IIS with secure socket connection keeps responding after stopping website - asp.net

I'm running IIS 10.0 on Windows Server 2019 Standard a simple ASP.NET Framework 4.7.2 with long running Websocket connection and SignalR.
Things work well when it comes to stopping the website and sockets are closed if I'm using non secured sockets. However if I have a secure socket connection (TLS/SSL) the worker process will hang as long as the sockets are open. The client will continue to send and receive responses from the server. The only way to fix this is to have the client restart the connection.
Both direct websockets or via SignalR will cause this issue, the application will keep on running after trying to stop the website, transmitting and receiving messages over the secure socket; as soon as the socket closes the worker process dies as expected.
Here is a similar issue with no response : Server keeps sending ping messages to client after IIS site is stopped.
Connections do not timeout after the app pool timeout (90s)
Here is a screenshot of the active connections
What could be causing this and how do I make sure these connections are dropped when a stop/recycle is requested by IIS ?
Update:
If I change the port but still use a secure connection, the problem goes away. On website stop, the connections are dropped and the worker process dies as expected. So it seems to have something to do with port 443...

Related

How to get SignalR Connection to Respect Session Timeout

Using SignalR, it's designed to maintain a long-running connection to the web server. However, I have a scenario where the SignalR connection maintains an open connection to the web server, long after the ASP.Net session has expired. This happens even though neither the client nor the server is sending an data.
How can I set things up so that once the Asp.net session expires, the SignalR connection terminates, freeing up connections on the server?
This is desired because the web servers run on a load balancer, and when taking a server out of the rotation, we need the # of current connections to generally represent the number of active sessions - not SignalR connections that are still kicking just because user left browser open.
SignalR Server does not allow to disconnect a particular client connection (this would be super useful). So the client is responsible to do that.
A workaround would be to add an event listener on the client and disconnect from there, i.e:
hubProxy.On<string>("YouAreUselesLetMeAlone", _ => connection.Dispose());
Obviously, to make this work you need a relation (ConcurrentDictionary?) of asp.net sessions <-> signalr connections, so you can call this method in the correct client when the asp.net session ends.

Can a Winsock TCP connection between server and client resume as-was after the server must restart?

Is there a way to save the "state" of Winsock so that the server program can be stopped and restarted and all the client TCP connections continue as though nothing happened, without the clients having to do anything special?
Or is it the case that once a Winsock server process terminates, client connections can only be reestablished through all the usual initialization calls?
A lost/closed connection must be re-established through a new connect handshake. So if you don't want the client to know the server is restarted, you will have to move the existing connection to another process first, then move it back after the restart. You can use WSADuplicateSocket() for that.

Can't open multiple connections with ssh.net in IIS environment

I'm using the ssh.net library to communicate with another server as part of a ASP.NET application.
I noticed using TCPView there is ever only one connection via SSH to the outgoing server at a time, the IIS server doesn't open one SSH connection per web request like I would expect. This is causing huge performance issues as only one request can be handled at a time - and must complete before a new one starts. Meanwhile, the other requests wait.
How can I allow the ssh.net library or the IIS server to open as many connections as required?

Connection refused - not consistent

I have an application that is used to make hotel bookings. The application takes an XML message, transforms the XML into another XML message and sends this new XML to another application. I am able to book hotels successfully.
When I try to amend this booking (different XML request, same application, same URL) I get a 'Connection refused' error.
I would have thought that there'd be consistency (all work or none) but there's not.
Anyone any idea why?
"Connection refused" means that no application is accepting connections on the port and host that you try to connect to. It can be caused by
The application is actually running on a different host or a different port
The application crashed and hasn't been restarted
The application is buggy: it closes the listening server socket from time to time, so that it is not listening for connection attempts all the time
Firewall is configured to respond to new connections with a "connection refused" even if the application was able to accept a connection

troubleshooting tcp/ip connection failure in my application

I am having a desktop application which can talk to a server application using TCP/IP. It was working all these days but now we ran into an issue. The log message in the server shows that the socket is disconnected after a while, but we are able to exchange heart beat messages. When i ran the WhireShark tool i am getting this log which i dont know how to interpret.
The other thing is when i run this application in the LAN where the server is running it just works fine.
Please help me to understand what is happening in the network.
It is difficult for me to see the trace details but it looks like .218 is the client trying to connect to .135? If so, 218's connection attempts (SYN) are being immediately rejected by 135 (RST). Normal 3-way TCP handshake should be SYN, SYN-ACK, ACK.
If the server is accepting requests from other hosts has some sort of firewall or the sort been setup to allow local LAN connections but disallow remote hosts?

Resources