefaultBuilder.SampleApp.csproj

@@ -1,8 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>netcoreapp3.0</TargetFramework>
     <UserSecretsId>aspnetcore-MetaPackagesSampleApp-20170406180413</UserSecretsId>
+    <AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
   </PropertyGroup>
 
   <ItemGroup>

src/DefaultBuilder/samples/SampleApp/Program.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -16,19 +16,16 @@ public class Program
     {
         public static void Main(string[] args)
         {
-            HelloWorld();
-
-            CustomUrl();
-
-            CustomRouter();
-
-            CustomApplicationBuilder();
-
-            StartupClass(args);
-
-            HostBuilderWithWebHost(args);
+            CreateHostBuilder(args).Build().Run();
         }
 
+        public static IHostBuilder CreateHostBuilder(string[] args) =>
+            Host.CreateDefaultBuilder(args)
+                .ConfigureWebHostDefaults(webBuilder =>
+                {
+                    webBuilder.UseStartup<Startup>();
+                });
+
         private static void HelloWorld()
         {
             using (WebHost.Start(context => context.Response.WriteAsync("Hello, World!")))

src/DefaultBuilder/samples/SampleApp/Startup.cs

@@ -1,9 +1,15 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
+using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
+using Microsoft.AspNetCore.HttpOverrides;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 
 namespace SampleApp
@@ -15,12 +21,50 @@ public void ConfigureServices(IServiceCollection services)
 
         }
 
-        public void Configure(IApplicationBuilder app)
+        public void Configure(IApplicationBuilder app, IConfiguration config)
         {
             app.Run(async (context) =>
             {
-                await context.Response.WriteAsync($"Hello from {nameof(Startup)}!");
+                await context.Response.WriteAsync($"Hello from {context.Request.GetDisplayUrl()}\r\n");
+                await context.Response.WriteAsync("\r\n");
+
+                await context.Response.WriteAsync("Headers:\r\n");
+                foreach (var header in context.Request.Headers)
+                {
+                    await context.Response.WriteAsync($"{header.Key}: {header.Value}\r\n");
+                }
+                await context.Response.WriteAsync("\r\n");
+
+                await context.Response.WriteAsync("Connection:\r\n");
+                await context.Response.WriteAsync("RemoteIp: " + context.Connection.RemoteIpAddress + "\r\n");
+                await context.Response.WriteAsync("RemotePort: " + context.Connection.RemotePort + "\r\n");
+                await context.Response.WriteAsync("LocalIp: " + context.Connection.LocalIpAddress + "\r\n");
+                await context.Response.WriteAsync("LocalPort: " + context.Connection.LocalPort + "\r\n");
+                await context.Response.WriteAsync("ClientCert: " + context.Connection.ClientCertificate + "\r\n");
+                await context.Response.WriteAsync("\r\n");
+
+                await context.Response.WriteAsync("Environment Variables:\r\n");
+                var vars = Environment.GetEnvironmentVariables();
+                foreach (var key in vars.Keys.Cast<string>().OrderBy(key => key, StringComparer.OrdinalIgnoreCase))
+                {
+                    var value = vars[key];
+                    await context.Response.WriteAsync($"{key}: {value}\r\n");
+                }
+                await context.Response.WriteAsync("\r\n");
+
+                await context.Response.WriteAsync("Config:\r\n");
+                await ShowConfig(context.Response, config);
+                await context.Response.WriteAsync("\r\n");
             });
         }
+
+        private static async Task ShowConfig(HttpResponse response, IConfiguration config)
+        {
+            foreach (var pair in config.GetChildren())
+            {
+                await response.WriteAsync($"{pair.Path}: {pair.Value}\r\n");
+                await ShowConfig(response, pair);
+            }
+        }
     }
 }

src/DefaultBuilder/samples/SampleApp/appsettings.Development.json

@@ -0,0 +1,53 @@
+{
+  "AllowedHosts":  "example.com;localhost",
+  "Kestrel": {
+    "EndPoints": {
+      "Http": {
+        "Url": "http://localhost:5005"
+      },
+      "Https": {
+        "Url": "https://localhost:5006"
+      }
+
+      // To enable HTTPS using a certificate file, set the path to a .pfx file in
+      // the "Path" property below and configure the password in user secrets.
+      // The "Password" property should be set in user secrets.
+      //"HttpsInlineCertFile": {
+      // "Url": "http://localhost:5005"
+      //  "Certificate": {
+      //    "Path": "<path to .pfx file>",
+      //    "Password: "<cert password>"
+      //  }
+      //},
+
+      //"HttpsInlineCertStore": {
+      // "Url": "http://localhost:5005"
+      //  "Certificate": {
+      //    "Subject": "",
+      //    "Store": "",
+      //    "Location": "",
+      //    "AllowInvalid": "" // Set to "true" to allow invalid certificates (e.g. expired)
+      //  }
+      //},
+
+      // This uses the cert defined under Certificates/Default or the development cert.
+      //"HttpsDefaultCert": {
+      // "Url": "http://localhost:5005"
+      //}
+    }
+  },
+  "Certificates": {
+    //"Default": {
+    //  "Path": "<file>",
+    //  "Password": "<password>"
+    //},
+
+    // From cert store:
+    //"Default": {
+    //  "Subject": "",
+    //  "Store": "",
+    //  "Location": "",
+    //  "AllowInvalid": "" // Set to "true" to allow invalid certificates (e.g. expired certificates)
+    //}
+  }
+}

