Menu
I'm using appsettings.json to configure Kestrel in a .netcore3.1 app. Here's the relevant bits from appsettings.json
"Kestrel": {
"Certificates": {
"Default": {
"Subject": "certificate name",
"Store": "MY",
"Location": "LocalMachine",
"AllowInvalid": true
}
}
},
"AllowedHosts": "*",
"Urls": "http://*:5010;https://*:5011"
If I start the application it comes up on both ports. However, accessing it through HTTPS gets this exception dumped to the console of my app
Microsoft.AspNetCore.Server.Kestrel[0] Unhandled exception while processing 0HLT41KHBJ13T. System.ComponentModel.Win32Exception (0x8009030D): The credentials supplied to the package were not recognized at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface secModule, String package, CredentialUse intent, SCHANNEL_CRED scc)
However, if I start the application with administrative permissions, it works. So, the cert is fine (it has the required private key), but things still don't work. Just for the fun of it, I imported the certificate into the LocalUser store where the app should most definitely have access to even without admin privileges, but no joy.
Any ideas what could make this fail if not running with administrative permissions? The cert as you can see is in the certificate store, not in the file system, which rules out file permission issues.
823
By default, press F5 to start the application with IISExpress as reverse proxy. To start the application from Kestrel webserver click project name menu item in run dropdown like below. ASPNETCoreVS2017Demo is my project name. This will start the app directly form Kestrel webserver.
Kestrel supports the following scenarios: HTTPS. Opaque upgrade used to enable WebSockets. Unix sockets for high performance behind Nginx.
You can set the Kestrel ports inside the appsettings. json file. A simple block of JSON does it. You might notice that there is an appsettings.Development.
Kestrel provides an event loop and callback-based notifications of I/O. Libuv manages the gathering and monitoring of events from the OS. Moreover, the user can register callbacks as an event occurs. So, Kestrel uses libuv for I/O work and supports running multiple event loops.
Just a head up on this; users need permission to read certificates too, just like reading a file. Typically, SYSTEM account has read permission by default, but a developer will not have read permission to certificates in the local machine store unless they are a member of a privileged group that does.
You can go into the certificate store and add the permissions.
Open the store, right click the certificate. Select "All Tasks" | "Manage Private Keys" and add the users read permission, just like adding file permissions in Explorer. You could also create a Developer group and grant and revoke permissions to developer certificates that way, only managing the certificate permissions directly, once.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
