Use a shared client for remote app connections (#178)

This change brings the configuration of the HttpClient into a shared
location for all the remote app connections. Now, any system that needs
to connect to the remote app can do so by just retrieving the client via
the IHttpClientFactory by name and the path/URI/backchannel will be
configured for them.

Author: twsouthwick

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Authentication/RemoteAppAuthenticationExtensions.cs

@@ -57,9 +57,6 @@ public static AuthenticationBuilder AddRemoteAppAuthentication(this Authenticati
 
         authenticationBuilder.Services.AddScoped<IRemoteAppAuthenticationResultProcessor, RedirectUrlProcessor>();
         authenticationBuilder.Services.AddSingleton<IAuthenticationResultFactory, RemoteAppAuthenticationResultFactory>();
-        authenticationBuilder.Services.AddHttpClient(AuthenticationConstants.AuthClientName)
-            // Disable cookies in the HTTP client because the service will manage the cookie header directly
-            .ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler { UseCookies = false, AllowAutoRedirect = false });
         authenticationBuilder.Services.AddTransient<IRemoteAppAuthenticationService, RemoteAppAuthenticationService>();
         authenticationBuilder.Services.AddOptions<RemoteAppAuthenticationClientOptions>(scheme)
             .Configure(configureOptions ?? (_ => { }))

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Authentication/RemoteAppAuthenticationService.cs

@@ -25,7 +25,6 @@ internal partial class RemoteAppAuthenticationService : IRemoteAppAuthentication
     private readonly IAuthenticationResultFactory _resultFactory;
     private readonly ILogger<RemoteAppAuthenticationService> _logger;
     private readonly IOptionsSnapshot<RemoteAppAuthenticationClientOptions> _authOptionsSnapshot;
-    private readonly RemoteAppClientOptions _remoteAppOptions;
 
     private RemoteAppAuthenticationClientOptions? _options;
 
@@ -36,14 +35,15 @@ public RemoteAppAuthenticationService(
         IOptions<RemoteAppClientOptions> remoteAppOptions,
         ILogger<RemoteAppAuthenticationService> logger)
     {
-        _remoteAppOptions = remoteAppOptions?.Value ?? throw new ArgumentNullException(nameof(remoteAppOptions));
+        if (httpClientFactory is null)
+        {
+            throw new ArgumentNullException(nameof(httpClientFactory));
+        }
+
         _resultFactory = resultFactory ?? throw new ArgumentNullException(nameof(resultFactory));
         _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         _authOptionsSnapshot = authOptions ?? throw new ArgumentNullException(nameof(authOptions));
-
-        // Use the HttpClient supplied in options if one is present;
-        // otherwise, generate a client with an IHttpClientFactory from DI
-        _client = _remoteAppOptions.BackchannelHttpClient ?? httpClientFactory?.CreateClient(AuthenticationConstants.AuthClientName) ?? throw new ArgumentNullException(nameof(httpClientFactory));
+        _client = httpClientFactory.CreateClient(RemoteConstants.HttpClientName);
     }
 
     /// <summary>
@@ -55,8 +55,6 @@ public Task InitializeAsync(AuthenticationScheme scheme)
         // Finish initializing the http client here since the scheme won't be known
         // until the owning authentication handler is initialized.
         _options = _authOptionsSnapshot.Get(scheme.Name);
-        _client.BaseAddress = new Uri($"{_remoteAppOptions.RemoteAppUrl.ToString().TrimEnd('/')}{_options.AuthenticationEndpointPath}");
-        _client.DefaultRequestHeaders.Add(_remoteAppOptions.ApiKeyHeader, _remoteAppOptions.ApiKey);
 
         return Task.CompletedTask;
     }
@@ -87,7 +85,7 @@ public async Task<RemoteAppAuthenticationResult> AuthenticateAsync(HttpRequest o
         // that may matter for authentication. Also include the original request path as
         // as a query parameter so that the ASP.NET app can redirect back to it if an
         // authentication provider attempts to redirect back to the authenticate URL.
-        var url = $"?{AuthenticationConstants.OriginalUrlQueryParamName}={WebUtility.UrlEncode(originalRequest.GetEncodedPathAndQuery())}";
+        var url = $"{_options.AuthenticationEndpointPath}?{AuthenticationConstants.OriginalUrlQueryParamName}={WebUtility.UrlEncode(originalRequest.GetEncodedPathAndQuery())}";
         using var authRequest = new HttpRequestMessage(HttpMethod.Get, url);
         AddHeaders(_options.RequestHeadersToForward, originalRequest, authRequest);
 

