How to secure my GCP Windows instance connection with HTTPS? - asp.net-mvc

I have my VM machine with google cloud.
I have hosted ASP.NET application with it.
I have purchased certificate from GoDaddy.
I want to secure my ASP.NET web application secure with Https I did searched on internet I come across this broken link https://cloud.google.com/load-balancing/docs/ssl-certificates-concepts
I am now in dilemma need rescue.

I found the way do it after lot of googling I will recommend who ever be coming across to see series of video by https://www.youtube.com/watch?v=zMJaYlNgGu0 there are five parts of this tutorial which will give complete guideline to person who is seeking for securing web application virtual windows server create with google compute engine.
Furthermore “it’s all about installing ssl certificates to web server” after you download it from ssl certificates provider like godaddy

Related

Figuring out to set up HTTPS

I'm a relatively new programmer to backend security so very much in the dark about how to set up HTTPS. I'm currently writing an IOS app that is sending http requests to my public EC2 backend domain, however I'm trying to transition this to HTTPS. Right now the backend is running on the developmental Flask server using HTTPS with a self signed certificate. However the problem is that on the IOS app side, it rejects this as invalid so I'm unable to test HTTPS dependant features. I tried to use the domain exception with the infoplist and ip.xip.io but it still complains that someone could be pretending to be this address. Could someone list in a very systematic way how I should approach building this out,i.e are there any free CA's, do I need a cert from a CA, and how to go about properly connecting the app and backend with HTTPS using my ec2 public ip.
Perhaps the iOS app will authenticate properly using a free community certificate. Investigate free certificate authorities, like letsencrypt. There are several. These work like the commercial CAs such as GoDaddy.
Actually the easiest solution was to just use Ngrok

Auth0 ADFS - Can't Find Federation Metadata URL - Next Steps

This post became much longer than anticipated, TLDR: Where is my ASFS Federation Metadata located on my server? My overall task to the setup a test ADFS server in order to integrate our current application with ADFS
Hello, I'm trying to integrate our application with ADFS (it's a WPF application with a NodeJS backend), and I'm testing out Auth0 for this job (but if there are other simple solutions, I would be open to that as well - I've found no good guides so far ): espeically as a developer with no AD experience).
Regardless, I think I've set up a single server AD FS environment (locally as server1.local - with AD CS, AD DS and AD FS and that same server is the domain controller/DNS server) and set up an Auth0 relying party using this guide:
https://auth0.com/docs/connections/enterprise/adfs
In the next steps part, it says: try these quickstart guides. So I've downloaded the Angular2 quick start example project to test. But when I go to the enterprise connections and try to set up an ADFS connection, it asks for a ADFS URL
You can either provide the ADFS URL or upload the federation metadata file.
But I can't seem to find my ADFS URL. Not only that, my server is local, so it wouldn't be able to use my URL anyways right? I can just upload the metadata instead?
I've tried going to https://server1.local/federationmetadata/2007-06/federationmetadata.xml and https://127.0.0.1/FederationMetadata/2007-06/FederationMetadata.xml and https://localhost/FederationMetadata/2007-06/FederationMetadata.xml which under endpoints that's the one that shows, but ie says:
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://server1.local again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
I've enabled TLS 1.0, 1.1 and 1.2 and this still doesn't seem to give me my metadata. I've also tried that URL on Chrome and it gives a generic "This site can't be reached"
How do I get my metadata?
In the ADFS configuration, look for what you configured as your federation service name.
Use this in the URL.
https://federation service name/federationmetadata/2007-06/federationmetadata.xml
BTW the federation service name should not be the FQDN of the server.

