@Niko - yes, but because you can have certificates auto-renew themselves, having two certificates is really not a problem.
Thank you! That means I have to install in this case really 2! certs?
@Niko - yes you have to set up each individual subdomain include www.mydomain.com and mydomain.com.
@Daniel - IE7 is the default so if that's what you want you don't do any of this and just use the default.
Great tutorial that you set up here!
I don't find the switch for "including the www." to the certificate.
So do I have to install 2 certs for www. and without www. in windows (?) because Plesk on Linux offers the option to do that by cheching a box.
Is that a limitation doing that under windows?
Thanks for any help!
Issue: Some icons are not loaded properly when i load the website in Browser Control.
Some weird behavior i see is that, The icons are loadind in the following scenario:
is it possible to brint the IE compnents for i.e. IE 10 with the application for systems where a smaller version (i.e. IE 7) is installed and use them?
Great post. One minor correction to the intro information - Kestrel supports HTTPS according to https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel
Really interesting article, love the performance work that's been done by the team.
p.s. there's a small typo in the opening paragraph "commment"
I think it's only the first registration that has go over http even if a cert is already installed.
I think it's only the first registration that has go over http even if a cert is already installed.
After you create a LE account (that's the first thing the client does) and a private/public key pair which is used for encrypting the communication with LE servers, the registration of the domain names that you need to have included in the certificates is performed, and a successful domain name registration (http-01 validation) with LE is valid for slightly longer than 11 months.
That explains why you don't see http subsequent validations from LE during the certificate renewals while the registration of the Domain Names is still valid - in 12 months, you'll have to perform a new registration (validation) of the names again.
Great post Rick ! I think that the worker process name is wrong in some places. Was wrote w3p.exe but it's w3wp.exe
I'm trying to use Whatsapp in my application. I'm using visual studio 2012.
I couldn't find any browser (IE 11 as well) working with it. Only Edge 14.14393 (which I have in my pc, not sure about other versions of Edge.) is letting me open Whatsapp.
But Edge is not running in Webbrowser control. I tried to following :
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
it always suggests to use modern browser.
Any help would be greatly appreciated.
What if I don't want Hostname support? Like the default IIS behaviour?
So to replicate through the UI, I would click on my Site, click "Bindings" and Hostname would be greyed out but I'm able to select my cert from the drop down. I would like to do this via powershell but can't seem to figure it out.
I have intermittently ended up on this blog multiple times per month throughout my career in the past 4 years. The advice has always been top notch, covering some of my biggest concerns, with detailed information and quality references.
This post basically covered the exact issue I'm facing with my Angular 2 app hosted through the webpack-dev-server and locally instantiated ASP.NET Core Web API in Kestrel; worked like a charm. Rick Strahl, high five man, you're freaking awesome.
@Jeff - Looks like this is not really possible anymore although the feature may come back. Mentioned on the Community Standup today actually: https://youtu.be/qlVE5iDjBIg?t=6m35s
Is there any way for links inside the In-App browser window to be opened in system browser?
Like I open a site www.internalsite.com using the in-app browser. And I have some links present on that site. Now I want to open that site in external, system browser like Chrome/Safari. How's that possible?
@James - Kestrel inherits the execution context from the IIS Application Pool you configure, so things should continue to work the way they worked when running classic ASP.NET applications. As long as you got a proper account setup for this it should work fine using passthrough security from your application into SQL as long as you have a valid domain account. I'm working on a followup post that talks about some of the questions raised here. Should be out when I get some spare cycles.
Does this still work with the csproj netcore VS2017 world? I can't find any documentation.
Hey, as always, great post. Very thorough.
Question. Working in a big enterprise, we have to use Active Directory Domain identities and configure the IIS App Pools to run as those domain IDs in our environments, so that the apps can call across the network and connect to SQL Server. SQL Server will then also have the domain id registered as a valid login user. Not allowed to use passwords (even encrypted) in connection strings.
Even more fun, for our PROD environments, our security people are the only people allowed to log in to prod web servers and configure the App Pools to run as the domain identity. Only they have the passwords to the AD domain identities (stored in a password vault).
Will this setup be the same, connecting to SQL Server from a CORE app in Kestrel running behind IIS? If we have to go back to using connection strings with passwords, I will have a hard time selling that to the IT and Info Sec folks.
Makes sense - the PITA that you know well is always lesser than a new one!
@Sean - I've played with various Chrome variant frameworks, but to be honest I found that to be a hassle. Between the massive distribution size, the frequent version updates and breakages, as well as seeing a number of applications using these libraries failing, I've always fallen back to using the Web Browser control. To be sure that's a pain too, but I've fought most of those battles before and I know what I'm looking at. It's not trivial if you're doing actual DOM interactions, but it works very well once you get it tweaked right.
Yes, that's just awesome! If I'd have known that before, it may have tipped me into using web browser control.
I'm wondering if you've ever had any experience with the Chrome Embedded Framework?
@Alex - works for me on IIS Express and IIS. There is no reason that the behavior should be any different on a different Web Server because in the end it's just HTTP headers that get injected and the Kestrel is the one doing it regardless of whether IIS Express sits in front of it or not. There must be something else going on. A 401 is not found which I think is different than a CORS error.
@Daniel - What's the exact error message from jquery for this? This really shouldn't be a jquery issue, but a browser issue since the brower's XHR determines the CORS viability.
@Guilliaume - I know it works because I have LetsEncrypt-WinSimple handle auto-renewals for me on a couple of sites that auto-redirect to https. I think it's only the first registration that has go over http even if a cert is already installed.
