Microsoft.AspNetCore.Http.Features
Use to dynamically control response compression for HTTPS requests.
No value has been specified, use the configured defaults.
Opts out of compression over HTTPS. Enabling compression on HTTPS requests for remotely manipulable content
may expose security problems.
Opts into compression over HTTPS. Enabling compression on HTTPS requests for remotely manipulable content
may expose security problems.
Represents a collection of HTTP features.
Indicates if the collection can be modified.
Incremented for each modification and can be used to verify cached results.
Gets or sets a given feature. Setting a null value removes the feature.
The requested feature, or null if it is not present.
Retrieves the requested feature from the collection.
The feature key.
The requested feature, or null if it is not present.
Sets the given feature in the collection.
The feature key.
The feature value.
Indicates if the request has a supported form content-type.
The parsed form, if any.
Parses the request body as a form.
Parses the request body as a form.
Controls the IO behavior for the and
Gets or sets a value that controls whether synchronous IO is allowed for the and
Information regarding the TCP/IP connection carrying the request.
The unique identifier for the connection the request was received on. This is primarily for diagnostic purposes.
The IPAddress of the client making the request. Note this may be for a proxy rather than the end user.
The local IPAddress on which the request was received.
The remote port of the client making the request.
The local port on which the request was received.
Feature to inspect and modify the maximum request body size for a single request.
Indicates whether is read-only.
If true, this could mean that the request body has already been read from
or that was called.
The maximum allowed size of the current request body in bytes.
When set to null, the maximum request body size is unlimited.
This cannot be modified after the reading the request body has started.
This limit does not affect upgraded connections which are always unlimited.
Defaults to the server's global max request body size limit.
Contains the details of a given request. These properties should all be mutable.
None of these properties should ever be set to null.
The HTTP-version as defined in RFC 7230. E.g. "HTTP/1.1"
The request uri scheme. E.g. "http" or "https". Note this value is not included
in the original request, it is inferred by checking if the transport used a TLS
connection or not.
The request method as defined in RFC 7230. E.g. "GET", "HEAD", "POST", etc..
The first portion of the request path associated with application root. The value
is un-escaped. The value may be string.Empty.
The portion of the request path that identifies the requested resource. The value
is un-escaped. The value may be string.Empty if contains the
full path.
The query portion of the request-target as defined in RFC 7230. The value
may be string.Empty. If not empty then the leading '?' will be included. The value
is in its original form, without un-escaping.
The request target as it was sent in the HTTP request. This property contains the
raw path and full query, as well as other request targets such as * for OPTIONS
requests (https://tools.ietf.org/html/rfc7230#section-5.3).
This property is not used internally for routing or authorization decisions. It has not
been UrlDecoded and care should be taken in its use.
Headers included in the request, aggregated by header name. The values are not split
or merged across header lines. E.g. The following headers:
HeaderA: value1, value2
HeaderA: value3
Result in Headers["HeaderA"] = { "value1, value2", "value3" }
A representing the request body, if any. Stream.Null may be used
to represent an empty request body.
Feature to identify a request.
Identifier to trace a request.
A that fires if the request is aborted and
the application should cease processing. The token will not fire if the request
completes successfully.
Forcefully aborts the request if it has not already completed. This will result in
RequestAborted being triggered.
This feature exposes HTTP request trailer headers, either for HTTP/1.1 chunked bodies or HTTP/2 trailing headers.
Indicates if the are available yet. They may not be available until the
request body is fully read.
The trailing headers received. This will throw if
returns false. They may not be available until the request body is fully read. If there are no trailers this will
return an empty collection.
Represents the fields and state of an HTTP response.
The status-code as defined in RFC 7230. The default value is 200.
The reason-phrase as defined in RFC 7230. Note this field is no longer supported by HTTP/2.
The response headers to send. Headers with multiple values will be emitted as multiple headers.
The for writing the response body.
Indicates if the response has started. If true, the ,
, and are now immutable, and
OnStarting should no longer be called.
Registers a callback to be invoked just before the response starts. This is the
last chance to modify the , , or
.
The callback to invoke when starting the response.
The state to pass into the callback.
Registers a callback to be invoked after a response has fully completed. This is
intended for resource cleanup.
