2015-11-27

WCF JSON Servisleri için CORS IEndPointBehavior

CORS(Cross-origin resource sharing) yapabilen JSON servisler için browser'lar normal istekten önce bir preflight(ön istek/uçuş) gerçekleştiriler. Bu aslında servise yapılan bir HTTP OPTIONS isteğidir.

Eğer sunucuda bu isteği değerlendirebilecek bir mekanizmanız yoksa,genellikle 405(Method not Allowed) yanıtı alırsınız. Bunu önleme için bu istekleri değerlendirip, ona göre yanıt vermeniz gerekir.

Aşağıdaki sınıf bu işlemi yapan bir IEndPointBehavior oluşturarak yapmaktadır.

using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.ServiceModel.Description;
 
public class EnableCrossOriginResourceSharingBehavior : IEndpointBehavior, System.ServiceModel.Dispatcher.IDispatchMessageInspector
{
 
 public static string AllowedMethods { get; set; }
 public static string AllowedHeaders { get; set; }
 
 static EnableCrossOriginResourceSharingBehavior()
 {
  EnableCrossOriginResourceSharingBehavior.AllowedMethods = "GET,POST,OPTIONS";
  EnableCrossOriginResourceSharingBehavior.AllowedHeaders = "X-Requested-With,Content-Type,origin";
 }
 public void AddBindingParameters1(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
 {
 }
 void IEndpointBehavior.AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
 {
  AddBindingParameters1(endpoint, bindingParameters);
 }
 
 
 public void ApplyClientBehavior1(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
 {
 }
 void IEndpointBehavior.ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
 {
  ApplyClientBehavior1(endpoint, clientRuntime);
 }
 
 public void ApplyDispatchBehavior1(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
 {
  endpointDispatcher.DispatchRuntime.MessageInspectors.Add(this);
  //   endpointDispatcher.DispatchRuntime.MessageInspectors.Add(New CustomHeaderMessageInspector(requiredHeaders))
 }
 void IEndpointBehavior.ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
 {
  ApplyDispatchBehavior1(endpoint, endpointDispatcher);
 }
 
 
 public void Validate1(ServiceEndpoint endpoint)
 {
 }
 void IEndpointBehavior.Validate(ServiceEndpoint endpoint)
 {
  Validate1(endpoint);
 }
 
 public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
 {
  System.ServiceModel.Channels.HttpRequestMessageProperty httpHeader = request.Properties[System.ServiceModel.Channels.HttpRequestMessageProperty.Name] as System.ServiceModel.Channels.HttpRequestMessageProperty;
  if (httpHeader != null)
  {
   if (httpHeader.Method.ToLowerInvariant() == "options")
   {
    request.Properties.Add("is_options_header", httpHeader);
   }
  }
  return null;
 }
 
 public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
 {
  //System.Diagnostics.Debugger.Launch()
  if (reply.IsFault) return;
  var props = System.ServiceModel.OperationContext.Current.IncomingMessageProperties;
  if (props.ContainsKey("is_options_header"))
  {
   System.ServiceModel.Channels.HttpRequestMessageProperty httpHeader = props["is_options_header"] as System.ServiceModel.Channels.HttpRequestMessageProperty;
   System.ServiceModel.Channels.HttpResponseMessageProperty resProp = reply.Properties.Values.OfType<System.ServiceModel.Channels.HttpResponseMessageProperty>().FirstOrDefault();
   //  If respo.StatusCode = Net.HttpStatusCode.MethodNotAllowed Then
   Dictionary<string, string> requiredHeaders = new Dictionary<string, string>();
   requiredHeaders.Add("Access-Control-Allow-Origin", "*");
   requiredHeaders.Add("Access-Control-Request-Method", EnableCrossOriginResourceSharingBehavior.AllowedMethods);
   requiredHeaders.Add("Access-Control-Allow-Headers", EnableCrossOriginResourceSharingBehavior.AllowedHeaders);
   requiredHeaders.Add("Access-Control-Max-Age", TimeSpan.FromHours(1).TotalSeconds.ToString());
   requiredHeaders.Add("X-EP-Behaviour", typeof(EnableCrossOriginResourceSharingBehavior).Name);
   foreach (string item in requiredHeaders.Keys)
   {
    resProp.Headers.Add(item, requiredHeaders[item]);
   }
 
   if (resProp.StatusCode == System.Net.HttpStatusCode.MethodNotAllowed)
   {
    resProp.StatusCode = System.Net.HttpStatusCode.OK;
    resProp.SuppressEntityBody = true;
   }
  }
 
 }
}