question

CodeGeek-2195 avatar image
0 Votes"
CodeGeek-2195 asked TheobaldDu-MSFT edited

Headers in WCF Service

Hi



We are having some findings and we need to add headers like Custom Security Polocy, X-FramerOptions and X-XSS-Protection. We can add them to Web.Config due to some policy .



Is there any other way I can add them to a WCF Service requests/response.

windows-wcf
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TheobaldDu-MSFT avatar image
0 Votes"
TheobaldDu-MSFT answered TheobaldDu-MSFT edited

Hi @CodeGeek-2195 , You can try Message inspector, On the client side, by implementing the IClientMessageInspector interface to intercept SOAP messages. On the server side, by implementing the IDispatchMessageInspector interface to intercept SOAP messages.
This is the sample on server side:


  public class CustomMessageInspector : IDispatchMessageInspector
         {
             public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
             {
                 MessageHeader header = MessageHeader.CreateHeader("UserAgent", "http://User", "User1");
                 request.Headers.Add(header);
                 return null;
             }
        
             public void BeforeSendReply(ref Message reply, object correlationState)
             {
                 MessageHeader header1 = MessageHeader.CreateHeader("Testreply", "http://Test", "Test");
                 reply.Headers.Add(header1);
             }
         }
         [AttributeUsage(AttributeTargets.Interface)]
         public class CustomBehavior : Attribute, IContractBehavior
         {
             public void AddBindingParameters(ContractDescription contractDescription, ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
             {
                 return;
             }
        
             public void ApplyClientBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, ClientRuntime clientRuntime)
             {
                 return;
             }
             public void ApplyDispatchBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, DispatchRuntime dispatchRuntime)
             {
                 dispatchRuntime.MessageInspectors.Add(new CustomMessageInspector());
             }
        
             public void Validate(ContractDescription contractDescription, ServiceEndpoint endpoint)
             {
                 return;
             }
         }

This the sample on the client side:


      public class ClientMessageLogger : IClientMessageInspector
 {
     public object AfterReceiveRequest(ref Message reply, object correlationState)
     {
         MessageHeader header = MessageHeader.CreateHeader("UserAgent", "http://User", "User1");
         reply.Headers.Add(header);
         return null;
     }
    
     public void BeforeSendRequest(ref Message request, IClientChannel channel)
     {
         MessageHeader header1 = MessageHeader.CreateHeader("Testreply", "http://Test", "Test");
         request.Headers.Add(header1);
     }
 }
 [AttributeUsage(AttributeTargets.Interface)]
 public class CustomBehavior : Attribute, IContractBehavior
 {
     public void AddBindingParameters(ContractDescription contractDescription, ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
     {
         return;
     }
    
     public void ApplyClientBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, ClientRuntime clientRuntime)
     {
         return;
     }
     public void ApplyDispatchBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, DispatchRuntime dispatchRuntime)
     {
         dispatchRuntime.MessageInspectors.Add(new CustomMessageInspector());
     }
    
     public void Validate(ContractDescription contractDescription, ServiceEndpoint endpoint)
     {
         return;
     }
 }

Add Custombehavior above service interface to apply the message inspector.


    [ServiceContract(Namespace = "http://Microsoft.ServiceModel.Samples")]
             [CustomBehavior]
          public interface IDemo



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Theobald Du






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.