The callback to invoke after the response has completed.
The state to pass into the callback.
Feature to start response writing.
Starts the response by calling OnStarting() and making headers unmodifiable.
Configures response compression behavior for HTTPS on a per-request basis.
The to use.
Provides an efficient mechanism for transferring files from disk to the network.
Sends the requested file in the response body. This may bypass the IHttpResponseFeature.Body
. A response may include multiple writes.
The full disk path to the file.
The offset in the file to start at.
The number of bytes to send, or null to send the remainder of the file.
A used to abort the transmission.
Indicates if the server can upgrade this request to an opaque, bidirectional stream.
Attempt to upgrade the request to an opaque, bidirectional stream. The response status code
and headers need to be set before this is invoked. Check
before invoking.
Indicates if this is a WebSocket upgrade request.
Attempts to upgrade the request to a . Check
before invoking this.
Represents the HttpRequestBody as a PipeReader.
A representing the request body, if any.
Represents the HttpResponseBody as a PipeWriter
A representing the response body, if any.
A helper for creating the response Set-Cookie header.
Gets the wrapper for the response Set-Cookie header.
Synchronously retrieves the client certificate, if any.
Asynchronously retrieves the client certificate, if any.
Provides information regarding TLS token binding parameters.
TLS token bindings help mitigate the risk of impersonation by an attacker in the
event an authenticated client's bearer tokens are somehow exfiltrated from the
client's machine. See https://datatracker.ietf.org/doc/draft-popov-token-binding/
for more information.
Gets the 'provided' token binding identifier associated with the request.
The token binding identifier, or null if the client did not
supply a 'provided' token binding or valid proof of possession of the
associated private key. The caller should treat this identifier as an
opaque blob and should not try to parse it.
Gets the 'referred' token binding identifier associated with the request.
The token binding identifier, or null if the client did not
supply a 'referred' token binding or valid proof of possession of the
associated private key. The caller should treat this identifier as an
opaque blob and should not try to parse it.
Used to query, grant, and withdraw user consent regarding the storage of user
information related to site activity and functionality.
Indicates if consent is required for the given request.
Indicates if consent was given.
Indicates either if consent has been given or if consent is not required.
Grants consent for this request. If the response has not yet started then
this will also grant consent for future requests.
Withdraws consent for this request. If the response has not yet started then
this will also withdraw consent for future requests.
Creates a consent cookie for use when granting consent from a javascript client.
Options used to create a new cookie.
Creates a default cookie with a path of '/'.
Gets or sets the domain to associate the cookie with.
The domain to associate the cookie with.
Gets or sets the cookie path.
The cookie path.
Gets or sets the expiration date and time for the cookie.
The expiration date and time for the cookie.
Gets or sets a value that indicates whether to transmit the cookie using Secure Sockets Layer (SSL)--that is, over HTTPS only.
true to transmit the cookie only over an SSL connection (HTTPS); otherwise, false.
Gets or sets the value for the SameSite attribute of the cookie. The default value is
The representing the enforcement mode of the cookie.
Gets or sets a value that indicates whether a cookie is accessible by client-side script.
true if a cookie must not be accessible by client-side script; otherwise, false.
Gets or sets the max-age for the cookie.
The max-age date and time for the cookie.
Indicates if this cookie is essential for the application to function correctly. If true then
consent policy checks may be bypassed. The default value is false.
Represents the parsed form values sent with the HttpRequest.
Gets the number of elements contained in the .
The number of elements contained in the .
Gets an containing the keys of the
.
An containing the keys of the object
that implements .
Determines whether the contains an element
with the specified key.
The key to locate in the .
true if the contains an element with
the key; otherwise, false.
key is null.
Gets the value associated with the specified key.
The key of the value to get.
The key of the value to get.
When this method returns, the value associated with the specified key, if the
key is found; otherwise, the default value for the type of the value parameter.
This parameter is passed uninitialized.
true if the object that implements contains
an element with the specified key; otherwise, false.
key is null.
Gets the value with the specified key.
The key of the value to get.
The element with the specified key, or StringValues.Empty if the key is not present.
key is null.
has a different indexer contract than
, as it will return StringValues.Empty for missing entries
rather than throwing an Exception.
