search

dotnet-architecture / HealthChecks

Experimental Health Checks for building services, such as with ASP.NET Core
Other
453 stars 124 forks source link

Healthcheck middleware must be protected #9

Closed ycrumeyrolle closed 7 years ago

ycrumeyrolle commented 7 years ago

The healthcheck endpoint could lead to a DoS attack. This endpoint may be an hidden or an obscure endpoint. The healthcheck endpoint must also be protected from malicious attacks. This could be done by using an AuthorizationPolicyBuilder :

      app.UseHealthCheck(new HealthCheckOptions
      {
          Path = "/health", 
          AuthorizationPolicy = new AuthorizationPolicyBuilder()
                                  .RequireXxx()
                                  // More authorization requirements...
                                  .Build()
      });

And with an AuthorizationService in the middleware :

            if (_options.AuthorizationPolicy != null)
            {
                if (!await _authorizationService.AuthorizeAsync(principal, context, _options.AuthorizationPolicy))
                {
                    _logger.AuthorizationFailed();
                    await _next(context);
                    return;
                }
            }
glennc commented 7 years ago

Because we aren't exposing anything in the middleware we don't think we require this. If you are exposing information we intend to direct you to use MVC, which gives you the normal auth system.