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/RemoteAppClientExtensions.cs

@@ -2,7 +2,9 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Net.Http;
 using Microsoft.AspNetCore.SystemWebAdapters;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection;
 
@@ -27,6 +29,27 @@ public static ISystemWebAdapterBuilder AddRemoteAppClient(this ISystemWebAdapter
         builder.Services.AddOptions<RemoteAppClientOptions>()
             .ValidateDataAnnotations();
 
+        builder.Services.AddHttpClient(RemoteConstants.HttpClientName)
+            .ConfigurePrimaryHttpMessageHandler(sp =>
+            {
+                var options = sp.GetRequiredService<IOptions<RemoteAppClientOptions>>().Value;
+
+                if (options.BackchannelHandler is { } handler)
+                {
+                    return handler;
+                }
+
+                // Disable cookies in the HTTP client because the service will manage the cookie header directly
+                return new HttpClientHandler { UseCookies = false, AllowAutoRedirect = false };
+            })
+            .ConfigureHttpClient((sp, client) =>
+            {
+                var options = sp.GetRequiredService<IOptions<RemoteAppClientOptions>>().Value;
+
+                client.BaseAddress = options.RemoteAppUrl;
+                client.DefaultRequestHeaders.Add(options.ApiKeyHeader, options.ApiKey);
+            });
+
         configure(new Builder(builder.Services));
 
         return builder;

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/RemoteAppClientOptions.cs

@@ -31,8 +31,7 @@ public class RemoteAppClientOptions
     public Uri RemoteAppUrl { get; set; } = null!;
 
     /// <summary>
-    /// Gets or sets an <see cref="HttpClient"/> to use for making requests to the remote app.
-    /// A new <see cref="HttpClient"/> will be automatically generated if none is provided.
+    /// Gets or sets an <see cref="HttpMessageHandler"/> to use for making requests to the remote app.
     /// </summary>
-    public HttpClient? BackchannelHttpClient { get; set; }
+    public HttpMessageHandler? BackchannelHandler { get; set; }
 }

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/SessionState/RemoteSession/RemoteAppSessionStateExtensions.cs

@@ -2,9 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
-using System.Net.Http;
 using Microsoft.AspNetCore.SystemWebAdapters;
-using Microsoft.AspNetCore.SystemWebAdapters.SessionState;
 using Microsoft.AspNetCore.SystemWebAdapters.SessionState.RemoteSession;
 
 namespace Microsoft.Extensions.DependencyInjection;
@@ -18,10 +16,6 @@ public static ISystemWebAdapterRemoteClientAppBuilder AddSession(this ISystemWeb
             throw new ArgumentNullException(nameof(builder));
         }
 
-        builder.Services.AddHttpClient(SessionConstants.SessionClientName)
-            // Disable cookies in the HTTP client because the service will manage the cookie header directly
-            .ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler { UseCookies = false });
-
         builder.Services.AddTransient<ISessionManager, RemoteAppSessionStateManager>();
 
         builder.Services.AddOptions<RemoteAppSessionStateClientOptions>()

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/SessionState/RemoteSession/RemoteAppSessionStateManager.cs

@@ -21,36 +21,14 @@ internal partial class RemoteAppSessionStateManager : ISessionManager
     private readonly ISessionSerializer _serializer;
     private readonly ILogger<RemoteAppSessionStateManager> _logger;
     private readonly RemoteAppSessionStateClientOptions _options;
-    private readonly IOptions<RemoteAppClientOptions> _remoteAppOptions;
-
-    private HttpClient? _client;
-
-    private HttpClient Client
-    {
-        get
-        {
-            if (_client is null)
-            {
-                // Use the HttpClient supplied in options if one is present in options;
-                // otherwise, generate a client with an IHttpClientFactory from DI
-                _client = _remoteAppOptions.Value.BackchannelHttpClient ?? _httpClientFactory.CreateClient(SessionConstants.SessionClientName);
-                _client.BaseAddress = new Uri($"{_remoteAppOptions.Value.RemoteAppUrl.ToString().TrimEnd('/')}{_options.SessionEndpointPath}");
-                _client.DefaultRequestHeaders.Add(_remoteAppOptions.Value.ApiKeyHeader, _remoteAppOptions.Value.ApiKey);
-            }
-
-            return _client;
-        }
-    }
 
