IMPORTANT!
This forum is now archived. Click here for the New Support Forum
How secure QuickApp Pro with SSL .pfx certificate?
Quote from Mawhub on December 28, 2020, 12:39 pmHello,
I'm trying to secure the QuickApp Pro application with a SSL .pfx certificate file. I configured a Kestrel endpoint in appsettings.Develompent.json / appsettings.json config file and embedded the SSL .pfx certificate file. All seems to be fine until I'm fully logged into the webapp and trying to access some stored data from the database. Then I getting the issue below:
Hello,
I'm trying to secure the QuickApp Pro application with a SSL .pfx certificate file. I configured a Kestrel endpoint in appsettings.Develompent.json / appsettings.json config file and embedded the SSL .pfx certificate file. All seems to be fine until I'm fully logged into the webapp and trying to access some stored data from the database. Then I getting the issue below:
Quote from Mawhub on December 30, 2020, 4:05 pmI fixed the issue by adding the following implementation to services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) middleware in Startup class:
options.JwtBackChannelHandler = GetHandler();
...
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = applicationUrl;
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = true; // Note: Set to true in production
options.ApiName = IdentityServerConfig.ApiName;
options.JwtBackChannelHandler = GetHandler();});
...
Complete implementation of the GetHandler() method in Startup class:
private static HttpClientHandler GetHandler()
{
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
return handler;
}Now it's possible to use a SSL .pfx certificate file in appsettings.Develompent.json / appsettings.json config file without any issues when the application is called by https://localhost or https://blablabla.com
"Kestrel": {
"Endpoints": {
"HTTPS": {
"Url": "https://blablabla.com",
"Certificate": {
"Path": "certificate.pfx",
"Password": "thumbprint"
}
}
}
}
I fixed the issue by adding the following implementation to services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) middleware in Startup class:
options.JwtBackChannelHandler = GetHandler();
...
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = applicationUrl;
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = true; // Note: Set to true in production
options.ApiName = IdentityServerConfig.ApiName;
options.JwtBackChannelHandler = GetHandler();
});
...
Complete implementation of the GetHandler() method in Startup class:
private static HttpClientHandler GetHandler()
{
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
return handler;
}
Now it's possible to use a SSL .pfx certificate file in appsettings.Develompent.json / appsettings.json config file without any issues when the application is called by https://localhost or https://blablabla.com
"Kestrel": {
"Endpoints": {
"HTTPS": {
"Url": "https://blablabla.com",
"Certificate": {
"Path": "certificate.pfx",
"Password": "thumbprint"
}
}
}
}
IMPORTANT!
This forum is now archived. Click here for the New Support Forum