I've just set-up a website on Windows 2012 (IIS 8.5).
I'm using Visual Studio 2013, and I'm wanting to configure Web Deploy so that our developers can only deploy over SSL (HTTPS).
In the website settings I've configured the SSL for the site;
For the website binding, I only have HTTPS present;
However it seems that I can still publish using WebDeploy over HTTP and I can browse to the site using HTTP, even though the file in this case wasn't found.
My main requirement is to stop developers being able to publish over HTTP. How can I achieve this ?
I think you should try to redirect all HTTP Requests towards HTTPS
URL rewriting in IIS 7+:
http://blogs.msdn.com/b/kaushal/archive/2013/05/23/http-to-https-redirects-on-iis-7-x-and-higher.aspx
Make sure that you don't have another IIS web site (usually the Default Web Site) that binds to port 80 with All unsigned IP address and no host header. That kind of site is a "catch-all" site that gives you the 404.
Related
I built an ASP.NET Web API. I run it locally from Visual Studio on IIS Express. I need to access this api from other device from another network, so I understand that it has to be hosted on the development machine on IIS, right? What I read is that:
I need to enable IIS Manager in the Control Panel (source) - DONE
Assign the IP of the dev machine to the localhost (source; source 2) - I don't see my site in the IIS Manager under Sites, only see Default Web Site. Why is that?
I assume the site needs to be hosted somehow on the dev machine, because I need to stop Visual Studio, therefore the IIS Express will be stopped and the site would not be accessible, even from localhost right?
My dev machine has a public static IP and I can access this Default Web Site successfully from outside.
You should consider your API in IIS just as any IIS App. i.e. a website.
It needs to have an IP (or a hostheader value)
Lets say api1.example.com binded in IIS with your IIS Application.
Your DNS must resolve this to the IIS machine IP.
then you can access it in that URL.
You can also just hit the machine IP running the IIS web server (on the port you added for the api - if its not :80)
See "Bindings" in IIS
See this Video : https://www.youtube.com/watch?v=I32AnqJzD58
On IIS 10, Windows Server 2016 I have a service installed as an application virtual directory. My binding for the site is *.example.com.
If I navigate to the service as http://example.com/svc/service.asmx, it works. If I navigate using www.example.com, I receive a 404.3 Cannot be served because of the extension configuration.
What makes it even more confusing is that I have another web service in another virtual directory that works just fine under either URL. Both of these services were originally running on a Windows 2003 server and have been migrated over.
Since this works without www, I don't think I need any kind of handler specified. I'm stuck at knowing if this is an application configuration (web.config) or an IIS configuration issue, or both?
I've worked on an ASP.Net MVC 5 application using EF6. The project is ready for deployment and I've been told by the project manager that the project will be deployed on a server with IIS 7.0 using https/SSL. We will be running the server on our premises and the certificate has been purchased from GoDaddy. During development, I've not enabled SSL in Visual Studio project, and no certificate has been imported into Visual Studio.
My question are:
Do I have to enable SSL in Visual Studio and import SSL certificate before deployment, or I can publish the project as is, and enable SSL in IIS only?
When do we enable SSL in Visual Studio and import SSL certificate into it? My understanding is that it is done during development to enable testing on SSL, but I'm not sure if my understanding is correct.
If development has already been finished, is it still necessary to carry out the above scenario (enable SSL in Visual Studio and import SSL certificate in it)?
You can handle SSL in IIS- this is what my company currently does. You might want to look into the Url Rewrite Module in IIS. This enables your site to handle requests that are sent to http and https both and both types of request both end up forced going over ssl.
You can handle it on your server side by using your hosting cPanel/Plesk etc.Simply change all request the type on both http and https ,if you want to enable only https requests then configure it on only https .For more details how to configure and enable ssl on godaddy kindly view full details on the given link.
Link
This is how to configure an SSL web application in IIS Express.
After publishing SSL web application, just go to IIS Manager, right click on Sites, Add Website and fill in the Bindings section of the wizard like in the picture below (select https, select correct Port number from the SSL url shown in VS and the SSL certificate as well). Then you can browse to the published https web address rather than having to run in debug from VS.
I Use Visual Studio 2010 with ASP.NET 4.0 and IIS7.
When I open my site, the URL looks like this
http://localhost:6549/Website/help/tab/contact-us
I want a friendly URL:
http://mysite/help/tab/contact-us
or anything that will help me to get rid of the Port 6549 from URL
http://localhost/Website/help/tab/contact-us
I use ASP.NET Development Server which is what Visual Studio use when you run a localhost website
Wait !! Please make distinction between "Properties window" and "Property pages" of the project. I always tried your advices, but using "Property pages", and there is no such property like Use dynamic ports on that page. This property can be found only in the "Properties window"
Assuming it's the ASP.NET development server:
To get rid of the port number you need to do this
- go to properties of the project
- click the web tab
- check the specific port and assign 80
There is also a virtual path setting here which you could set to /
Is your solution configured to use IIS and not the ASP.NET Development Server? There is also a property on the web application where you can specify the port (or allow for a random port to be chosen) - port 80 is the appropriate port - this requires administrator access to the process that is launching the web site.
Edit:
I was thinking you can use your host file to redirect the user, but I checked and you can't redirect to a port.
If you have IIS7 on the machine, just make the location of your web development folder into a virtual directory on IIS.
Then you can access it by http://localhost/website/
So, I made a cool demo which I want to show to my friends. But when I give them my IP-address (with the Development server's port and aspx page), it doesn't connect. How can I make it work?
They can't see the development server port.
It only serves pages to browser requests on the local computer.
You have to publish it to your IIS or to another machine that has IIS.
Deploy your site to your Local IIS server
The development server will only server connections from localhost. You need to deploy it to a real IIS server instance. Since you don't likely have Windows Server lying around, you can install IIS on any Professional edition of windows. Then your site will run on port 80, just like any other web site. You still may also need to forward that port on your home router.
Cassini (developers web server) has limitations and doesn't serve http requests from intranet/internet
You should deploy your site to IIS on your workstation (if your friends observe workstation via IP) or use Internet Asp.net Hosting
The development server can only be accessed by clients on the local box. You'll need to host your site on IIS to let them access it (assuming they're on your local network.) If you need to expose this on the internet, you'll have to get a hosting company to do that.
You are probably using the built-in webserver called cassini. By default, that webserver does only accept request from the localhost.
Set up a local IIS, and forward all necessary ports through the firewall
You should find a reliable and already configured webhost and host your site there. The first hit on google for "free asp.net host" was here.