     public RemoteAppSessionStateManager(
         IHttpClientFactory httpClientFactory,
         ISessionSerializer serializer,
-        IOptions<RemoteAppSessionStateClientOptions> sessionOptions,
-        IOptions<RemoteAppClientOptions> remoteAppOptions,
+        IOptions<RemoteAppSessionStateClientOptions> options,
         ILogger<RemoteAppSessionStateManager> logger)
     {
-        _remoteAppOptions = remoteAppOptions ?? throw new ArgumentNullException(nameof(remoteAppOptions));
-        _options = sessionOptions?.Value ?? throw new ArgumentNullException(nameof(sessionOptions));
+        _options = options?.Value ?? throw new ArgumentNullException(nameof(options));
         _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         _httpClientFactory = httpClientFactory ?? throw new ArgumentNullException(nameof(httpClientFactory));
         _serializer = serializer ?? throw new ArgumentNullException(nameof(serializer));
@@ -95,13 +73,14 @@ private async Task<ISessionState> GetSessionDataAsync(string? sessionId, bool re
     {
         // The request message is manually disposed at a later time
 #pragma warning disable CA2000 // Dispose objects before losing scope
-        var req = new HttpRequestMessage { Method = HttpMethod.Get };
+        var req = new HttpRequestMessage(HttpMethod.Get, _options.SessionEndpointPath);
 #pragma warning restore CA2000 // Dispose objects before losing scope
 
         AddSessionCookieToHeader(req, sessionId);
         AddReadOnlyHeader(req, readOnly);
 
-        var response = await Client.SendAsync(req, HttpCompletionOption.ResponseHeadersRead, token);
+        using var client = _httpClientFactory.CreateClient(RemoteConstants.HttpClientName);
+        var response = await client.SendAsync(req, HttpCompletionOption.ResponseHeadersRead, token);
 
         LogRetrieveResponse(response.StatusCode);
 
@@ -133,15 +112,16 @@ private async Task<ISessionState> GetSessionDataAsync(string? sessionId, bool re
     /// </summary>
     private async Task SetOrReleaseSessionData(ISessionState? state, CancellationToken cancellationToken)
     {
-        using var req = new HttpRequestMessage { Method = HttpMethod.Put };
+        using var req = new HttpRequestMessage(HttpMethod.Put, _options.SessionEndpointPath);
 
         if (state is not null)
         {
             AddSessionCookieToHeader(req, state.SessionID);
             req.Content = new SerializedSessionHttpContent(_serializer, state);
         }
 
-        using var response = await Client.SendAsync(req, cancellationToken);
+        using var client = _httpClientFactory.CreateClient(RemoteConstants.HttpClientName);
+        using var response = await client.SendAsync(req, cancellationToken);
 
         LogCommitResponse(response.StatusCode);
 

src/Services/Authentication/AuthenticationConstants.cs

@@ -5,8 +5,6 @@ namespace Microsoft.AspNetCore.SystemWebAdapters.Authentication;
 
 internal static class AuthenticationConstants
 {
-    internal const string AuthClientName = "RemoteAuthHttpClient";
-
     public const string ForwardedHostHeaderName = "x-forwarded-host";
     public const string ForwardedProtoHeaderName = "x-forwarded-proto";
     public const string MigrationAuthenticateRequestHeaderName = "x-migration-authenticate";

src/Services/RemoteConstants.cs

@@ -6,4 +6,6 @@ namespace Microsoft.AspNetCore.SystemWebAdapters;
 internal static class RemoteConstants
 {
     internal const string ApiKeyHeaderName = "X-SystemWebAdapter-RemoteAppAuthentication-Key";
+
+    internal const string HttpClientName = "remote-client";
 }

src/Services/SessionState/SessionConstants.cs

@@ -5,8 +5,6 @@ namespace Microsoft.AspNetCore.SystemWebAdapters.SessionState;
 
 internal static class SessionConstants
 {
-    internal const string SessionClientName = "RemoteSessionHttpClient";
-
     public const string ReadOnlyHeaderName = "X-SystemWebAdapter-RemoteAppSession-ReadOnly";
 
     public const string SessionEndpointPath = "/systemweb-adapters/session";