I have a strange error. I deployed my service to an url with https support (valid Let’s Encrypt ssl).
However, when I try to use my service with ApiKey I get the message:
Sending ApiKey over insecure connection forbidden when RequireSecureConnection=true
Even in Postman when I use the https://myurl.com/api I still get this message.
Based on what do you return this error message? When I put it to
false it of course works.
IsSecureConnection is determined in ASP.NET with:
public bool IsSecureConnection =>
request.IsSecureConnection || XForwardedProtocol == "https";
i.e. if the ASP.NET Request thinks it’s a Secure Connection or a reverse proxy is adding the
"X-Forwarded-Proto" HTTP Header to the request.
For .NET Core we were missing the
XForwardedProtocol check which I’ve just added in this commit.
Okay thanks. The server is indeed behind a reverse proxy on Linux. When Will this patch be avalable on nuget?
It’s available on MyGet now, it should be released on NuGet early next week.