[英]force https on an asp.net core 3.1 web app running as a service on a windows server 2008 rs server
I have an asp.net core 3.1 web app which uses azure windows authentication.我有一个 asp.net 核心 3.1 web 应用程序,它使用 azure Z0F4137ED15202B5045C4260 身份验证。 When I run it on VS or as a service on my local computer (windows 10) it works fine and uses https for all requests.当我在 VS 上运行它或在我的本地计算机(Windows 10)上作为服务运行它时,它工作正常并使用 https 处理所有请求。 I copied the exe file and dll's onto a remote server (windows server 2008 rs) and created a windows service on the machine.我将 exe 文件和 dll 复制到远程服务器(windows server 2008 rs)上,并在机器上创建了 windows 服务。 When the browser connects to the service the authentication is done over https but when it returns to the app home page it uses http.当浏览器连接到服务时,身份验证通过 https 完成,但当它返回应用程序主页时,它使用 http。 Any ideas why/what I can do to force any and all requests that are made be over https on any OS/platform?任何想法为什么/我可以做些什么来强制在任何操作系统/平台上提出的任何和所有请求都超过 https?
This is likely due to your local environment having a development certificate installed which the default application configuration uses for local HTTPS.这可能是由于您的本地环境安装了开发证书,默认应用程序配置将其用于本地 HTTPS。 Authentication is performed over HTTPS as the user is routed to Azure to authenticate.身份验证通过 HTTPS 执行,因为用户被路由到 Azure 进行身份验证。
In production, HTTPS must be explicitly configured.在生产中,必须显式配置 HTTPS。 At a minimum, a default certificate must be provided.至少,必须提供默认证书。
To enforce HTTPS in production you need to configure a certificate.要在生产中强制执行 HTTPS,您需要配置证书。 The following article explains the various ways to configure a certificate: Configure endpoints for the ASP.NET Core Kestrel web server .以下文章介绍了配置证书的各种方法: 为 ASP.NET Core Kestrel web 服务器配置端点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.