Can I use HTTP instead of HTTPS to host MVC client to work with IdentityServer?
I had my quickstart programs working on my local test environment: A MVC client accessing an API through IdentityServer. And this is all setup using HTTPS and self-host (Kestrel). What I am wondering is - can I host MVC in HTTP instead of HTTPS when working with IdentityServer? It doesn't seem matter if I change all parties to use HTTP or just MVC and leave the rest with HTTPS, as soon as I changed my MVC from https://localhost:5009 to http://localhost:5008 (in several places), the app failed with an error "invalid redirect uri".
Am I missing something, or is this simply something not allowed?
You can run over HTTP just fine during development, but in production you should always try to use HTTPS.
The error you get is because the RedirectURLs in the client definition in IdentityServer does not match the url of your client:
RedirectUris =
{
"https://localhost:5001/...."
},
It is also recommended in the client to set this to false if you want to use HTTP when you define your OpenIDConnect options.
/// <summary>
/// Gets or sets if HTTPS is required for the metadata address or authority.
/// The default is true. This should be disabled only in development environments.
/// </summary>
public bool RequireHttpsMetadata { get; set; } = true;
If you mange to get to the IdentityServer login page, then in the URL you will find the the redirectURL that is actually sent to IdentityServer. Or capture the request using fiddler to see what the requestUrl is that is passed to identityserver.
When I look at the screenshot, you have port 5009 in the allowedRedirectURis and 5008 in the request.
- Multiple many-to-many and multiple one-to-one relationships in the same entities
- Username is already taken when actually it is not ASP.NET Core
- How does the Form Tag Helper determine the rendered form action?
- Return url functionality
- Get application virtual base path in aspnet core
- How to prevent controllers from loading in ASP.NET Core 6 MVC
- How to I properly implement C# classes using ASP.NET Core MVC?
- The edit method probably does not communicate with DB, the edit will not be displayed/visible on the Card View | ASP.NET Core
- How to run stored procedures in Entity Framework Core?
- Why is Razor Pages the recommended approach to create a Web UI in Asp.net Core?
- Publish to IIS, setting Environment Variable
- How to indicate a method in a controller is not an action method?
- Font awesome icons not showing up in ASP.NET CORE MVC Project
- .Net 8: Cannot authenticate user with "Individual Accounts Auth" template
- Routing in ASP.NET Core MVC with controllers and views
- Override redirect URL in AddMicrosoftAccount() identity OAuth for ASP.NET Core web app
- ASP.NET Core 8 MVC: Action can't have named route value other than id
- (ERROR 404) Can't find this page using @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
- Post form to controller in ASP.NET Core MVC not working
- How to correctly set up a razor page to have access to data in code-behind
- Unable to resolve service for type while attempting to activate
- Manual controller registration in ASP.NET Core dependency injection
- ASP.NET Core 5 WebAPI - Azure AD - Call Graph API Using Azure Ad Access Token
- The name `addtaghelper` does not exist in the current context
- Could not load type when using Microsoft.AspNetCore.Mvc.ViewFeatures
- How to remove computer and process names and process ids from syslog
- ASP.Net Core 2.0 MVC website Styles and content disappear when opening Bootstrap Modal Dialog
- Stored procedure with multiple parameters in EF Core 8
- How to update partial view list in a "Create" view after submitting input in a ASP.NET core MVC web app to server?
- ASP.NET Core 8 MVC : model value is not passed back in POST if a child class property