src/DefaultBuilder/samples/SampleApp/appsettings.json

@@ -1,50 +1,2 @@
 {
-  "AllowedHosts":  "example.com;localhost",
-  "Kestrel": {
-    "EndPoints": {
-      "Http": {
-        "Url": "http://localhost:5005"
-      }
-
-      // To enable HTTPS using a certificate file, set the path to a .pfx file in
-      // the "Path" property below and configure the password in user secrets.
-      // The "Password" property should be set in user secrets.
-      //"HttpsInlineCertFile": {
-      // "Url": "http://localhost:5005"
-      //  "Certificate": {
-      //    "Path": "<path to .pfx file>",
-      //    "Password: "<cert password>"
-      //  }
-      //},
-
-      //"HttpsInlineCertStore": {
-      // "Url": "http://localhost:5005"
-      //  "Certificate": {
-      //    "Subject": "",
-      //    "Store": "",
-      //    "Location": "",
-      //    "AllowInvalid": "" // Set to "true" to allow invalid certificates (e.g. expired)
-      //  }
-      //},
-
-      // This uses the cert defined under Certificates/Default or the development cert.
-      //"HttpsDefaultCert": {
-      // "Url": "http://localhost:5005"
-      //}
-    }
-  },
-  "Certificates": {
-    //"Default": {
-    //  "Path": "<file>",
-    //  "Password": "<password>"
-    //},
-
-    // From cert store:
-    //"Default": {
-    //  "Subject": "",
-    //  "Store": "",
-    //  "Location": "",
-    //  "AllowInvalid": "" // Set to "true" to allow invalid certificates (e.g. expired certificates)
-    //}
-  }
 }

src/DefaultBuilder/src/ForwardedHeadersStartupFilter.cs

@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+
+namespace Microsoft.AspNetCore
+{
+    internal class ForwardedHeadersStartupFilter : IStartupFilter
+    {
+        public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)
+        {
+            return app =>
+            {
+                app.UseForwardedHeaders();
+                next(app);
+            };
+        }
+    }
+}

src/DefaultBuilder/src/GenericHostBuilderExtensions.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore;
 
@@ -15,6 +15,8 @@ public static class GenericHostBuilderExtensions
         /// <remarks>
         ///   The following defaults are applied to the <see cref="IWebHostBuilder"/>:
         ///     use Kestrel as the web server and configure it using the application's configuration providers,
+        ///     adds the HostFiltering middleware,
+        ///     adds the ForwardedHeaders middleware if ASPNETCORE_FORWARDEDHEADERS_ENABLED=true,
         ///     and enable IIS integration.
         /// </remarks>
         /// <param name="builder">The <see cref="IHostBuilder" /> instance to configure</param>

src/DefaultBuilder/src/WebHost.cs

@@ -8,6 +8,7 @@
 using Microsoft.AspNetCore.HostFiltering;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -124,6 +125,8 @@ private static IWebHost StartWith(string url, Action<IServiceCollection> configu
         ///     load <see cref="IConfiguration"/> from User Secrets when <see cref="IHostEnvironment.EnvironmentName"/> is 'Development' using the entry assembly,
         ///     load <see cref="IConfiguration"/> from environment variables,
         ///     configure the <see cref="ILoggerFactory"/> to log to the console and debug output,
+        ///     adds the HostFiltering middleware,
+        ///     adds the ForwardedHeaders middleware if ASPNETCORE_FORWARDEDHEADERS_ENABLED=true,
         ///     and enable IIS integration.
         /// </remarks>
         /// <returns>The initialized <see cref="IWebHostBuilder"/>.</returns>
@@ -142,6 +145,8 @@ public static IWebHostBuilder CreateDefaultBuilder() =>
         ///     load <see cref="IConfiguration"/> from environment variables,
         ///     load <see cref="IConfiguration"/> from supplied command line args,
         ///     configure the <see cref="ILoggerFactory"/> to log to the console and debug output,
+        ///     adds the HostFiltering middleware,
+        ///     adds the ForwardedHeaders middleware if ASPNETCORE_FORWARDEDHEADERS_ENABLED=true,
         ///     and enable IIS integration.
         /// </remarks>
         /// <param name="args">The command line args.</param>
@@ -224,6 +229,20 @@ internal static void ConfigureWebDefaults(IWebHostBuilder builder)
 
                 services.AddTransient<IStartupFilter, HostFilteringStartupFilter>();
 
