I am developing a set of web services using ServiceStack.net. I plan to host these services on Appharbor. I am fairly new to appharbor and cloud hosting in general.
I see that there is an interface within the dashboard to upload my SSL cert. What other configuration do I need to do to AppHarbor and/or my application to get this working properly?
Another note, My Servicestack services will be hosted within an MVC website. I will require all servicestack calls to be made over SSL and have implemented a request filter to check for this and throw a 403 if a non-secure call is attempted.
If you are happy with SNI SSL support, no further configuration should be necessary. Use this gist to determine whether a request is made with an SSL-encrypted connection.
Related
I am using this code to print the TLS Version (e.g. Tls12) when running a WebAPI project locally.
var tlsHandshakeFeature = context.Features.Get<ITlsHandshakeFeature>();
Console.WriteLine(tlsHandshakeFeature.Protocol);
After deploying the project to an Azure Web App, I get a NullReferenceException when accessing the Protocol property.
How can I retrieve the TLS version used for the current request when running a Dotnet Core Web API project on Azure?
Of course, the Azure Application Gateway terminates SSL/TLS client connections, so there is no direct connection between client and the application. But the gateway passes meta data to the application and so I somewhat assume (optimistically) the APIs in .NET Core may support this environment.
Because of the Termination of the TLS connection at the Azure Application Gateway, the available information at the application container is limited.
I examined the HTTP X-Headers and the TLS version has not been recorded. So the problem simply is the gateway does not report the needed information to the application.
I created a Azure Service Fabric Web API and planned to reach it through Service Fabric's built in Reverse Proxy.
All was working well locally but when I published to Azure, trying to access the route through Reverse Proxy would time out.
I thought it might be my app, so I just popped open a new solution with the default template and published to my local. Everything worked fine Reverse Proxy and all. So I published to Azure and again had the same issue.
I could access the Web API on azure through the normal route (through the endpoint of the service) for example:
xxxx.east.cloudapp.azure:8080/api/values
But going through the Reverse Proxy port of 19081 times out:
xxxx.east.cloudapp.azure:19081/[app]/[service]/api/values
I did make sure to tick off Enable Reverse Proxy when setting up the cluster resource on Azure, and set the port to 19081. Both of the above works fine on localhost, but only the normal route works on Azure.
Was wondering if there's some extra editing of the manifest or something I had to do to make it work on Azure correctly?
Did you see the documentation on how to configure it?
If you're going to expose services on the internet, be aware that the built-in one causes every service to become exposed, it's not hardened, it's vulnerable to DOS attacks.
Docs
I recommend having a look at Traefik as a reverse proxy and load balancer.
You can run it as a (containerized) ingress routing service inside the cluster, and direct HTTP calls to your services.
Here's the documentation.
Here's how to get started.
Here's an example.
Alternatively, you can use Api Gateway, which integrates with SF too.
Or even Nginx.
I have a WCF service which i host as a Windows Service. I need to support both Windows and NTLM authentication on the service endpoint.
I came across a MSDN page which explains exactly the same with .NET 4.5, here's the link:
http://msdn.microsoft.com/en-us/library/hh556235(v=vs.110).aspx
Going by this, I configured my service endpoint in code as explained in the self-hosted services section of the above link. But, when I test this doesn't work. I captured the traffic and observed that there's no HTTP 401 challenge sent by the service, instead, it directly fails with HTTP 400 Bad Request error. I believe that should have been a HTTP 401 challenge sent to client.
Did I miss anything here?
Well it is possible and I could make it work after 4 days of struggle, the errors HTTP Bad Request does not indicate the problem. But, As I added service metadata behavior with HttpGetEnabled it worked.
Also, ensure if you define ServiceAuthenticationBehavior you do mark the ClientCredentialType to InheritedFromHost. This would ensure the authentication schemes as indicated by the ServiceAuthenticationBahavior are applied.
Hope, this would save someone else's 4 days! :)
You can have multiple authentication schemes running within the same Windows service, but not at the same end point - that's not possible.
For instance, I can create and IIS or self-host a web service called NeedHelp that uses three kinds of authentication, and here are my endpoints:
http:/ /NeedHelp:8001/NoAuth
http:/ /NeedHelp:8002/WindowsAuth
http:/ /NeedHelp:8003/CertAuth
All of those can run under the same web service, all hosted by IIS or self hosted as a Windows service. But they all need separate port addresses.
I do host a WCF service on a server which requires the clients to authenticate using a x509 certificate. I need to read this certificate inside the service as the data contained is part of the business logic.
The binding I use for the WCF service is webHttpBinding with security set to "Transport" and clientCredentialType="certificate".
In ASP.net I can use the HttpContext.Current, which however is not available in WCF. What can I do to still get the certificate from the user?
Kind regards,
Alois
The article on http://blogs.msdn.com/b/wenlong/archive/2006/01/23/516041.aspx provided me with the solution to this problem. WCF allows to run in "ASP.net compatibility mode" which brings back the full HttpContext object.
I use this in my WCF service, with ASP.net compatibility disabled:
var x509ClaimSet = OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.FirstOrDefault() as X509CertificateClaimSet;
Is there any way I can accomplish the following:
Single Web.config file for a .net web application.
the web application exposes a number of WCF services for consumption by javascript.
Production requires ssl, so all these services are forced over ssl.
Development does not allow ssl, (ASP.NET development server)
How can I configure this so that production will utilize an HTTPS endpoint, and development will utilize an HTTP endpoint for the same service?
Adding two endpoints to the same service doesn't work, because when it tries to connect to the HTTP endpoint it throws an error since the asp.net development server doesn't support the https endpoint.
I solved this by using a ServiceHostFactory to generate the appropriate bindings for me.
It was a little awkward at first, having less control, but works out better in the end.
this is the line that was key, I put it in my .svc file:
Factory="System.ServiceModel.Activation.WebScriptServiceHostFactory"
I'm not certain that this is the best solution to your problem, but one way of doing this would be to declare in the config file a variable to indicate what environment this is running in (dev or prod). If you configure two endpoints, you could say in your hosting code,
if environment=="dev", then host the service on endpoint A.
if environment=="eval", then host the service on endpoint B.