[release9/0] AppContext for HttpSys CBT hardening (#64297)

Author: BrennanConroy

src/Servers/HttpSys/src/NativeInterop/UrlGroup.cs

@@ -18,6 +18,8 @@ internal sealed partial class UrlGroup : IDisposable
         Marshal.SizeOf<HTTP_QOS_SETTING_INFO>();
     private static readonly int RequestPropertyInfoSize =
         Marshal.SizeOf<HTTP_BINDING_INFO>();
+    private static readonly int ChannelBindInfoSize =
+        Marshal.SizeOf<HTTP_CHANNEL_BIND_INFO>();
 
     private readonly ILogger _logger;
 
@@ -42,6 +44,17 @@ internal unsafe UrlGroup(ServerSession serverSession, RequestQueue requestQueue,
 
         Debug.Assert(urlGroupId != 0, "Invalid id returned by HttpCreateUrlGroup");
         Id = urlGroupId;
+
+        if (AppContext.TryGetSwitch("Microsoft.AspNetCore.Server.HttpSys.EnableCBTHardening", out var enabled) && enabled)
+        {
+            var channelBindingSettings = new HTTP_CHANNEL_BIND_INFO
+            {
+                Hardening = HTTP_AUTHENTICATION_HARDENING_LEVELS.HttpAuthenticationHardeningMedium,
+                ServiceNames = (HTTP_SERVICE_BINDING_BASE**)IntPtr.Zero,
+                NumberOfServiceNames = 0,
+            };
+            SetProperty(HTTP_SERVER_PROPERTY.HttpServerChannelBindProperty, new(&channelBindingSettings), (uint)ChannelBindInfoSize);
+        }
     }
 
     internal ulong Id { get; private set; }

src/Servers/HttpSys/src/NativeMethods.txt

@@ -9,6 +9,7 @@ HTTP_AUTH_EX_FLAG_*
 HTTP_AUTH_STATUS
 HTTP_BINDING_INFO
 HTTP_CACHE_POLICY
+HTTP_CHANNEL_BIND_INFO
 HTTP_CONNECTION_LIMIT_INFO
 HTTP_COOKED_URL
 HTTP_CREATE_REQUEST_QUEUE_FLAG_*