Menu
I haven't been able to figure out how to disable HTTPS requirement for a new boilerplate ASP.NET Core 6 react app using Identity authentication. Has anyone been able to do it?
I've tried setting HTTPS=false in .env-development on the frontend, and on the backend removing app.UseHttpsRedirection(); updating launchSettings.json to not require https, and the .csproj file SpaProxyServerUrl to not require https.
Now that gives me a site that kinda works, until you go to login. The oidc-client on the frontend is still requesting https links and this seems to come from the OidcConfigurationController on the _configuration/<clientId> response for open-id service endpoints. But it doesn't appear you can actually configure this anywhere with .AddIdentityServer(), at least not anything I've been able to find.
If I were to get tricky and just replace the urls provided by the OidcConfigurationController with 'http', I can get past the openid failures until the frontend makes a call to https on https://localhost:44489/connect/authorize and I'm not sure where https is even being specified anywhere.
The whole thing seems like a mess in terms of configuration, but I need http to work for local testing of external payment systems due to things out of my control.
Thoughts?
UPDATE: Deleting the https://localhost:7271; launchProfiles entry from launchSettings.json partially got me there. For some reason, calls to .well-known/openid-configuration gets its host/authority information from there. However, even with that the connect/authorize call fails on IdentityServer with the error 'Request validation failed'.
// Program.cs
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));
builder.Services.AddDbContextFactory<ApplicationDbContext>(lifetime: ServiceLifetime.Scoped);
builder.Services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = false)
.AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
builder.Services.AddAuthorization();
builder.Services.AddAuthentication()
.AddIdentityServerJwt();
//app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseIdentityServer();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
app.MapRazorPages();
app.MapDefaultControllerRoute();
app.MapFallbackToFile("index.html");
Project file:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<SpaRoot>ClientApp\</SpaRoot>
<DefaultItemExcludes>$(DefaultItemExcludes);$(SpaRoot)node_modules\**</DefaultItemExcludes>
<SpaProxyServerUrl>http://localhost:44489</SpaProxyServerUrl>
<SpaProxyLaunchCommand>npm start</SpaProxyLaunchCommand>
</PropertyGroup>
</Project>
// launchSettings.json
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:59447",
"sslPort": 44389
}
},
"profiles": {
"MyApp": {
"commandName": "Project",
"launchBrowser": true,
"applicationUrl": "https://localhost:7271;http://localhost:5271",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development",
"ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.SpaProxy"
}
},
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development",
"ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.SpaProxy"
}
}
}
}
// .env.development
PORT=44489
HTTPS=false
// setupProxy.js
const { createProxyMiddleware } = require('http-proxy-middleware');
const { env } = require('process');
const target = env.ASPNETCORE_HTTPS_PORT ? `https://localhost:${env.ASPNETCORE_HTTPS_PORT}` :
env.ASPNETCORE_URLS ? env.ASPNETCORE_URLS.split(';')[0] : 'http://localhost:59447';
const context = [
"/api",
"/_configuration",
"/.well-known",
"/Identity",
"/connect",
"/ApplyDatabaseMigrations",
"/_framework",
];
module.exports = function(app) {
const appProxy = createProxyMiddleware(context, {
target: target,
secure: false,
headers: {
Connection: 'Keep-Alive'
}
});
app.use(appProxy);
};
358
After messing with this for a few days I finally got a working solution to disable HTTPS. There were some other answers that led me astray in terms of what specific config IdentityServer needs and it took me a while to get it down to the bare minimum requirements. Hope it saves someone else a headache in the future.
Project .csproj file
<SpaProxyServerUrl>http://localhost:44489</SpaProxyServerUrl>
appsettings.json
{
"IdentityServer": {
"Clients": {
"BnbTools": {
"Profile": "IdentityServerSPA",
"RedirectUris": [ "http://localhost:44489/authentication/login-callback" ],
"LogoutUris": [ "http://localhost:44489/authentication/logout-callback" ]
}
}
}
}
launchSettings.json
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:59447",
"sslPort": 44389
}
},
"profiles": {
"BnbTools": {
"commandName": "Project",
"applicationUrl": "http://localhost:5271",
}
}
.env.development
PORT=44489
HTTPS=true
REACT_APP_API_URL = "http://localhost:44489"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With