Closed javiercn closed 1 year ago
@javiercn can you write the overview page for SPAs ? We don't like to delete articles, but we have a prominent warning at the top of the page.
The SPA templates for Angular and React offer the ability to develop Angular and React applications that are hosted inside a .NET backend server.
At publish time, the files of the Angular and React app are copied to the wwwroot folder and are served via the static files middleware.
A fallback route handles unknown requests to the backend and serves the index.html for the SPA.
During development, the application is setup to leverage the frontend proxy provided by React and Angular (which is in fact the same).
When the app launches, we open the index page in the browser. There, a special middleware that is only plugged in during development, intercepts the incoming requests, checks whether the proxy is running, and redirects to the URL for the proxy if its running or launches a new instance and returns a page to the browser that will autorefresh every few seconds until the proxy is up and the browser is redirected.
sequenceDiagram
participant Browser
participant Proxy
participant Server
Browser->>Server: GET /
alt Proxy is running
Server->>Browser: 301 Redirect <<Proxy-URL>>
else Proxy is not running
Server->>Proxy: Launch
par Browser checks with server if the proxy is running
loop Until SPA proxy is running
Server->>Browser: 200 OK <html>...</html>
Browser->>Browser: Wait
Browser->>Server: GET /
end
and Server checks if proxy is ready
loop Until SPA proxy is ready
Server->>Proxy: GET <<Proxy-Url>>
alt Proxy not ready
Proxy->>Server: Error
else Proxy ready
Proxy->>Server: 200 OK <html>...</html>
end
end
end
Server->>Browser: 301 Redirect <<Proxy-URL>>
end
Browser->>Proxy: GET <<Proxy-URL>>
Proxy->>Browser: 200 OK <html>...</html>
loop Other resources and requests
Browser->>Proxy: HTTP Request
Proxy->>Browser: HTTP Response
end
The main work that our templates do during development (other than launching the proxy if it is not already running) consists of setting up HTTPS and configuring some requests to be proxied back to the backend ASP.NET Core server.
When the browser sends a request for a backend endpoint, like /weatherforecast
in our templates. The SPA proxy receives the request and sends it back to the server transparently. The server responds and the SPA proxy sends the request back to the browser.
sequenceDiagram
participant Browser
participant Proxy
participant Server
Browser->>Proxy: GET /weatherforecast
Proxy->>Server: GET <<Server-Url>>/weatherforecast
Server->>Proxy: 200 OK <<json>>
Proxy->>Browser: 200 OK <<json>>
As mentioned in the beginning of the document. When the application is published, the SPA becomes a collection of files inside the wwwroot folder.
There is no runtime component required to serve the app.
app.UseStaticFiles()
in Program.cs takes care of making sure the files are served.app.MapFallbackToFile("index.html")
in Program.cs takes care of serving the default document for any unknown request the server receives.When we publish the app via dotnet publish
the following tasks in the csproj file take care of ensuring that npm restore
runs and that the appropriate npm script runs to generate the production artifacts
<Target Name="DebugEnsureNodeEnv" BeforeTargets="Build" Condition=" '$(Configuration)' == 'Debug' And !Exists('$(SpaRoot)node_modules') ">
<!-- Ensure Node.js is installed -->
<Exec Command="node --version" ContinueOnError="true">
<Output TaskParameter="ExitCode" PropertyName="ErrorCode" />
</Exec>
<Error Condition="'$(ErrorCode)' != '0'" Text="Node.js is required to build and run this project. To continue, please install Node.js from https://nodejs.org/, and then restart your command prompt or IDE." />
<Message Importance="high" Text="Restoring dependencies using 'npm'. This may take several minutes..." />
<Exec WorkingDirectory="$(SpaRoot)" Command="npm install" />
</Target>
<Target Name="PublishRunWebpack" AfterTargets="ComputeFilesToPublish">
<!-- As part of publishing, ensure the JS resources are freshly built in production mode -->
<Exec WorkingDirectory="$(SpaRoot)" Command="npm install" />
<Exec WorkingDirectory="$(SpaRoot)" Command="npm run build -- --configuration production" />
<!-- Include the newly-built files in the publish output -->
<ItemGroup>
<DistFiles Include="$(SpaRoot)dist\**; $(SpaRoot)dist-server\**" />
<ResolvedFileToPublish Include="@(DistFiles->'%(FullPath)')" Exclude="@(ResolvedFileToPublish)">
<RelativePath>wwwroot\%(RecursiveDir)%(FileName)%(Extension)</RelativePath>
<CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
<ExcludeFromSingleFile>true</ExcludeFromSingleFile>
</ResolvedFileToPublish>
</ItemGroup>
</Target>
</Project>
The project file defines a few properties that control the behavior of the app during development. These properties are:
The package Microsoft.AspNetCore.SpaProxy
included as a reference in the template, is the one responsible for the logic described above to detect the proxy and redirect the browser to it.
