Products

TX Text Control .NET Server

ASP.NET Core Blazor Angular Javascript

TX Text Control .NET Server

Developer SDK for .NET

Overview

DS Server

DS Server

Low-code, containerized backend

Overview

.NET 8 .NET 9 .NET Framework
Server & Web
Windows Forms
WPF
ActiveX/VB6
ActiveX

Ready to evaluate?
Explore our Getting Started guides for step-by-step tutorials to kickstart your product journey!

Getting started

Technologies
Core Technologies

Add deep document processing to your applications.

Overview

Blog

Regular news, tutorials, code samples, and updates for Text Control products.

Read

Core Technologies

We would love to talk to you about how our technologies can help your business.

Call us on +1 704-544-7445 or schedule a meeting.

Schedule meeting

Demo Docs Blog
Blog

Regular news, tutorials, code samples, and updates for Text Control products.

Read

Authors

Meet our expert writers and technical contributors.

Overview

Latest Posts

We would love to talk to you about how our products can help your business.

Call us on +1 704-544-7445 or schedule a meeting.

Schedule meeting

Support
Support Resources

Full technical assistance for our product portfolio.

Overview

Documentation

Detailed guides and technical documentation library.

Overview

Support
Getting Started
Other Resources

Need technical support?
Contact our support team by opening a ticket - we'll get back to you within 1 business day.

New ticket

Company
About Us

Learn more about our company, our values and mission statement.

Learn more

Industry events

Text Control participates in leading technology conferences worldwide.

Learn more

Company
Contact
Newsletter
Legal

Let's start a conversation
Send us a message about your project, give us a call to discuss your requirements, or visit our office locations in Bremen (Germany) or Charlotte, NC (USA).

Contact us

ASP.NETASP.NET CoreDocument EditorDocument ViewerSecurity

Next Prev

Adding a Security Middleware to ASP.NET Core Web Applications to Protect TX Text Control Document Editor and Document Viewer Endpoints

Bjoern Meyer

Bjoern Meyer

Securing document editing and viewing endpoints within web applications is critical to preventing unauthorized access. This article provides a comprehensive guide on integrating security middleware into ASP.NET Core to fortify these endpoints effectively.

Adding a Security Middleware to ASP.NET Core Web Applications to Protect TX Text Control Document Editor and Document Viewer Endpoints

When building a backend for the TX Text Control Document Editor and Document Viewer, the TX Text Control NuGet packages implement the necessary endpoints and handlers for the communication between the client-side libraries and the backend.

It is recommended that these endpoints be secured using a middleware that checks for an access token. This demo implementation does not create and store access tokens, but illustrates how incoming requests can be checked for an access token. Typically, your actual authorization layer, such as OAuth, creates the access tokens.

The following diagram illustrates the request flow with an integrated custom security middleware.

Security Middleware in ASP.NET Core

The client-side part of the Document Editor or Viewer requests a resource from the backend by sending an access token with the request. The custom security middleware captures this request as part of the request pipeline.

The access token is validated, and if valid, the request is forwarded to the appropriate TX Text Control middleware, and if not, an UnauthorizedAccessException is thrown.

Custom Security Middleware

The middleware implementation is shown in the following code.

namespace TXTextControl
{
    public class TXSecurityMiddleware
    {
        private RequestDelegate m_next;

        // stored access token usually retrieved from any storage
        // implemented thought OAuth or any other identity protocol
        private const string access_token = "821e2f35-86e3-4917-a963-b0c4228d1315";

        public TXSecurityMiddleware(RequestDelegate next)
        {
            m_next = next;
        }

    public async Task Invoke(HttpContext context)
    {
      // Check if the request is a TX Text Control request
      if (context.WebSockets.IsWebSocketRequest &&
        context.WebSockets.WebSocketRequestedProtocols.Contains("TXTextControl.Web") ||
        (context.Request.Query.ContainsKey("access_token") &&
        context.GetEndpoint()?.DisplayName?.Contains("TXTextControl.Web.MVC.DocumentViewer") == true))
      {
        // Retrieve access token from the query string
        var accessToken = context.Request.Query["access_token"];

        // Showcase only: Easy comparison of tokens
        if (accessToken != access_token)
        {
          throw new UnauthorizedAccessException();
        }
        else
        {
          await m_next.Invoke(context);
        }
      }
      else if (m_next != null)
      {
        await m_next.Invoke(context);
      }
    }

  }

}

Access Token

The access token in this example is hard-coded and would normally be generated and validated by the authorization strategy you have in place.

