Posts

Showing posts from July, 2018

SignalR Core with Angular

Image
SignalR Core with AngularLast week we saw how to Configure SignalR and get a server notifying a client built as Razor page via Websockets. We completed the post by having a fully functional backend setup with SignalR and authentication done via Resource Owner Password. Today we will see how we can connect to SignalR hub from an Angular application and demonstrate how we can authenticate in five parts:SignalR serverSetup an Angular applicationConnect to SignalR hubSend messagesAuthentication1. SignalR serverWe won’t be describing the server here, instead we will take from where we left in my previous blog post with the code fully available on my Github https://github.com/Kimserey/signalr-core-sample/tree/master/Example.Get the repository and run signalr-core-sample/Example. It will run a server on http://localhost:5000 with a SignalR hub on /chathub and Identity server configured with a client my-app setup with Resource owner password flow.2. Setup an Angular applicationOnce we have th…

Manage configurations with ASP NET Core on Ubuntu

Manage configurations with ASP NET Core on UbuntuManaging configurations can be challenging. We cannot simply check-in in our repository secrets and connection strings and at the same time we want an easy way to maintain them.
Today we will see how we can manage secrets is am easy way on Ubuntu with systemd.Make secrets available on server with systemdManage secrets locally with UserSecrets on ASP NET CoreManage UserSecrets for dotnet Console ApplicationGoalWe need to keep secrets out of the source code. Therefore we want to have our application get secrets locally for local testing and we want the application to get them in our hosted environment.
In order to achieve that we will use systemd override configuration to hold configuration of secrets on our server and in our local machine we will use UserSecrets which holds configurations in the user app folder.Take note that UserSecrets file is not encrypted. The only protection we get is the OS user protection.If you are not familiar w…

Nginx 502 bad gateway after SSL setup

Nginx 502 bad gateway after SSL setupWhen proxying a request to an underlying server, it is necessary to validate its SSL certificate. For example, if we have a process running on https://localhost:5001, we can configure Nginx to validate the certificate used by localhost:5001. But if we miss one step, we face the common error 502 Bad Gateway returned by Nginx. Today we will see two scenarios where we can face the error and how to fix them:Setup SSL verificationScenario 1: self-signed certificateScenario 2: upstream server1. Setup SSL verificationWe can tell Nginx to verify the underlying SSL by adding the following directives, either on server or location level:server { // ... more config proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; proxy_ssl_verify on; proxy_ssl_session_reuse on; location / { proxy_pass https://localhost:5001/; } } proxy_ssl_trusted_certificate indicates to Nginx the location of the trusted CA certificates.
proxy_ssl_verify on…

HTTPS with SSL for Nginx, Kestrel and Angular

HTTPS with SSL for Nginx, Kestrel and AngularInternet is moving toward secure connections whereby HTTPS is a priority. Browsers are now warning users when navigating to non secured website. With this movement, Kestrel and ASPNET Core have adopted the mentality of security by default rather than security when needed. HTTPS will now be the default and HTTP will be a necessity due to implementation constraints. Together with Lets Encrypt and ACME protocol, we do not have excuses for not implementing an SSL connection.Setup the exampleSSL self signed certificate for NginxSSL self signed certificate for KestrelSSL self signed certificate for Angular CLI1. Setup the exampleWe assume that our environment is on Ubuntu, with nginx and dotnet installed.
If you are on Windows, you can install the linux subsystem with Ubuntu 16.04 as describe on my previous post. This will give access to most of the features of Ubuntu via a bash prompt.To start we create a HelloWorld application with dotnet. Here…

