II Express-让SSL上班
我无法让 IIS Express 接受我正在开发的 VS2010 MVC3 项目的安全连接。我可以让它接受端口 80 上的不安全连接,但在端口 443 上不安全。
根据谷歌搜索,我已采取以下步骤:
1) 通过执行以下命令找到我的 IIS Express Server 自签名证书的 SHA1 指纹在 VS2010 命令行上:
certmgr.exe /c /s /r localMachine MY
结果为 9B088F80 A4FC3141 28F62890 70BA1FC4 49FDD009。后来我才知道,使用指纹时需要删除空格。
2) 通过在提升的命令行提示符下执行以下命令,删除链接到端口 443 的任何证书:
netsh http delete sslcert ipport=0.0.0.0:443
3) 通过从 VS2010 工具菜单运行创建 GUID 生成新的 GUID。就我而言,我得到了 B0421A5B-FF61-47CE-892D-11AA3A9C7D2A。
4) 通过在提升的命令行提示符下执行以下命令,将自签名证书安装到端口 443:
netsh http add sslcert ipport=0.0.0.0:443 certhash=9B088F80A4FC314128F6289070BA1FC449FDD009 appid={B0421A5B-FF61-47CE-892D-11AA3A9C7D2A}
5) 通过从提升的命令行提示符运行以下命令来修改 ACL:
netsh http add urlacl url=https://localhost:443/ user=everyone
6) 通过添加端口 443 和 https 协议的绑定。文件的站点部分最终如下所示:
<sites>
<site name="Development Web Site" id="1" serverAutoStart="true">
<application path="/">
<virtualDirectory path="/" physicalPath="%IIS_BIN%\AppServer\empty_wwwroot" />
</application>
<bindings>
<binding protocol="https" bindingInformation="*:443:localhost" />
<binding protocol="http" bindingInformation="*:80:localhost" />
</bindings>
</site>
<siteDefaults>
<logFile logFormat="W3C" directory="%IIS_USER_HOME%\Logs" />
<traceFailedRequestsLogging directory="%IIS_USER_HOME%\TraceLogFiles" enabled="true" maxLogFileSizeKB="1024" />
</siteDefaults>
<applicationDefaults applicationPool="IISExpressAppPool" />
<virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>
7) 通过在提升的命令行提示符处执行以下命令重新启动 http 服务:
net stop http
net start http
8) 将 MVC 项目属性页的 Web 选项卡上的项目 URL 更改为以下内容
http://localhost/
:在我进行此更改后,项目属性页触发了服务器的重新配置。
当我从 VS2010 中启动 MVC 应用程序时,它正确地连接到 http://localhost (在端口 80 上,默认值;我没有包含所有让 IIS Express 在端口 80 上处理不安全/正常连接的步骤,但它们本质上是步骤 5 到 7,但重点关注 http 和端口 80,而不是 https 和端口 443)。
但是,尝试转换到任何需要 https 的操作都会导致“服务器拒绝连接”错误。
我做错了什么?
I am unable to get IIS Express to accept secure connections for a VS2010 MVC3 project that I'm developing. I can get it to accept unsecure connections on port 80, but not secure on port 443.
I've taken the following steps, based on googling:
1) Located the SHA1 thumbprint for my IIS Express Server self-signed certificate via executing the following on a VS2010 commandline:
certmgr.exe /c /s /r localMachine MY
The result was 9B088F80 A4FC3141 28F62890 70BA1FC4 49FDD009. I learned later that I need to delete the spaces when using the thumbprint.
2) Deleted whatever certificate was linked to port 443 by executing the following on an elevated commandline prompt:
netsh http delete sslcert ipport=0.0.0.0:443
3) Generated a new GUID by running Create GUID off the VS2010 Tools menu. In my case I got
B0421A5B-FF61-47CE-892D-11AA3A9C7D2A.
4) Installed the self-signed certificate to port 443 by executing the following on an elevated commandline prompt:
netsh http add sslcert ipport=0.0.0.0:443 certhash=9B088F80A4FC314128F6289070BA1FC449FDD009 appid={B0421A5B-FF61-47CE-892D-11AA3A9C7D2A}
5) Modified the ACL by running the following from an elevated commandline prompt:
netsh http add urlacl url=https://localhost:443/ user=everyone
6) Modified the application.config file for IIS Express by adding a binding for port 443 and the https protocol. The sites section for the file ended up looking like this:
<sites>
<site name="Development Web Site" id="1" serverAutoStart="true">
<application path="/">
<virtualDirectory path="/" physicalPath="%IIS_BIN%\AppServer\empty_wwwroot" />
</application>
<bindings>
<binding protocol="https" bindingInformation="*:443:localhost" />
<binding protocol="http" bindingInformation="*:80:localhost" />
</bindings>
</site>
<siteDefaults>
<logFile logFormat="W3C" directory="%IIS_USER_HOME%\Logs" />
<traceFailedRequestsLogging directory="%IIS_USER_HOME%\TraceLogFiles" enabled="true" maxLogFileSizeKB="1024" />
</siteDefaults>
<applicationDefaults applicationPool="IISExpressAppPool" />
<virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>
7) Restarted the http service by executing the following at an elevated commandline prompt:
net stop http
net start http
8) Changed the Project URL on the Web tab of my MVC project's Property page to the following:
http://localhost/
Saving the project property page triggered a reconfiguration of the server after I made this change.
