I am trying to enable external request on my web api running with iis express. To work with my xamarin project - Emulator.
I followed this doc : https://learn.microsoft.com/fr-fr/aspnet/web-api/overview/security/working-with-ssl-in-web-api
And I tried to follow this one too :
https://learn.microsoft.com/en-us/iis/extensions/using-iis-express/handling-url-binding-failures-in-iis-express#serving-external-traffic
But I can't run this command write in this doc : netsh http add sslcert ipport=0.0.0.0:44300 certhash= appid={00112233-4455-6677-8899-AABBCCDDEEFF}
"Failed to add SSL certificate; error: 183
An existing file cannot be created. "
(I use the redirection http to https.)
Any adivce ?
Related
I've been using a Self-Hosted SignalR Windows service accessed from multiple production servers (now in Azure) for 6+ years without a problem. I created an identical server for development in Azure but when I'm accessing SignalR from a browser on the SAME SERVER, SignalR gives me the following error when using either http:6287 or https:6286:
Access to XMLHttpRequest at 'http://myserver.learn.net:6287/signalr/negotiate?clientProtocol=1.5&xxxxxxx' from origin 'http://myserver.learn.net' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
However... It WORKS when connecting from OTHER SERVERS! I'm starting the connection with no errors using:
SignalR = WebApp.Start("http://myserver.learn.net:6287/");
SignalRSSL = WebApp.Start("https://myserver.learn.net:6286/");
(also SignalR = WebApp.Start("*:628x/" for both);
In my client code, I include the following script:
<script src="http://myserver.learn.net:6287/signalr/hubs"></script>
When I enter that url (or https version) in a browser ON THE SAME OR DIFFERENT SERVER, it shows the ASP.NET SignalR JavaScript Library v2.3.0-rtm page correctly! I've turned off the firewall with no change, added Microsoft.Owin.Host.HttpListener (someone suggested). I have also entered the wildcard certificate with netsh so the SignalR service can deal with the SSL connection using:
netsh http add sslcert ipport=0.0.0.0:6286 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Edit: I've also tried changing the ipport value to the real internal IP of the server as well as the public IP but no change.
So, why can't I access SignalR from the same server?
I found a solution in another answer here that worked. I changed:
$j.connection.hub.start().done(function () {
To:
$j.connection.hub.start({ jsonp: true, xdomain: true }).done(function () {
Which worked for both internal and external clients. xdomain:true alone didn't work but when I added jsonp:true it did. I have no real idea why, just that it's working now.
I have to send credentials to authenticate on the server (windows authentication) for my application:
with-credentials = true
The problem is that my clients are mobile devices, and I can't tell to the server in Access-Control-Allow-Origin the origin domains.
I would like to do that:
Access-Control-Allow-Origin = *
But I know it is not possible because of security issues.
How can I do that with HTTP?
PS: I am using a server in ASP.NET and clients are made with Ionic (Angular). Currently, I am using a temporary solution:
Access-Control-Allow-Origin = localhost:8100
But when I will deploy the application it won't work on real devices.
From enable-cors.org:
CORS In ASP.NET
If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "*");
See also: you can also Configure IIS6 / IIS7
Reference Taken
Sometimes you need to check this wihtin your AuthorizeAttribute
// pre-flight request (OPTIONS) are always ok.
// https://stackoverflow.com/questions/26296779/chrome-v37-38-cors-failing-again-with-401-for-options-pre-flight-requests#28235624
if (actionContext.Request.Method == System.Net.Http.HttpMethod.Options)
{
return true;
}
Recently I developed a asp.net core 2.0 web app in my company and in debug mode works perfect, however when I deployed in our testing server into IIS and we try to execute from a client machine it ran into a problem:
An unhandled exception occurred while processing the request.
CryptographicException: The key {0851ad3b-df33-4cf7-8c3a-5c637adaa713} was not found in the key ring.
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, bool allowOperationsOnRevokedKeys, out UnprotectStatus status)
InvalidOperationException: The antiforgery token could not be decrypted.
Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(string serializedToken)
The problem starts when I submmit login page. I investigated links with same problems here and other blogs, but I found that has to be with ValidateAntiForgeryToken and solution is related with Microsoft.AspNetCore.DataProtection. I added nuget package Microsoft.AspNetCore.DataProtection.Redis to my project and I added in ConfigureServices of startup class following code:
var redis = ConnectionMultiplexer.Connect("192.168.10.151:80");
services.AddDataProtection().PersistKeysToRedis(redis, "DataProtection-Keys");
services.AddOptions();
Our testing server ip is 192.168.10.151, however app throws following exception:
RedisConnectionException: It was not possible to connect to the redis server(s); to create a disconnected multiplexer, disable AbortOnConnectFail. InternalFailure on PING
¿Why it doesn't connect since is resolving in the same web app server?
¿Where is DataProtection-Keys database located?
as a workaround, I changed method by using PersistKeysToFileSystem as follows:
services.AddDataProtection()
.SetApplicationName("myapp-portal")
.PersistKeysToFileSystem(new System.IO.DirectoryInfo (#"c:\ProgramData\dpkeys"));
However running app in test server 192.168.10.151, when login form is submitted, goes back to login page. Checking stdout log file, only shows:
Hosting environment: Production
Content root path: C:\inetpub\wwwroot\OmniPays
Now listening on: http://localhost:30064
Application started. Press Ctrl+C to shut down.
