Bypass IIS modules for localhost call - iis

I have 2 websites hosted on IIS. On one website's root config, I have Siteminder module configured. This website has other apps under which it hosts one .Net core WebAPI per app (using inprocess hosting). There are 10 such APIs. Individual api's webconfig does not have any siteminder module and relies on the root site's siteminder verification.
On the 2nd website, we dont plan to use siteminder. But have a requirement to support OAuth2 on the same 10 web APIs as that hosted on the site 1. I was thinking that we could potentially have a simple .Net Core API using YARP reverse proxy package, perform the OAuth2 based token authentication and then reroute the traffic locally to the APIs hosted on site 1. But I dont want to again go through siteminder authentication on site 1 for the rerouted traffic.
Is there a way to support this, without needing to do a dual deployment/hosting of the individual APIs?
Thanks!

Related

Why does ASP.NET Core redirection not work even if I call UseHttpsRedirection?

I have a web application which uses ASP.NET Core 3.1 on an Azure AppService, combined with Azure AD B2C authentication.
In my Startup.cs code, I call UseHttpsRedirection, but when I visit the site with an empty browser cache / or a new incognito session, using the HTTP protocol, I don't get redirected to HTTPS. Because of this, the B2C authentication doesn't work, so my app is not working.
This (HTTP) link is not working.
This link (HTTPS) does work.
What is strange though, once you visited the HTTPS site, and then the HTTP one, you will see the redirection is working.
What are getting served here are static HTML and JS files, served by the ASP.NET Core self-hosted server (running on a Linux AppService).
What do I miss here? Do I need to make an additional setting in Azure or in my code? Or do I need another record in the DNS?
It turned out that you have to go to the Protocol settings of the App Service and set "HTTPS only" to "on".

IIS Website with multiple web applications underneath and different ports?

I am relatively new at configuring IIS and am wondering if the following scenario is possible.
My application consists of 2 Web apps. 1 is an ASP.NET Core App that hosts a Javascript SPA. I have a second MVC App that is a combined Authorization Server using OpenIddict and the main API that the SPA talks to.
On my dev machine these 2 apps run on different ports.
These 2 apps go together to make our solution for any given customer. I can get this all working on IIS treating each app as it's own website with it's own port.
But I would like to be able to bundle these 2 apps under 1 website. Ultimately we will have several customer websites and each "website" really consists of these 2 apps bundled together.
I understand that I can create a single website and then convert my 2 existing sites to a web application. So 2 web apps sit under the main web site. But these all will run under the same port.
I would really like my API and Authserver to run on a different port. Is there a way to each this type of scenario?
What is the recommended best practice for what I am describing?
I do not want the API / Auth Server project to be shared by all the customer sites. I want each customer site to have it's own instance of the Authorization server and API.
It would be great if you could create 2 websites and then sort of group them into a parent website container (if that makes any sense).
You can create two applications within your website on IIS. Then each application would be accessed as http://customerwebsite/app1 and http://customerwebsite/app2

App authentication with WebApi on External Servers

We're looking into writing a mobile app for our company and have a concern as to the infrastructure of how the application will connect with our data.
Our current structure for our web applications is as follows:
We have an App server which holds our .NET sites, this is externally facing (obviously)
These .NET sites interact with our API server (which is only accessible by anything on our App server) So this is only internally accessible
A mobile app will not be on our servers, but it will still need to be able to access our API's. What would be the best course of action to be able to still maintain a level of securing our data in our API's while being able to have them externally accessible by a mobile app or any other app that would need data from it?
My initial thoughts would be some sort of API key system, or perhaps API users?
Thanks!
You should encrypt your API with ssl. You can also use an API management solution. There are some open source options such as: http://wso2.com/products/api-manager/ and API Agility https://apigility.org/

IIS 8.0 and SSL and Subdomains Webapi/Angular

I am Developing a web site that has Angular.js based client and Web API 2 server.
Both will be deployed under my website subdoman: "Admin.myDomain.com".
I would like to have ssl support. (on client and also requests for server)
Thinking that the client will be under Admin.myDomain.com and the Webapi : Admin.myDomain.com/admin/
In term SSL connection - What should be the best way to deploy this?
What I thought:
1. Connect the IP to the machine - Conenct the SSL work on entire IIS level.
2. Have the angular client side deployed on default web site on IIS.
3. have the web api deployed as subfolder (another applicaation).
will this work?
Is there a better way?
You can create your certificate specifically for admin.website.com or with a wildcard for *.website.com. It depends based in your future needs and available budget.
I would suggest to avoid Default Web Site and create a new WebSite that accepts only 443 (and link the certificate here) then you put your API running there with something like.
https://admin.website.com/v1/api
and your angular application at:
https://admin.website.com/app

How to deploy a WebAPI application and an ASP.NET application in one web site on Azure?

I have two projects: an ASP.NET web application and a WebAPI application.
Web application uses the WebAPI application via AJAX.
To avoid cross domain problem, I want to the two projects deployed under one domain on Azure.
For example:
http://www.mycompany.com/api/products is a web api.
http://www.mycompany.com/index.html is the home page of the site, which calls the web api via AJAX.
Is it possible?
Yes, you can host multiple applications on the one site.
Go to Configuration / Virtual Applications and Directories:
Simply host your app under
/ site\wwwroot
And host your API under
/api site\wwwroot\api
And make sure your API is copied to the api sub-directory.
Make sure you tick the Application box.

Resources