ASP.NET Core, Kestrel, Docker, and dev certs. Exception in Rider only.

Answered
  • OS: Ubuntu 18.04
  • .NET Core version: 2.1.500
  • Rider version: 2018.1.2 (build #RD-181.4952.297)
  • Docker version: 18.06.1-ce

I created an asp.net webapp using the new solution menu in Rider, I didn't change any of the pre-generated code. Then used the command line to generate a dev cert file to use with the project. When trying to run the webapp in a docker container with Rider I get an exception (omitting entire stack trace):

----

      No XML encryptor configured. Key {GUID} may be persisted to storage in unencrypted form.
    crit: Microsoft.AspNetCore.Server.Kestrel[0]
      Unable to start Kestrel.
    Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
        at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)

    Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
        at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)

----

 

This is the "command preview" Rider gives me:

----

    docker build -t aspcoredemo2 .
    && docker run
    -v /path/to/the/directory/https:/https/
    --env ASPNETCORE_URLS="https://+;http://+"
    --env ASPNETCORE_HTTPS_PORT=443
    --env ASPNETCORE_Kestrel__Certificates__Default__Password="passwordhere"
    --env ASPNETCORE_Kestrel__Certificates__Default__Path=/https/devcert.pfx
    --name aspnetcorerider2
    -t
    -i
    aspcoredemo2

----

 

If I copy and paste that command preview out into a terminal and run it, it works just fine.

If I remove all the environment variables from the Dockerfile configuration in Rider it runs fine, except without HTTPS/SSL of course.

 

BTW, here's the Dockerfile I'm using:

----

FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app

# copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore

# copy everything else and build
COPY . ./
RUN dotnet publish -c RELEASE -o out

# Build runtime image
FROM microsoft/dotnet:aspnetcore-runtime
WORKDIR /app
COPY --from=build-env /app/out .

EXPOSE 80
EXPOSE 443

ENTRYPOINT ["dotnet", "AspCoreDemo.dll"]

----

 

EDIT:

I ended up having to actually edit the default code to get it to work. I followed the "Configuring HTTPS in ASP.NET Core 2.0" section in this guide: https://www.humankode.com/asp-net-core/develop-locally-with-https-self-signed-certificates-and-asp-net-core with some changes.

I made sure to change the "options.Listen(IPAddress.Loopback, ...)" call in the "new WebHostBuilder().UseKestrel(options => ...)" callback to "options.ListenAnyIP(...)".

In the Dockerfile I added COPY commands for the certificate.json file and the .pfx file before the ENTRYPOINT command.

Changed which SSL port to use by providing it as the ASPNETCORE_HTTPS_PORT environment variable in the Dockerfile for Docker usage and include it in the .NET Project run configuration in Rider. That way Docker can use the production SSL port and locally running the webapp can use a higher numbered port for dev. Changed all the hardcoded "44321" port values in the example code to use that environment port.

1 comment

Not sure that it is the reason, but Rider 2018.1.2 doesn't support .NET Core 2.1.500. Could you try the latest Rider EAP build?

0

Please sign in to leave a comment.