aspire-samples icon indicating copy to clipboard operation
aspire-samples copied to clipboard
verified publisher icon dotnet

Feedback on Samples and Documentation - HTTPS

Open Sergey-Nosov-CloudFit opened this issue 10 months ago • 1 comments

Hello, I am new to Aspire and really impressed so far with the capabilities it is opening up first and foremost in the local development space.

While the newcomer experience is fresh in my mind, I would like to provide feedback on the pain point I am experiencing.

Most of the examples and Microsoft Learn pages on Aspire that I encountered configure the host components for unsecured http operation. I think in 2025 https should be on by default for everything.

Yes, key infrastructure can be hard to deal with. Perhaps this is an indication that Aspire could do more in that area, possibly in a similar way to what ASP.NET does by autoconfiguring development certificates.

I like the Keycloack example that reuses the dev certificates; maybe something like this can exist in Aspire as a first-class citizen.

Thank you!

Sergey-Nosov-CloudFit avatar Feb 20 '25 15:02 Sergey-Nosov-CloudFit

I'd like to add my support for this suggestion. But I'll add an example that had me stuck for quite a while. The aspire-sample showing healthcheckui integration will always fail if the endpoint is redirected to https, i.e. the Program.cs in the apiservice included app.UseHttpsRedirection();. This would produce an Unhealthy result due to the following exception:

HealthChecks.UI.Core.HostedService.HealthCheckReportCollector[0]
      GetHealthReport threw an exception when trying to get report from http://host.docker.internal:61632/healthz configured with name shell.
      System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

Whilst not a big deal in the dev inner loop, it will fail as soon as it hits a staging server that only allows https (or the CI pipeline that is using the endpoint as a gate.

Edit: before anyone says health should be done on http, I know, it was just an example. I added the following to ensure http is used when using HealthChecksUI.

// HTTPS redirection - needs to come after health UI check endpoints
app.UseWhen(context => !context.Request.Path.StartsWithSegments("/healthz"), b => b.UseHttpsRedirection());

Allann avatar Mar 20 '25 11:03 Allann