I would like to host IdentityServer4 in Azure with MTLS configured for a specific path. How can I accomplish that by hosting the IdentityServer4 asp.net core application in an "App Service" and setting up MTLS with some kind of load-balancer: API Management service, Application Gateway, NGINX etc. What I need is requiring client certificate on a specific path and be able to set up some kind of CTL (certificate-trust-list). In other words I would like to replace the following that you accomplish with a Windows-IIS-machine and web.config:
<configuration>
...
<location path="connect/mtls">
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
</security>
</system.webServer>
</location>
...
</configuration>
Anyone?
Related
I am deploying ASP.NET Core Web API for the first time.
I am facing issues and confused on few things.
1) I followed this link Host ASP.NET Core Web API and have no issues until step 5. My Core Web API has Swagger UI and UI not showing up.
2) I followed this link Deploy ASP.NET Core to IIS and in step 3 I am not sure how he gets Add Application. My IIS always show Add website.
I followed this link too Host ASP.NET Core on Windows. I tried from 2 days haven't get working on IIS.
I deployed using Web Deploy and Folder too. None of them worked
This is my Web Config file
After Diagnostics, I am here. Runtime doesnot match. I tried to install from that link and still not working.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\SampleCoreApi.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</location>
</configuration>
The first link is talking about hosting the ASP.NET Web API and not ASP.NET Core Web API.
When you are hosting ASP.NET Core app/api, you need to set the .NET CLR version of the application pool to No Managed Code
This is also mentioned in the Step 3 of the second link. It's creating an application under the Default Web Site, that's where you see the Add Application option. It's not necessary to create an application under the Default Web Site.
You can either create the Application Pool first and set it to No Managed Code. Then, when adding a new website, you can select this application pool
Or, add a new website first. That will create an application pool automatically with the same name as the web site. Then, you edit the application pool and set it to No Managed Code
I hope that helps.
We are hosting an ASP.NET Core application on an Azure App Service (Web Apps).
Our individual instances take some time to "preload" the required data needed to process requests. But when scaling out, requests will be routed to the instances still being prepared.
How does the App Service load balancer decide when an instance is ready and requests can be routed to it? Is there a way to prevent routing to some specific instance until we deem it ready?
Try using the applicationInitialization node in your web.config. This instructs IIS to to issue warm-up requests to URLs that you designate before the application receives its first request.
I have used this on slow swaps before. But from reading the docs on IIS here, it looks like it'll also work for new instances. I haven't tried this when scaling out though - let me know if this works for you.
Here's example code of using it within the web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<applicationInitialization>
<add initializationPage="/pagetowarmup1.php" />
<add initializationPage="/pagetowarmup2.php" />
<add initializationPage="/pagetowarmup3.php" />
</applicationInitialization>
</system.webServer>
</configuration>
We are using Azure Web APP for for our FrontEnd site. Recently we have discovered DOS attack on our website. When I googled around I got to know solution for Azure Cloud Services. Is there any way, Azure Web APP can be protected with out of box support..
Azure Web Sites enabled the Dynamic IP Restrictions module for IIS8.You can protect your Azure Web App from DDOS Attacks by configuring Dynamic Ip Security under System.WebServer in your App's web.config file as follows.
<security>
<dynamicIpSecurity denyAction="NotFound">
<!--<denyByConcurrentRequests enabled="true" maxConcurrentRequests="20" />-->
<denyByRequestRate enabled="true" maxRequests="20" requestIntervalInMilliseconds="5000"/>
</dynamicIpSecurity>
</security>
Read Reference For More Information
https://azure.microsoft.com/fr-fr/blog/confirming-dynamic-ip-address-restrictions-in-windows-azure-web-sites/
I have a web app running a old ASMX service that I want to limit access to for only other apps and services within my azure environment.
Is there any easy and cheap way to do this?
App Service Environments seems like it does this, but they seem rather expensive for this small purpose. I would be cheaper with a VM that I can configure the firewall on.
If you know the IP-Ranges you can use web.config file in root of your app:
<security>
<ipSecurity allowUnlisted="false"> <!-- this line blocks everybody, except those listed below -->
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="127.0.0.1" allowed="true"/> <!-- allow requests from the local machine -->
<add ipAddress="81.116.19.53" allowed="true"/> <!-- allow the specific IP of 81.116.19.53 -->
</ipSecurity>
</security>
I have created a web site using the standard ASP.Net MVC 5 template with no authentication. I have added MVCSiteMapProvider from NuGet. On my dev machine the /sitemap.xml endpoint returns the correct sitemap once I add the UrlRoutingModule-4.0 to web.config. If I publish to Azure Web Sites the /sitemap.xml endpoint also works. However if I publish to my local hoster the /sitemap.xml endpoint returns a 404 - File or directory not found.
Any idea what I need to change / add to web.config to get the endpoint working?
Thanks
Tim
As far as I am aware, this configuration is all that is required to make it function in MVC4/MVC5:
<system.webServer>
<modules>
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" />
</modules>
</system.webServer>
But then, I don't have much of an idea why this line is required, a contributor figured it out and I added the solution to the NuGet package.