如何在带有身份的ASP.NET Core项目中禁用HTTPS？

代码和芯片

我最近在Visual Studio 2019中创建了一个ASP.NET Core 3.0 Web应用程序项目（已启用Docker，但我认为这并不重要），并且在包含ASP.NET Identity时似乎无法禁用HTTPS个人用户帐户。每当我在调试器中启动该应用程序时，该页面就会使用HTTPS打开，并导航至HTTP会再次将我重定向。

我尝试创建一个新项目以测试发生了什么，并且发现了以下内容：

创建项目时，我启用了使用ASP.NET Identity的功能，以便在我的应用程序中使用本地帐户，并且我注意到，如果再次执行向导以创建具有相同设置的项目（启用了Identity的Web应用程序（对于单个用户帐户），取消选中启用HTTPS复选框的选项显示为灰色。

创建项目后，我尝试Startup.cs通过注释掉相关行来禁用HTTPS重定向中间件：

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseDatabaseErrorPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();
            }
            //app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
                endpoints.MapRazorPages();
            });
        }

并进行了编辑，launchSettings.json以尝试使应用程序在调试时使用HTTP而不是HTTPS运行，但是该应用程序仍尝试使用HTTPS进行加载。

launchSettings.json 之前：

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:51767",
      "sslPort": 44396
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "HTTPSTest": {
      "commandName": "Project",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "applicationUrl": "https://localhost:5001;http://localhost:5000"
    },
    "Docker": {
      "commandName": "Docker",
      "launchBrowser": true,
      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
      "environmentVariables": {
        "ASPNETCORE_URLS": "https://+:443;http://+:80",
        "ASPNETCORE_HTTPS_PORT": "44397"
      },
      "httpPort": 51777,
      "useSSL": true,
      "sslPort": 44397
    }
  }
}

launchSettings.json 后：

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:51767"
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "HTTPSTest": {
      "commandName": "Project",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "applicationUrl": "http://localhost:5000"
    },
    "Docker": {
      "commandName": "Docker",
      "launchBrowser": true,
      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
      "environmentVariables": {
      },
      "httpPort": 51777
    }
  }
}

有人对我接下来可以尝试的东西有任何想法吗？我希望该应用程序位于SSL终止的反向代理后面，因此我认为禁用此功能并不是没有道理的。

代码和芯片

So I actually managed to fix this. The issue I was seeing with Visual Studio opening up the app using HTTPS was an issue with Visual Studio.

Running through the same setup on another computer worked just fine by commenting out the app.UseHttpsRedirection() line in Startup.cs and removing the SSL references in launchSettings.json as in my original post - running the debugger opened up the page using HTTP and was able to connect to the app.

In order to get everything working again, I tried removing Visual Studio completely, rebooting, reinstalling and trying again, but still had the same issue. In the end I had to also remove all the Visual Studio folders under AppData in my user directory and THEN reinstall Visual Studio, and then it was finally working again when I tried debugging my project!

UPDATE:
This actually came back after the weekend, and I discovered that this time my problem was that HSTS had cached the use of HTTPS in Chrome. Examples of how to remove this for different browsers can be found here: https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/

In summary, for Chrome:
1. Navigate to chrome://net-internals/#hsts
2. In the Delete domain security policies section, enter localhost as the domain and hit the Delete button

更新2-警告尽管此“修复”允许我使用HTTP运行我的项目，但我确实发现除非启用HTTPS，否则Identity不允许我登录-我认为这与SignInManager设置仅HTTPS身份验证有关cookie-有关更多详细信息，请参见此处：AspNet核心标识-未在生产环境中设置cookie

本文收集自互联网，转载请注明来源。

如有侵权，请联系 [email protected] 删除。

编辑于 2021-01-21

我来说两句

0 条评论

登录后参与评论

上一篇：如何使用数组中png的名称以两种不同方式对数组进行排序

TOP 榜单

文章

如何在带有身份的ASP.NET Core项目中禁用HTTPS？

如何在带有身份的ASP.NET Core项目中禁用HTTPS？

Linux的官方Adobe Flash存储库是否已过时？

如何使用HttpClient的在使用SSL证书，无论多么“糟糕”是

错误：“ javac”未被识别为内部或外部命令，

在 Python 2.7 中。如何从文件中读取特定文本并分配给变量

Modbus Python施耐德PM5300

为什么Object.hashCode（）不遵循Java代码约定

如何检查字符串输入的格式

检查嵌套列表中的长度是否相同

错误TS2365：运算符'！=='无法应用于类型'“（”'和'“）”'

如何自动选择正确的键盘布局？-仅具有一个键盘布局

如何正确比较 scala.xml 节点？

在令牌内联程序集错误之前预期为 ')'

如何在JavaScript中获取数组的第n个元素？

如何将sklearn.naive_bayes与（多个）分类功能一起使用？

ValueError：尝试同时迭代两个列表时，解包的值太多（预期为 2）

如何监视应用程序而不是单个进程的CPU使用率？

解决类Koin的实例时出错

ES5的代理替代

有什么解决方案可以将android设备用作Cast Receiver？

VBA 自动化错误：-2147221080 (800401a8)

套接字无法检测到断开连接