Menu
I have recently created an ASP.NET Core 3.0 web application project in Visual Studio 2019 (with Docker enabled, but I don't think that's relevant), and don't seem to be able to disable HTTPS when including ASP.NET Identity for individual user accounts. Whenever I launch the app in the debugger the page opens using HTTPS and navigating to HTTP redirects me back again.
I've tried creating a new project to test out what is going on, and have found the following:
When creating the project I enabled the use of ASP.NET Identity in order to use local accounts in my app, and I noticed that if I go through the wizard again in order to create a project with the same setup (web app with Identity enabled for individual user accounts) the option to untick the box enabling HTTPS appears to be greyed out.
After creating the project, I've tried disabling the HTTPS redirection middleware in Startup.cs by commenting out the relevant line:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
//app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
And have edited the launchSettings.json to try to get the app to run using HTTP instead of HTTPS when debugging, but the app still tries to load using HTTPS.
launchSettings.json BEFORE:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51767",
"sslPort": 44396
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"HTTPSTest": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "https://localhost:5001;http://localhost:5000"
},
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
"ASPNETCORE_URLS": "https://+:443;http://+:80",
"ASPNETCORE_HTTPS_PORT": "44397"
},
"httpPort": 51777,
"useSSL": true,
"sslPort": 44397
}
}
}
launchSettings.json AFTER:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51767"
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"HTTPSTest": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "http://localhost:5000"
},
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
},
"httpPort": 51777
}
}
}
Does anyone have any ideas of what I can try next? I want the app to sit behind an SSL-terminating reverse proxy, so I don't think it's unreasonable to want to disable this.
279
If we want to disable HTTP for the asp.net code, we just need to remove lines 11 to 13 and the same for HTTPS, if we want to disable HTTPS, just remove lines 14 to 16 and comment out app. UseHttpsRedirection(); in Program. cs.
To fix this error, as suggested from this site: For an existing project configured for HTTPS, look at the properties pane for the application and set SSL Enabled from true to false. with message: "You can't remove SSL from this site because this Web project is currently configured to browse with this URL.
So I actually managed to fix this. The issue I was seeing with Visual Studio opening up the app using HTTPS was an issue with Visual Studio.
Running through the same setup on another computer worked just fine by commenting out the app.UseHttpsRedirection() line in Startup.cs and removing the SSL references in launchSettings.json as in my original post - running the debugger opened up the page using HTTP and was able to connect to the app.
In order to get everything working again, I tried removing Visual Studio completely, rebooting, reinstalling and trying again, but still had the same issue. In the end I had to also remove all the Visual Studio folders under AppData in my user directory and THEN reinstall Visual Studio, and then it was finally working again when I tried debugging my project!
UPDATE:
This actually came back after the weekend, and I discovered that this time my problem was that HSTS had cached the use of HTTPS in Chrome. Examples of how to remove this for different browsers can be found here: https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/
In summary, for Chrome:
1. Navigate to chrome://net-internals/#hsts
2. In the Delete domain security policies section, enter localhost as the domain and hit the Delete button
UPDATE 2 - WARNING Although this "fix" allowed me to run my project using HTTP, I did find that Identity would not allow me to log in unless HTTPS was enabled - I think it's something to do with the SignInManager setting an HTTPS-only authentication cookie - see here for further details: AspNet Core Identity - cookie not getting set in production
132
From memory, you can change the port in the project settings.
Right click project, then Properties Click Debug. Under the Profile IIS Express, change the port to 5000, your http port.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
