我有一个作为后台服务的程序。它托管自托管服务。但是有一个问题。当我托管此服务时,它可用于所有区域设置网络。而且,同一网络中的每个人都可以访问此 API。这是我托管服务的方式:
首先我用 netsh 注册 url
string frm = string.Format(@"http add urlacl url={0}:{1} user={2}\{3}", address, port, domain, user);
Process.Start(new ProcessStartInfo("netsh", frm)
{
Verb = "runas",
CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = true
}).WaitForExit();
然后我托管服务
_hostConfiguration = new ExtendHttpSelfHostConfiguration(
string.Concat(url, ":", port))
{
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue
};
_server = new HttpSelfHostServer(_hostConfiguration);
_hostingTask = _server.OpenAsync();
_hostingTask.Wait();
ExtendHttpSelfHostConfiguration的结构是:
public class ExtendHttpSelfHostConfiguration : HttpSelfHostConfiguration
{
/// <summary>
///
/// </summary>
/// <param name="baseAddress"></param>
public ExtendHttpSelfHostConfiguration(string baseAddress) : base(baseAddress) => Configure();
/// <summary>
///
/// </summary>
/// <param name="baseAddress"></param>
public ExtendHttpSelfHostConfiguration(Uri baseAddress) : base(baseAddress) => Configure();
/// <summary>
///
/// </summary>
/// <param name="httpBinding"></param>
/// <returns></returns>
protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding)
{
if (BaseAddress.ToString().ToLower().StartsWith("https://"))
{
httpBinding.Security.Mode = HttpBindingSecurityMode.Transport;
}
return base.OnConfigureBinding(httpBinding);
}
private void Configure()
{
ConfigureCors();
ConfigureRoutes();
ConfigureFormatters();
ConfigureFilters();
ConfigureProviders();
ConfigureSwagger();
ConfigureLogger();
}
private void ConfigureSwagger()
{
#if DEBUG
this.EnableSwagger(c =>
{
c.SingleApiVersion("v1", "Host services");
c.DescribeAllEnumsAsStrings();
c.IncludeXmlComments(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, string.Concat(Assembly.GetExecutingAssembly().GetName().Name + ".xml")));
}).EnableSwaggerUi();
#else
#endif
}
private void ConfigureLogger() => XmlConfigurator.Configure();
private void ConfigureProviders() => FluentValidationModelValidatorProvider.Configure(this);
private void ConfigureFilters() => Filters.Add(new ValidationFilter());
private void ConfigureCors() => this.EnableCors(new EnableCorsAttribute("*", "*", "*"));
private void ConfigureRoutes() => this.MapHttpAttributeRoutes();
private void ConfigureFormatters()
{
Formatters.JsonFormatter.SupportedMediaTypes.Clear();
Formatters.XmlFormatter.SupportedMediaTypes.Clear();
Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("application/json"));
Formatters.XmlFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("application/xml"));
Formatters.OfType<JsonMediaTypeFormatter>().First().SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
}
}
它完全适用于本地机器。
但是当我扫描网络时,nmap 可以检测到这个端口。
问题是如何让它只在计算机上工作。其他人不应访问此端口。据我了解,这样做应该是 127.0.0.1而不是0.0.0.0。
我怎么解决这个问题?