The file collection sent with the request.
The files included with the request.
Represents a file sent with the HttpRequest.
Gets the raw Content-Type header of the uploaded file.
Gets the raw Content-Disposition header of the uploaded file.
Gets the header dictionary of the uploaded file.
Gets the file length in bytes.
Gets the form field name from the Content-Disposition header.
Gets the file name from the Content-Disposition header.
Opens the request stream for reading the uploaded file.
Copies the contents of the uploaded file to the stream.
The stream to copy the file contents to.
Asynchronously copies the contents of the uploaded file to the stream.
The stream to copy the file contents to.
Represents the collection of files sent with the HttpRequest.
Gets the first file with the specified name.
The name of the file to get.
The requested file, or null if it is not present.
Gets the first file with the specified name.
The name of the file to get.
The requested file, or null if it is not present.
Gets an containing the files of the
with the specified name.
The name of the files to get.
An containing the files of the object
that implements .
Represents HttpRequest and HttpResponse headers
IHeaderDictionary has a different indexer contract than IDictionary, where it will return StringValues.Empty for missing entries.
The stored value, or StringValues.Empty if the key is not present.
Strongly typed access to the Content-Length header. Implementations must keep this in sync with the string representation.
Represents the HttpRequest query string collection
Gets the number of elements contained in the .
The number of elements contained in the .
Gets an containing the keys of the
.
An containing the keys of the object
that implements .
Determines whether the contains an element
with the specified key.
The key to locate in the .
true if the contains an element with
the key; otherwise, false.
key is null.
Gets the value associated with the specified key.
The key of the value to get.
The key of the value to get.
When this method returns, the value associated with the specified key, if the
key is found; otherwise, the default value for the type of the value parameter.
This parameter is passed uninitialized.
true if the object that implements contains
an element with the specified key; otherwise, false.
key is null.
Gets the value with the specified key.
The key of the value to get.
The element with the specified key, or StringValues.Empty if the key is not present.
key is null.
has a different indexer contract than
, as it will return StringValues.Empty for missing entries
rather than throwing an Exception.
Represents the HttpRequest cookie collection
Gets the number of elements contained in the .
The number of elements contained in the .
Gets an containing the keys of the
.
An containing the keys of the object
that implements .
Determines whether the contains an element
with the specified key.
The key to locate in the .
true if the contains an element with
the key; otherwise, false.
key is null.
Gets the value associated with the specified key.
The key of the value to get.
The key of the value to get.
When this method returns, the value associated with the specified key, if the
key is found; otherwise, the default value for the type of the value parameter.
This parameter is passed uninitialized.
true if the object that implements contains
an element with the specified key; otherwise, false.
key is null.
Gets the value with the specified key.
The key of the value to get.
The element with the specified key, or string.Empty if the key is not present.
key is null.
has a different indexer contract than
, as it will return string.Empty for missing entries
rather than throwing an Exception.
A wrapper for the response Set-Cookie header.
Add a new cookie and value.
Name of the new cookie.
Value of the new cookie.
Add a new cookie.
Name of the new cookie.
Value of the new cookie.
included in the new cookie setting.
Sets an expired cookie.
Name of the cookie to expire.
Sets an expired cookie.
Name of the cookie to expire.
used to discriminate the particular cookie to expire. The
and values are especially important.
Indicate whether the current session has loaded.
A unique identifier for the current session. This is not the same as the session cookie
since the cookie lifetime may not be the same as the session entry lifetime in the data store.
Enumerates all the keys, if any.
Load the session from the data store. This may throw if the data store is unavailable.
Store the session in the data store. This may throw if the data store is unavailable.
Retrieve the value of the given key, if present.
Set the given key and value in the current session. This will throw if the session
was not established prior to sending the response.
Remove the given key from the session if present.
Remove all entries from the current session, if any.
The session cookie is not removed.
Used to set the SameSite field on response cookies to indicate if those cookies should be included by the client on future "same-site" or "cross-site" requests.
RFC Draft: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
No SameSite field will be set, the client should follow its default cookie policy.
Indicates the client should send the cookie with "same-site" requests, and with "cross-site" top-level navigations.
Indicates the client should only send the cookie with "same-site" requests.