I am working with a Blazor Web Assembly project targeting .NET 6.0 equipped with a ASP.NET Core hosted server. While in development on Google Chrome, I can press F12 and go to the Network tab to see the API calls being made. In each call I can see the data that is being transferred. Because this data is sensitive, my question is if I were to push this to Azure, would HTTPS encrypt these API calls or are there more steps I need take to secure this?
The Program.cs file in the server project has this line: app.UseHttpsRedirection();
Related
I have an asp.net core 3.1 web app which uses azure windows authentication. When I run it on VS or as a service on my local computer (windows 10) it works fine and uses https for all requests. I copied the exe file and dll's onto a remote server (windows server 2008 rs) and created a windows service on the machine. When the browser connects to the service the authentication is done over https but when it returns to the app home page it uses http. Any ideas why/what I can do to force any and all requests that are made be over https on any OS/platform?
This is likely due to your local environment having a development certificate installed which the default application configuration uses for local HTTPS. Authentication is performed over HTTPS as the user is routed to Azure to authenticate.
In production, HTTPS must be explicitly configured. At a minimum, a default certificate must be provided.
To enforce HTTPS in production you need to configure a certificate. The following article explains the various ways to configure a certificate: Configure endpoints for the ASP.NET Core Kestrel web server.
I have recently upgraded a set of Blazor (ASP.NET Core–hosted WebAssembly) projects from .NET Core 3.1 to .NET 5.0. After having done this, I noticed I can no longer simply run the compiled executable and navigate to the localhost:xxxx address in the browser to use my application. Yet, when I run or debug my application from Visual Studio, it works fine.
I can get a similar situation by simply creating a new .NET 5.0 ASP.NET Core–hosted Blazor WebAssembly App from the template, building it, running the executable in the server project's bin folder from Windows Explorer and trying to navigate to the address (localhost:xxxx) in the browser. Curiously, the same thing seems to happen when I create it in .NET Core 3.1.
When I use the browser to navigate to localhost:xxxx, I get a 404 on the https address and get redirected to https from http even when I have unchecked Enable SSL in the reproduction solution. I also get the 404 when I use the https address to try to navigate to my application (which at the moment has SSL disabled), but I get an ERR_INVALID_HTTP_RESPONSE when I try to navigate to the http address. On the other hand, calls to a subaddress that hit the API (localhost:xxxx/api/Foo/Get) will work, though only for https.
I have trusted the self-signed certificate, so that at least isn't the problem.
What has changed or am I now doing wrong?
I am trying to publish my Asp.net core web application on an Apache server. I have purchased a domain on onlydomains.com and published my web app via ftp. The publishing is successful but the website is not working since there are some configuration to be done but i don't know which and i am not able to find any documentation.
This is what my website looks like after publishing:
Since asp.net core is cross-platform, i am sure it is possible to publish to some hosting provider such as Siteground, Godaddy, Onlydomains etc, right?
Its not a (stfu) PHP. Run your app by dotnet <patch_to_your_dll_app> and then use Apache as reverse proxy. I reccomend to read first official docs about publishing app with Apache
I have a project with two subprojects. first subproject is the SPA with angularjs and the second subproject is my WebAPI 2. To get the entire project on a production environment (IIS Server) I deployed the first project with depending to the second project (WebAPI) on the IIS.
The SPA starts correctly. But the WebAPI always sends no data.
The request path is: http://localhost:52131/api/persons
But I think localhost is wrong, because the IIS isn't on my local computer. I access on the server with remote access.
The SPA works on the address: kinga-m/myfirstspa
Do I have to deploy the WebAPI separatly on the server or is it enough to set in the project settings that webapi is a dependency?
Currently I've defined in the settings of WebAPI on tab Web -> IIS Express with the project url "http://localhost:52131/" but I think that's wrong.
#Yuro, Basically deploying WebAPI on IIS is not a rocket science. You can have both SPA application & WebAPI application on same IIS server or different, it doesn't matter.
WEB API: Make sure you have created proper 'Application' under Default web site and point web API folder, Along with proper application pool assigned - for correct .NET version. Once this is done, you can test your API directly using fiddler URL something like:
http://localhost/[applicationName]/api/Persons
SPA: You can create another application under default web site and point to SPA web site. Also make sure, you are configuring same URLs into your SPA calls to WEB API. So if above mentioned URL works for you separately, then it will definitely work thru SPA.
Suggestion: always test API calls separately.
Hope you have enabled CORS into your web api, too.
I'm using Windows server 2012 with my application run with ASP.NET WEB API 2 by self-host mode.
I'm trying to move all my services to https based, before buying a certificate, I need submit the Certificate Signing Request, from the vendor's documentation, the generating is started from a web host application, like Apache, IIS 6, IIS 7 and etc.
so what I supposed to do? Install the IIS though I won't use it or ?
thanks.