This application is running in Service Fabric. One website (WebService) does not have a port configured for its endpoint and as it is running on 5 nodes each node gets a dynamic port from the cluster configured range. One website is just a Gateway for the outside world, it is configured with HTTP and Port 1664. The Gateway is running this :
app.RunHttpServiceGateway("/MyApp", "fabric:/MyApp/MyWebService");
This works: http://localhost:1664/MyApp nicely shows the website that is served by the WebService.
But The WebService makes use of Azure OpenID and after login has a redirect Url https://localhost:44386
Now because the gateway is listening on http::+1664, after login, we lost the site. So we need to have the gateway running on HTTPS at port 44386.
What we had was this for the Gateway:
protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners() { return new ServiceInstanceListener[] { new ServiceInstanceListener(serviceContext => new KestrelCommunicationListener(serviceContext, "ServiceEndpoint", (url, listener) => { ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Kestrel on {url}"); return new WebHostBuilder() .UseKestrel() .ConfigureServices( services => services .AddSingleton<StatelessServiceContext>(serviceContext)) .UseContentRoot(Directory.GetCurrentDirectory()) .UseStartup<Startup>() .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None) .UseUrls(url) .Build(); })) }; }
ServiceManifest:
<Resources> <Endpoints> <!-- This endpoint is used by the communication listener to obtain the port on which to listen. Please note that if your service is partitioned, this port is shared with replicas of different partitions that are placed in your code. --> <Endpoint Protocol="http" Name="ServiceEndpoint" Type="Input" Port="1664" /> </Endpoints> </Resources>
In the https implementation we changed it to:
protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners() { return new ServiceInstanceListener[] { new ServiceInstanceListener(serviceContext => new KestrelCommunicationListener(serviceContext, "ServiceEndpoint", (url, listener) => { ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Kestrel on {url}"); string certificateFileName = "localhost.pfx"; string certificatePassword = "passw0rd!"; var cert = new X509Certificate2(certificateFileName, certificatePassword); return new WebHostBuilder() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, 44386), listenOptions => { var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.AllowCertificate, SslProtocols = System.Security.Authentication.SslProtocols.Tls, ServerCertificate = cert }; listenOptions.UseHttps(httpsConnectionAdapterOptions); }); }) .ConfigureServices( services => services .AddSingleton<StatelessServiceContext>(serviceContext)) .UseContentRoot(Directory.GetCurrentDirectory()) .UseStartup<Startup>() .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None) .UseUrls(url) .Build(); })) }; }
<Resources> <Endpoints> <!-- This endpoint is used by the communication listener to obtain the port on which to listen. Please note that if your service is partitioned, this port is shared with replicas of different partitions that are placed in your code. --> <Endpoint Protocol="https" Name="ServiceEndpoint" Type="Input" Port="44386" /> </Endpoints> </Resources>
Now browing to https://localhost:44386/MyApp,prompts me if I want to accept the certificate, but then in Edge I get:
The connection to the website was reset.
Error Code: INET_E_DOWNLOAD_FAILURE
And in Chrome I get:
This site can’t provide a secure connection
localhost didn’t accept your login certificate, or one may not have been provided.
<div id="suggestions-list" jstcache="6" jsdisplay="(suggestionsSummaryList && suggestionsSummaryList.length)">- Try contacting the system admin.