-
Notifications
You must be signed in to change notification settings - Fork 58
Azure WebApp: Scheme not set to HTTPS, breaks RequireHttps and OAuth/OIDC #140
Comments
I don' think AspNetCoreModule is available on Azure App Service yet. @shirhatti? |
It didn't complain about the module... As you can see by the log file... and process explorer shows it running dotnet.exe... |
This is fishy... If AspNetCoreModule had not been installed the application would not have been started... You would get 502 or something to this effect. |
Ah, perhaps the App Service roll out is completed after all. |
Yeah, but why no response to browser? Request get to kestrel, response is return from kestrel... why no reach the browser? Will @shirhatti have an idea? |
@BrennanConroy is giving this a try... @LeandroPT I assume you're using a simple HelloWeb or HelloMvc app? |
No.. My RC2 MVC app. But you guys can check with those, all i need is confirmation that is ready. As you saw by the posts in this, i assumed it was not installed too. I tested with both netcoreapp1.0 (the config above) and a net451 .exe What i find weird is the HTTPS not beeing passed along. The same config (both frameworks) work just fine in local IIS server. |
@muratg Azure App Service performs a rolling deployment. I believe they are currently in the process of rolling out ANCM. YMMV till they finish their deployment. |
You abbreviations almost killed me... Where can that progress be tracked? |
What is your actual issue? |
No reply, closing |
The issue still remains and the answer to your question is on the 1st post, and my life is already complicated to have you set me SLA's for replies. I did some more tests and this is what i found out: Picked project IISSamples on this repository as of TODAY, tweaked the project.json : Running in LOCAL IIS: https://localhost:4431/
Running on Azure: https://app-tst.azurewebsites.net
Since i have a requireHttps attribute on all controllers, it keeps on redirecting because what apparently in Azure is reaching Kestrel is HTTP and not https. The Browser then gets So this is the CURRENT and as of NOW issue and apparently the aspnetcore module has different behavior on Azure App vs Local IIS Anything else i need to provide? |
I see your issue now. You have two entries in X-Forwarded-For and only one in X-Forwarded-Proto. Our x-fowarded logic requires that there be the same number of entries in each of these headers. You can override it by disabling x-forwarded-for like this:
@pan-wang can you investigate why there are two x-fowarded-for entries with the same value in Azure? |
I've asked @pan-wang to investigate why there are duplicate X-Forwarded-For headers, but that can wait. Moving to 1.0.0 |
Due to this all https scenarios are broken with Azure Web Apps.
|
Plan:
In parallel we'll investigate with Azure Web Sites to see if they can improve their setting of these headers. |
Fixed in nightly dev builds. |
Hum, why not just disabling symmetry by default for all environments? The errors caused by the lack of symmetric are really hard to debug, specially since the log message associated with this error is not helpful at all and requires a high level of verbosity: |
We'll consider it if this comes up in most environments. For now we're using the most secure settings by default. |
I have an RC2 Application running on Azure Web App Role.
on the browser side:
https://mydummycisiteci.azurewebsites.net redirected you too many times.
On the stdout log for aspnetcoremodule:
The most interesting fact is that if if download a resource (image for example)
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/1.1 GET http://mydummycisite.azurewebsites.net/favicon.ico info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 1227.537ms 404
on the browser side:
http://mydummycisite.azurewebsites.net/favicon.ico Failed to load resource: the server responded with a status of 404 (Not Found)
I have the exact same configuration on Local IIS and works like a candy...
web.config - Azure App
Am i doing something wrong, or AspNetCoreModule still in the forge in Azure?
The text was updated successfully, but these errors were encountered: