I enabled SSL in Visual Studio 2015 in order to implement Facebook and Google login locally.
I changed the project URL in the Web tab of the project's properties to https://localhost:44300/ and decorated the controller with the RequireHttps attribute - ref #msdn.
Everything worked fine locally.
I reverted settings to HTTP to test something else and that caused me a problem when I tried to get back to HTTPS.
I found this SO question and tried almost every suggested solution.
Error detail:
Failed to register URL "url" for site "site" application "path".
Error description: Access is denied. (0x80070005).
I had to issue this command in DOS to solve the problem in VS 2015:
netsh http add urlacl url=http://{ip_addr}:{port}/ user=everyone
Strangely this was only needed when I moved the project to a different PC. On the original PC I didn't need it.
Turned out this very answer on the same question thread by Cayne led me to the solution.
The port change didn't work because applicationhost.config file, located in .vs folder specific for VS2015, kept bindings combo of old port for Http and Https as a default setting. No matter how many times did I change port to something else while trying with Http (only got clogged with mass of new web site bindings in the config file) as soon as I wanted to switch back to SSL it ended up with the first bindings combo. The port it complained about that can't be registered any more.
Once I deleted that first bindings combo everything was fine.
I hope this will help someone in the future.
Go to C:\Users{username}\Documents\IISExpress\config and open the applicationhost.config file.
Search for the <sites> tag in the document. You will see some lines similar to the following.
<site name="WebSite1" id="1" serverAutoStart="true">
<application path="/">
<virtualDirectory path="/" physicalPath="%IIS_SITES_HOME%\WebSite1" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:8080:localhost" />
</bindings>
</site>
Replace the line <binding protocol="http" bindingInformation="*:8080:localhost" /> as follows.
<binding protocol="http" bindingInformation="*:{required_port_number}:*" />
I think you can even remove the * marks in bindingInformation.
Then restart IIS Server (remove all IIS server related operations using Task Manager and go to C:\Program Files\IIS Express folder and run iisexpress.exe: you might need to Run as Administrator).
A console will open and if all went well, following lines will be displayed.
Successfully registered URL "http://*:{required_port_number}/" for site "Website1" application "/"
...
Also check in browser whether the required URL works now.
Here's a very useful resource...
I have a WCF REST service which debugs and works perfectly when using IISExpress and this url:
http://localhost:<portnumber>
However, for various reasons, I need it to also work with IIS Express and THIS url:
http://<ip address>:<portnumber>
When I tried originally, I got HTTP error 400: Bad request. Then I used google and ended up here: Connecting to Visual Studio debugging IIS Express server over the lan
That thread asked the EXACT same question, and the answer got me part of the way there. Following all the most excellent advice in that thread, I did the following:
Edit the IISExpress Host.config:
1: Open the %USERPROFILE%\My Documents\IISExpress\config\applicationhost.config file.
2: Changed all 17 of these lines:
<binding protocol="http" bindingInformation="*:8080:localhost" />
To look like this instead:
<binding protocol="http" bindingInformation="*:8080:*" />
(the port number varied on all 17 lines)
Visual Studio:
Closed, re-opened but ran as admin
Windows Firewall:
Added the port in question to allow incoming connections
CMD:
netsh http add urlacl url=http://*:XXXXX/ user=Everyone
Ran that command, where XXXXX is the port number.
Now, when I start debug and go to this URL:
http://<ip address>:<portnumber>
Instead of "HTTP error 400: Bad request", I now get "HTTP Error 503. The service is unavailable."
This is progress, as the browser is now at least hitting IISExpress, right? But I'm not sure at this point how to get past this 503 error. I've been searching google for that error for a while, but nothing is specific to what I'm trying to do.
Any ideas?
Figured it out. Instead of this:
<binding protocol="http" bindingInformation="*:8080:*" />
change it to this:
<binding protocol="http" bindingInformation="*:8080:" />
I have installed RavenDB 2.5.0 as Windows Service.
When I try to run Raven.Server.exe as Administrator or not I receive this:
Trying to revoke rights for http.sys
runas netsh http delete urlacl url=https://+:8080/
Trying to grant rights for http.sys
runas netsh http add urlacl url=http://+:8080/ user="Endri-PC\Endri"
Failed to grant rights for listening to http, exit codes: (1 and 1)
A critical error occurred while starting the server. Please see the exception de
tails bellow for more details:
System.InvalidOperationException: Could not write to location: C:\RavenDB\Databa
se\System. Make sure you have read/write permissions for this path. ---> Microso
ft.Isam.Esent.Interop.EsentFileAccessDeniedException: Cannot access file, the fi
le is locked or in use
at Raven.Storage.Esent.TransactionalStorage.Initialize(IUuidGenerator uuidGen
erator, OrderedPartCollection`1 documentCodecs)
--- End of inner exception stack trace ---
at Raven.Storage.Esent.TransactionalStorage.Initialize(IUuidGenerator uuidGen
erator, OrderedPartCollection`1 documentCodecs)
at Raven.Database.DocumentDatabase..ctor(InMemoryRavenConfiguration configura
tion, TransportState transportState)
at Raven.Server.RavenDbServer..ctor(InMemoryRavenConfiguration settings)
at Raven.Server.Program.RunServerInDebugMode(RavenConfiguration ravenConfigur
ation, Boolean launchBrowser)
at Raven.Server.Program.RunInDebugMode(Nullable`1 anonymousUserAccessMode, Ra
venConfiguration ravenConfiguration, Boolean launchBrowser, Boolean noLog)
at Raven.Server.Program.<>c__DisplayClass34.<InteractiveRun>b__1b()
at Raven.Server.Program.InteractiveRun(String[] args)
at Raven.Server.Program.Main(String[] args)
Press any key to continue...
Any idea what to do ?
I just had this same problem while I was following the "Basic Concepts" section of the RavenDB documentation, with the following output:
C:\RavenDB>Raven.Server.exe
Trying to grant rights for http.sys
runas netsh http add urlacl url=http://+:8080/ user="User-PC\User"
Failed to grant rights for listening to http, exit codes: (0 and 1)
A critical error occurred while starting the server. Please see the exception details bellow for more details:
System.InvalidOperationException: Could not write to location: C:\RavenDB\Data.
Make sure you have read/write permissions for this path. ---> Microsoft.Isam.Esent.Interop.EsentFileAccessDeniedException: Cannot access file, the file is locked or in use
<stack trace follows>
The issue was that the RavenDB installer had automatically started the RavenDB Server as a Windows Service, preventing the command-line Raven.Server.exe from being able to access the right directory. I just opened the Services control panel (Start menu -> services.msc) and stopped the RavenDB service. After that, starting Raven.Server.exe from the command line worked as demonstrated in the documentation.
Note that this is running on a Windows 7 x64 Professional machine in Development mode with RavenDB 2.5.2851.
You have neither the permission to access port 8080 nor the database folder. If you want to run RavenDB on your account, give yourself permissions for the folder C:\RavenDB\Database\System and run this command in an elevated console:
netsh http add urlacl url=http://+:8080/
I'm using the new Visual Studio 2013 with IISExpress for the first time (previously used ASP.net Development server on VS2010). I'm running into issues trying to debug my project.
This is what I see in Chrome:
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error code: ERR_SSL_PROTOCOL_ERROR
I updated my Properies -> web file so that the Project Url uses a https URL now. However, after doing that, I now get a new error when launching:
The connection to localhost was interrupted.
Error code: ERR_CONNECTION_RESET
Thanks
I was getting ERR_CONNECTION_RESET because my Visual Studio 2013/IIS Express configured app port number was NOT in the range :44300-:44398. (I don't recall having to dismiss any warnings to get out of that range.) Changing the port number to something in this range is all I had to do to make it work.
I noticed this after reviewing the netsh http show sslcert > sslcert.txt output and something clicking with stuff I read recently about the port numbers.
Make sure to remove any previous 'localhost' certificates as those could conflict with the one generated by IIS Express. I had this same error (ERR_SSL_PROTOCOL_ERROR), and it took me many hours to finally figure it out after trying out many many "solutions". My mistake was that I had created my own 'localhost' certificate and there were two of them. I had to delete both and have IIS Express recreate it.
Here is how you can check for and remove 'localhost' certificate:
On Start, type → mmc.exe
File → Add/Remove Snap-in...
Select Certificates → Add> → Computer account → Local computer
Check under Certificates > Personal > Certificates
Make sure the localhost certificate that exist has a friendly name "IIS Express Development Certificate". If not, delete it. Or if multiple, delete all.
On Visual Studio, select project and under property tab, enable SSL=true. Save, Build and Run. IIS Express will generate a new 'localhost' certificate.
Note: If it doesn't work, try these: make sure to disable IIS Express on VS project and stopping all running app on it prior to removing 'localhost' certificate. Also, you can go to 'control panel > programs' and Repair IIS Express.
If you're using URLRewrite to force SSL connections in your web.config, it's probably rewriting your localhost address to force https. If debugging with SSL enabled isn't important to you and you're using URLRewrite, consider adding <add input="{HTTP_HOST}" pattern="localhost" negate="true" /> into your web.config file's rewrite section. It will stop the rewrite for any localhost addresses but leave it in place in a production environment.
If you're not using URLRewrite or need to debug using SSL, http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx might help. It's for VS2010, but should suffice for VS2013 as well.
I am summarizing the steps that helped me in resolving this issue:
Make sure the SSL port range(used by IIS express) is between
44300-44398
During installation, IIS Express uses Http.sys to reserve ports 44300
through 44399 for SSL use. This enables standard users (without
elevated privileges) of IISExpress to configure and use SSL. For
more details on this refer here
Run the below command as administrator in Command prompt. This will output the SSL Certificate bindings in the computer. From this list, find out the certificate used by IIS express for the corresponding port :
netsh http show sslcert > sslcert.txt
Look for the below items in the sslcert.txt (in my case the IIS
express was running at port 44300)
IP:port : 0.0.0.0:44300
Certificate Hash : eb380ba6bd10fb4f597cXXXXXXXXXX
Application ID : {214124cd-d05b-4309-XXX-XXXXXXX}
Also look in the IIS express management console (RUN (Ctrl+R) -> inetmgr.exe)
and find if the corresponding certificate exists in the Server Certificates
(Click on the ServerRoot -> under section IIS () -> Open the Server
Certificates)
If your localhost by default uses a different certificate other than the one listed in Step 3, continue with the below steps
netsh http delete sslcert ipport=0.0.0.0:44300
netsh http add sslcert ipport=0.0.0.0:44300 certhash=New_Certificate_Hash_without_space appid={214124cd-d05b-4309-XXX-XXXXXXX}
The New_Certificate_Hash will be your default certificate tied-up with your localhost (That we found in step 4) or the one which you want to add as a new certificate.
P.S. Thank you for your answer uosɐſ (which helped me in resolving this issue)
The problem that I was experiencing had to do with me, at some point in time, enabling HSTS for localhost and not realizing that this would break my http://localhost:someport in IIS Express.
HSTS tells the browser (Chrome in my case) to ALWAYS request a URL using HTTPS. So therefor even though I hadnt even enabled SSL for my MVC 5 app, the browser would still try to access my site using HTTPS in the URL instead of HTTP.
The fix?
Surf to chrome://net-internals/#hsts
In the delete section, enter "localhost" and delete the record from Chrome.
None of the above options worked for me. I had to do the following:
Uninstalled IIS Express 8.0
Deleted all the configurations in my Documents directory for IIS Express
Reinstalled IIS Express 8.0
Deleted the project on my local machine and downloaded a clean version for TFS
Ran the project - it then ran over SSL and I am able to debug
I got the steps from this thread.
Hope this helps.
The issue that I had was related to #Jason Kleban's answer, but I had one small problem with my settings in the Visual Studio Properties for IIS Express.
Make sure that after you've changed the port to be in the range: 44300 to 44399, the address also starts with HTTPS
In my case, I created a self-signed certificate and had it working, except I was getting an error in the browser because the certificate was untrusted. So, I moved the cert into the Trusted Root Certification Authorities > Certificates folder in the Certificates snapin. It worked, and then I closed Visual Studio for the day.
The following day, I started my project and I received the error mentioned in the original question. The issue is that the certificate you configured IISExpress with must exist in the Personal > Certificates folder or HTTPS will stop working. Once IIS Express successfully starts, you can drag the cert back to the trusted location. It'll continue to work until you restart IIS Express.
Not wanting to fuss with dragging the cert back and forth every time, I just place a copy of the certificate in both places and now everything works fine.
I have a same problem in Visual Studio 2015. Because I use SSL binding in web.config
<rewrite>
<rules>
<rule name="HTTP to HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
</rules>
</rewrite>
And I can fix the problem with the answer of Mr.djroedger. By replacing
<add input="{HTTPS}" pattern="off" />
with
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
into my web.config, so my code is
<rewrite>
<rules>
<rule name="HTTP to HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
</rules>
</rewrite>
Removing IISExpress and vs directories and using ssl port range of 44300 to 44399 (inclusive) from this article worked for me
In my case, I was getting this exact error running on port 443, and (for reasons I won't go into here) switching to a different port was not an option. In order to get IIS Express to work on port 443, I had to run this command...
C:\Program Files\IIS Express>IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:443/ -UseSelfSigned
Much thanks to Robert Muehsig for originally posting this solution here.
https://blog.codeinside.eu/2018/10/31/fix-ERR_CONNECTION_RESET-and-ERR_CERT_AUTHORITY_INVALID-with-iisexpress-and-ssl/
I was having this problem, I had configured my site for global require https in FilterConfig.cs.
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new RequireHttpsAttribute());
}
I had forgotten to change the project url to https: from this tutorial http://azure.microsoft.com/en-us/documentation/articles/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database/ under ENABLE SSL part 4. This caused the errors you were getting.
Another problem that happened me twice:
In IIS Express's applicationhost.config the order of the bindings does matter. One binding could take precedence over your SSL binding, making it not working.
Example:
<site name="MySite007" id="1">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="C:\Users\myuser\projects\mysolutionfolder\MyProject.Service" />
</application>
<bindings>
<binding protocol="http" bindingInformation=":8081:localhost" />
<binding protocol="http" bindingInformation=":8080:" /><!-- evil binding -->
<binding protocol="https" bindingInformation="*:44327:localhost" />
</bindings>
</site>
You may have added a binding similar to the second one to be able to access your WebService from outside localhost. Because this binding listens on any adress, it seems to override the SSL binding although a different port was used.
Remove the evil binding or move it down.
For me it worked using the solution provided in the blog here.
C:\Program Files (x86)\IIS Express\IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44387/ -UseSelfSigned
use the port that your project uses for https.
This is anecdotal as overheard from a co-worker, but allegedly this is an issue with chrome forcing https. I usually launch in firefox so i hadn't seen this problem before. Using firefox or ie worked for my co-worker.
If you need to use a port outside of the 44300-44399 range, here's a workaround:
Create a new site in IIS (not Express)
Bind HTTPS to the port you need
For SSL Certificate, choose IIS Express Development Certificate
Once the site is created, stop it, since it doesn't actually need to be running
This registers the IIS Express Development certificate with that port and is the easiest way I've found to get around the 44300-44399 range requirement.
My problem was caused by Fiddler. When Fiddler crashes it occasionally messes with your proxy settings. Simply launching Fiddler seemed to fix everything (perhaps it repairs itself somehow).
To follow on to other answers about setting the SSL port between 44300 and 44399, I was unable to change the SSL Enabled property in Visual Studio, nor set a specific SSL URL. Other answers, like repairing IIS Express did not help. The solution was to go into the .vs folder parallel to the sln file, open the config subfolder, and then edit the applicationhost.config file. Then, I added the https line manually and restarted VS.
<binding protocol="http" bindingInformation="*:24941:localhost" />
<binding protocol="https" bindingInformation="*:44301:localhost" />
The 'Digicert certificate installation checker' is often helpful in situations like this.
I was able to verify the SSL cert being attempted was the one I was expecting by comparing the serial number.
For me #Jason Kleban answer was the actual problem, but this can be a very useful utility to check your basic assertions about what certificate is being loaded.
In my case after trying everything for three days, solved by just starting Visual Studio by "Run as Administrator."
KASPERSKY ISSUE!! I'd tried everything, localhost with SSL worked if I ran VS2019 as Administrator, but the connection was lost after a while of debugging, and I had to re-run the app. The only worked for me was uninstall Kaspersky, unbelievable, days ago I'd tried to pause Kaspersky protection and it didn't solve the problem, so I had discarded antivirus issues, after days of trying solutions, I resumed antivirus matter, uninstalled Kaspersky V 21.1 ..., tried and worked, installed V 21.2 ... and it works fine also without running VS as Administrator
I had the same issue running Rider/VS, both were using IIS Express to run it. I was having the issue with Postman, Chrome, Firefox and front end application calling it.
Turns out that because my laptop was appropriated for me when i started working for this company the previous developer had clicked No when asked if he wanted to use the Developer Cert the first time he ran IIS Express.
This was fixed on Windows 10 by going to Add Remove Programs (from the new UI there is a link on the right to launch the classic application for Adding and Removing Programs) then Repair IIS 10.0 or 8 or whatever version you are running.
Then try running the application again (I did this in VS but assume that Rider would do the same) and when asked whether you would like to use the Developer Certificate you click YES.
Hours wasted on this, but all sorted after that!
I'd just rebuilt my computer. This thread gave me the clues, where I realized in the project settings>Web, the project was configured to use HTTP and the HTTP port. By updating it to HTTPS and the correct HTTPS port, everything started to work again.
In my case I'd simply forgotten I had a binding set up for (in my case) https://localhost:44300 in full IIS. You can't have both!
In my case, the localhost url was redirected to https://localhost when I was debugging. This happened from one moment to other, without changing anything. I solved this by making a hard reload to the browser. Here the link
I had similar issue where my application's swagger(running on SSL port 44319) stopped working suddenly and I got ERR_CONNECTION_RESET error.
