Contents tagged with Web
-
Understanding (all) JavaScript module formats and tools
-
End-to-End - Setup free SSL certificate to secure Azure Web App with HTTPS
It is 2019 now, and HTTP is considered as “not secure”, and HTTPS is the default. This is a end-to-end tutorial of how to setup SSL certificate to secure Azure Web App with HTTPS. It is based on “Let’s Encrypt” and “letsencrypt-webapp-renewer”. “Let’s Encrypt” is a free certificate solution, and “letsencrypt-webapp-renewer” is a great automation tool for certificate installation. It is based on another tool “letsencrypt-siteextension”. The differences are,
- “letsencrypt-webapp-renewer” does not require an Azure Storage Account, but “letsencrypt-siteextension” does.
- “letsencrypt-webapp-renewer” is a WebJob, and can run on a different Web App from the Web App to install certificate. And it can manage multiple Web Apps’ certificates as well. “letsencrypt-siteextension” is a Website extension, and can only run with the Web App which needs certificate.
So here “letsencrypt-webapp-renewer” is used.
What is “Let’s Encrypt”
“Let’s Encrypt” is a popular certificate authority, it can issue SSL certificate for free, and currently providing certificates for more than 115 million websites. Since July 2018, the Let’s Encrypt root, ISRG Root X1, is directly trusted by Microsoft products. So currently its root is now trusted by all mainstream root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.
However, its free certificate expirees in every 3 months (90 days), not yearly. So a automation process will be setup to renew and install the certificates.
Setup Active Directory and App Registration
In Azure portal, go to the Active Directory, add a new App Registration:
Save its application id, later it will be used as “client id”:
Then go to Certificates & secretes, add a client secrete, and save it:
Setup Resource Group
Go to resource group, In Access Control, add the above App Registration as contributor:
Setup Azure Web App (aka Azure App Service Website)
This article assumes an existing Azure Web App. If you do not have one yet, it is very straightforward to create one from the Azure portal. Then you can deploy your website to that Azure Web App.
Save the subscription id and resource group name for later usage.
Only Basic (B1+) and above pricing tiers support SSL. The free tier (F1) and the cheapest Shared tier (D1) does not support SSL, and Microsoft has declined to enable this feature for Shared (D1). If you have a F1 or D1 web app, go to “Scale up” in the Azure portal, change the pricing tier to B1 and above, which is more than 3 times of the Shared (D1) price.
Setup custom domain
Shared pricing tier and above support custom domain. Follow the guidelines in the portal to setup your domain.
To verify your domain ownership, Let’s Encrypt requests your-domain.com/.well-known/acme-challenge/{longId}. For example: hanziyuan.net/.well-known/acme-challenge/mftvrU2brecAXB76BsLEqW_SL_srdG3oqTQTzR5KHeA.
Enable HTTPS in ASP.NET Core website
In your ASP.NET Core website, you may want to enable HSTS, and redirect HTTP request to HTTPS:
public class Startup { public void ConfigureServices(IServiceCollection services) // Container. { if (this.environment.IsProduction()) { services.AddHttpsRedirection(options => options.HttpsPort = 443); } // Other configuration. } public void Configure(IApplicationBuilder application, ILoggerFactory loggerFactory, IAntiforgery antiforgery, Settings settings) // HTTP pipeline. { if (this.environment.IsProduction()) { application.UseHsts(); application.UseHttpsRedirection(); } // Other configuration. } }
You also want to look up the hyperlinks and resources (images, etc.), and replace their URIs with HTTPS.
-
The Humor of Silverlight
-
A Snapshot Of ASP.NET Homepage
First time to appear on www.asp.net homepage as headline!
-
Back From Microsoft Web Camps Beijing
I am just back from Microsoft Web Camps, where Web developers in Beijing had a good time for 2 days with 2 fantastic speakers, Scott Hanselman and James Senior.
On day 1, Scott and James talked about Web Platform Installer, ASP.NET core runtime, ASP.NET MVC, Entity Framework, Visual Studio 2010, … They were humorous and smart, and everyone was excited!
-
Anti-Forgery Request Recipes For ASP.NET MVC And AJAX
This post discusses solutions for anti-forgery request scenarios in ASP.NET MVC and AJAX:
- How to enable validation on controller, instead of on each action;
- How to specify non-constant token salt in runtime;
- How to work with the server side validation in AJAX scenarios.
-
Blog Code Font Change: From Courier New to Consolas
Courier New is an excellent monospaced (non-proportional) typeface introduced with Windows 3.1. As a UI designer, I cannot tell how many year I have worked with Courier New. As the release of Visual Studio 2010 and the new MSDN, Consolas becomes the default font of code.
-
The Order Issue of XAML Attributes
When programming Silverlight, it is neccessary to pay attention to the order of the XAML element’s attributes. Here is a simple example.
-
Introducing CoolWebOS.com
This post is supposed to introduce the so-called WebOS – http://www.CoolWebOS.com/, as well as to have your important feedback.
-
Developing ASP.NET MVC Website in Visual Studio
Sometimes I send ASP.NET MVC project to some senior friends, and ask them for code review. But some of them do not have the Visual Studio ASP.NET MVC add-on installed. So I tried to develop MVC websites in a normal Web application project, so Visual Studio can run the project without installing ASP.NET MVC add-on.
-
Visual Studio ASP.NET Development Server Does Not Work
Recently the ASP.NET development server on my machine could not work. When F5 is pressed in Visual Studio 2008, IE started and displayed “Internet Explorer cannot display the webpage”. This problem nagged me for a couple of days. I checked a lot of things, including logs, firewall, anti-virus software, project settings, the webdev.webserver.exe process, etc. They did not work. Finally I find my hosts file was somehow modified:
-
Automated Web Testing (2) Using Selenium
Selenium is another automated web application testing framework. Unlike WatiN, which has only 3 developers, Selenium is developed by a team of programmers and testers in ThoughtWorks, so that it could be more powerful:
-
Automated Web Testing (1) Using WatiN
WatiN (what-in), stands for Web Application Testing In .NET, is a very easy automated web application testing framework. WatiN is developed in C# for web testing with Internet Explorer and FireFox. According to Scott Guthrie:
-
IE7 Still Does Not Like PNG: filter Is Faster Than background
Everyone knows IE 6 does not like PNG images. When a transparent PNG is created as a background image,
-
Customizing View Folder Path In ASP.NET MVC Beta
By default, in an ASP.NET MVC Web application, all ViewPages and ViewUserControls should be placed in the default ~/Vews/ directory. But today some one needs to place them into a custom location.
-
The Future Of Web Standards: HTML5
W3C hibernated for years:
-
Customizing IE Scrollbar
Today someone is asking how to customize the color of IE scrollbar. The following code works for HTML:
-
document.getElementById() In Browsers
For non-form elements, like <div>, etc., document.getElementById() usually works stably, except Opera:
-
JavaScript: Can document Object Be Optimized?
In JavaScript, document is a property of window. When access document directly, window.document is accessed. Recently, a colleague demonstrated a way to optimize document, which looks weird:
-
Caution! Different Language Versions Of Firefox Renders Differently
For the same HTML: