为HTTPS配置ASP.NET Core 2.0 Kestrel

Question

TL; DR今天使用ASP.NET Core 2.0设置HTTPS的正确方法是什么？

我想将我的项目配置为使用https和他们在BUILD 2017中展示的证书.我尝试了几个设置,但没有任何效果.经过一番研究,我更加困惑.看来,有很多方法可以配置URL和端口.我已经看到了appsettings.json,hosting.json通过代码,在launchsettings.json我们还可以设置URL和端口.

有"标准"的方法吗？

这是我的 appsettings.development.json

{
  "Kestrel": {
    "Endpoints": {
      "Localhost": {
        "Address": "127.0.0.1",
        "Port": "40000"
      },
      "LocalhostWithHttps": {
        "Address": "127.0.0.1",
        "Port": "40001",
        "Certificate": {
          "HTTPS": {
            "Source": "Store",
            "StoreLocation": "LocalMachine",
            "StoreName": "My",
            "Subject": "CN=localhost",
            "AllowInvalid": true
          }
        }
      }
    }
  }
}

但是launchsettings.json当我从命令行dotnet run开始或从Visual Studio开始使用调试器时,它始终需要url和port .

这是我Program.cs和Startup.cs

public class Program
{
    public static void Main(string[] args)
    {
        BuildWebHost(args).Run();
    }

    public static IWebHost BuildWebHost(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>()
            .Build();
}

public class Startup
{
    public IConfiguration Configuration { get; }
    public string Authority { get; set; } = "Authority";
    public string ClientId { get; set; } = "ClientId";

    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<MvcOptions>(options => options.Filters.Add(new RequireHttpsAttribute()));

        JsonConvert.DefaultSettings = () => new JsonSerializerSettings() {
            NullValueHandling = NullValueHandling.Ignore
        };

        services.AddSingleton<IRepository, AzureSqlRepository>(x => new AzureSqlRepository(Configuration.GetConnectionString("DefaultConnection")));
        services.AddSingleton<ISearchSplitService, SearchSplitService>();

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options => new JwtBearerOptions {
                Authority = this.Authority,
                Audience = this.ClientId
        });

        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions() { HotModuleReplacement = true, ReactHotModuleReplacement = true, HotModuleReplacementEndpoint = "/dist/__webpack_hmr" });
        }

        app.UseStaticFiles();
        app.UseAuthentication();

        app.UseMvc(routes => {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{id?}");

            routes.MapSpaFallbackRoute(
                name: "spa-fallback",
                defaults: new { controller = "Home", action = "Index" });
        });
    }
}

正如我所说的那样,我无法让它在任何修复中发挥作用.今天使用ASP.NET Core 2.0设置HTTPS的正确方法是什么？

Answer 1

不幸的是,在ASP.NET Core 2.0发布之前,已经在各种视频或教程中显示的基于配置的设置HTTPS的方式没有进入最终版本.

对于2.0,配置HTTPS的唯一方法是在代码中,通过显式设置Kestrel监听器,如本公告中所述,并使用ListenOptions.UseHttps启用HTTPS:

var host = new WebHostBuilder()
    .UseKestrel(options =>
    {
        options.ListenAnyIP(443, listenOptions => 
        {
            listenOptions.UseHttps("server.pfx", "password");
        });
    })
    .UseStartup<Startup>()
    .Build();

不幸的是,在发布时,官方文档也没有正确地介绍这一点,并宣传了未实现的基于配置的方式.这已经修复了.

从ASP.NET Core 2.1开始,基于配置的HTTPS设置将是可能的,如最初承诺的那样.这可能看起来像这样,正如Tratcher在GitHub上所解释的那样:

"Kestrel": {
  "Endpoints": {
    "HTTPS": {
      "Url": "https://*:443",
      "Certificate": {
        "Path": "server.pfx",
        "Password": "password"
      }
    }
  }
}

在您的特定示例中,基于代码的配置将如下所示.请注意,如果您不想使用证书文件,则需要首先从证书存储区手动检索证书.

.UseKestrel(options =>
{
    // listen for HTTP
    options.ListenLocalhost(40000);

    // retrieve certificate from store
    using (var store = new X509Store(StoreName.My))
    {
        store.Open(OpenFlags.ReadOnly);
        var certs = store.Certificates.Find(X509FindType.FindBySubjectName, 
            "localhost", false);
        if (certs.Count > 0)
        {
            var certificate = certs[0];

            // listen for HTTPS
            options.ListenLocalhost(40001, listenOptions =>
            {
                listenOptions.UseHttps(certificate);
            });
        }
    }
})