We Keep Coding

ASP.NET Core 2 - develop using custom domain names and ssl using IISExpress

I want to be able to develop locally using a custom domain and ssl rather than localhost.
How can I setup a custom domain + ssl in VS Solution instead of localhost?

Simple Setup - Using Server URLs
If you want to associate your server to use all the IP addresses assigned to the server/web host then you can do this:
var host = new WebHostBuilder()
.UseUrls("http://*:80", "http://localhost")
.UseKestrel()
.UseIISIntegration()
.Build();
Note: If you don't want all IP addresses, then you can change from http://* to a specific IP address such as http://111.111.111.111. Also, the port is not a requirement, but I have used it for completeness of the answer. It's also important to note that SSL won't work with UseUrls
There is a great amount of additional detail that you can find over at the official Microsoft Docs about Server URLs here.
Binding SSL Certifications (Kestrel Only) -- Endpoint Configuration
Please note that hosting over a public endpoint via Kestrel (even with SSL) is not recommended and you should use a reverse proxy like Nginx or IIS. You can read more about it from the official Microsoft Docs here.
You didn't mention if you were using Kestrel or not, but I will assume you are... In which case, you can configure an SSL certificate easily by binding sockets using the options.
Here is an example of using TCP sockets using the Listen method:
public static void Main(string[] args)
{
BuildWebHost(args).Run();
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseKestrel(options =>
{
options.Listen(IPAddress.Loopback, 5000);
options.Listen(IPAddress.Loopback, 5001, listenOptions =>
{
listenOptions.UseHttps("testCert.pfx", "testPassword");
});
})
.UseIISIntegration() // <-- don't forget you will need this for IIS!
.Build();
Note: That if you use both the Listen method and UseUrls, the Listen endpoints override the UseUrls endpoints.
You can find more info here at the official Microsoft Docs.
Configuring IISExpress
Using the GUI
You can right-click the project and click [Properties].
Using launchSettings.json.
You have to configure this using the launchSettings.json which you can find here:
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:61471/",
"sslPort": 44360
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "https://localhost:44360",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
Configuring IIS Endpoints
If you use IIS, the URL bindings for IIS override any bindings that you set by calling either Listen or UseUrls. For more information, see Introduction to ASP.NET Core Module.

For .net core, to setup a custom domain:
Add domain to the hosts file, something like www.yourapp.local
find the solution /.vs/applicationhost.config
Add binding e.g.:
In the web project properties > Debug add the App Url to "http://www.yourapp.local:51791/"
(replace port number as required)
For SSL, I assume you can set the above bindings and settings to https and in the web app properties > Debug tick the "Enable SSL" checkbox.
also see this answer: How to enable SSL for IIS Express in VS2015

If you're fine with the certificate validation error in your browser (or whatever client you use), you can put an entry in your hosts file:
www.yourcustomdomain.com 127.0.0.1 (or ::1 if you're on IPv6)
and then use the custom domain to reach your web site locally.
In Windows the hosts file is usually located at C:\Windows\System32\drivers\etc.

First, add an entry in the client's C:\Windows\System32\drivers\etc\hosts text file. Follow instructions in the hosts file itself.
By "develop locally" do you mean on the local machine or local network? If the latter, you must complete the following tasks (in any order).
Generate as described here and configure as described here a certificate on the server, and install it on the client.
Configure the firewall to allow access to your web API as described here.
Bind your web API to a non-localhost URL as described here and here.
I'm not sure off hand, but to get it working with IIS Express you might also need to run netsh http add urlacl as described here and here.
Some of the above links are specific to IIS Express since that's what you asked about. If using Kestrel, then vary the above tasks as follows.
To configure your certificate on the server, add this to appsettings.json:
"Kestrel": {
"Certificates": {
"Default": {
"Subject": "api.mycustomdomain.com",
"Store": "My",
"AllowInvalid": true
}
}
}
To bind your web API to a non-localhost URL, in launchSettings.json's Kestrel profile, replace the localhost part of applicationUrl's value with 0.0.0.0.

Download file over HTTPS and SSO in groovy avoiding server certificate validation

I want to download a file in groovy over a connection that is both using single sign on (SSO) over HTTPS (SSL) is there an easy way to do this. I'm not intending to build a full blown application so security is not as much of a concern.
def data = new URL("https://server/context/servlet?param1=value1").getText()
print data
I currently do the download using curl but would ideally not have to call curl. current used call below.
curl --negotiate -u user:pass -L --insecure -o filename.txt "https://server/context/servlet?param1=value1"
Two key points to the solution i'm looking for
- It does not involve making a system call to curl
- It does not include manually setting up a certificate.
Would consider libraries.

To avoid the SSL PKIX validation check, in Groovy, you can implement a X509TrustManager in the same way that you do it in Java.
Note that this disable the validation server certificate validation, therefore it's a security risk:
import javax.net.ssl.*
// create a TrustManager to avoid PKIX path validation
def trustManager = [
checkClientTrusted: { chain, authType -> },
checkServerTrusted: { chain, authType -> },
getAcceptedIssuers: { null }
] as X509TrustManager
// creat a sslCtx to use "lax" trustManager
def context = SSLContext.getInstance("TLS")
context.init(null, [trustManager] as TrustManager[], null)
// set as default ssl context
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory())
// finally you can connect to the server "insecurely"
def data = new URL("https://server/context/servlet?param1=value1").getText()
print data
About your second question, to provide a basic authentication like curl does with --user argument, you can set a default user/password for your connections using Authenticator class:
Authenticator.setDefault (new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication ("user", "pass".toCharArray())
}
})
Note that is possible to do so on other ways in Groovy using some libraries, but this is a possible way using standard Java classes.

Only show repos in gitweb that user has access to via Gitolite

I have gitolite setup and working with SSH key based auth. I can control access to repos via the gitolite-admin.git repo and the conf file. All of this works great over SSH but I would like to use GitWeb as a quick way to view the repos.
GitWeb is working great now but shows all repositories via the web interface. So my goal here is to:
Authenticate users in apache2 via PAM, I already have the Ubuntu server authenticating aginst AD and all the users are available. This should not be an issue.
Use the user name logged in with the check gitolite permissions
Display apropriate REPOS in the web interface.
Does anyone have a starting point for this? The Apache part shouldn't be difficult, and I'll set it to auth all fo the /gitweb/ url. I dont know how to pass that username around and authorize it against gitolite. Any ideas?
Thanks,
Nathan

Yes, it is possible, but you need to complete the gitweb config scripts in order to call gitolite.
The key is in the gitweb_config.perl: if that file exists, gitweb will include and call it.
See my gitweb/gitweb_config.perl file:
our $home_link_str = "ITSVC projects";
our $site_name = "ITSVC Gitweb";
use lib (".");
require "gitweb.conf.pl";
In gitweb/gitweb.conf.pl (custom script), I define the official callback function called by gitweb: export_auth_hook: that function will call gitolite.
use Gitolite::Common;
use Gitolite::Conf::Load;
#$ENV{GL_USER} = $cgi->remote_user || "gitweb";
$export_auth_hook = sub {
my $repo = shift;
my $user = $ENV{GL_USER};
# gitweb passes us the full repo path; so we strip the beginning
# and the end, to get the repo name as it is specified in gitolite conf
return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
# check for (at least) "R" permission
my $ret = &access( $repo, $user, 'R', 'any' );
my $res = $ret !~ /DENIED/;
return ($ret !~ /DENIED/);
};
From the comments:
GL_USER is set because of the line:
$ENV{GL_USER} = $cgi->remote_user || "gitweb";
$cgi->remote_user will pick the environment REMOTE_USER set by any Apache Auth module which has completed the authentication (like in this Apache configuration file).
You can print it with a 'die' line.
"Could not find Gitolite/Rc.pm" means the INC variable used by perl doesn't contain $ENV{GL_LIBDIR}; (set to ~/gitolite/lib or <any_place_where_gitolite_was_installed>/lib).
That is why there is a line in the same gitweb/gitweb.conf.pl file which adds that to INC:
unshift #INC, $ENV{GL_LIBDIR};
use lib $ENV{GL_LIBDIR};
use Gitolite::Rc;
Edit from Nat45928: in my case I needed to insert my home path into all the '#H#' entries. That solved all of my issues right away.