Azure AD integrated MVC application not working after publishing on local IIS

I have created a sample MVC application and configured Azure AD authentication. This creates an application on Azure Portal automatically. When I run this application, it is working fine.
After this, I published the application on IIS and changed reply URL on azure portal and also I changed PostLogoutURL.
When I configure Azure AD in the sample application, a default connection of LocalDB is created. For hosting on IIS, I have tried LocalDB, SQLExpress & Azure SQL Server but none works.
I get "A task was canceled" error for which I am unable to find a solution.
This is the error I am getting:
Please help.
Thanks in advance.
I came acrosss this kind of issue with my Internet proxy.
Acrroding to the error message, your network may be interrupted by some configuration.As junnas said,
OpenId Connect middleware is trying to download the metadata document
from Azure AD. It needs it to be able to validate tokens
So, you can check if there is proxy or firewall again or run your App in another environment without a Proxy. Also,If you close a proxy on your machine,it may take few minutes to make effect.

WebAPI + Azure WebSite + Client WebSite + SSL - how many certs do I need?

I have a WebAPI solution hosted in an Azure Web Site (appnameapi.azurewebsites.net) that has some endpoints exposed to regular http right now.
I also have a client application hosted in a separate Web Site under appname.azurewebsites.net.
I purchased appname.com from hover and am forwarding appname.com to appname.azurewebsites.net with masking. The client application makes requests to appnameapi.azurewebsites.net right now, but not encrypted.
My goal is to get SSL working on the web client so that users see SSL in the browser bar, and so that anything that goes from the client to the api endpoints is encrypted.
I went to rapidSSL and purchased a certificate for appname.com. Now I'm not sure if I need to put this in my WebAPI web site, or my client web site. I've found some documentation on setting up SSL in Azure but nothing that's given me a good grasp of what needs to be done in this scenario.
What's the next step? Do I need one cert per site, and if not, where does the single cert go?
You client web site is appname.azurewebsites.net. You have appname.com mapped to this. Your SSL certificate is for this domain. So, you will need to put the certificate with the client app. As an end user, if I go to appname.com, the certificate your application will present to my browser will be the one you purchased for appname.com. This is for the pages rendered by the client web application.
Now, as the browser renders the page from the client web application, say it needs to make jQuery AJAX calls to your web API site appnameapi.azurewebsites.net. You can use a domain name for this one as well, some thing like api.appname.com but regardless, this will be a cross-origin call, BTW. If this call is also through HTTPS, then for this case also, a valid cert must be presented to the browser. Assuming you have api.appname.com which is a sub-domain of appname.com, you can use the same certificate you bought from rapidSSL with web API site as well provided it is a wild-card cert, which is obviously more expensive. Otherwise, you will need one more certificate for the web api site (or the domain name if you plan to use one for API) and install that new cert in the api app.

Windows Azure Multi-Tenant Application and SSL

We are creating a multi-tenant ASP.NET MVC application that will be deployed onto Windows Azure. We will have some custom domain www.abc.com that will map to our given Windows Azure url abc.cloudapp.net. We are considering giving each tenant their own subdomain that will identify them on our application (tenant1.abc.com, tenant2.abc.com, tenant3.abc.com, etc) and then creating a CNAME record for each subdomain to map to abc.cloudapp.net. I have a few questions with this design.
Will a single wildcard SSL certificate for *.abc.com allow all the tenants to access the site over a secure connection?
Do we purchase the SSL certificate for *.abc.com or for abc.cloudapp.net?
Will the url that our ASP.NET MVC application sees be the tenant1.abc.com url or the abc.cloudapp.net url?
Thanks
Yes, one wildcard certificate should be all you need
You want it for *.abc.com
I'm less sure about this one, but I'm pretty sure it's tenant1.abc.com
knightpfhor's answer is perfect, but just in case you need to have a custom domain (using CNAME as well) for some of your premium tenants, now you can have "SSL hostheaders" with a new IIS 8 (Windows Server 2012) supported feature called SNI .
I'm a Microsoft Technical Evangelist and I have posted a detailed explanation and a sample "plug & play" source-code that address your current (sub-domain wildcard certificate) and possibly future needs (custom domain certificates) at:
http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud-services/

Resources