I am trying to run a client application on the same server that hosts our IIS-hosted raven server (build 2947). The IIS site that hosts raven is bound to an SSL certificate/hostname - we would like to enforce secure requests only (and redirect http requests to https). When I set the connection to use the https protocol:
Url=https://ravendb.somewhere.net;Database=StaffDb
I get a 401 denied error when the connection is opened. If I disable the redirect and connect to localhost non-securely, it works fine:
Url=http://localhost;Database=StaffDb
The docs suggest SSL can only be enabled when running as a service - does this mean our scenario of running within a secure IIS site is not possible?
When using SSL, you must use the specified hostname in the certificate.
With thanks to Ayende Rahien for support provided offline, it turned out this issue is actually due to a feature of IIS itself:
Windows XP SP2 and Windows Server 2003 SP1 include a loopback check
security feature that is designed to help prevent reflection attacks
on your computer. Therefore, authentication fails if the FQDN or the
custom host header that you use does not match the local computer
name.
Ayende's blog provides some more context, and I fixed this by following steps outlined in a Microsoft support article:
Method 2: Disable the loopback check (less-recommended method) The second method is to disable the loopback check by setting the
DisableLoopbackCheck registry key.
To set the DisableLoopbackCheck registry key, follow these steps:
.....
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Right-click Lsa, point to New, and then click DWORD Value.
5. Type DisableLoopbackCheck, and then press ENTER.
6. Right-click DisableLoopbackCheck, and then click Modify.
7. In the Value data box, type 1, and then click OK.
8. Quit Registry Editor, and then restart your computer.
Related
We installed Microsoft Workflow Manager on our SharePoint farm. When we first added the WF node, we configured not to allow http. For testing, we want to how allow HTTP.
The command update-WFHost does not seem to have a parameter for -EnableHttpPort.
We can remove the node and add back but was hoping to be able to make the change via a command.
Open IIS Manager.
Select Workflow Management Site in left pane.
Press "Bindings" button in right pane.
Add binding for HTTP protocol (port must be different from port for HTTPS).
Open PowerShell and execute cmdlet Register-SPWorkflowService with setting value of parameter "WorkflowHostUri" to new http binding.
I'm using vTiger CRM 5.4.0
It was working fine but i have changed and updated my server and simply copy paste and upload previous back from old server along with DB...
but it always shows me Popup box for "Authentication Required" on each page.
this message is most probably due to the use of HTTP Basic Authentication on the server side.
This has nothing to do with Vtiger and it's something you (or the person in charge of managing your server) needs to set on the web server side (may be Apache, IIS, or others).
If your interest is to disable the request of username and password, you should edit the server configuration. In case of IIS, this is a good starting point. In case of Apache web server, see this link.
Otherwise, you should check with the manager of your server for your username and password. The popup should not come up once the right combination has been entered.
I think the problem is Plesk. Plesk automaticaly creates a virtual directory named "test". This directory holds the Vtiger logo. Loading the logo causes the permission issue.
Solution: rename or delete the virual directy "test" in Plesk.
I am trying the Browserlink feature of ASP.NET MVC 5 and everything works great for non SSL pages. But if I navigate to a SSL page (with https url), I see 0 connections in the Browser link dashboard. So, is it true that Browser link works only for non SSL urls ? Or am I am missing any settings which will allow me to get Browser Link connection for both SSL and Non SSL urls ?
(I am testing from IIS)
According to this link, Microsoft is working on it.
I have been able to get around the issue by following these steps (using Chrome):
When the debugger opens the browser, open the F12 tools.
Go to the Console tab.
There should be an error message that looks something like this: GET https://localhost:[port]/[guid]/browserLink net::ERR_INSECURE_RESPONSE
Open the link in a new tab.
Click Proceed anyway.
Close the Browser Link tab.
Reload the tab with your app.
Browser Link should then start working.
