How do you disable HTTPS in ASP.NET Core project with Identity?

debugcn 投稿 Dev

codeandchips

I have recently created an ASP.NET Core 3.0 web application project in Visual Studio 2019 (with Docker enabled, but I don't think that's relevant), and don't seem to be able to disable HTTPS when including ASP.NET Identity for individual user accounts. Whenever I launch the app in the debugger the page opens using HTTPS and navigating to HTTP redirects me back again.

I've tried creating a new project to test out what is going on, and have found the following:

When creating the project I enabled the use of ASP.NET Identity in order to use local accounts in my app, and I noticed that if I go through the wizard again in order to create a project with the same setup (web app with Identity enabled for individual user accounts) the option to untick the box enabling HTTPS appears to be greyed out.

After creating the project, I've tried disabling the HTTPS redirection middleware in Startup.cs by commenting out the relevant line:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseDatabaseErrorPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();
            }
            //app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
                endpoints.MapRazorPages();
            });
        }

And have edited the launchSettings.json to try to get the app to run using HTTP instead of HTTPS when debugging, but the app still tries to load using HTTPS.

launchSettings.json BEFORE:

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:51767",
      "sslPort": 44396
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "HTTPSTest": {
      "commandName": "Project",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "applicationUrl": "https://localhost:5001;http://localhost:5000"
    },
    "Docker": {
      "commandName": "Docker",
      "launchBrowser": true,
      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
      "environmentVariables": {
        "ASPNETCORE_URLS": "https://+:443;http://+:80",
        "ASPNETCORE_HTTPS_PORT": "44397"
      },
      "httpPort": 51777,
      "useSSL": true,
      "sslPort": 44397
    }
  }
}

launchSettings.json AFTER:

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:51767"
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "HTTPSTest": {
      "commandName": "Project",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "applicationUrl": "http://localhost:5000"
    },
    "Docker": {
      "commandName": "Docker",
      "launchBrowser": true,
      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
      "environmentVariables": {
      },
      "httpPort": 51777
    }
  }
}

Does anyone have any ideas of what I can try next? I want the app to sit behind an SSL-terminating reverse proxy, so I don't think it's unreasonable to want to disable this.

codeandchips

So I actually managed to fix this. The issue I was seeing with Visual Studio opening up the app using HTTPS was an issue with Visual Studio.

Running through the same setup on another computer worked just fine by commenting out the app.UseHttpsRedirection() line in Startup.cs and removing the SSL references in launchSettings.json as in my original post - running the debugger opened up the page using HTTP and was able to connect to the app.

In order to get everything working again, I tried removing Visual Studio completely, rebooting, reinstalling and trying again, but still had the same issue. In the end I had to also remove all the Visual Studio folders under AppData in my user directory and THEN reinstall Visual Studio, and then it was finally working again when I tried debugging my project!

UPDATE:
This actually came back after the weekend, and I discovered that this time my problem was that HSTS had cached the use of HTTPS in Chrome. Examples of how to remove this for different browsers can be found here: https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/

In summary, for Chrome:
1. Navigate to chrome://net-internals/#hsts
2. In the Delete domain security policies section, enter localhost as the domain and hit the Delete button

UPDATE 2 - WARNING Although this "fix" allowed me to run my project using HTTP, I did find that Identity would not allow me to log in unless HTTPS was enabled - I think it's something to do with the SignInManager setting an HTTPS-only authentication cookie - see here for further details: AspNet Core Identity - cookie not getting set in production

この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。

侵害の場合は、連絡してください[email protected]

編集2021-06-12

コメントを追加

サインイン

分類Dev

Related 関連記事

記事