How to get client machine name accessing .net web application when its deployed on server and behind F5 load balancer
System.Net.Dns.GetHostEntry(HttpContext.Current.Request.ServerVariables["REMOTE_HOST"]).HostName;
this gives correct value when executed on local machine however it returns F5 load balancer IP address when deployed on server.
If your F5 is appropriately configured, it will add an X-FORWARDED-FOR HTTP header giving the IP address of the client it forwarded the request for (possibly also including other proxies in the path between the client and your F5)
Related
I have an API built with asp.net and its hosted using OWIN.hosting.WebApp as a Windows Service at https://example.com/api/v1/myEndpoint. Its bound to port 443 through netsh. When i start the OWIN application, its done like:
Dim Address As String = "https://*:443/
WebApp.Start(Of Application)(Address)
I also have my website hosted in IIS using SSL and bound to port 443 - https://example.com/web
They both start up and run without error. But it seems like IIS is blocking requests to the https://example.com/api/v1/myEndpoint. Postman cannot reach the API while IIS is running. If i stop IIS and try the exact same postman request the API returns back data like it should. As soon as i start IIS back up, the API will no longer respond.
Is there a rewrite rule i can add to forward the API requests the API service?
In my opinion, you could not host the asp.net web API windows service in iis.
a single IIS server can host multiple websites, but in order IIS to distribute HTTP requests correctly, each website has to be identified with some unique value. In case of an IIS website, it consists of three attributes that make up a unique combination for each website. These are:
a TCP port number
an IP address
a host header
The information about the hosted websites is stored in the ServerBindings attribute of the IIS Metabase in the following format: IP:Port:Hostname. Thus, if you want to host multiple websites on the same port, you will have to use a unique Host header or Ip address.
You could refer below link for more detail:
http://woshub.com/run-multiple-websites-on-the-same-port-and-ip-address-on-iis/
We have web service running hosted on an OwinHttpListener (http.sys behind the scenes). Whenever we send requests to the app on the IP address, it responds with 'Invalid hostname'.
After much trawling of stack overflow and google, im not really any closer to a solution. The requests are getting through to http.sys, as i can see them in the HTTP error log. I can log onto the server in question and access the service locally (using localhost or 127.0.0.1) and i can use the server name to successfully get through, the only failure condition is using the servers IP address.
Ive tried the following:
Ensure the app is listening on all interfaces (http://+:8080)
Ensure IIS is not trying to use the port (it isnt)
Ensure windows firewall is configured to allow traffic on that port (it is)
In our production environment a website runs under HTTPS with SSL terminating on a load balancer and passing traffic to the IIS servers as HTTP.
There are various in-house and 3rd party components and controls within the site and some of them use mechanisms similar to the .NET System.Web.HttpRequest.IsSecureConnection property which simply queries the HTTPS server variable to return its result. As the connection into the web server from the load balancer is HTTP, these methods return the incorrect value and cause some components to fail. For example, a component might direct the user to a HTTP URL instead of HTTPS for a JavaScript file and cause the browser not to load the mixed content.
In order to debug these components and to develop a workaround, I need to recreate this scenario on my development machine. My question is Is there an easy way to simulate an externally terminated SSL connection for the Visual Studio / IIS Express development environment?
I've found a way using Port Forwarding Wizard.
Create a single TCP mapping with Listen Port set to a spare port (e.g. 443), destination as localhost with web server port (e.g. 80). Leave everything else as default, but go into SSL Encryption and generate a Root Key and Certificate in CA Center. Once done, select Enable SSL Encryption and select Server. Generate a Private Key file, Cert Req file and a Certificate and then bob's your uncle, you get terminated SSL forwarding to your local IIS Express server: Simply Start your port mapping and then connect to https://localhost with your web browser (specifying the port if it's not 443).
I want to find out how to set up a WCF service, which communicates with client via certificate over SSL (HTTPS) in a load balancer environment. The certificate is used for message exchanges.
Update
Below is current setup:
WCF 3.5 is used, but can be changed to ver 4 if required.
IIS7.5 and ASP.NET 3.5
certificate is installed on each IIS,
each WCF app is installed on each IIS,
certificate is issued to *.mydomainname.com, where my app is under myapp.mydomainname.com
does load balancer require certificate?
Goal
Client uses certificate to communicate with WCF service over HTTPS in load balancer.
Any idea would be very much appreciated!
Your site hosting the service must be exposed on domain name for example:
myapplication.enterprise.com
This configuration must be done on all application servers in the web farm (load balanced servers) = you must assign correct host header. You must request / create certificate for this domain name and install it (including private key) on all servers in the farm. You must configure your web sites on all servers to use this certificate. DNS record for the domain name must be configured to point to IP address of the load balancer.
Load balancing must be done on TCP level to maintain HTTPS between client and your servers. In this scenario load balanced environment should become completely transparent to client and load balancer will not need the certificate because it will only forward TCP connections and SSL tunnel will be created with the real web server.
I am getting the following error when I try to call an ASP.NET Web Service from an ASP.NET Web Application. I believe it is because the Web Service and Web Application are on the same Farm/behind the same Load Balancer.
A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond [IP Address removed]:80
This error does not occur when I call the Web Service on the Farm from the Web App on my local machine, or when I call the Web Service on my local machine from the Web App on the Farm.
Any idea why this error is occurring?
The solution to my problem was to turn on NATing on the load balancer.
The request was being made from a server in the farm to the Load Balancer, then the Load Balancer would send that request to one of the servers in the farm (possibly even the same server that requested it). The problem was, the server that was handling the request would try to send the response directly back to the "requesting client" instead of back to the Load Balancer, so the server that made the request would just ignore the response because it was not being sent by the Load Balancer. By turning NATing on, all responses are sent back to the Load Balancer, and then the Load Balancer sends the response on to the original client.
This is just a guess, but can the web server actually see the IP address being used? If it's on a farm behind a load balancer then that IP might be being blocked by the load balancer itself or a firewall or proxy server.
Can you access the web server via remote desktop and ping the IP address?
The TCP/IP stack on your farm node is not going to route the call to the IP address of the load balancer, but will automatically translate this into a local call on 127.0.0.1:80 on the specific farm node that is making the call. Make sure your web servers are set up to handle this case.