Thanks Roy, for taking a look at that. Going to try it out and if it works add it to the article.
I followed you implementation.
Unfortunality i got Errors like the "URL" is not found in Access-Control-Allow-Origin-Header
I use a JQuery Ajax get request to load an rss feed.
If i use Chrome with Cors extension enabled it works fine. Is it deaktivated or i use another browser i got Errors.
What did i wrong.
Using ASP.net Core with Kestrel
My vote for simplicity...
My trajectory has been MEF, load assemblies from the same domain, from different appdomains and back to the same domain. For me this is the most easy, not overkill and maintainable solution. Currently I prefer to use a mixed approach with a host that act as the addin assembly referencing the specific module as a nuget package.
For me it is enough. The container will not be any larger than the content that it contains.
I still use the delay, because it combines nice with the scroll animation I also use.
@Rick Strahl : Walt - I use https redirects and it seems to work. I think for the first registration it has to be http, but for renewal https requests seem to work for me.
https redirect works well for renewal but what will happen when expiration date is reached ? the script handles that with submitting a new challenge request but it might need to do a http request as for the 1st run.
What do you think about it ?
Yeah it looks like in iOS 10 that somehow got broken... maybe using innerHeight and a wrapping container with no padding or margins?
Great article. Exactly the answer I was looking for. Thank you so much!
I know its an old thread and thanks for this solution.
Just to note the the Dispose() of the StreamWriter() closes the underlying Stream. This can cause problem with other filters where a MemoryStream is passed to WriteToStreamAsync.
.Net 4.5 now has a leaveOpen bool in one of the StreamWriter constructors.
I have removed the Dispose() from the code with no memory or resource issues.
Great tutorial! It works great for me. But it doesn't seem to work in Safari (iphone and macbook). I tested with alert and it seems that Safari doesn't calculate the outerHeight. Does anybody know a solution?
@Jose - looks like both are working in Dotnet run tooling 1.0.
@Alex - The ASP.NET Core Module will launch Kestrel in the same user context as the IIS Application Pool the IIS app was started in, so the Kestrel process will inherit those writes and that environment. You may want to experiment with the user account in use - if you use the default is an super low rights Application Pool user and that may not have access to any machine environment whatsoever.
You are correct that is freaking awesome thanks for posting!
Just wondering did not you notice following - while running from behind IIS dotnet core app loose ability to read machine level environment variables, but if run it as dotnet app.dll all works as expected
Thanks Rick for the comprehensive post.
As you may know, APIs hate blog posts, so they rapidly evolve to turn the posts obsolete ;)
In this case it is a tiny change: current versions of Kestrel do not use the "server.urls" parameter but "urls" instead.
So the updated line should say
"Set the --urls command line parameter".
That seems to work with Kestrel. But not with IISExpress. Still getting 401.
I'm running into a hidden 'Publish Database' window on Window 10 that doesn't let me move the window with Alt+[Space]. You can activate it if you bring up Task Manager, expand Microsoft Visual Studio 2013, right click on 'Publish Database', and select 'Switch to'.
@wqw - quite right. Pointed at old copies (sheesh). Updated code samples and CodePen is correct.
The iter var prop is not used in the body of these for loops. Am I missing something?
Hi, Lovely post. I was searching for this for infinity. I made a tweek in getting the data as I had a model to receive one of the inputs.
var album = jalbum.ToObject();
List jalbum1 = json.Input1.ToObject<List>();
Thanks for this article. I had a go at implementing Owin before I realised it was easier and faster to write my own library.
OAuth is not a difficult protocol to implement. But when it takes this much minimal code to implement a library, which has deep reliances on other unneccesary libraries, many entry points and outside code required, you know something is wrong. The application startup config code also doesn't lend itself to multi-tennant apps. This middleware is simply an overengineered mess.
I implemented several providers. Each one had its own slight twist/quirks on OAuth, but I only needed to override 3 properties and a method from a base class for each provider in my library, which were more similar than different. I simply pass in the HttpRequest, the provider, and add one new route to the web app, then look for a ProfileInfo class to eventually come back (or an error). A few lines of readable code.
Owin was useful for monitoring requests and response urls, but I recommend rolling your own code. Otherwise its a sledgehammer to crack a nut.
If TypeScript is an option, the keyof feature may be useful for this kind of thing:
Thanks Rick. I couldn't find a more straightforward solution to this dilemma elsewhere in the entire web. Additionally, I had to recompile the project to put this solution into effect.
Probably not. The task pane relies on an old version of IE and unless you rebuild (there is source code) to remove those things the answer is now you can't.
Then again. Task Pane? Really? :-)
First thing I turn off in any VFP install.
+++ Rick ---
When I set the browser to IE11 for VFP9, I lose the environment manager in the VFP task pane. Is it possible to modify the task pane so that it will work with the IE11 setting?
@Mark - I'm not sure you'll have to check with GoDaddy or just try it. Permissions may not be the problem, but IIS has to be configured to allow access to a user profile. If you do have one (ie. a full user account) then you should be able to write to the Current User registry key.
You can't insert an Edge header if the page is already rendered obviously :-) The only way you could inject is by writing an ASP.NET Module to inject it before the page is sent to the browser to render.
Rick. Our website is currently hosted with Godaddy on a shared hosting plan. We have c# code in a background thread that uses an instance of the web browser control. I apologise for any naivety but a) do you think our code would have Access permission to change registry keys, b) we use the control to scrape our external client's websites, can we insert the edge meta tag programmatically even though the client's web pages may not have it in?