Symfony 2 receiving anonymous token after basic authentication

I have a Symfony 2 app using the basic in_memory authentication (as described in the security documentation). The login works fine in our development environment(s). But on the staging server, the basic authentication doesn't seem to provide a proper token -as seen in the hereby provided logfile-; thus we keep on getting the login popup again and again.
Our security configuration:
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Demo Area"
access_control:
- { path: ^/admin, roles: [ROLE_ADMIN]}
providers:
in_memory:
users:
admin: { password: admin, roles: 'ROLE_ADMIN' }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
This is the log output from the (successful) development environment login:
[2011-07-21 13:49:48] security.DEBUG: Read SecurityContext from the session [] []
[2011-07-21 13:49:48] security.DEBUG: Reloading user from user provider. [] []
[2011-07-21 13:49:48] security.DEBUG: Username "root" was reloaded from user provider. [] []
And this is the log output from the staging environment login:
[2011-07-21 13:53:08] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2011-07-21 13:53:08] security.DEBUG: Access denied (user is not fully authenticated); redirecting to authentication entry point [] []
[2011-07-21 13:53:08] security.DEBUG: Calling Authentication entry point [] []
Thanks in advance for the help.

Your dev environment is probably running PHP as mod_php while your staging server is probably running it as FastCGI. By default, the PHP_AUTH_USER and PHP_AUTH_PW server variables are not filled in this context when you authenticate via HTTP basic, and these are what Symfony is using to create the Security context and validate your password.
If you're running this as FCGI on Apache you can fix this. One is to force FastCGI to pass the Authorization header, which it normally suppresses. Add this to the Apache site definition next to the other FastCGI configuration options:
FcgidPassHeader Authorization
For other applications you may also need to mess around to a greater degree (as described here) but for Symfony just passing the header should be sufficient.

Getting request and creating HTTP response using Tomcat

I am currently trying to use embeded Tomcat for my application and am trying to set it up to get the URL of the http request.
Some Background:
I am using the same code as in the first answer for the post here : Howto embed Tomcat 6?
The only change I have made is :
private String catalinaHome = "/home/xyz/tomcat"; // This dir is created and has full access permissions
Also , I am looking at: http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/startup/Embedded.html
There are no server.xml and tomcat-users.xml that I could find, so I created a tomcat-users.xml since I was getting an exception :Memory database file /home/xyz/tomcat/conf/tomcat-users.xml cannot be read .
tomcat-users.xml:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
The code uses container.setRealm(new MemoryRealm());
It appears from here : http://tomcat.apache.org/tomcat-4.1-doc/catalina/funcspecs/fs-memory-realm.html that I should have a server.xml file and there should already be one created by default.
1] Do I need to create a server.xml, what should be the default in it ?
I have put a file with default from here : http://www.akadia.com/download/soug/tomcat/html/tomcat_server_xml.html , but just want to know what is the right thing to do ?
2]When I access http://localhost:8089/mywebapp/index.html, all i get is The requested resource () is not available, though I have an index.html page at the "webappDir" in the code
3] My only need from the embedded tomcat is to intercept so as to get the URL passed to tomcat in my code. I can then parse the URL [do my stuff] and then create a http payload and send an http response back.
I would appreciate any pointers, especially for 3] ?
Thanks!

Ok, for your first question, yo do not need server.xml. If you check the code of your initial post they are setting the parameters there. So that is what server.xml would encapsulate. In reality what happens is that Tomcat will parse server.xml for the properties you are defining on your java file where you instanciate the catalina call to start. But since it is embedded you are setting all those parameters on you class instead.
For your second question, check your logs directory and see what is being parsed. Something is happening after your service starts because it should already redirect you once you call the port. either way, just try http://localhost:8089 and see what you get back in return from tomcat. It should give you some kind of response back from the server itself.
if you do it like this "http://localhost:8089/mywebapp/index.html" you are trying to access a created context, and that might not be configured correctly, but that is just a guess right now.
Try this first and tell me what you get back. we can troubleshoot from this point and see if I can help more in that sense.

Quick question, is this windows or linux you are installing on?
If it is linux the configurations filea are located usually on /etc/tomcat6. (at least on ubuntu they are). Reply back with the version you have installed. I might be able to help you out.
I guess I should also elaborate here a little more. Tomcat is a service in linux as well, so in ubuntu you have to start tomcat in order to access it.
$: sudo service tomcat6 start
then it starts tomcat on port 8080 (usually if not changed) of your localhost. hence you type localhost:8080 to access the website for configuration of tomcat that gives you a It works prompt for you.
Let me know if you have more questions, I will try to respond to the best of my knowledge