In my ASP.NET MVC project, I were enabled SSL and every thing works fine. But when I disabled SSL and , the browser refuse to connect.
This image shows my configuration.
Another thing that make me confuse is that when the application is start running, the browser goes to the correct URL (which it is http://localhost:8080/), but when the error page is shown the URL become https://locathost
This image shows the problem:
I try deleting the applicationhost file, but it doesn't work.
Related
I recently downgraded one of my Heroku apps to a free dyno - as a result, the SSL was revoked (cos I was using the SSL provided with a paid dyno). Now, when I visit my site URL, it gives me this error: ERR_SSL_PROTOCOL_ERROR
I've edited my production.rb file to set: config.force_ssl = false and published that code, but it still redirects my site to https when I try to connect on http.
Now, to complicate things:
This only applies to my custom domain - the .herokuapp.com domain works fine
It works fine on incognito mode on both the custom domain and the herokuapp.com domain
I've tried clearing the cookies and cache (for the last 7 days) and it still didn't work :/
Any ideas what I can do?
Edit:
In case it helps, I am using Chrome on Windows 10
Given that you are using Chrome, according to this answer, you need to follow these steps to stop Chrome from redirecting http:// to https://.
Anon is right about STS, but there is a way to specifically delete your domain from the set. Go to chrome://net-internals/#hsts. Enter 3rdrevolution.com under Delete domain security policies and press the Delete button.
Now go to chrome://settings/clearBrowserData, tick the box Cached images and files and press click the button Clear data.
I am getting the following error when a request is send to the server. What does this message mean and how could I solve this.
p.a.m.DefaultUrlEncodedCookieDataCodec - Cookie failed message authentication check
I am trying to integrate Silhouette in my application. I am using cookie based authentication. I suppose the warning is related to it but I am not sure what it means and how to solve it.
You have to clear out the PLAY_SESSION cookie from the previous version of Play framework you were running. If you are using Chrome, go to Settings. Scroll down and click on Show Advanced Settings. Privacy -> Content Settings -> All cookies and site data. Here you have an option of clearing out all cookies or filtering by host (likely localhost if you are on your development machine) and deleting only the PLAY_SESSION cookie.
If done correctly, this warning will immediately stop showing up when you make a request to your server.
I've had a website running on Azure now for a while, and I've not had any problems until today when I discovered that browsing to it via a mobile device (tested on Android (Chrome/Firefox) and Apple (iPhone 6 - Safari) ) I get a:
You do not have permission to view this directory or page
error. I've not changed anything on the site, the last publish was 5 days ago, and it was working then. Both my staging and prod environments have gone down like this.
It looks like it's returning a 403, but I can't see why.
The site is an ASP.NET MVC5 site, running as an Azure Web App.
Update
OK, I've now run up a test version of the site with the [RequireHttps] attribute removed from the controllers - now I can navigate to the pages by just http, but https gives me the permission error.
I've managed to solve the problem, in my web.config I had a URL rewrite to prevent SSL3.0 access (based on this post: Disabling SSL3 in in Azure websites).
After switching on the logs in Azure and loading the pages up I saw the 403 error with the message
SSLv3 connections are forbidden by this site
in it. This came from the url rewrite.
My PC was happy loading as I have BitDefender and that was injecting it's own SSL cert into place over the one supplied by my site. Turning off SSL Scanning in BitDefender gave me the error on all browsers.
So the solution so far is to remove the SSL3 rewrite and look into another way to achieve the same thing.
Everything works fine on local. When I uploaded the website to production, the website area works well but in admin area items under settings(Templates, CSS, etc.) have stopped opening and showing 404 page. I have checked the permissions and it is showing full control for both app pool and network service user.
Please suggest if I am missing something.
I'm working through this tutorial to get the OAuth stuff working: http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
I've only just gotten as far as turning on SSL and when I press F5 to start the app and, the start page doesn't load.
I've not gotten as far as actually turning on any of the OAuth providers or anything, it simply won't work with SSL.
I know this isn't a ton to go on but perhaps someone has seen this before and solved it?
Thanks in advance....
First of all I select my web application project in the solution explorer and press F4 to view properties. Then I set SSL Enabled to True. In this case it is also important that Anonymous Authentication is enabled.
Next I edit the project's Web settings and change the Project URL to the SSL URL from the first properties panel, by selecting the web application project in solution explorer and pressing Alt+Enter and then clicking Web on the left side. In these screenshots you can see that my SSL URL has the port 44301.