Skip to content

Change project templates to have separate "http" and "https" launch profiles #42027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 6, 2022
Merged

Change project templates to have separate "http" and "https" launch profiles #42027

merged 2 commits into from
Jun 6, 2022

Conversation

@DamianEdwards
Copy link
Member

@DamianEdwards DamianEdwards commented Jun 3, 2022
edited
Loading

In support of [EPIC] Revisiting HTTPS defaults in ASP.NET Core

Update project templates so that (assuming the --no-https option is false) two launch profiles are configured in the project's launchSettings.json file:

  1. The first, named "http" and configured with the ApplicationUrls property set to just a non-https address 
    "http": {
  "commandName": "Project",
  "dotnetRunMessages": true,
  "launchBrowser": true,
  "applicationUrl": "http://localhost:5227",
  "environmentVariables": {
    "ASPNETCORE_ENVIRONMENT": "Development"
  }
}
  2. The second, named "https", and configured with the ApplicationUrls property set to the usual two addresses, the first being https, the second being http: 
    "https": {
  "commandName": "Project",
  "dotnetRunMessages": true,
  "launchBrowser": true,
  "applicationUrl": "https://localhost:7227;http://localhost:5227",
  "environmentVariables": {
    "ASPNETCORE_ENVIRONMENT": "Development"
  }
}

Selecting an auth option of anything other than None or Indvidual in relevant templates will still force https like today & only create a single launch profile due to issues with these auth schemes use of cookies and SameSite.

The Angular & SPA templates that utilize the SpaProxy are currently authored in such a way that only https works (irrespective of the auth option) so they're not changed.

When launching this project at the command line using dotnet run or dotnet watch, the default profile selected will be the first profile, which is not configured to use https, and as such the application will start without attempting to bind to https and thus not attempt to load the dev cert (which causes UX friction issues esp. on non-Windows systems). The https profile can be selected at launch time by passing --launch-profile <launch-profile> to dotnet run, e.g.:

$ dotnet run --launch-profile https

The project will continue to have the https-aware code present so the project is ready for use with https.

@DamianEdwards DamianEdwards requested review from a team and Pilchie as code owners June 3, 2022 23:20
@DamianEdwards DamianEdwards linked an issue Jun 3, 2022 that may be closed by this pull request
[EPIC] Revisiting HTTPS defaults in ASP.NET Core #41990
Closed
10 tasks
@ghost ghost added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Jun 3, 2022
@DamianEdwards DamianEdwards linked an issue Jun 3, 2022 that may be closed by this pull request
Update project templates so that separate launch profiles for HTTP and HTTPS are configured #41982
Closed
@DamianEdwards DamianEdwards requested a review from HaoK June 6, 2022 18:17
@DamianEdwards DamianEdwards merged commit 5a590b2 into main Jun 6, 2022
@DamianEdwards DamianEdwards deleted the damianedwards/41990-template-https-launch-profiles branch June 6, 2022 19:01
@ghost ghost added this to the 7.0-preview6 milestone Jun 6, 2022
captainsafia pushed a commit to captainsafia/aspnetcore that referenced this pull request Jun 13, 2022
@DamianEdwards @captainsafia
Change project templates to have separate "http" and "https" launch p…
fe46b28 
…rofiles (dotnet#42027)

* Project templates have separate "http" and "https" launch profiles
* Update test targets for dotnet-ef targeting net6.0
Fixes dotnet#41982
@vzarytovskii vzarytovskii mentioned this pull request Jun 14, 2022
Closed
@vijayrkn vijayrkn mentioned this pull request Feb 3, 2023
Closed
@Kasraco
Copy link

Kasraco commented Apr 12, 2024
edited
Loading

Make sure that you also have settings for HTTPS in the appsettings.json file. You may need settings to allow the use of HTTPS as well as paths related to SSL certificate and private key.

  "Kestrel": {
    "EndPoints": {
      "Https": {
        "Url": "https://localhost:7227"
      }
    }
  }
}

OR

{
  "Kestrel": {
    "EndPoints": {
      "Https": {
        "Url": "https://localhost:7227",
        "Certificate": {
          "Path": "certificate.pfx",
          "Password": "password"
        }
      }
    }
  }
}

@davidfowl
Copy link
Member

davidfowl commented Apr 12, 2024

This setting isn't needed. Why do you need it? What operating system are you running on?

@Kasraco
Copy link

Kasraco commented Apr 12, 2024
edited
Loading

Yes, normally it's not needed, but when I want to use the dotnet watch run command and I also need HTTPS, I use these settings."

@davidfowl
Copy link
Member

davidfowl commented Apr 12, 2024

You use the https dev cert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HaoK HaoK HaoK approved these changes

@Pilchie Pilchie Awaiting requested review from Pilchie

Assignees

No one assigned

Labels

area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates

Projects

None yet

Milestone

7.0-preview6

Development

Successfully merging this pull request may close these issues.

[EPIC] Revisiting HTTPS defaults in ASP.NET Core Update project templates so that separate launch profiles for HTTP and HTTPS are configured

5 participants

@DamianEdwards @Kasraco @davidfowl @HaoK