After doing a little research, I found that port 44319 was removed from the list of allow ports for SSL connection - found using this command netsh http show sslcert > sslcert.txt.
I then had to add back port 44319 to SSL allowed ports using netsh http add sslcert ipport=0.0.0.0:44319 certhash=YOUR_CERT_HASH appid={YOUR_APP_ID}.
To find the certhash and appid, you can use output of first command. This worked for me!
I am running into an issue I had before; can't find my reference on how to solve it.
Here is the issue. We encrypt the connection strings section in the app.config for our client application using code below:
config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
If config.ConnectionStrings.SectionInformation.IsProtected = False Then
config.ConnectionStrings.SectionInformation.ProtectSection(Nothing)
' We must save the changes to the configuration file.'
config.Save(ConfigurationSaveMode.Modified, True)
End If
The issue is we had a salesperson leave. The old laptop is going to a new salesperson and under the new user's login, when it tries to to do this we get an error. The error is:
Unhandled Exception: System.Configuration.ConfigurationErrorsException:
An error occurred executing the configuration section handler for connectionStrings. ---> System.Configuration.ConfigurationErrorsException: Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'.
Error message from the provider: Object already exists.
---> System.Security.Cryptography.CryptographicException: Object already exists
http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx#1657603
copy and paste :D
Monday, February 12, 2007 12:15 AM by Naica
re: Encrypting configuration files using protected configuration
Here is a list of all steps I've done to encrypt two sections on my PC and then deploy it to the WebServer. Maybe it will help someone...:
To create a machine-level RSA key container
aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp
Add this to web.config before connectionStrings section:
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="DataProtectionConfigurationProviderKeys"
useMachineContainer="true" />
Do not miss the <clear /> from above! Important when playing with encrypting/decrypting many times
Check to have this at the top of Web.Config file. If missing add it:
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
Save and close Web.Config file in VS (very important!)
In Command Prompt (my local PC) window go to:
C:\WINNT\Microsoft.NET\Framework\v2.0.50727
Encrypt: (Be aware to Change physical path for your App, or use -app option and give the name o virtual directory for app! Because I used VS on my PC I preferred the bellow option. The path is the path to Web.config file)
aspnet_regiis -pef "connectionStrings" "c:\Bla\Bla\Bla" -prov "DataProtectionConfigurationProvider"
aspnet_regiis -pef "system.web/membership" "c:\Bla\Bla\Bla" -prov "DataProtectionConfigurationProvider"
To Decrypt (if needed only!):
aspnet_regiis -pdf "connectionStrings" "c:\Bla\Bla\Bla"
aspnet_regiis -pdf "system.web/membership" "c:\Bla\Bla\Bla"
Delete Keys Container (if needed only!)
aspnet_regiis -pz "DataProtectionConfigurationProviderKeys"
Save the above key to xml file in order to export it from your local PC to the WebServer (UAT or Production)
aspnet_regiis -px "DataProtectionConfigurationProviderKeys" \temp\mykeyfile.xml -pri
Import the key container on WebServer servers:
aspnet_regiis -pi "DataProtectionConfigurationProviderKeys" \temp\mykeyfile.xml
Grant access to the key on the web server
aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "DOMAIN\User"
See in IIS the ASP.NET user or use:
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name
Remove Grant access to the key on the web server (Only if required!)
aspnet_regiis -pr "DataProtectionConfigurationProviderKeys" "Domain\User"
Copy and Paste to WebServer the encrypted Web.config file.
I found a more elegant solution that in my original answer to myself. I found if I just logged in as th euser who orignally installed the application and caused the config file connectionstrings to be encrypted and go to the .net framework directory in a commadn prompt and run
aspnet_regiis -pa "NetFrameworkConfigurationKey" "{domain}\{user}"
it gave the other user permission to access the RSA encryption key container and it then works for the other user(s).
Just wanted to add it here as I thought I had blogged this issue on our dev blog but found it here, so in case I need to look it up again it will be here. Will add link to our dev blog point at this thread as well.
So I did get it working.
removed old users account from laptop
reset app.config to have section not protected
removed key file from all users machine keys
ran app and allowed it to protect the section
But all this did was get it working for this user.
NOW I need to know what I have to do to change the code to protect the section so that multiple users on a PC can use the application. Virtual PC here I come (well after vacation to WDW tomorrow through next Wednesday)!
any advice to help pointing me in right direction, as I am not very experienced in this RSA encryption type stuff.
Sounds like a permissions issue. The (new) user in question has write permissions to the app.config file? Was the previous user a local admin or power user that could have masked this problem?