.NET core app with SignalR with SSL with Apache Reverse Proxy Configuration

<IfModule mod_ssl.c>
<VirtualHost *:443>
  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:5000/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:5000/$1 [P,L]

  ProxyPass "/" "http://localhost:5000/"
  ProxyPassReverse "/" "http://localhost:5000/"

  ProxyPass "/chatHub" "ws://localhost:5000/chatHub"
  ProxyPassReverse "/chatHub" "ws://localhost:5000/chatHub"

  ServerName site.com
SSLCertificateFile /etc/letsencrypt/live/site.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf


Configure ASP.NET App with systemd Service file

sudo nano /etc/systemd/system/kestrel-helloapp.service
Description=Example .NET Web API App running on Ubuntu

ExecStart=/usr/bin/dotnet /var/www/helloapp/helloapp.dll
# Restart service after 10 seconds if the dotnet service crashes:


Some values (for example, SQL connection strings) must be escaped for the configuration providers to read the environment variables. Use the following command to generate a properly escaped value for use in the configuration file:

systemd-escape "<value-to-escape>"
Environment=ConnectionStrings__DefaultConnection={Connection String}

And finallyset Content root :


Save the file and enable the service:

sudo systemctl enable kestrel-helloapp.service
sudo systemctl start kestrel-helloapp.service
sudo systemctl status kestrel-helloapp.service


Change Default Port Number of ASP.NET App

Server Endpoints

There is a file in root folder called appsettings.json with you can change the server related configuration, this is an example with Kestrel:

  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
  "AllowedHosts": "*",
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://localhost:5400"
      "Https": {
        "Url": "https://localhost:5401"

From command line

You can run the application with the --urls parameter to specify the ports:

dotnet run --urls http://localhost:8076


Adding Custom Fields to Identity User in ASP.NET Identity

public class ApplicationUser : IdentityUser
    public string CustomTag { get; set; }

Use the ApplicationUser type as a generic argument for the context:

public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
        : base(options)

    protected override void OnModelCreating(ModelBuilder builder)

Update Pages/Shared/_LoginPartial.cshtml and replace IdentityUser with ApplicationUser:

@using Microsoft.AspNetCore.Identity
@using WebApp1.Areas.Identity.Data
@inject SignInManager<ApplicationUser> SignInManager
@inject UserManager<ApplicationUser> UserManager

Update Areas/Identity/IdentityHostingStartup.cs or Startup.ConfigureServices and replace IdentityUser with ApplicationUser.

services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)



Check authorization rules as part of procedural logic in ASP.NET Blazor

If the app is required to check authorization rules as part of procedural logic, use a cascaded parameter of type Task<AuthenticationState> to obtain the user’s ClaimsPrincipalTask<AuthenticationState> can be combined with other services, such as IAuthorizationService, to evaluate policies.

@using Microsoft.AspNetCore.Authorization
@inject IAuthorizationService AuthorizationService

<button @onclick="@DoSomething">Do something important</button>

@code {
    private Task<AuthenticationState> authenticationStateTask { get; set; }

    private async Task DoSomething()
        var user = (await authenticationStateTask).User;

        if (user.Identity.IsAuthenticated)
            // Perform an action only available to authenticated (signed-in) users.

        if (user.IsInRole("admin"))
            // Perform an action only available to users in the 'admin' role.

        if ((await AuthorizationService.AuthorizeAsync(user, "content-editor"))
            // Perform an action only available to users satisfying the 
            // 'content-editor' policy.


Customize unauthorized content with the Router component in ASP.NET Blazor

The Router component, in conjunction with the AuthorizeRouteView component, allows the app to specify custom content if:

  • The user fails an [Authorize] condition applied to the component. The markup of the <NotAuthorized> element is displayed. The [Authorize] attribute is covered in the [Authorize] attribute section.
  • Asynchronous authorization is in progress, which usually means that the process of authenticating the user is in progress. The markup of the <Authorizing> element is displayed.
  • Content isn’t found. The markup of the <NotFound> element is displayed.
    <Router AppAssembly="@typeof(Program).Assembly">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" 
                    <p>You're not authorized to reach this page.</p>
                    <p>You may need to log in as a different user.</p>
                    <h1>Authorization in progress</h1>
                    <p>Only visible while authorization is in progress.</p>
            <LayoutView Layout="@typeof(MainLayout)">
                <p>Sorry, there's nothing at this address.</p>


[Authorize] attribute in ASP.NET Blazor

The [Authorize] attribute can be used in Razor components:

@page "/"
@attribute [Authorize]

You can only see this if you're signed in.

Only use [Authorize] on @page components reached via the Blazor Router. Authorization is only performed as an aspect of routing and not for child components rendered within a page. To authorize the display of specific parts within a page, use AuthorizeView instead.

The [Authorize] attribute also supports role-based or policy-based authorization. For role-based authorization, use the Roles parameter:

@page "/"
@attribute [Authorize(Roles = "admin, superuser")]

<p>You can only see this if you're in the 'admin' or 'superuser' role.</p>

For policy-based authorization, use the Policy parameter:

@page "/"
@attribute [Authorize(Policy = "content-editor")]

<p>You can only see this if you satisfy the 'content-editor' policy.</p>

If neither Roles nor Policy is specified, [Authorize] uses the default policy, which by default is to treat:

  • Authenticated (signed-in) users as authorized.
  • Unauthenticated (signed-out) users as unauthorized.


Content displayed during asynchronous authentication in ASP.NET Blazor

        <h1>Hello, @context.User.Identity.Name!</h1>
        <p>You can only see this content if you're authenticated.</p>
        <h1>Authentication in progress</h1>
        <p>You can only see this content while authentication is in progress.</p>

This approach isn’t normally applicable to Blazor Server apps. Blazor Server apps know the authentication state as soon as the state is established. Authorizing content can be provided in a Blazor Server app’s AuthorizeView component, but the content is never displayed.
