What minimal self-hosted server options use TcpListener and not HttpListener (to dodge urlacl)?
-
For the purposes of an OAuth 2.0 Client, I need to parse a HTTP GET with no body, and return either this pre-canned HTML (success) or that pre-canned HTML (fail), maybe serve up a bit of CSS and an image or two. Every other request I can respond 404. I have elsewhere explained that I can't use anything based on System.Net.HttpListener for this purpose, because that puts me in the situation of needing to elevate privileges on the host at least *sometime previously* ... but this app is ClickOnce so-as-to-avoid-the-need-for-admin-rights ... especially the need for admin rights in order to setup the app to receive an OAuth 2.0 authentication code! System.Net.TcpListener dodges the 'urlacl' infrastructure though. Sure, it puts more responsibility on me to 'be a webserver', but as explained, the 'functional surface area' of this web-server is quite small. So whether I write-my-own or import some dependencies, I feel like this *should* result in either a little bit of code, or a few minimal dependencies. Is this expectation reasonable, do you think, or are there gremlins in the forest? Are there any minimal 'sits on top of TcpListener' HTTP libraries/servers you are aware of?
-
For the purposes of an OAuth 2.0 Client, I need to parse a HTTP GET with no body, and return either this pre-canned HTML (success) or that pre-canned HTML (fail), maybe serve up a bit of CSS and an image or two. Every other request I can respond 404. I have elsewhere explained that I can't use anything based on System.Net.HttpListener for this purpose, because that puts me in the situation of needing to elevate privileges on the host at least *sometime previously* ... but this app is ClickOnce so-as-to-avoid-the-need-for-admin-rights ... especially the need for admin rights in order to setup the app to receive an OAuth 2.0 authentication code! System.Net.TcpListener dodges the 'urlacl' infrastructure though. Sure, it puts more responsibility on me to 'be a webserver', but as explained, the 'functional surface area' of this web-server is quite small. So whether I write-my-own or import some dependencies, I feel like this *should* result in either a little bit of code, or a few minimal dependencies. Is this expectation reasonable, do you think, or are there gremlins in the forest? Are there any minimal 'sits on top of TcpListener' HTTP libraries/servers you are aware of?
Yeah, this could work, but ... https. Getting closer. CoeProject: Simple HTTP Server in C#[^] GitHub Gist: Simple HTTP server in .NET Core using TcpListener[^]
-
Yeah, this could work, but ... https. Getting closer. CoeProject: Simple HTTP Server in C#[^] GitHub Gist: Simple HTTP server in .NET Core using TcpListener[^]
Big relief: https is NOT required for OAuth 2.0 redirect_uri which use 'localhost' as the hostname (at least with Xeros Authentication Server anyway ... it is possibly a requirement of the spec). A good thing too, or else presenting a clean certificate for 'localhost' to the user's browser (kind of super-important when getting the user to trust your app to access their resources) would require presentation a self-signed cert that's trusted by the host. Which would require generating and adding adding it to the trust store at some point in time prior to the moment it is used. Which would require privilege-elevation prior to the moment it is used. Which we are trying to avoid with ClickOnce.