Registering the Middleware

The middleware is registered in the Program.cs request pipeline. The following entries must be added after the app.UseRouting() entry, assuming you have created a backend based on this tutorial.

app.UseWebSockets();

// Add the TX Security Middleware to the request pipeline
app.UseMiddleware<TXTextControl.TXSecurityMiddleware>();

// TX Text Control specific middleware
app.UseTXWebSocketMiddleware();
app.UseTXDocumentViewer();

The order in which requests get processed is very important. You need to add the custom security middleware first, followed by the TX Text Control middleware entries.

Passing the Access Tokens

When the client-side part of the Document Editor or Viewer sends a request to the backend, the access token must be passed with the request. The following code shows how to pass the access token within either the WebSocketURL or BasePath properties.

Document Editor

@using TXTextControl.Web.MVC

@{
        // use an access token (for example returned by OAuth)
        var sAccessToken = "821e2f35-86e3-4917-a963-b0c4228d1315";

        // build WebSocketURL including access token in query string
        var sProtocol = (Context.Request.IsHttps) ? "wss://" : "ws://";
        var sWebSocketURL = sProtocol + Context.Request.Host
                        + "/TXWebSocket?access_token=" + sAccessToken;
}

@Html.TXTextControl().TextControl(settings =>
{
        settings.WebSocketURL = sWebSocketURL; // pass built WebSocketURL
}).Render()

Document Viewer

@using TXTextControl.Web.MVC.DocumentViewer

@{
        // use an access token (for example returned by OAuth)
        var sAccessToken = "821e2f35-86e3-4917-a963-b0c4228d1315";

        // build BasePath including access token in query string
        var sProtocol = (Context.Request.IsHttps) ? "https://" : "http://";
        var sBasePathURL = sProtocol + Context.Request.Host
                        + "?access_token=" + sAccessToken;
}

<div style="width: 800px; height: 600px;">

        @Html.TXTextControl().DocumentViewer(settings =>
        {
                settings.BasePath = sBasePathURL; // pass the base path
                settings.Dock = DocumentViewerSettings.DockStyle.Fill;
        }).Render()

</div>

Conclusion

Securing document editing and viewing endpoints within web applications is critical to preventing unauthorized access. This article provides a comprehensive guide on integrating security middleware into ASP.NET Core to fortify these endpoints effectively.

Stay in the loop!

Subscribe to the newsletter to receive the latest updates.

ASP.NET

Integrate document processing into your applications to create documents such as PDFs and MS Word documents, including client-side document editing, viewing, and electronic signatures.

ASP.NET Core
Angular
Blazor
JavaScript
React
  • Angular
  • Blazor
  • React
  • JavaScript
  • ASP.NET MVC, ASP.NET Core, and WebForms

Learn more Trial token Download trial

Related Posts

AngularASP.NETBlazor

Building an ASP.NET Core Backend (Linux and Windows) for the Document Editor…

This article shows how to create a backend for the Document Editor and Viewer using ASP.NET Core. The backend can be hosted on Windows and Linux and can be used in Blazor, Angular, JavaScript, and…

ASP.NETBlazorASP.NET Core

TX Text Control Document Editor and Viewer for Blazor Released

We are very happy to announce the immediate availability of TX Text Control packages for Blazor. This article gives an overview of the available packages and how to use them.

ASP.NETBlazorASP.NET Core

Announcing Our Work on a Blazor Component for Document Editing and Viewing

We are pleased to announce our work on a Blazor document editing and viewing component. This component will be part of our upcoming release and will provide an easy upgrade path from Web Forms to…

ASP.NETASP.NET CoreDocument Editor

Preparing Documents for E-Signing for Multiple Signers in .NET C#

Learn how to prepare documents for e-signing by multiple signers in .NET C#. This article shows how to create signature fields and how to assign them to signers.

ASP.NETASP.NET CoreDocument Editor

ASP.NET Core: Use the Document Editor and Viewer in the Same Razor View

The Document Editor and Viewer typically have separate roles in web apps, with the editor used for creating and editing documents, often occupying the full view. Some applications, however,…