It uses a Hosting Startup Assembly defined inside Properties\launchSettings.json
to automatically add the required components during development necessary to detect if the proxy is running and launch it otherwise.
This setup is specific to the frontend framework the app is using, however many aspects of the configuration are similar.
Inside package.json, on the scripts section, the following scripts take care of launching the angular development server.
{
"prestart": "node aspnetcore-https",
"start": "run-script-os",
"start:windows": "ng serve --port 44416 --ssl --ssl-cert %APPDATA%\\ASP.NET\\https\\%npm_package_name%.pem --ssl-key %APPDATA%\\ASP.NET\\https\\%npm_package_name%.key",
"start:default": "ng serve --port 44416 --ssl --ssl-cert $HOME/.aspnet/https/${npm_package_name}.pem --ssl-key $HOME/.aspnet/https/${npm_package_name}.key",
}
The prestart script invokes aspnetcore-https.js
in the project, which is responsible for ensuring the dev server HTTPS certificate is available to the SPA proxy server.
The start:windows
and start:default
launch the Angular dev server via ng serve and provide the port (this matches the port in the csproj file) as well as the options to use HTTPS and the path to the certificate and the associated key.
Inside angular.json
, the serve command includes a proxyconfig
element in the development
configuration to indicate that proxy.conf.js
should be used to configure the frontend proxy.
"serve": {
"builder": "@angular-devkit/build-angular:dev-server",
"configurations": {
"development": {
"browserTarget": "AngularApp70:build:development",
"proxyConfig": "proxy.conf.js"
}
},
proxy.conf.js is included in the project and defines the routes that need to be proxied back to the server backend. The general set of options is defined https://github.com/chimurai/http-proxy-middleware for react and angular since they both use the same proxy under the hood.
The snippet below uses logic based on the environment variables set during development to determine the port the backend is running on.
const target = env.ASPNETCORE_HTTPS_PORT ? `https://localhost:${env.ASPNETCORE_HTTPS_PORT}` :
env.ASPNETCORE_URLS ? env.ASPNETCORE_URLS.split(';')[0] : 'http://localhost:8141';
Inside package.json, on the scripts section, the following scripts take care of launching the react app during development.
{
"prestart": "node aspnetcore-https && node aspnetcore-react",
"start": "rimraf ./build && react-scripts start",
}
The prestart script invokes aspnetcore-https.js
in the project, which is responsible for ensuring the dev server HTTPS certificate is available to the SPA proxy server.
The prestart script also invokes aspnetcore-react.js
to setup the appropriate .env.development.local
file to use the HTTPS local dev certificate, by adding SSL_CRT_FILE=<<certificate-path>>
and
SSL_KEY_FILE=<<key-path>>
to the file.
Inside the .env.development
file, we define the port for the development server as well as indicate that we want to use HTTPS.
Finally, inside src/setupProxy.js
we configure the SPA proxy to forward the requests to the backend. The general set of options is defined https://github.com/chimurai/http-proxy-middleware.
