0

Please or Register to create posts and topics.

How secure QuickApp Pro with SSL .pfx certificate?

Hello,

I'm trying to secure the QuickApp Pro application with a SSL .pfx certificate file. I configured a Kestrel endpoint in appsettings.Develompent.json / appsettings.json config file and embedded the SSL .pfx certificate file. All seems to be fine until I'm fully logged into the webapp and trying to access some stored data from the database. Then I getting the issue below:

 

 

I fixed the issue by adding the following implementation to services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) middleware in Startup class:

options.JwtBackChannelHandler = GetHandler();

...

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = applicationUrl;
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = true; // Note: Set to true in production
options.ApiName = IdentityServerConfig.ApiName;
options.JwtBackChannelHandler = GetHandler();

});

...

Complete implementation of the GetHandler() method in Startup class:

private static HttpClientHandler GetHandler()
{
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
return handler;
}

Now it's possible to use a SSL .pfx certificate file in appsettings.Develompent.json / appsettings.json config file without any issues when the application is called by https://localhost or https://blablabla.com

"Kestrel": {
    "Endpoints": {
        "HTTPS": {
            "Url": "https://blablabla.com",
            "Certificate": {
                "Path": "certificate.pfx",
                "Password": "thumbprint"
            }
        }
    }
}