I have a ASP.NET core web application (Kestrel) which serves as an authentication service (.NETCoreApp 1.1). Therefore it talks to an OpenID connect provider. It works all fine when the host machine is directly connected to the internet. However if the machine is behind the corporate web proxy of my company it cannot connect to the OpenID connect provider (or any other address in the www).
How do I tell my ASP.NET core web application to use the corporate web proxy server?
Note: I already found some solutions which use web.config but that's no longer present in .NET core 1.1
We have this architecture:
Web Server: Web Application is deployed (html, javascript, css)
Application Server: WebApi is deployed
Problem is , I cannot make ajax request to reach Application Server because its behind firewall.
The Web Application is supposed to be used publicly to the internet users.
What changes should we do to make it work?
Should we move our Web Application to Application Server? But how would this be accessible on internet.
Thanks in advance for suggestions/advice.
You're going to have to put an exception in the firewall for the address of your web server... that way your web server can access the API but nothing else can (well, not quite nothing else - other stuff on that web server can but that can easily be solved by having your web app hosted on it's own/dedicated web server).
If your Web Application makes direct calls to the Web API endpoint (e.g. is a single page application that use a client-side javascript framework like AngularJS and/or it uses AJAX calls to your application server address), there is no way for your clients to access your API if you do not allow public access to your application server.
That's because your client resides inside your users web browsers.
You have to allow incoming connections to your Application Server through internet in your firewall.
Well, it all depends on how you look at things and how distributed your application should be (criteria like load, security).
In general, Web API might be just one more client (from your applications server perspective).
On the other hand, in robust/distributed system, you would have Web API only as an endpoint (controllers, mappers and things like that) that your mobile/ajax clients send requests to and then Web API communicates to Application server (where your business logic is).
Having Web API communicate to DB directly is not a good idea because as you add clients to application server (mvc, web api, services, etc...) then you have as many db access points as you have clients. So, its a code maintenance problem plus a problem of your view tier being aware of DB.
Ideally, you need Application server as a tier where all your business logic is and its the one that all your clients target (mvc web app, web api, desktop, services, etc...) and that is the one that should communicate to your DAL. Also, then you can set firewall rules on your application server to allow incoming traffic from trusted sources (your other servers) instead from the whole internet (ajax).
WebForm :
In webform (with session) state application in web farm environment the session is stored in SQL Server storage which can be accessed by all the servers in a webfarm. This means the logged in user's request can get the same session regardless of which server in the farm it hits.
WebAPI :
I understand that webapi by design is stateless so for true webapi application I dont need to worry about how the state is maintained etc. Usually the authentication token is passed between requests and as far as its valid a login gets access to the whatever resource it needs on the server. This is fine with one Webserver hosting webapi. But what about web farm. How does the "Session" (Or the equivalent term in Webapi) is managed in WebApi farm?
I know azure gives following options to name the few..
Azure SQL Server
Azure Table storage /Queue
Cache Service
They seems to add extra complexity to the architecture (which is much easier in WebForm using SQL Server Session).
One other slightly different question (and might a bit basic) is how does the request/response is traced in webapi farm? i.e. When a client make request to webapi and webapi sends a async response how does server make sure its traced back to the client?
Edit:
I am not looking to implement Session is Webapi but rather how the same thing can be achieved in webapi without session state.
Thanks
Yes. Using session in REST is a really bad thing.
But you can simulate the session in Web API as well. In web form, the server added the generated session id in HTML from so when user submit that session id will be included in their request. You can simulate the same thing with Web API as well. You can check this Accessing Session Using ASP.NET Web API
The best that you can store the information in memcached or redis with expiration. It will work in web farm as well.
Anyways, I don't recommend using the "session" in Web API.
I have an ASP.NET MVC application in a solution, and inside the same solution there is another webservice project. I need to debug a particular WebGet method inside that service using a url in my localhost. Am able to reach the web service where it is hosted using the actual url to that service. But if I have to debug it, how can I reach that method when running in localhost?
You need to use IIS Express How to: Specify the Web Server for Web Projects in Visual Studio. Using IIS express you can debug and run both projects in your solution at the same time.
IIS Express for Developers
Asp.Net 2.0 Session State Mode = State Server and poiniting to the 1st server only in all webservers web.config
My Doubt
We have 6 production servers for our project. Do I need to make sure the Asp.Net State Server Service should RUN in all the 6 web servers? (or) It should be RUN only in 1st server?