Menu
So I have an ASP.Net Core Hosted Blazor Web Assembly project using Identity Server 4 to manage my logins and registration and when I am debugging and I try to log into my app, the endpoint '.well-known/openid-configuration' is served over HTTPS but when I run the published version of it in Docker it is served over HTTP and causing my login page not to work. How can I get it to be served over HTTPS?
The full error is: AuthenticationService.js:1 Mixed Content: The page at 'https://musicfusion.app/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://musicfusion.app/.well-known/openid-configuration'. This request has been blocked; the content must be served over HTTPS.
Edit: My Startup.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System.Linq;
using Soundbox.Server.Data;
using Soundbox.Shared;
using System;
using Blazored.Toast;
using test.Server.Hubs;
using Microsoft.AspNetCore.Identity.UI.Services;
using test.Server.Services;
using Microsoft.AspNetCore.HttpOverrides;
namespace test.Server
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite("Data Source=/data/test.db"));
services.AddBlazoredToast();
services.Configure<APIKeys>(this.Configuration.GetSection("APIKeys"));
services.Configure<AuthMessageSenderOptions>(this.Configuration.GetSection("Emails"));
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
//services.AddCors(options =>
//{
// options.AddPolicy("AllowSpecificOrigin",
// builder =>
// {
// builder
// .AllowAnyOrigin()
// .AllowAnyMethod()
// .AllowAnyHeader();
// });
//});
services.AddControllersWithViews();
// requires
// using Microsoft.AspNetCore.Identity.UI.Services;
// using WebPWrecover.Services;
services.AddTransient<IEmailSender, EmailSender>();
services.AddRazorPages();
services.AddSignalR();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
//app.UseCors("AllowSpecificOrigin");
app.UseRouting();
app.UseIdentityServer();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapHub<PlaylistHub>("/playlisthub");
endpoints.MapFallbackToFile("index.html");
});
UpdateDatabase(app);
}
private static void UpdateDatabase(IApplicationBuilder app)
{
using (var serviceScope = app.ApplicationServices
.GetRequiredService<IServiceScopeFactory>()
.CreateScope())
{
using (var context = serviceScope.ServiceProvider.GetService<ApplicationDbContext>())
{
context.Database.Migrate();
}
}
}
}
}
792
@Carl and @Jared are correct but simply forcing HTTPS won't work if you are behind a load balancer or something similar.
https://leastprivilege.com/2017/10/09/new-in-identityserver4-v2-simplified-configuration-behind-load-balancers-or-reverse-proxies/
Example request via https that serves endpoint links in http from app hosted in GCP Cloud Run. Exact same code served https endpoints in Azure and IIS.
Recommended approach is using PublicOrigin in IdentityServer4:
app.Use(async (ctx, next) =>
{
ctx.SetIdentityServerOrigin("https://example.com");
await next();
});
or
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
ctx.Request.Host = new HostString("example.com");
await next();
});
https://github.com/IdentityServer/IdentityServer4/issues/4535#issuecomment-647084412
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