I've also worked around it by getting the script link, reducing it to the root, and browsing there. Once there, accept the cert warning then view the cert and install it into the trusted roots. From then on, the cert will be trusted and the script will load automatically.
It appears that this limitation has been removed in Visual Studio 2015. I do not see any mention of this in the release notes, but Browser Link is fully operational in my dev environment under SSL.
I was unable to get Browser Link, Web Essentials, to work with SSL, even with the mentioned remedies. I was able to find a way, however, to get it work for me.
I am running my app through IIS (not express) and my app was nested under the default website. When debugging the site I saw that Chrome was dumping a connection error with a URL using port 44399. Adding a binding for this port, for https, then allowed the connection to be successful. I also used a local development cert for the SSL Certificate.
DISCLAIMER: Visual Studio tries to be your buddy and not use ports that you've bound to in IIS so once you close and re-open Visual Studio it will likely not use the 44399 port anymore. It looks like it decrements until it finds the next available port. So assuming you're not using 44398 this will be your number. Once you unbind 44399, then close and re-open Visual Studio it will likely rebind to 44399 again.
Hopefully this helps some of you out.
I had a similar issue involving custom domains and subdomains on IIS Express over HTTPS.
(Using SSL certificate I self-signed with support for localhost and my custom domain, installed with self-signed root authority in the trusted certificate store)
I had got IISEx to use the certificate and serve it on port 443 (as admin user), but browserlink was failing with CONNECTION_RESET.
This persisted even after switching back to using localhost as the website url for IIS etc.
Turns out I had forgotten to replace the certificate associated with the other ports IIS Express uses (specifically port 44399), which were still associated with the default development certificate used by IIS Express
http://www.iis.net/learn/extensions/using-iis-express/handling-url-binding-failures-in-iis-express
http://benjii.me/2014/11/run-iis-express-on-port-443-using-ssl-and-wildcard-subdomains/
[Simple Guide but missing the delete existing certificate bindings guidance]
For Windows 10 IIS Express users.
In visual studio click "View in Browser" in Browser Link
Dashboard .
An IIS Express icon will appear in system tray.
Right Click the IIS Express icon.Your application should be listed in both HTTP and HTTPS.
Hope it helps.
I have a remote connection with server machine. I log in server machine as administrator, open Internet Explorer. If I type both localhost and machine name site works . When I log in as another user and type localhost site works. But when I type the machine name, authentication page comes and when I choose either windows or form authentication nothing happens.
I need to work with machine name otherwise when I try to reach some pages such as approval page I get critical error.
Thank you
Authentication page has a simple JavaScript function which blocks all sites, except Trusted Sites. You need to add "machine name" to trusted sites list in Internet Explorer to activate that JS function.
This is because your System Name is not known in DNS; your remote connection works because the system name is known. When you try to access from the outside it's not.
There is a very quick way to check this; on a connection that DOES NOT WORK, open the Hosts file (c:\windows\system32\drivers\etc) - add the entry: xxx.xxx.xxx.xxx systemanme - for example, 10.0.0.20 MySystem. Save the file then open a command window - ping the server name and it should respond. Try the connection again and you should be OK.
The long-term fix is to talk to the system administrator to find out why the system name is not known on the network (often it can be because only the fully qualified domain name is known).
Newbie IIS question:
I want to setup HTTPS access for my XHTML page (not asp.net) hosted on my IIS 6.0 server. So far I have done the following:
In IIS Manager, for the particular folder, the following are set:
Require secure channel (SSL)
Require 128 bit encryption
Ignore client certificates
However when I try to access the page from IE 8.0 there is the following error:
"Internet explorer cannot display the page".
The options for using SSL and TSL are ON in the IE settings. Same error with Firefox also.
Apart from the above is there any else I should setup on the IIS server?
Have you generated a self-signed server certificate?
Here are the official instructions for setting up SSL in IIS. You can find directions here for creating a self signed certificate if that is the route you want to take.