Checking network messages by chrome's developers tools I noticed something:
Request URL: http://192.168.10.151/OmniPays/Account/Login
Request Method: POST
Status Code: 302 Found
Remote Address: 192.168.10.151:80
Referrer Policy: no-referrer-when-downgrade
and then ...
Request URL: http://192.168.10.151/OmniPays/Home/Main
Request Method: GET
Status Code: 302 Found
Remote Address: 192.168.10.151:80
Referrer Policy: no-referrer-when-downgrade
AccountController's Login action redirect request to HomeController's Main action only if authentication succeded, and Main action has [Authorize] attribute. For some reasons I can't achieve understand, Main action fails and return to Login page. URL in chrome shows: http://192.168.10.151/OmniPays/Account/Login?ReturnUrl=%2FOmniPays%2FHome%2FMain
I'm using Microsoft Identity. In debug mode works fine and if I deploy app in my local PC on IIS also works fine. ¿Maybe any SDK is missing in the server?
Please need help!!
Solution was found! the cause of problem was not in IIS neither the Server, connection to the server is using http rather than https, no certifies involved to validate secure connection, however testing in differents servers app works ok, so I felt really disappointed. Solution was to remove cookies an any data related with this URL pointing to Development Server (failing) in all browsers, data that was previously stored, and voila!!, now app works perfect. By default, as bhmahler comments data protection is made in memory and I left configuration by default, I mean, not explicitly persistence in redis nor PersistKeysToFileSystem and works fine, however is important to set DataProtection to strong data sensitive protection.
I'm newbie about these topics and It's unbelievable such a simple thing caused on me that waste of time. Thanks to all!.
I'm integrating a 3rd party xml editor into our web app and the save function performs an HTTP PUT directly to the file on the web server.
The OS is Windows Server 2008 R2 using IIS 7.5
We have a Web API installed so we already have WebDAV removed and also have updated the web.config with:
<remove name="WebDAVModule" /> under modules
<remove name="WebDAV" /> under handlers
We've updated the Handler Mappings of the site to include the 'PUT' verb:
StaticFile
ExtensionlessUrlHandler-ISAPI-4.0_32bit
ExtensionlessUrlHandler-ISAPI-4.0_64bit
We still continue to get the following response in fiddler when we make a PUT request to an xml file in the Composer:
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
Module : StaticFileModule
Notification : ExecuteRequestHandler
Handler : StaticFile
Error Code : 0x80070001
When you installed your aplication in IIS in Module:
Find WebDav and remove the same step you must do in Handler Mappings - remove WebDav and refresh all.
Add PUT, DELETE verbs to PHP.cgi request restrictions.
IIS -> Sites -> DOMAIN.COM -> Handler Mappings -> Edit the CGI handler handling your requests -> Request Restrictions -> Verbs tab.
My ASP.NET Application uses Windows authentication. I hosted the application in IIS and tried to access the application from the same server. I am able to access the application without error. But when I try to access the same application outside the server I am getting the error below:
The resource cannot be found. Description: HTTP 404. The resource you
are looking for (or one of its dependencies) could have been removed,
had its name changed, or is temporarily unavailable. Please review
the following URL and make sure that it is spelled correctly.
Requested URL: /FacetsUserSetupApp/home.aspx
The surprising part is I am getting this error only sometimes. It is working fine some other times. I am unsure of how this behavior is occurring.
The IIS trace log shows the below message when the error occurs:
2013-06-10 15:14:32 10.0.40.168 GET /FacetsUserSetupApp/Home.aspx - 80
- 10.4.43.41 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+InfoPath.3;+MS-RTC+LM+8;+.NET4.0C;+.NET4.0E;+MS-RTC+LM+8)
401 2 5 140
2013-06-10 15:14:33 ::1 POST /FacetsUserSetupService/Service1.svc - 80
- ::1 - 200 0 0 781
2013-06-10 15:14:33 ::1 POST /FacetsUserSetupService/Service1.svc - 80
- ::1 - 200 0 0 15
Please help me resolving this.
It seems that you are getting a 401.2 status code:
HTTP 401.2: Denied by server configuration
Description
The client browser and IIS could not agree on an authentication
protocol.
Common reasons
No authentication protocol (including anonymous) is selected in IIS. At least one authentication type must be selected. For more
information, click the following article number to view the article in
the Microsoft Knowledge Base:
253667 Error message: HTTP 401.2 - Unauthorized: Logon failed due to server configuration
with no authentication
Only Integrated authentication is enabled, and an older, non-Internet Explorer client browser tries to access the site. This
happens because the client browser cannot perform Integrated
authentication. To resolve this problem, use one of the following
methods:
Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
Use a client browser that can perform Integrated authentication. Internet Explorer and new versions of Netscape Navigator and Mozilla
Firefox can perform Integrated authentication.
Integrated authentication is through a proxy. This happens because the proxy doesn't maintain the NTLM-authenticated connection
and thus sends an anonymous request from the client to the server.
Options to resolve this problem are as follows:
Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
Don't use a proxy.
Probably the problem occurs because of the proxy.
Also just to make sure that everything is properly configured, check these troubleshooting / configuration links:
Error message when you try to visit a Web page that is hosted on IIS 7.0: "HTTP Error 401.2 - Unauthorized"
Windows Authentication <windowsAuthentication>