Login/Register
Running .NET Core Web API with Kestrel under https as Windows service
Asked Answered
c#ssl.net-corewindows-serviceskestrel
N

0

8

The idea is, I would like to run a .NET Core Web API with Kestrel enabled and configured to expose https, the service is intended for internal use and a js application should call localhost:someport under https.

I am installing the API as a Windows service via SC cli and it installs fine. As soon as I start the service I get the following error:

Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date

But when I run it from VS, it runs just fine and accepts the certificate without a hitch.

The certificate is also installed locally in the Trusted Root CA.

Application: DunaPrintServiceWP.exe
CoreCLR Version: 5.0.1121.47308
.NET Version: 5.0.11

Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.

For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.

at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken) at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host) at DunaPrintServiceWP.Program.Main(String[] args) in d:\Visual Studio 2008\Projects\OneCM.StoreCRM\DunaPrintServiceWP\Program.cs:line 19

launchSettings.Json:

///trimmed for brevity

 "DunaPrintServiceWP": {
      "commandName": "Project",
      "dotnetRunMessages": "true",
      "externalUrlConfiguration": true,
      "launchBrowser": true,
      "launchUrl": "swagger",
      "applicationUrl": "http://localhost:9123;https://localhost:9124",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }

Program.cs

public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
        
        .UseWindowsService(config =>
        {
            config.ServiceName = "DFPS_WP";
        })
        
        .ConfigureWebHostDefaults(webBuilder =>
        {
            webBuilder.UseStartup<Startup>();
            webBuilder.UseUrls();

            webBuilder.ConfigureKestrel(options =>
            {
                var port = 9124;
                var pfxFilePath = @"c:\certs\bella.pfx";
                // I've hard-coded it here just to make it easier to see what's going on.
                var pfxPassword = "Asd.Zxc1@#";

                options.Listen(IPAddress.Any, port, listenOptions =>
                {
                    // Enable support for HTTP1 and HTTP2 (required if you want to host gRPC endpoints)
                    listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
                    // Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
                    listenOptions.UseHttps(pfxFilePath, pfxPassword);
                });
            });
        });

appSettings.json

"Kestrel": {
    "EndpointDefaults": {
      "Protocols": "Http1AndHttp2"
    },
    "Endpoints": {
      "HTTP": {
        "Url": "http://localhost:9123"
      },
      "HTTPS": {
        "Url": "https://localhost:9124",
        "ClientCertificateMode": "NoCertificate",
        "Protocols": "Http1AndHttp2",
        "SslProtocols": [ "Tls13", "Tls12", "Tls11", "Tls" ],
        "Certificate": { "AllowInvalid": true }
      }
    }
}
Nebulose answered 31/10, 2021 at 17:24 Comment(1)
My two cents: Configure the Log On user of the service, try to use your current user, and not LOCAL System Account. I suspect that you have the certificate on the USER partition and not on the MACHINE. There are three certificate stores (User, Service, and Computer). You can check its launching mmc and add Certiticates snap-inRyder

© 2022 - 2024 — McMap. All rights reserved.