I am able to setup a static website using azure storage -> static website and map to a container blob. I used the link below
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website
I want to know if its possible to map it to a https custom domain name ?
I was following the below link but i am bit confused if it needs CDN to do https custom host name mapping. If it requires CDN then i can remove static website hosting because CDN also does hosting which is same as Static WebSite?
Are there any security related features that change between Azure Static WebSite and CDN hosting? Our website doesnt have video content and its not open to global makrets just a country.
So my main question is, is Azure Static WebSite hosting enough and does it allow host name mapping with https?
https://microsoft.github.io/AzureTipsAndTricks/blog/tip138.html
Azure Static WebSite hosting is not enough to map with https, but it allow host name mapping with https by Azure CDN.
The document you are following described very clear about how to do that, and there is nothing to worry about the security after you enable https and set the certificate. Actually, Azure CDN support certificate management.
REST API in Postman
Related
I've written a simple WebAPI Service (hosted with OWIN in a Windows Service) and put the [Authorize] attribute on the POST-method. As I understand, only "known" users can now access the service (don't worry, I know, all known users is not really safe yet).
My test client works fine so far when the host and the client are located on the same machine (f.ex. my workstation). However when I deploy the service on a server machine, and try again to call the service, I get a HTTP 400 failure when using the System.Net.Http.HttpClient and set httpClientHandler.UseDefaultCredentials=true, or a HTTP 401 when I use System.Net.WebClient and set webClient.UseDefaultCredentials=True.
So it seems the authentication mechanism acts different depending if the service is hosted local or remote.
For test reason I've also tried to set the credential explicit with user and password, but with exactly the same result.
However, what do I miss here? Any suggestions?
Thank you in advance!
verify the machine keys.
If the authorization server and the resource server are not on the same computer, the OAuth middleware will use the different machine keys to encrypt and decrypt bearer access token. In order to share the same private key between both projects, we add the same machinekey setting in both web.config files.
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
I am implementing registration process that implements cybersource as payment gateway with ASP MVC web API.
In web.config we have to specify the keys and logs directory.
<add key="cybs.keysDirectory" value= "E:\CyberSource\Keys/" />
<add key="cybs.logDirectory" value= "E:\CyberSource\Logs/" />
This works fine when we deploy the API on IIS and work locally. But when we deploy the API to Azure and for the registration part (Subscribe) that use the CyberSource gateway we get the 502 bad request error from the request.
We tried relative paths as well but still the same error.
Issue: We believe that the API is not getting the .p12 file from the keys directory.
Question: Where to put the .p12 file or where to create the keys directory and what should we specify in web.config to make it work.
Where to put the .p12 file or where to create the keys directory and what should we specify in web.config to make it work.
If you want to use the certificates in the Azure WebApp, please have a try to convert .p12 to .pfx and install it in the WebApp. About how to upload and use certificates in Azure WebApp, please refer to this blog.
I aslo find another similar SO thread.
Adding an app setting named WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate will make it accessible to your web application. You can have multiple comma-separated thumbprint values or can set this value to “ * “ (without quotes) in which case all your certificates will be loaded to your web applications personal certificate store.
Relate link:
Azure Web App sandbox
I have developed the asp.net MVC web app with work or school account authentication mode. The created code base is moved to azure app service and the same code is working fine in local but not in azure app service. So I suspect is this is the problem due to not adding SSL certification to the website.
Thanks in advance..!!
SSL certificate may be needed for most OAuth providers, but it is provided by Azure itself automatically (unless you host your app on a custom domain). You problem must be something different.
I just setup azure CDN endpoint. Pointed to my origin server. This works with http protocol. But the same files when i try https - it returns a 502 - bad gateway error. How do i troubleshoot and fix the problem?
A very similar setup works perfectly on another endpoint with HTTPs.
I think you may need to do is to serve your CDN assets over HTTPS. To do this you'll need to enable HTTPS within the Azure Portal
if still not then:
You can't yet use your own domain/SSL certificate with Azure CDN although there is a big request for this on the Azure Feedback Site.
If you've created a CDN for an Azure Cloud Service (e.g. http://[yourapp].cloudapp.net/cdn/) it's important that you create a self-signed certificate for your Azure domain ([yourapp].cloudapp.net). If you're using Azure Virtual Machines this can be done through IIS.
This caught us out recently when we enabled HTTPS for an origin server that did have an SSL certificate but it was for our own custom domain and not the *.cloudapp.net one.
for details click on http://benfoster.io/blog/azure-cdn-https
We have self-hosted C# WCF service providing rest API over HTTPS.
Problem:Configuring the certificates for SSL requires admin rights. I assume it is to do with WCF depends on http.sys for http/https handling. The service is meant to be deployed on customer environments. So it would be nice if it can run without requiring admin rights.
Looks like WCF depends on http.sys,
Can I self-host an HTTPS service in WCF without the certificate store and without using netsh http add sslcert?
Like to know if any other embedded web server solution exist that support SSL and not requiring admin rights on the machine?
Checked so far,
http://nancyfx.org/
https://github.com/pvginkel/NHttp
Both doesn't seem to support SSL.
Most windows hosted web stacks rely on the HTTP Server API which is the API around the kernel HTTP stack (a.k.a HTTP.sys). The .Net HttpListener class does so as well (same as WCF, the OWIN self hosted asp.Net and so on which rely on it).
Just making sure, you do know you can authorize the identity you application runs under to bind to an HTTPS URL even if it's not running as an admin account, right? If you could gain admin right just for the installation phase that could solve you problem? (assuming you checked that already)
You can read more on a blog post i wrote about that here
To go into the effort of building an http stack on top of raw sockets would be a great effort and with little gain and so around .Net i doublt you would find anything like that.
Unless, it wished to be cross platform.
Any java based web server would probably do just that, using the JVM's http stack and relying on a java keystore to provide the required certificates for the SSL. (To keep it portable across different OS's)
If you wanna go java i am sure you can find many such web servers.
If you care to try and bind to a web server using CGI have a look at mongoose (Never used it to be honest).
Another option which comes to mind is to use an ssl proxy like Stunnel to stand in front of the web server. It would do the SSL part using non-windows certificate store.