Showing posts from July, 2018

SignalR Core with Angular

SignalR Core with Angular Last week we saw how to Configure SignalR and get a server notifying a client built as Razor page via Websockets . We completed the post by having a fully functional backend setup with SignalR and authentication done via Resource Owner Password. Today we will see how we can connect to SignalR hub from an Angular application and demonstrate how we can authenticate in five parts: SignalR server Setup an Angular application Connect to SignalR hub Send messages Authentication 1. SignalR server We won’t be describing the server here, instead we will take from where we left in my previous blog post with the code fully available on my Github . Get the repository and run signalr-core-sample/Example . It will run a server on http://localhost:5000 with a SignalR hub on /chathub and Identity server configured with a client my-app setup with Resource owner password flow. 2. Setup an Angul

Manage configurations with ASP NET Core on Ubuntu

Manage configurations with ASP NET Core on Ubuntu Managing configurations can be challenging. We cannot simply check-in in our repository secrets and connection strings and at the same time we want an easy way to maintain them. Today we will see how we can manage secrets is am easy way on Ubuntu with systemd. Make secrets available on server with systemd Manage secrets locally with UserSecrets on ASP NET Core Manage UserSecrets for dotnet Console Application Goal We need to keep secrets out of the source code. Therefore we want to have our application get secrets locally for local testing and we want the application to get them in our hosted environment. In order to achieve that we will use systemd override configuration to hold configuration of secrets on our server and in our local machine we will use UserSecrets which holds configurations in the user app folder. Take note that UserSecrets file is not encrypted. The only protection we get is the OS user protection. If you

Nginx 502 bad gateway after SSL setup

Nginx 502 bad gateway after SSL setup When proxying a request to an underlying server, it is necessary to validate its SSL certificate. For example, if we have a process running on https://localhost:5001 , we can configure Nginx to validate the certificate used by localhost:5001 . But if we miss one step, we face the common error 502 Bad Gateway returned by Nginx. Today we will see two scenarios where we can face the error and how to fix them: Setup SSL verification Scenario 1: self-signed certificate Scenario 2: upstream server 1. Setup SSL verification We can tell Nginx to verify the underlying SSL by adding the following directives, either on server or location level: server { // ... more config proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; proxy_ssl_verify on; proxy_ssl_session_reuse on; location / { proxy_pass https://localhost:5001/; } } proxy_ssl_trusted_certificate indicates to Nginx the location of the trusted CA certificates

HTTPS with SSL for Nginx, Kestrel and Angular

HTTPS with SSL for Nginx, Kestrel and Angular Internet is moving toward secure connections whereby HTTPS is a priority. Browsers are now warning users when navigating to non secured website. With this movement, Kestrel and ASPNET Core have adopted the mentality of security by default rather than security when needed. HTTPS will now be the default and HTTP will be a necessity due to implementation constraints. Together with Lets Encrypt and ACME protocol, we do not have excuses for not implementing an SSL connection. Setup the example SSL self signed certificate for Nginx SSL self signed certificate for Kestrel SSL self signed certificate for Angular CLI 1. Setup the example We assume that our environment is on Ubuntu, with nginx and dotnet installed. If you are on Windows, you can install the linux subsystem with Ubuntu 16.04 as describe on my previous post . This will give access to most of the features of Ubuntu via a bash prompt. To start we create a HelloWorld applicatio

HttpClientFactory in ASP NET Core 2.1

HttpClientFactory in ASP NET Core 2.1 ASP.NET Core 2.1 ships with a factory for HttpClient called HttpclientFactory . This factory allows us to no longer care about the lifecycle of the HttpClient by leaving it to the framework. Today we will see few ways of instantiating clients: Default client Typed client Named client 1. Default client To use the factory, we start first by registering it to the service collection with .AddHttpClient() which is an extension coming from Microsoft.Extensions.Http . public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddHttpClient(); } This gives us access to the IHttpClientFactory which we can inject and using it, we can create a HttpClient . [HttpPost] public async Task<ActionResult<string>> PostDefaultClient([FromServices]IHttpClientFactory factory, [FromBody] ValueDto value) { var client = factory.CreateClient(); client.BaseAddress = new System.Uri("http://loc

A complete SignalR with ASP Net Core example with WSS, Authentication, Nginx

SignalR with ASP Net Core SignalR is a framework from ASP NET Core allowing us to establish a two way communication between client and server. This two way communication allows the client to send messages to the server but more importantly allows the server to push messages to the client. SignalR makes use of Websocket when available else it falls back to SSE or pulling. Today we will focus on how to setup SignalR to work with WSS, Websocket secure and how we can authenticate the user requesting to connect to our SignalR hub via Webscoket. Getting started with SignalR SSL encryption for Websocket Secure WSS Websocket Authentication with Identity Server 4 SignalR behind Nginx 1. Getting started with SignalR The Hubs are the main components of SignalR. It is an abstraction of a two way communication available for both client and server. Public functions from the hub can be called from the server code and can be called from the client. The frontend NPM package @aspnet/signalr

Verify dotnet SDK and runtime version installed

Verify dotnet SDK and runtime version installed To check your dotnet version installed, use dotnet --info . This command will display the SDKs and runtimes installed on your system together with the path where they can be found. For example on my Windows 10 development machine, dotnet --info will yield the following: > dotnet --info .NET Core SDK (reflecting any global.json): Version: 2.1 . 301 Commit: 59524873 d6 Runtime Environment: OS Name: Windows OS Version: 10.0 . 17134 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\ 2.1 . 301 \ Host (useful for support): Version: 2.1 . 1 Commit: 6985 b9f684 .NET Core SDKs installed: 2.1 . 4 [C:\Program Files\dotnet\sdk] 2.1 . 201 [C:\Program Files\dotnet\sdk] 2.1 . 300 [C:\Program Files\dotnet\sdk] 2.1 . 301 [C:\Program Files\dotnet\sdk] .NET Core runtimes installed: Microsoft.AspNetCore.All 2.1 . 0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.A

Remove redirection of localhost to HTTPS

Remove redirection of localhost to HTTPS Symptoms Chrome redirects http://localhost to https://localhost On guest mode, http://localhost is accessible Curl can retrieve http://localhost Cause One of my test project was configuring SSL on nginx. The configuration was redirecting localhost to https for testing purposes and Chrome had since then cached the redirection. Subsequent calls were no longer hitting nginx as they were only hitting Chrome cache. Fix Open the Web Developer Console on Chrome, CTRL+SHIFT+I Right click on the reload arrow Select Empty Cache And Hard Reload This will remove all cached items including the redirection. http://localhost will no longer be redirected by Chrome.

Self Signed Certificate for Identity Server 4 and SSL in Ubuntu 16.04 server

Self Signed Certificate for Identity Server 4 and SSL in Ubuntu 16.04 server To sign our JWT tokens, Identity Server 4 requires a signing credential. Today we will see how we can create our own key and provide it to Identity Server to be used as signing credential. Configure ASP NET Core Create key with openssl Selfsigned certificate for local SSL usage If you are new to Identity Server, you can have a look at my previous blog post on How to configure a Implicit authentication with Identity Server . 1. Configure ASP NET Core We start first by creating an extension on top of the IIdentityServerBuilder which when the key is available, will load our own key using the .AddSigningCredential() else will create a temporary key for development purposes, .AddDeveloperSigningCredential() . public static class IdentityServerBuilderExtensions { public static IIdentityServerBuilder LoadSigningCredentialFrom(this IIdentityServerBuilder builder, string path) { if (!string