The snippet below uses logic based on the environment variables set during development to determine the port the backend is running on.
const target = env.ASPNETCORE_HTTPS_PORT ? `https://localhost:${env.ASPNETCORE_HTTPS_PORT}` :
env.ASPNETCORE_URLS ? env.ASPNETCORE_URLS.split(';')[0] : 'http://localhost:8141';
I guess these can be linked https://github.com/dotnet/AspNetCore.Docs/issues/25028
@Rick-Anderson reassigning this to you, as there isn't pending work for @javiercn here.
Thanks!
@javiercn FWIW your comment here detailing the proxy functionality (specifically the need to modify launchSettings.json
) was enough to unblock me. If you could link that information somewhere into the SPA documentation on docs.microsoft.com it would be more authoritative than an open GitHub issue :)
@javiercn FWIW your comment here detailing the proxy functionality (specifically the need to modify
launchSettings.json
) was enough to unblock me. If you could link that information somewhere into the SPA documentation on docs.microsoft.com it would be more authoritative than an open GitHub issue :)
I'll take care of that in #28047
@ghidalgo3 the intention of opening and detailing these issues is to update the docs, we collaborate with our docs teams to figure out the language, grammar, etc. Since we are not professional writers.
Thank you! This is great information and helped me to debug my upgraded Angular SPA application locally.
Please mention this code for Program.cs
from https://stackoverflow.com/questions/78086272/deployment-on-iis-local-of-asp-net-core-8-and-angular-v17-2-1-application-ma to that is essential to resolve deployment issues to Azure Web Apps or IIS:
var builder = WebApplication.CreateBuilder(new WebApplicationOptions
{
Args = args,
WebRootPath = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot", "browser")
});
My team has at least 40 applications written in ASP.Net Core/Angular application using the original templates. These applications make use of the back-end authentication middleware to initiate authentication requests upon any back-end request.
services.AddAuthentication(...).AddOpenIdConnect(...)
app.Use(async (context,next) => {
if(!context.User.Identity.IsAuthenticated) { await context.ChallengeASync(); }
else { await next(); }
}
This works great in the legacy templates, where the proxy was done in the back-end. In the new templates, where the proxy is done in the front-end, this back-end authentication fails with CORS errors about missing Access-Control-Allow-Origin headers, because of trying to redirect back to the ASP.Net middleware, https://localhost:44300 instead of the proxy host of https://localhost:4200.
I have been searching for days for how to configure the proxy.conf.js/json to handle these requests, or inject the Access-Control-Allow-* headers, but I have not found one example anywhere for how we can continue to use this back-end authentication approach with the new front-end proxy.
Am I missing something blatantly obvious, or do we have to re-design our apps if we want to move to the new front-end proxy approach? I understand this is only a problem when developing locally, and things will work once deployed, but if we can't test the authentication code properly... then I'm stumped...
Thanks
@awdorrin Good luck getting any response about JS SPAs from the aspnet team these days. They flipped the architecture around without consulting the community, ended up with loads of unintended consequences they didn't want to own, refused to engage in good faith about these issues and then abandoned us.
See below (and note the complete lack of response) https://github.com/dotnet/aspnetcore/issues/53072
@richstokoe I have had luck using a package called AspNetCore.SpaYarp
It has a glitch where sometimes it starts the front end client twice, but I just ignore the second window. We have been using it with a couple applications, and I even created a visual studio solution template to help my team mates start new projects.
I really don't know why the Microsoft team is turning a blind eye towards this.
When my workload frees up, I plan on digging into the startup issue to see if I can resolve it and provide an update.
Can find it here https://github.com/berhir/AspNetCore.SpaYarp And it is available via NuGet
Can we provide an overview page for SPAs so that we can add common information about SPA development with ASP.NET Core? As well as docs on how the templates work during development and production? (I will be providing the content).
Could we also remove the JavaScript Services section from the docs, since that is not something we longer recommend?
/cc @danroth27
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
Associated WorkItem - 58766