0

I have a standalone C# WCF service running as a Windows service. I have the requirement to add custom headers like "X-Xss-Protection" to all responses. I have tried with the following script in app.config file but this doesn't add any HTTP header to the response.

    <system.webServer>
            <httpProtocol>
                <customHeaders>
                    <remove name="X-Powered-By"/>
                    <remove name="X-AspNet-Version"/>
                    <remove name="HTTPServer"/>
                    <remove name="Microsoft-IIS"/>
                    <add name="Strick-Transport-Security" value="max-age=31536000;includeSubDomains"/>
                    <add name="Content-Security-Policy" value="script-src 'unsafe-eval' https://www.google.com 'self' 'unsafe-inline'"/>
                    <add name="X-Xss-Protection" value="1; mode=block"/>
                    <add name="Feature-Policy" value="geolocation 'none'"/>
                    <add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0"/>
                    <add name="Pragma" value="no-cache"/>
                    <add name="Expires" value="0"/>
                </customHeaders>
            </httpProtocol>
        </system.webServer>
K C Dash
  • 26
  • 2
  • It looks like this question has been previously asked, please refer to this answer here https://stackoverflow.com/a/1408177/3559462 – Vikas Lalwani May 13 '21 at 14:56
  • Thanks for your comment, @Vikas. For me IDispatchMessageInspector.BeforeSendReply method is not invoking automatically. Any idea what could be the reason? – K C Dash May 15 '21 at 09:47

1 Answers1

0

The reason why you cannot successfully insert the header through the IDispatchMessageInspector.BeforeSendReply method is probably because you did not add the [CustomBehavior] tag above the interface.

Add the tag like this:

[CustomBehavior]
Public interface IService
Theobald Du
  • 824
  • 4
  • 7
  • Thanks for the input @Theobald Du. The below are the interfaces I am using and all are predefine. Could you please provide the code snippet is possible? IClientMessageInspector and IDispatchMessageInspector – K C Dash May 18 '21 at 11:27
  • You can refer to: https://stackoverflow.com/questions/66830864/c-sharp-wcf-service-read-soapenv-header-security-section/66849431#66849431 – Theobald Du May 19 '21 at 02:02