HttpClientFactory in ASP NET Core 2.1

HttpClientFactory in ASP NET Core 2.1ASP.NET Core 2.1 ships with a factory for HttpClient called HttpclientFactory. This factory allows us to no longer care about the lifecycle of the HttpClient by leaving it to the framework. Today we will see few ways of instantiating clients:Default clientTyped clientNamed client1. Default clientTo use the factory, we start first by registering it to the service collection with .AddHttpClient() which is an extension coming from Microsoft.Extensions.Http.public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddHttpClient(); } This gives us access to the IHttpClientFactory which we can inject and using it, we can create a HttpClient.[HttpPost] public async Task<ActionResult<string>> PostDefaultClient([FromServices]IHttpClientFactory factory, [FromBody] ValueDto value) { var client = factory.CreateClient(); client.BaseAddress = new System.Uri("http://localhost:5100"); va…

A complete SignalR with ASP Net Core example with WSS, Authentication, Nginx

SignalR with ASP Net CoreSignalR is a framework from ASP NET Core allowing us to establish a two way communication between client and server. This two way communication allows the client to send messages to the server but more importantly allows the server to push messages to the client.
SignalR makes use of Websocket when available else it falls back to SSE or pulling. Today we will focus on how to setup SignalR to work with WSS, Websocket secure and how we can authenticate the user requesting to connect to our SignalR hub via Webscoket.Getting started with SignalRSSL encryption for Websocket Secure WSSWebsocket Authentication with Identity Server 4SignalR behind Nginx1. Getting started with SignalRThe Hubs are the main components of SignalR. It is an abstraction of a two way communication available for both client and server. Public functions from the hub can be called from the server code and can be called from the client. The frontend NPM package @aspnet/signalr library makes the …

Verify dotnet SDK and runtime version installed

Verify dotnet SDK and runtime version installedTo check your dotnet version installed, use dotnet --info. This command will display the SDKs and runtimes installed on your system together with the path where they can be found.For example on my Windows 10 development machine, dotnet --info will yield the following:> dotnet --info .NET Core SDK (reflecting any global.json): Version: 2.1.301 Commit: 59524873d6 Runtime Environment: OS Name: Windows OS Version: 10.0.17134 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\2.1.301\ Host (useful for support): Version: 2.1.1 Commit: 6985b9f684 .NET Core SDKs installed: 2.1.4 [C:\Program Files\dotnet\sdk] 2.1.201 [C:\Program Files\dotnet\sdk] 2.1.300 [C:\Program Files\dotnet\sdk] 2.1.301 [C:\Program Files\dotnet\sdk] .NET Core runtimes installed: Microsoft.AspNetCore.All 2.1.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.1 [C:\…

Remove redirection of localhost to HTTPS

Remove redirection of localhost to HTTPSSymptomsChrome redirects http://localhost to https://localhostOn guest mode, http://localhost is accessibleCurl can retrieve http://localhostCauseOne of my test project was configuring SSL on nginx.
The configuration was redirecting localhost to https for testing purposes and Chrome had since then cached the redirection.
Subsequent calls were no longer hitting nginx as they were only hitting Chrome cache.FixOpen the Web Developer Console on Chrome, CTRL+SHIFT+IRight click on the reload arrowSelect Empty Cache And Hard ReloadThis will remove all cached items including the redirection. http://localhost will no longer be redirected by Chrome.

Self Signed Certificate for Identity Server 4 and SSL in Ubuntu 16.04 server

Image
Self Signed Certificate for Identity Server 4 and SSL in Ubuntu 16.04 serverTo sign our JWT tokens, Identity Server 4 requires a signing credential. Today we will see how we can create our own key and provide it to Identity Server to be used as signing credential.Configure ASP NET CoreCreate key with opensslSelfsigned certificate for local SSL usageIf you are new to Identity Server, you can have a look at my previous blog post on How to configure a Implicit authentication with Identity Server.1. Configure ASP NET CoreWe start first by creating an extension on top of the IIdentityServerBuilder which when the key is available, will load our own key using the .AddSigningCredential() else will create a temporary key for development purposes, .AddDeveloperSigningCredential().public static class IdentityServerBuilderExtensions { public static IIdentityServerBuilder LoadSigningCredentialFrom(this IIdentityServerBuilder builder, string path) { if (!string.IsNullOrEmptyString(…