CODEWITHSUNDEEP
c#.netwindows-server-2012-r2iis-8.5
Hosam
Hosam

Reputation: 1

API (C# - .NET - IIS8.5) not working after IIS security adjustments

I have this API code, It was working fine until we had some IIS adjustments for security reasons, like:

  1. Disabling some SSL/TLS versions
  2. Installing new self-signed SSL certificate
  3. Disabling some Cipher suits

After that, just this API return a 200 OK response without any body on online server (but also the API work fine on localhost) We managed to test other APIs through postman (online and localhost) and it’s work fine

Anyone experienced this before can suggest a solution?

C# .NET IIS 8.5 windows server 2012 r2

using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Jwt;
using Microsoft.Owin.Security.OAuth;
using Owin;
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Web.Http;
using Raqeeb.Common;
using System.Configuration;
using Microsoft.Owin.Security.Cookies;

namespace test.Apis
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
            app.Use<GlobalExceptionMiddleware>();
            HttpConfiguration config = new HttpConfiguration();
            WebApiConfig.Register(config);

            ConfigureWebOAuth(app);
            app.UseWebApi(config);
        }

        public void ConfigureWebOAuth(IAppBuilder app)
        {
            OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/api/authorization/login"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new AuthorizationWebServerProvider(),
                //RefreshTokenProvider = new RefreshTokenProvider()
                AccessTokenFormat = new CustomJwtFormat(ConfigurationManager.AppSettings["OAuthAccessTokenIssuer"].ToString()),
                AuthenticationMode = AuthenticationMode.Active,
            };

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                CookieHttpOnly = true,
                CookiePath="/path",
                CookieSecure = CookieSecureOption.Always,
            });


            // Token Generation
            app.UseOAuthAuthorizationServer(OAuthServerOptions);
            //app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
            //get private key
            X509Certificate2 cert = new X509Certificate2(Path.Combine(Utility.AssemblyDirectory, ConfigurationManager.AppSettings["PublicCertificate"]), ConfigurationManager.AppSettings["CertificatePassword"]);
            // ConfigurationManager.AppSettings["PublicCertificate"].ToString()
            // Api controllers with an[Authorize] attribute will be validated with JWT
            app.UseJwtBearerAuthentication(
                new JwtBearerAuthenticationOptions
                {
                    AuthenticationMode = AuthenticationMode.Active,
                    AllowedAudiences = new[] { "http://localhost" },
                    IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                    {
                        new X509CertificateSecurityTokenProvider("http://localhost", cert)
                    },

                });
       }

        public void ConfigureAppOAuth(IAppBuilder app)
        {
            OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/api/authorization/get-access"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new AuthorizationAppServerProvider(),
                //RefreshTokenProvider = new RefreshTokenProvider()
                AccessTokenFormat = new CustomJwtFormat(ConfigurationManager.AppSettings["OAuthAccessTokenIssuer"].ToString())

            };


            // Token Generation
            app.UseOAuthAuthorizationServer(OAuthServerOptions);
            //app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

            //get private key
            X509Certificate2 cert = new X509Certificate2(Path.Combine(Utility.AssemblyDirectory, ConfigurationManager.AppSettings["PublicCertificate"]), ConfigurationManager.AppSettings["CertificatePassword"]);
           app.UseJwtBearerAuthentication(
                new JwtBearerAuthenticationOptions
                {
                    AuthenticationMode = AuthenticationMode.Active,
                    AllowedAudiences = new[] { "http://localhost" },
                    IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                    {
                        new X509CertificateSecurityTokenProvider("http://localhost", cert)
                    },

                });
        }
    }
}

Upvotes: 0

Views: 99

Answers (0)

Related Questions