Almost have this working. Almost.
My set up is that I have an Azure B2C Tenant set up, and some modified example code that I've changed to reflect the Tenant information. This all works fine locally, with a localhost uri.
My remote set up is a Ubuntu 16.01 server, with a Nginx 1.10.0 webserver acting as a reverse proxy to a .NET Core 1.0.4 and all with a LetsEncrypt SSL cert.
The proxy serves .NET projects fine, however when I hit the sign in it takes me over to the B2C login with an incorrect redirect_url.
I'd expect the value to reflect what is in the settings file, "https.sub.host.suffix/signin-oidc" instead I'm getting "http.sub.host.suffix,sub.host.suffix/signin-oidc"
Any ideas or suggestions appreciated!
If NGINX is offloading SSL/TLS and then calling the .NET Core app, check as most probably is doing it through open HTTP (port 80).
You either need to ensure HTTPS all-the-way, or signal an HTTPS scheme to get triggered if HTTP endpoint was called.
As the .NET Core App gets a request through an HTTP endpoint, every URI created by it will keep that same scheme. So, you'll need to force https:// at link building time.
Hope it helps!
Related
I have a web application which uses ASP.NET Core 3.1 on an Azure AppService, combined with Azure AD B2C authentication.
In my Startup.cs code, I call UseHttpsRedirection, but when I visit the site with an empty browser cache / or a new incognito session, using the HTTP protocol, I don't get redirected to HTTPS. Because of this, the B2C authentication doesn't work, so my app is not working.
This (HTTP) link is not working.
This link (HTTPS) does work.
What is strange though, once you visited the HTTPS site, and then the HTTP one, you will see the redirection is working.
What are getting served here are static HTML and JS files, served by the ASP.NET Core self-hosted server (running on a Linux AppService).
What do I miss here? Do I need to make an additional setting in Azure or in my code? Or do I need another record in the DNS?
It turned out that you have to go to the Protocol settings of the App Service and set "HTTPS only" to "on".
I am Developing a web site that has Angular.js based client and Web API 2 server.
Both will be deployed under my website subdoman: "Admin.myDomain.com".
I would like to have ssl support. (on client and also requests for server)
Thinking that the client will be under Admin.myDomain.com and the Webapi : Admin.myDomain.com/admin/
In term SSL connection - What should be the best way to deploy this?
What I thought:
1. Connect the IP to the machine - Conenct the SSL work on entire IIS level.
2. Have the angular client side deployed on default web site on IIS.
3. have the web api deployed as subfolder (another applicaation).
will this work?
Is there a better way?
You can create your certificate specifically for admin.website.com or with a wildcard for *.website.com. It depends based in your future needs and available budget.
I would suggest to avoid Default Web Site and create a new WebSite that accepts only 443 (and link the certificate here) then you put your API running there with something like.
https://admin.website.com/v1/api
and your angular application at:
https://admin.website.com/app
I have a web role which is configured for 2 endpoints, one http, one https 443:
Then I have 3 certs (one is the main and 2 are CA). I have uploaded all of these and also checked thumbprints are correct.
But when I deploy, the http site works fine but the https site does not. Fiddler shows:
Authentication failed because the remote party has closed the
transport stream
Any ideas?
Note: Also worth noting this https works fine when on local machine through Visual Studio and only reports the certificate error, which is expected.
First, open the portal and enable RDP to the instances, then connect to the role instance, open IIS, and verify the HTTPS binding is configured properly. Try accessing the site using https locally from the server and verify it works.
Report with the findings.
I did a console application to manage the azure server using the azure service management rest API. And I followed the instructions from http://msdn.microsoft.com/en-us/library/windowsazure/gg651127.aspx to create certificate, upload to azure under subscription level. import to local My(personal) folder. everything works well. I can get the hosted services. create new host service.
but when I used a web proxy on my machine. the response always be 403 Forbidden. I tried to set the proxy in HttpWebRequest, but still the same error.
Also, I run this console application in a aws EC2 and have the same 403 Forbidden error(maybe EC2 also use proxy?).
Suppose the proxy server should forward the web request to azure management rest API server with the certificate, but I guess it's not. someone told me maybe this certificate only self generated and not valid. so the proxy server refused it. not sure if that is the cause.
Azure Management APIs require signed headers. Some proxies makes changes (add/modify) header tags which would then invalidate the signature and cause the 403.
w.r.t. EC2 - did you install your management certificate on the VM? Without it the request will fail with a 403.
One of the suggestions is to use Fiddler to compare the request before & after the proxy. That will tell you what (if anything) is changing.
I am curious to understand how IIS 7.5 Reverse Proxy is implemented in Rewrite Module (v2).
I am planning to setup a website that will handle proxing between requests coming from users (internet) and my HTTP services that are deployed on the same server. I have setup a website within IIS and configured the reverse proxy logic. I've then setup another website on the same server and deployed all my WCF REST services there. I am planning to implement IIS offloading, common tasks (such as authentication, etc) on the reverse proxy website before the request gets to the actual services (like WCF routing service for SOAP). Configuration is working perfectly fine.
However I am trying to understand the implications of this setup. When IIS does reverse proxing, does it create a new HTTP request (and a new TCP port) between those two websites? And even if both sites are on the same server? Should I expect number of TCP connections opened on this server to get doubled when reverse proxy is used?
Furthermore, has anyone experienced any performance/resource issues with a similar setup?
Cheers,
OS