I have published an asp.net core project(a website which made by asp.net core MVC) on a server(windows server 2018) and it works well for a long time.
And also, it used the HTTP all the time. As we know, now google suggest upgrade HTTP to HTTPS for more safely. So I wanna to upgrade it also.
I have applied for an SSL certificate yet and I found several ways to use HTTPS in asp.net core, such as:
The official way by adding so many codes in code-behind:
https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.2&tabs=visual-studio
By using PowerShell and edit some code in code-behind:
https://asp.net-hacker.rocks/2018/07/05/aspnetcore-ssl.html
By using some Nuget Package:
https://dzone.com/articles/enforce-ssl-and-use-hsts-in-net-core20-net-core-se
Just configure it in visual studio:
https://wildermuth.com/2016/10/26/Testing-SSL-in-ASP-NET-Core
But I tried all the way above and failed. Now I am crazy because there are so many ways and I don't know which one is right.
What's more, if all ways above can achieve it, then what's the difference between them and what's the advantage and disadvantage of them?
I am a beginner in web development and I have never been in touch with the HTTPS.
Would you please help me? Thank you.
Related
Was Kestrel present in .NET Framework or was it developed specifically for the ASP.NET Core?
I was not able to find an answer to this question by just googling, so I decided to ask it here. I need it because I am intended to work with the ASP.NET Core and would like to know the history of development better, because knowing it allows to better understand the decisions made by developers.
In order to give an official answer to this question, I copy here comments from #AnkushJain and #andrew-morton:
Kestrel is not available for .NET Framework. It is born with the origin of ASP.NET Core.
[In addition] since Kestrel is not a fully-featured web server, you should run it behind IIS or NGINX. It was designed to make ASP.NET as fast as possible but is limited in its ability to manage security and serve static files.
want to connect to a CouchDb databse from asp.net core web api , but am having trouble finding the code to do so.
Can anyone help me with the code to do that? What is the 'normal' way of doing that?
Cheers!
You can use the MyCouch Library for .Net https://github.com/danielwertheim/mycouch
I had the same need and after evaluating the existing options, I created a set of mechanisms that met the requirements that I had to meet and made available on github and the nuget package.
The explanation of how to use it is on github.
Below is the link in case you want to take a look.
In time, to prevent someone from coming here and deleting my answer, I inform you that I have no intention of promoting what I did with this answer, just suggesting that you evaluate it and if it is your case, feel free to use it.
Link: Nuget Package |
Github
An example webapi core project follows how to make this connection and perform data operations with this lib: webapi core sample
I need to implement external logins and had no problem with Facebook and Google since they are supported but I'm stuck at LinkedIn. I am not exactly a beginner but I'm not very experienced at this either. Prior to this post I viewed a thousand explanations and most of them were vague, others just didn't work and others were explained for advanced people.
What I've tried:
-using cookies in the Configure method, but the methods were deprecated (I figured they were not for the 2.0 version). I also tried app.UseLinkedInAuthentication(...) from Microsoft.AspNetCore.Authentication.LinkedIn to no success.
-writing a service in ConfigureServices (but I didn't get it to work, I assume this is where I need to do it). I also tried this but they were talking like they knew what they were doing.
So to keep this simple, I made a default MVC ASP.NET Core 2.0 application in Visual Studio 2017. All I need to do is write stuff in Startup.cs, so my question is, what is it that I have to write and why? Thank you very much in advance.
PS: I would appreciate an explanation in the comment, if it's a link I probably already visited it :)
There is AspNet.Security.OAuth.Providers repo that provides a collection of security middleware to support social authentication providers.
Corresponding releases can be found using this link: https://www.nuget.org/profiles/aspnet-contrib (all packages that start from AspNet.Security.OAuth)
Unfortunately, the current master branch is only for ASP.NET Core 1.0 and so nuget packages like package for LinkedIn were published only for that version, but you may clone the repo and switch to experimental branch that is an on-going port to ASP.NET Core 2.0.
Look into this github issue if you need the current status of porting.
By the way, according to this github issue, the LinkedIn authentication provider has been ported already.
I would like to implement a websockets server with asp.net core. At the moment it seems that you have 2 different packages for this:
"Microsoft.AspNetCore.WebSockets.Server" : "0.1.0-*"
"Microsoft.AspNetCore.SignalR.Server": "0.2.0-*"
I have the following questions:
What's the difference between these 2 packages (I need the simplest implementation possible)
From the versioning, it seems that these packages are at an early alpha stage. Is there something more mature that I could use with .net core?
Can anyone provide me pointers to good tutorials on how to implement websockets with asp.net core? Google gives me somewhat outdated results
Websockets tutorial
SignalR Tutorial
As for maturity, I guess this is the best you can get at the moment.
I think you want to use Microsoft.AspNetCore.WebSockets. You can find some samples in the repo: https://github.com/aspnet/WebSockets
Classic Asp (as I understand it) is not really “encouraged” by Microsoft (e.g. there is no classic ASP project in VS) and essentially is a collection of asp pages that contain HTML and some kind of scripting. There’s no .config file as such.
That being the case., can classic ASP sites be integrated into WIF?
How do you “force” the application to authenticate using a STS? (There’s no .config file for FedUtil to change).
How do you approach the problem of a large customer that still has a lot of legacy classic ASP sites and wants to move to federated authentication using a STS?
P.S. There is a reference on the Internet i.e. “In IIS7 you select the URLAuthorisation Module and untick the use for managed code only setting. I have used this to protect static files and a cgi exe, so I assume it will also protect .asp files too”.
I’m still confused as to where the STS comes into this solution? How does IIS 7 know where the STS is?
The issue here is that as you are using ASP, IIS doesn't run in pipeline mode. Therefore, it won't execute the HTTPModules required by ADFS. (Or any .NET httpmodules...)
In your case, I have two idea (both aren't pleasant, I am afraid)
You could implement the WIF protocol in ASP. It's documented. Well, you certainly could do it, but beware of errors in your implementation, which could damage the security of your application. The bright side is that you will be able to leverage all the WIF goodies in your apps.
You could attempt to host CGI/ ASP in an IIS HttpModule, in pipeline mode. Perfs would probably decrease, and you would need to send to CGI all the required request infos (and server parameters). It was the idea of this guy. I don't know if he succeded.
The first proposition is probably the good one. Hem. Good luck, WIF isn't a trivial piece of code. (Even if understanding the protocol is not very difficult. As always, hell lies in the details)