Our Web API setup is done in an Azure kubernetes cluster with nginx as ingress controller and Lets encrypt for https.
In the staging namespace all is fine, the swagger UI is accesible using https and the server shows the server as https as well.
The same setup on prod namespace shows the swagger ui as https but the server as http only. Also try to execute any API functions fails.
Any idea what can go wrong with passinge the scheme information from nginx to the service running the API? As far as I know the communication between nginx and the service is http only.
The docker image for the server is the same and the ingresses for staging and prod only differ service names and host names.
Best regards
Related
We have 2 Linux Web apps running in Azure ( blessed images, not custom ones) running on .NET 6 with custom domains - one API and an MVC app. It's a multitenant organization and the API is using the host header from the incoming HTTP request to resolve a tenants database. So far so good - on IIS everything is working great - we are setting the host header in the HttpClientFactory with the correct domain name, sending the request and the API does its job.
Now the problem - when deployed to Azure, when we set the header to the domain from which the request should be sent(which is the domain we are currently on), the container goes in to a loop when the first HTTP request occurs, executing this request over and over again and after some time our timeout DelegateHandler on the HttpClient is being hit. If we do not set the header the loop stops but we do not have the correct Host header in the request and our API is unable to process the request.
I know there is a reverse proxy which is resolving which web app should process the request based on the custom domain in Azure and I am pretty sure that's our problem but I am not very familiar with Azure architecture and don't know what to do.
P.S. If we use a custom header and set there the host name and reconfigure the API to use this custom request header everything works fine, but that's not what we want.
So any help would be of great help.
I have a WCF service which i host as a Windows Service. I need to support both Windows and NTLM authentication on the service endpoint.
I came across a MSDN page which explains exactly the same with .NET 4.5, here's the link:
http://msdn.microsoft.com/en-us/library/hh556235(v=vs.110).aspx
Going by this, I configured my service endpoint in code as explained in the self-hosted services section of the above link. But, when I test this doesn't work. I captured the traffic and observed that there's no HTTP 401 challenge sent by the service, instead, it directly fails with HTTP 400 Bad Request error. I believe that should have been a HTTP 401 challenge sent to client.
Did I miss anything here?
Well it is possible and I could make it work after 4 days of struggle, the errors HTTP Bad Request does not indicate the problem. But, As I added service metadata behavior with HttpGetEnabled it worked.
Also, ensure if you define ServiceAuthenticationBehavior you do mark the ClientCredentialType to InheritedFromHost. This would ensure the authentication schemes as indicated by the ServiceAuthenticationBahavior are applied.
Hope, this would save someone else's 4 days! :)
You can have multiple authentication schemes running within the same Windows service, but not at the same end point - that's not possible.
For instance, I can create and IIS or self-host a web service called NeedHelp that uses three kinds of authentication, and here are my endpoints:
http:/ /NeedHelp:8001/NoAuth
http:/ /NeedHelp:8002/WindowsAuth
http:/ /NeedHelp:8003/CertAuth
All of those can run under the same web service, all hosted by IIS or self hosted as a Windows service. But they all need separate port addresses.
I have recently upgraded my Azure hosted WCF web service to support SSL by adding the certificate to the domain, setting up the CNAME record and configuring the web service config files httpsGetEnabled="true".
The http web service is online and hosted here : http://api.verveconsortium.eu/VerveService.svc
The HTTPS web service is available by adding the HTTPS protocol to the link here: https://api.verveconsortium.eu/VerveService.svc
The problem I am having is that when I access the HTTP service the executable URL changes to:
https://rd00155d52225f/VerveService.svc?wsdl
I originally thought this problem was due to the empty address field in the basicHttpBinding tag. I have tried changing the address and setting the default address to the api.verveconsortium but it still defaults back to the URL which I have no idea where its coming from. Any help would be appreciated.
I am developing a set of web services using ServiceStack.net. I plan to host these services on Appharbor. I am fairly new to appharbor and cloud hosting in general.
I see that there is an interface within the dashboard to upload my SSL cert. What other configuration do I need to do to AppHarbor and/or my application to get this working properly?
Another note, My Servicestack services will be hosted within an MVC website. I will require all servicestack calls to be made over SSL and have implemented a request filter to check for this and throw a 403 if a non-secure call is attempted.
If you are happy with SNI SSL support, no further configuration should be necessary. Use this gist to determine whether a request is made with an SSL-encrypted connection.
Is there any way I can accomplish the following:
Single Web.config file for a .net web application.
the web application exposes a number of WCF services for consumption by javascript.
Production requires ssl, so all these services are forced over ssl.
Development does not allow ssl, (ASP.NET development server)
How can I configure this so that production will utilize an HTTPS endpoint, and development will utilize an HTTP endpoint for the same service?
Adding two endpoints to the same service doesn't work, because when it tries to connect to the HTTP endpoint it throws an error since the asp.net development server doesn't support the https endpoint.
I solved this by using a ServiceHostFactory to generate the appropriate bindings for me.
It was a little awkward at first, having less control, but works out better in the end.
this is the line that was key, I put it in my .svc file:
Factory="System.ServiceModel.Activation.WebScriptServiceHostFactory"
I'm not certain that this is the best solution to your problem, but one way of doing this would be to declare in the config file a variable to indicate what environment this is running in (dev or prod). If you configure two endpoints, you could say in your hosting code,
if environment=="dev", then host the service on endpoint A.
if environment=="eval", then host the service on endpoint B.