Ehsan Ghanbari

Experience, DotNet, Solutions

Enabling the CORS in Asp.net Core

As I'm talking with Asp.net core these days, so I'm supposed to be eager about that! In asp.net core, in order to enable the CORS, you should refer to application startup and ConfigureServices and add the following configuration:

 

 public class Startup

    {

        public Startup(IConfiguration configuration)

        {

            Configuration = configuration;

        }


        public IConfiguration Configuration { get; }

 

        // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            services.Configure<CookiePolicyOptions>(options =>

            {

                // This lambda determines whether user consent for non-essential cookies is needed for a given request.

                options.CheckConsentNeeded = context => true;

                options.MinimumSameSitePolicy = SameSiteMode.None;

            });


            services.AddCors(o => o.AddPolicy("MyPolicyName", builder =>

            {

                builder.AllowAnyOrigin()

                       .AllowAnyMethod()

                       .AllowAnyHeader();

            }));

 
            services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();


            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        }

 

 Now for applying the above policy in your controller or action, you just need to use it via attribute:

 

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Cors;

using Microsoft.AspNetCore.Mvc;

 

namespace WebApplication3.Controllers

{

    [EnableCors(policyName: "MyPolicyName")]

    public class DefaultController : Controller

    {

        [EnableCors(policyName: "MyPolicyName")]

        public IActionResult Index()

        {

            return View();

        }

    }

}

 

And, in order to apply for every request, you can config it like below in startup class: 

 

 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)

        {

            app.UseCors("MyPolicyName");

 

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

            else

            {

                app.UseExceptionHandler("/Error");

                app.UseHsts();

            }

 

            app.UseHttpsRedirection();

            app.UseStaticFiles();

            app.UseCookiePolicy();

 

            app.UseMvc();

        }

 



HttpContext in asp.net core

Accessing to HttpContext in asp.net core application is just like before, for example:

 

 public class MyController : Controller

    {

        [HttpGet]

        public ActionResult Show()

        {

            var user = HttpContext.User;

            return View();

        }

    }

 

 But HttpContext is not available everywhere in your solution! For IHttpContextAccessor. If you are using the default dependency injection of Ap.net Core then you should example to access to HttpContext in layers rather than web, you should inject a new interface of asp.net core named firstly resolve the mentioned interface in it:

 

public void ConfigureServices(IServiceCollection services)

        {

            services.Configure<CookiePolicyOptions>(options =>

            {

                // This lambda determines whether user consent for non-essential cookies is needed for a given request.

                options.CheckConsentNeeded = context => true;

                options.MinimumSameSitePolicy = SameSiteMode.None;

            });

            services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        }

 

Now you can inject the interface wherever you are going to use HttpContext:

 

   public interface ISampleService

    {

    }

 

    public class SampleService : ISampleService

    {

        private readonly IHttpContextAccessor _httpContextAccessor;

 

        public SampleService(IHttpContextAccessor httpContextAccessor)

        {

            _httpContextAccessor = httpContextAccessor;

        }

    }

 

To tell the truth, I don't like this kind of using HttpContext in the outside scope of the controller. It's an antipattern in my point of view because HttpContext and every related thing to the web should live in the web project. By the way! Using HttpContext in Razor view engine is just like before!



Disable directory browsing in asp.net core

In asp.net applications, directory browsing has enabled some versions and you let the users see all of the content and structure of your application like the picture below:

To the best of my knowledge, in order to disable the directory browsing, there are two ways: by web.config and IIS. In web.config file you just need to add the following piece of code:

 

    <system.webServer>
      <directoryBrowse enabled="false" />
    </system.webServer>

 

and In IIS, you have to disable the configuration manually:

 

 

Actually, both of them are the same. But in asp.net core, as the structure has been changed, you can handle the mentioned feature by code. In web asp.net core, static files are located in a folder named wwwroot. In the configure method of Startup class you can call the UseFileServer() and set the enableDirectoryBrowsing as false:

 

      public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();
            app.UseMvc();
            app.UseFileServer(enableDirectoryBrowsing: false);
        }



Access to configuration in asp.net core

While I was working with asp.net core, I encountered with getting the configuration setting from the JSON file and After searching on the web I found out that there would be different ways to do that. I tested the following one and it worked. There is a different configuration in each version of Asp.net core in the Main method of program class. you should put the following configuration in this sample in the main method because I didn’t test it with other configurations to ensure you.

 public static void Main(string[] args)

        {

            var host = new WebHostBuilder()

                .UseKestrel()

                .UseContentRoot(Directory.GetCurrentDirectory())

                .UseIISIntegration()

                .UseStartup<Startup>()

                .UseApplicationInsights()

                .Build();



            host.Run();

        }

Then create a class to keeping configuration and creating injection based on it, it's just a simple property:

  public class ConfgurationClass

    {

        public string ConnectionString { get; set; }

    }

Now, in the target class that you want to access your configuration, inject the above class:

public class TestController : Controller

    {

        private readonly ConfgurationClass _connectionStrings;



        public TestController(IOptions<ConfgurationClass> options)

        {

            _connectionStrings = options.Value;

        }



        public IActionResult Index()

        {

            var connectionsString = _connectionStrings.ConnectionString;

            return Ok();

        }

    }

Note that IOption<> is available in Version=1.1.1.0 and above.  But if you run the application now, you would get the injection Error because you haven’t configured DI yet. Put the following piece of code in Startup class to configure the injection:

        public IConfigurationRoot Configuration { get; }



        public Startup(IHostingEnvironment env)

        {

            var builder = new ConfigurationBuilder()

                .SetBasePath(env.ContentRootPath)

                .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)

                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)

                .AddEnvironmentVariables();



            Configuration = builder.Build();

        }



        public void ConfigureServices(IServiceCollection services)

        {

            services.AddOptions();



            // Configure ConnectionStrings using config

            services.Configure<ConfgurationClass>(Configuration);

        }

Remember that appsettings.json is the file that we are reading the connectionString from. Have a nice time!



About Me

Ehsan Ghanbari

Hi! my name is Ehsan. I'm a developer, passionate technologist, and fan of clean code. I'm interested in enterprise and large-scale applications architecture and design patterns and I'm spending a lot of my time on architecture subject. Since 2008, I've been as a developer for companies and organizations and I've been focusing on Microsoft ecosystem all the time. During the&nb Read More

Post Tags
Pending Blog Posts
Strategic design
Factory Pattern
time out pattern in ajax
Selectors in Jquery
using Log4net in asp.net MVC4
How to use PagedList In asp.net MVC
Redis as a cache server
Domain driven design VS model driven architecture
What's the DDD-lite?
Multiple submit buttons in asp.net MVC