我最近在Visual Studio 2019中创建了一个ASP.NET Core 3.0 Web应用程序项目(已启用Docker,但我认为这并不重要),并且在包含ASP.NET Identity时似乎无法禁用HTTPS个人用户帐户。每当我在调试器中启动该应用程序时,该页面就会使用HTTPS打开,并导航至HTTP会再次将我重定向。
我尝试创建一个新项目以测试发生了什么,并且发现了以下内容:
创建项目时,我启用了使用ASP.NET Identity的功能,以便在我的应用程序中使用本地帐户,并且我注意到,如果再次执行向导以创建具有相同设置的项目(启用了Identity的Web应用程序(对于单个用户帐户),取消选中启用HTTPS复选框的选项显示为灰色。
创建项目后,我尝试Startup.cs
通过注释掉相关行来禁用HTTPS重定向中间件:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
//app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
并进行了编辑,launchSettings.json
以尝试使应用程序在调试时使用HTTP而不是HTTPS运行,但是该应用程序仍尝试使用HTTPS进行加载。
launchSettings.json
之前:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51767",
"sslPort": 44396
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"HTTPSTest": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "https://localhost:5001;http://localhost:5000"
},
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
"ASPNETCORE_URLS": "https://+:443;http://+:80",
"ASPNETCORE_HTTPS_PORT": "44397"
},
"httpPort": 51777,
"useSSL": true,
"sslPort": 44397
}
}
}
launchSettings.json
后:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51767"
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"HTTPSTest": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "http://localhost:5000"
},
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
},
"httpPort": 51777
}
}
}
有人对我接下来可以尝试的东西有任何想法吗?我希望该应用程序位于SSL终止的反向代理后面,因此我认为禁用此功能并不是没有道理的。
So I actually managed to fix this. The issue I was seeing with Visual Studio opening up the app using HTTPS was an issue with Visual Studio.
Running through the same setup on another computer worked just fine by commenting out the app.UseHttpsRedirection()
line in Startup.cs
and removing the SSL references in launchSettings.json
as in my original post - running the debugger opened up the page using HTTP and was able to connect to the app.
In order to get everything working again, I tried removing Visual Studio completely, rebooting, reinstalling and trying again, but still had the same issue. In the end I had to also remove all the Visual Studio folders under AppData
in my user directory and THEN reinstall Visual Studio, and then it was finally working again when I tried debugging my project!
UPDATE:
This actually came back after the weekend, and I discovered that this time my problem was that HSTS had cached the use of HTTPS in Chrome. Examples of how to remove this for different browsers can be found here: https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/
In summary, for Chrome:
1. Navigate to chrome://net-internals/#hsts
2. In the Delete domain security policies
section, enter localhost
as the domain and hit the Delete
button
更新2-警告尽管此“修复”允许我使用HTTP运行我的项目,但我确实发现除非启用HTTPS,否则Identity不允许我登录-我认为这与SignInManager设置仅HTTPS身份验证有关cookie-有关更多详细信息,请参见此处:AspNet核心标识-未在生产环境中设置cookie
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句