+                if (string.Equals("true", hostingContext.Configuration["ForwardedHeaders_Enabled"], StringComparison.OrdinalIgnoreCase))
+                {
+                    services.Configure<ForwardedHeadersOptions>(options =>
+                    {
+                        options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+                        // Only loopback proxies are allowed by default. Clear that restriction because forwarders are
+                        // being enabled by explicit configuration.
+                        options.KnownNetworks.Clear();
+                        options.KnownProxies.Clear();
+                    });
+
+                    services.AddTransient<IStartupFilter, ForwardedHeadersStartupFilter>();
+                }
+
                 services.AddRouting();
             })
             .UseIIS()

src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/Microsoft.AspNetCore.Tests.csproj

@@ -6,6 +6,7 @@
 
   <ItemGroup>
     <Reference Include="Microsoft.AspNetCore" />
+    <Reference Include="Microsoft.AspNetCore.TestHost" />
   </ItemGroup>
 
 </Project>

src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebHostTests.cs

@@ -8,9 +8,11 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.HostFiltering;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Routing;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.AspNetCore.Testing;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -57,6 +59,35 @@ public async Task WebHostConfiguration_HostFilterOptionsAreReloadable()
             Assert.Contains("NewHost", options.AllowedHosts);
         }
 
+        [Fact]
+        public async Task WebHostConfiguration_EnablesForwardedHeadersFromConfig()
+        {
+            using var host = WebHost.CreateDefaultBuilder()
+                .ConfigureAppConfiguration(configBuilder =>
+                {
+                    configBuilder.AddInMemoryCollection(new[]
+                    {
+                        new KeyValuePair<string, string>("FORWARDEDHEADERS_ENABLED", "true" ),
+                    });
+                })
+                .UseTestServer()
+                .Configure(app =>
+                {
+                    Assert.True(app.Properties.ContainsKey("ForwardedHeadersAdded"), "Forwarded Headers");
+                    app.Run(context =>
+                    {
+                        Assert.Equal("https", context.Request.Scheme);
+                        return Task.CompletedTask;
+                    });
+                }).Build();
+
+            await host.StartAsync();
+            var client = host.GetTestClient();
+            client.DefaultRequestHeaders.Add("x-forwarded-proto", "https");
+            var result = await client.GetAsync("http://localhost/");
+            result.EnsureSuccessStatusCode();
+        }
+
         [Fact]
         public void CreateDefaultBuilder_RegistersRouting()
         {

src/Hosting/TestHost/ref/Microsoft.AspNetCore.TestHost.netcoreapp3.0.cs

@@ -48,6 +48,8 @@ public static partial class WebHostBuilderExtensions
     {
         public static Microsoft.AspNetCore.Hosting.IWebHostBuilder ConfigureTestContainer<TContainer>(this Microsoft.AspNetCore.Hosting.IWebHostBuilder webHostBuilder, System.Action<TContainer> servicesConfiguration) { throw null; }
         public static Microsoft.AspNetCore.Hosting.IWebHostBuilder ConfigureTestServices(this Microsoft.AspNetCore.Hosting.IWebHostBuilder webHostBuilder, System.Action<Microsoft.Extensions.DependencyInjection.IServiceCollection> servicesConfiguration) { throw null; }
+        public static System.Net.Http.HttpClient GetTestClient(this Microsoft.AspNetCore.Hosting.IWebHost host) { throw null; }
+        public static Microsoft.AspNetCore.TestHost.TestServer GetTestServer(this Microsoft.AspNetCore.Hosting.IWebHost host) { throw null; }
         public static Microsoft.AspNetCore.Hosting.IWebHostBuilder UseSolutionRelativeContentRoot(this Microsoft.AspNetCore.Hosting.IWebHostBuilder builder, string solutionRelativePath, string solutionName = "*.sln") { throw null; }
         public static Microsoft.AspNetCore.Hosting.IWebHostBuilder UseSolutionRelativeContentRoot(this Microsoft.AspNetCore.Hosting.IWebHostBuilder builder, string solutionRelativePath, string applicationBasePath, string solutionName = "*.sln") { throw null; }
         public static Microsoft.AspNetCore.Hosting.IWebHostBuilder UseTestServer(this Microsoft.AspNetCore.Hosting.IWebHostBuilder builder) { throw null; }