Restricting service and disabling UI

Math · May 25, 2022, 4:55pm

I’d like to restrict one of my services as much as possible and not show the index.html, disable the UI and all other features that allow to browse the code, show definitions of the service etc.

Basically, I want only the routes I defined in my ServiceModel to be accessible and nothing else at all.

Is there a setting for this? If not, what is the easiest way to achieve this?

Right now, I manually delete the index.html file in my publish folder. I’ve tried excluding it from the publish process by adding this to my project with no luck:

Always False

If there are other settings you can think of to restrict access (or to improve security) please let me know.

I set “DebugMode”: false and “DetailedErrors”: false in my appsettings and I disabled the following features in my AppHost.Config:

disableFeatures = Feature.Jsv | Feature.Soap | Feature.Metadata | Feature.Csv;

Thanks.

layoric · May 25, 2022, 11:41pm

Hi @Math,

You will likely want to remove the UiFeature and a few others using:

Plugins.RemoveAll(x => x is UiFeature);

Eg

Plugins.RemoveAll(x => x is RequestInfoFeature or 
    UiFeature or MetadataFeature or NativeTypesFeature or 
    RequestInfoFeature or SvgFeature);

I think this should cover the built in features routes, however if you are registering additional plugins, they may also register routes as a part of their functionality.

Math · May 26, 2022, 12:14am

That works but the index.html is still loading. I’d like to keep it in development but not in production if you have any suggestion. Otherwise I’ll keep on deleting it manually.

layoric · May 26, 2022, 2:20am

Can you give me an example of index.html you mean? I’m not sure I follow. It might be more related to your publish step, eg you should be able to exclude files if you are using dotnet publish. If it is in the wwwroot folder, I think it will get included by default.

Math · May 26, 2022, 2:09pm

When using the web template in the main project in wwwroot\index.html is generated and that always get published. I’m trying to keep it and only disable all the ui features in production and not publish this page.

mythz · May 26, 2022, 2:12pm

Delete what files from the template you don’t want to end up in your project.

Math · May 26, 2022, 2:15pm

I was looking for something like:

if (!app.Environment.IsDevelopment())
app.DoNotUseStaticFiles()

Math · May 26, 2022, 2:35pm

<Target Name="RemovedIndex" AfterTargets="Publish">
<Exec Command="IF EXIST C:\ceesharp\Project\Project\bin\Debug\net6.0\linux-x64\publish\wwwroot\index.html del C:\ceesharp\Project\Project\bin\Debug\net6.0\linux-x64\publish\wwwroot\index.html" />
<Exec Command="IF EXIST C:\ceesharp\Project\Project\bin\Debug\net6.0\linux-x64\publish\wwwroot\index.html del C:\ceesharp\Project\Project\bin\Release\net6.0\linux-x64\publish\wwwroot\index.html" />
</Target>

This works.