Team Foundation and Nuget authentication conflict behind proxy - authentication

Recently I'm using TFS behind proxy authentication, everything works well till I try to install packages through the Package Manager Console, if I try to install a package, even if I set up proxy credentials to access TFS, the system asks for credentials to connect to nuget.org, when I input credentials, the authentication through nuget breaks the previous TFS proxy authentication, so I get the error HTTP code 407: Proxy Athentication Required (Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
After that I can't use nuget and can't use TFS so I have to restart VS2013, but in this way I can't install packages.
Any Idea??
Thanks

I worked around this issue with NuGet 2.8.50926.663 and a very restrictive company proxy by installing Fiddler2 from www.fiddlertool.com. It seems having some kind of proxy go-between helps NuGet play nicely with proxies.
Of course there are other tools which will achieve the same effect, e.g. WireShark or Privoxy. I know Fiddler is very useful on a development workstation, so I choose that.
Searching for other solutions kept coming back to issues and regressions of issues in older versions of NuGet, like version 1.5 for example. Seems like either the proxy authentication or HTTPS certificate handling of NuGet is not so streamlined.

Related

IIS doesn't run on HTTPS protocol in localhost

when i run my Asp.net core 3.1 app with IIS, i encounter with:
but when i run it on HTTP protocol, it runs well.
I reinstall my Chrome,VS and IIS and also reinstall my SSL certificate with the help : Troubleshoot certificate problems
but the problem remains!
Additional information:
IIS:10 | VS:2019 | Windows:10 version-1909 | Chrome:version-84
also i used to work without problem in my other windows user
account,but i had to delete that and work with new user account.
I had this issue with Kaspersky and Visual Studio on Windows 10, and finally resolved it by disabling the Encrypted Connection Scanning in Settings > Network Settings, then restarting my machine.
It might be possible to add localhost to exclusions, but this didn't seem to work for me.

Using ssl with localhost with asp.net mvc 5 on VS2015

I'm trying to test my website locally using SSL with IIS Express. It has the following properties set:
SSL Enabled set to 'true'
SSL URL is set https://localhost:44354/
But whenever I open the https address, I get the following error:
In "Microsoft Edge":
In Google Chrome:
I've read article after articles, including some on SO but to no avail. I've tried the following:
I've deleted my IIS Express Development Certificate
I've repaired IIS Express 10 via the Control Panel
I've removed the localhost certificate I had created manually.
I've added <binding protocol="https" bindingInformation="*:44354:localhost" /> to the bindings section the applicationhost.config
I've stopped and restarted IIS Express.
Some suggest to change the port to 443 but my SSL URL is read-only in .NET IDE.
Some articles I've read:
Running IIS Express without Administrative Privileges
How do I fix a missing IIS Express SSL Certificate?
IIS Express — Getting SSL to Work
and many more...
Any help would be greatly appreciated.
Thanks.
I finally figured it out by following this article How to trust the IIS Express Self-Signed Certificate but a few additional steps:
Export IIS Express Development certificate to a local from. This certificate can be found in the Server Certificates section in IIS 10.0.
Open the Certificate console by calling mmc.exe certmgr.msc from File|Run.
Delete all instances of localhost under the Trusted Root Certification Authorities|Certificates.
Import the newly created certificate. You will get prompted with the following:
Once imported, I went back to Asp.Net MVC 5 project, recompile it and ran it. When I ran it, I got prompted with the following:
This is when I knew I was on the right track as this was the first time I had ever seen this prompt! Click Yes, and now this prompt appears:
And click Yes on this prompt as well. Your project will then launch the relevant browser.
Go to the https address defined in your .net project, in my instance, https://localhost:44354/, and you will now see the padlock displayed in the address bar to indicate that it is a secure site:
Most of these answers were already available in different answers provided on SO but the points that were missing or that I missed were that I had to export my IIS Express Development certificate, delete all localhost entries (which I had done) and then re-import this certificate. Once done, .NET detects the change and you get prompted accordingly.
Anyway, I hope this will help others.
Self signed certificates need to be trusted or browsers won't accept them. You can easily use Jexus Manager to configure that,
https://www.jexusmanager.com/en/latest/tutorials/self-signed.html#to-trust-self-signed-certificate
While if you prefer manually, you can import the certificates to the Trusted Root Certificate Authority store in Windows.
Learn more about SSL, certificates, stores and so on (Google each of them and learn them thoroughly), so that next time you really understand what is the culprit before trying so many irrelevant things.
Jexus Manager also has an SSLDiag feature to identify potential issues,
https://www.jexusmanager.com/en/latest/tutorials/ssl-diagnostics.html
But you need to know enough so as to interpret its output correctly.