When I launch the MVC app from within VS2010 it correctly ties back to http://localhost (on port 80, the default; I haven't included all the steps for getting IIS Express to work with unsecure/normal connections on port 80, but they're essentially steps 5 thru 7, but focusing on http and port 80, not https and port 443).
However, trying to transition to any action that requires https gets me a "server refused connection" error.
What am I doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
将项目设置为使用 IISExpress 后,在解决方案资源管理器中选择该项目时按
F4以显示属性,并在属性集中SSL Enable设置 < code>true 并在SSL URL下设置带有您想要的 SSL 端口(在您的情况下为 443)的 URL。这对我来说很有效,无需深入了解,并且自签名证书是自动的。
要默认在该 URL 上运行项目,您可以右键单击该项目,选择属性,然后选择 Web,并将项目 Url 替换为 https: //本地主机:443
After you've set a project to use IISExpress, press
F4while the project is selected on the solution explorer to bring up the properties and in the properties setSSL Enablesettrueand underSSL URLset the URL with the port (443 in your case) you want for the SSL.This works for me without going under the hood and the self signed certificate was automatic.
To run the project on that URL by default, you can right click on the project, select properties, then Web and replace the Project Url with https://localhost:443
如果您已按照 jbtule 的步骤操作,但 SSL 仍无法正常工作,请确保您的端口格式为
:443XX。Visual Studio 会自动为我启用 SSL 的第一个项目执行此操作,但任何后续项目似乎都有随机 SSL 端口。
Project >下改为上面的443结构WebUI 让它启动并为我工作。If you have followed jbtule's steps and SSL is still not working, ensure that your port is in the format
:443XX.Visual Studio did this automatically for the first project I enabled SSL on, but any subsequent projects seem to have random SSL ports. Changing it to the above 443 structure under the
Project > WebUI got it up and working for me.我偶然发现了答案。
在步骤 6 中,我修改了错误的 IIS Express application.config 文件。事实证明,应用程序的主目录中有一个“主”配置文件(例如,在我的系统上的 C:\Program Files (x86)\IIS Express\AppServer),这是我的配置文件修改的。
第二个要修改的正确文件是用户数据区域中的文件(例如,在我的系统上,
C:\Users\Mark.ARCABAMA\Documents\IISExpress\config) )。I stumbled across the answer.
In step 6, I was modifying the wrong IIS Express application.config file. It turns out there is a "master" config file in the application's home directory (e.g.,
C:\Program Files (x86)\IIS Express\AppServer, on my system), which is the one I modified.The second and correct file to modify is the one in the User data area (e.g.,
C:\Users\Mark.ARCABAMA\Documents\IISExpress\config, on my system).我最近在 VS 2019 和 IIS Epress 上遇到了非常类似的问题。我尝试将 http 更改为 https,以便可以使用 ADFS。 (消息:此站点无法访问,本地主机不允许连接)。
经过更多研究后,我尝试将“需要 SSL”属性从 true 切换为 false,然后再切换回 true。这触发了对 applicationhost.config 文件 (....Vs\ProjectName\config\applicationhost.config) 的更新,该文件为 https 协议创建了一个带有新端口号的新 SSL 绑定。因此,我修改了建议的新端口的所有链接(在项目的 Web 属性、配置文件和 ADFS 配置中)并且它有效。结论,对于同一站点,http 端口不必与 https 端口相同。
I recently had a very similar problem with VS 2019 and IIS Epress. I tried to change the http to https so that I could use ADFS. (Msg : This site is unreachable localhost does not allow connection).
After a little more research, I tried to switch the 'Require SSL' property from true to false and back to true. This triggered an update to the applicationhost.config file (... . Vs \ ProjectName \ config \ applicationhost.config) that created a new SSL binding with a new port number for the https protocol. So, I modified all the links with the proposed new port (in the web property of the project, the config file and the ADFS config) and it works. Conclusion, it is not necessary that the http port is the same as https same for the same site.
我只想添加帮助我解决相同问题的解决方案。
VS 显示的 SSL URL 为
https://[an IP, not localhost]:44367该 url 已保留,我发现它
netsh http show urlacl然后我运行
netsh http delete urlacl https://[an IP, not localhost]:44367,重新启动 VS,通过将 SSL 设置为 false 来关闭 SSL ,然后再次。这更正了 SSL URL。I would just like to add the solution that helped me with the same issue.
VS showed an SSL URL that was
https://[an IP, not localhost]:44367The url was reserved, which I found with
netsh http show urlaclI then ran
netsh http delete urlacl https://[an IP, not localhost]:44367, rebooted VS, turned SSL off by setting SSL to false, and then on again. This corrected the SSL URL.