如何在带有身份的ASP.NET Core项目中禁用HTTPS? [英] How do you disable HTTPS in ASP.NET Core project with Identity?
问题描述
我最近在Visual Studio 2019中创建了一个ASP.NET Core 3.0 Web应用程序项目(已启用Docker,但我认为这并不重要),并且在包含ASP时似乎无法禁用HTTPS.单个用户帐户的NET身份.每当我在调试器中启动该应用程序时,该页面就会使用HTTPS打开,并导航至HTTP会再次将我重定向.
I have recently created an ASP.NET Core 3.0 web application project in Visual Studio 2019 (with Docker enabled, but I don't think that's relevant), and don't seem to be able to disable HTTPS when including ASP.NET Identity for individual user accounts. Whenever I launch the app in the debugger the page opens using HTTPS and navigating to HTTP redirects me back again.
我尝试创建一个新项目来测试正在发生的事情,并且发现了以下内容:
I've tried creating a new project to test out what is going on, and have found the following:
在创建项目时,我启用了使用ASP.NET Identity的功能,以便在我的应用程序中使用本地帐户,并且我注意到,如果再次执行向导以创建具有相同设置的项目(网络应用程序), (为单个用户帐户启用了身份),取消选中启用HTTPS复选框的选项显示为灰色.
When creating the project I enabled the use of ASP.NET Identity in order to use local accounts in my app, and I noticed that if I go through the wizard again in order to create a project with the same setup (web app with Identity enabled for individual user accounts) the option to untick the box enabling HTTPS appears to be greyed out.
创建项目后,我尝试通过注释掉相关行来禁用Startup.cs中的HTTPS重定向中间件:
After creating the project, I've tried disabling the HTTPS redirection middleware in Startup.cs by commenting out the relevant line:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
//app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
并已编辑launchSettings.json,以尝试在调试时使应用程序使用HTTP而不是HTTPS来运行,但是该应用程序仍尝试使用HTTPS进行加载.
And have edited the launchSettings.json to try to get the app to run using HTTP instead of HTTPS when debugging, but the app still tries to load using HTTPS.
launchSettings.json之前:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51767",
"sslPort": 44396
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"HTTPSTest": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "https://localhost:5001;http://localhost:5000"
},
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
"ASPNETCORE_URLS": "https://+:443;http://+:80",
"ASPNETCORE_HTTPS_PORT": "44397"
},
"httpPort": 51777,
"useSSL": true,
"sslPort": 44397
}
}
}
launchSettings.json之后:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51767"
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"HTTPSTest": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "http://localhost:5000"
},
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
},
"httpPort": 51777
}
}
}
有人对我接下来可以尝试的东西有任何想法吗?我希望该应用程序位于SSL终止的反向代理后面,所以我认为禁用此功能并不是没有道理的.
Does anyone have any ideas of what I can try next? I want the app to sit behind an SSL-terminating reverse proxy, so I don't think it's unreasonable to want to disable this.
推荐答案
所以我实际上设法解决了这个问题.我在Visual Studio中使用HTTPS打开应用程序时遇到的问题是Visual Studio的问题.
So I actually managed to fix this. The issue I was seeing with Visual Studio opening up the app using HTTPS was an issue with Visual Studio.
通过注释掉Startup.cs中的app.UseHttpsRedirection()行并删除launchSettings.json中的SSL引用,就像在我的原始文章中那样,在另一台计算机上运行相同的设置就可以了-运行调试器使用HTTP打开了页面并能够连接到该应用.
Running through the same setup on another computer worked just fine by commenting out the app.UseHttpsRedirection() line in Startup.cs and removing the SSL references in launchSettings.json as in my original post - running the debugger opened up the page using HTTP and was able to connect to the app.
为了使所有功能再次正常运行,我尝试完全删除Visual Studio,然后重新启动,重新安装并重试,但是仍然遇到相同的问题.最后,我还必须删除用户目录中AppData下的所有Visual Studio文件夹,然后重新安装Visual Studio,然后当我尝试调试项目时,它终于又可以正常工作了!
In order to get everything working again, I tried removing Visual Studio completely, rebooting, reinstalling and trying again, but still had the same issue. In the end I had to also remove all the Visual Studio folders under AppData in my user directory and THEN reinstall Visual Studio, and then it was finally working again when I tried debugging my project!
更新:
这实际上在周末之后又回来了,我发现这次我的问题是HSTS在Chrome中缓存了HTTPS的使用.可以在以下示例中找到如何针对不同的浏览器删除此示例:
UPDATE:
This actually came back after the weekend, and I discovered that this time my problem was that HSTS had cached the use of HTTPS in Chrome. Examples of how to remove this for different browsers can be found here: https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/
总结来说,对于Chrome:
1.导航到 chrome://net-internals/#hsts
2.在Delete domain security policies部分中,输入localhost作为域,然后点击Delete按钮
In summary, for Chrome:
1. Navigate to chrome://net-internals/#hsts
2. In the Delete domain security policies section, enter localhost as the domain and hit the Delete button
更新2-警告 尽管此修复"允许我使用HTTP运行我的项目,但我确实发现除非启用HTTPS,否则Identity不允许我登录-我认为这与SignInManager设置仅HTTPS身份验证cookie有关-请参见此处有关更多详细信息,请参见: AspNet核心身份-cookie不投入生产
UPDATE 2 - WARNING Although this "fix" allowed me to run my project using HTTP, I did find that Identity would not allow me to log in unless HTTPS was enabled - I think it's something to do with the SignInManager setting an HTTPS-only authentication cookie - see here for further details: AspNet Core Identity - cookie not getting set in production
这篇关于如何在带有身份的ASP.NET Core项目中禁用HTTPS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