Implementing SSL in ASP.NET core with Kestrel

I'm using the preview tooling for ASP.NET Core and VS 2015 that was released in Dec timeframe.
I've followed numerous online examples with how to enable SSL in Kestrel. None of them worked.
So I tried an option in project called "Enable SSL" and it seems to set a port for me, and works from local host, but doesn't seem to work from elsewhere.
I've also tried .UseKestrel() I have option.UseHttps("ssl.pfx", "password")
Below that I have UseUrls, but it doesn't seem to bind correctly to the ports because my SSL requests. When I try to issue SSL requests it times out. I used netstat and it seems like there is no port opened for my specified SSL port.
1) How do I use UseUrls? I need both localhost and remote machine access
2) How do I configure IIS express to allow the https calls?
If anyone has a good reliable way to set this up for VS 2015 in an ASP.NET Core project I would really appreciate it!
Thanks,
James
You're not saying what you have tried so far, so maybe you've tried that already, but you need to:
have a valid certificate that your server will be able to provide to the client
install the nuget package: Microsoft.AspNetCore.Server.Kestrel.Https
change your configure sequence so that it uses Kestrel Https
app.UseKestrelHttps(certificate);
change the url Kestrel is listening to one starting by https://
I used this article a few months back on VS2015: https://www.thesslstore.com/blog/implement-ssl-kestrel-asp-net-core/
I worked fine for me, but maybe there are a few things to adapt with the latest version.

Octopus Deploy: Enable SNI on IIS HTTPS binding?

We're using Octopus Deploy and its "IIS web site and application pool" process feature to deploy our ASP.NET MVC app to IIS. It's working great.
Now, we would like to enable SNI for the HTTPS binding. Octopus Deploy doesn't seem to provide a built-in checkbox for this. How could we customize the Octopus Deploy's IIS deployment so that the SNI is enabled automatically?
If it makes things easier, it's OK for us if Octopus Deploy automatically enables SNI for all the HTTPS bindings, we don't need a setting for it.
For anyone still looking for a solution on this, at this time of writing, octopus now offers this exact feature on the "deploy an IIS Website step template, right on the bingings section, you can create https 443 bindings where you can specify a cert and check the "require sni" option, to automatically deploy certs per each virtual host.
This isn't currently possible to do with the built-in IIS configuration feature; instead, you could use a custom PowerShell script (PostDeploy.ps1 in your package, for example) to make the appropriate changes. I've logged a work item here to add it when we next revisit IIS configuration:
https://github.com/OctopusDeploy/Issues/issues/430

Configure a Port with an SSL Certificate w\o using Httpcfg

When one develops a self-hosted WCF http server,
one of the steps needed is to bind an SSL certificate to a port number:
httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6
as stated in:
http://msdn.microsoft.com/en-us/library/ms733791.aspx
However,
It is hardly expected that in my deployment environment one would be able to do it.
(I don't even know if the httpcfg.exe is redistributable)
Moreover, if the user changed the port after he installed the product then he will need to run the command again....
how can this step be automated pro grammatically?
preferably in C# but if it can only be done in C++ (direct access to the Http Server API)
then I will manage :)
Have a look here: an open source C# UI for configuring HTTP.SYS that directly drives the API. This should get you an idea of the code necessary for configuring the certs.
For those tuning in a couple of years later:
This article from Mike Bouck's RAM has a clean C# wrapper for the http.sys api.
Таке а look on https://github.com/segor/SslCertBinding.Net
It also has nuget available
Install-Package SslCertBinding.Net
and does what you need perfectly. Thanks to the author.