From 2f3df2715d2deb5520044cb351144641b8d8f7c7 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 15 Mar 2017 08:57:01 -0700 Subject: [PATCH 1/2] Set data protection application discriminators This prevents cookie confusion when applications are hosted at the same domain and path. For example, under default settings, WebMVC may attempt to decrypt Identity's antiforgery cookie rather than its own. --- src/Services/Identity/Identity.API/Startup.cs | 5 +++++ src/Web/WebMVC/Startup.cs | 5 +++++ src/Web/WebSPA/Startup.cs | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/src/Services/Identity/Identity.API/Startup.cs b/src/Services/Identity/Identity.API/Startup.cs index d29459395..81c26eb16 100644 --- a/src/Services/Identity/Identity.API/Startup.cs +++ b/src/Services/Identity/Identity.API/Startup.cs @@ -54,6 +54,11 @@ namespace eShopOnContainers.Identity services.Configure(Configuration); + services.AddDataProtection(opts => + { + opts.ApplicationDiscriminator = "eshop.identity"; + }); + services.AddMvc(); services.AddTransient(); diff --git a/src/Web/WebMVC/Startup.cs b/src/Web/WebMVC/Startup.cs index ee2412bee..f6ac17e6f 100644 --- a/src/Web/WebMVC/Startup.cs +++ b/src/Web/WebMVC/Startup.cs @@ -42,6 +42,11 @@ namespace Microsoft.eShopOnContainers.WebMVC // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { + services.AddDataProtection(opts => + { + opts.ApplicationDiscriminator = "eshop.webmvc"; + }); + services.AddMvc(); services.Configure(Configuration); diff --git a/src/Web/WebSPA/Startup.cs b/src/Web/WebSPA/Startup.cs index a0f33d8b3..1386849f7 100644 --- a/src/Web/WebSPA/Startup.cs +++ b/src/Web/WebSPA/Startup.cs @@ -41,6 +41,11 @@ namespace eShopConContainers.WebSPA { services.Configure(Configuration); + services.AddDataProtection(opts => + { + opts.ApplicationDiscriminator = "eshop.webspa"; + }); + services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN"); services.AddMvc() From eba2ea8bf9d09ceae4f40dacf2230763c7f2a4d3 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Tue, 21 Mar 2017 10:19:11 -0700 Subject: [PATCH 2/2] Support IP address connection string in Basket.API Dns.GetHostAddressesAsync can return problematic results when passed an IP address, and if the connection string is already an IP address, we needn't call it anyway. --- .../Basket.API/Model/RedisBasketRepository.cs | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/Services/Basket/Basket.API/Model/RedisBasketRepository.cs b/src/Services/Basket/Basket.API/Model/RedisBasketRepository.cs index fc5c256f8..393e9ae7b 100644 --- a/src/Services/Basket/Basket.API/Model/RedisBasketRepository.cs +++ b/src/Services/Basket/Basket.API/Model/RedisBasketRepository.cs @@ -94,13 +94,21 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API.Model private async Task ConnectToRedisAsync() { - //TODO: Need to make this more robust. Also want to understand why the static connection method cannot accept dns names. - var ips = await Dns.GetHostAddressesAsync(_settings.ConnectionString); - _logger.LogInformation($"Connecting to database {_settings.ConnectionString} at IP {ips.First().ToString()}"); - _redis = await ConnectionMultiplexer.ConnectAsync(ips.First().ToString()); + // TODO: Need to make this more robust. ConnectionMultiplexer.ConnectAsync doesn't like domain names or IPv6 addresses. + if (IPAddress.TryParse(_settings.ConnectionString, out var ip)) + { + _redis = await ConnectionMultiplexer.ConnectAsync(ip.ToString()); + _logger.LogInformation($"Connecting to database at {_settings.ConnectionString}"); + } + else + { + // workaround for https://github.com/StackExchange/StackExchange.Redis/issues/410 + var ips = await Dns.GetHostAddressesAsync(_settings.ConnectionString); + _logger.LogInformation($"Connecting to database {_settings.ConnectionString} at IP {ips.First().ToString()}"); + _redis = await ConnectionMultiplexer.ConnectAsync(ips.First().ToString()); + } } - - + } }