Enabling SSL in asp.net 4.0 and IIS 7.5 - asp.net

I have created an asp.net 4.0 project. I want to enable SSL for it. Do I need to map this web project to new website in IIS. When I try to create a new website, I get:
The binding '*:80:' is assigned to another site. If you assign the same binding to this site, you will only be able to start one of the sites. Are you sure that you want to add this duplicate binding?
I am trying to follow the following posts:
http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
http://mscrm4humans.wordpress.com/2010/06/24/enabling-ssl-on-iis-7-0-using-self-signed-certificates/
my IIS is 7.5.7600....
I am totally new to SSL in asp.net. Please suggest solution to this issue.

Whilst it is possible to configure host headers to do what you're after, the easy way is to configure your new site with a different IP address.
Add the new IP address to the server, then setup your binding for the new site to the new IP address on port 80 and 443. Set the app pool to run using .NET 4, then for a nice touch you could add a URLRewrite rule to push all non-SSL traffic to HTTPS by sticking this in your web.config:
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
Or if you wanted to force SSL then just tick the Force SSL option in IIS for the site.

It sounds like you already have a site setup on port 80. Your IIS probably has a Default Web Site setup. If you're not using that site, you can delete it before you follow the steps in Scott Guthrie's blog post and that should clear up the issue.
If you are using the Default Web Site, change your new site's port to 81 when you create it. You can change the port in the screen shown by the second image in Scott Guthrie's blog post.
If you want to prevent any non-ssl traffic from reaching your new site, you should delete the binding on port 80 (or 81) after you've finished setting everything up.

To use SSL you must:
Have a separate website in IIS
This website must have a separate IP address which will be bound on port 443
You cannot use host headers to host separate websites in IIS and use SSL.
Check this article for more help:
http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/

Related

How to make a website work only with https [duplicate]

This question already has answers here:
How to force HTTPS using a web.config file
(10 answers)
Closed 7 years ago.
How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https?
For example let me say http://www.mywebsite.com, this should work only with https://www.mywebsite.com, if it's http the website should not be accessible .
Is it possible to make a website work only with https? Is it possible to restrict a website /make a website inaccessible if the website was http?
Sure, assuming you are using IIS to host your site, open IIS Manager and select your web site and then binding on the right:
make sure you only have a binding for https not for http.
This way IIS will only send https traffic to that web site.
Edit: What is the difference between Andre's answer Require SSL and mine?
using Require SSL, when users requesting http:// they will get a:
403 - Forbidden: Access is denied.
When using only an https binding, no connection is made at all and the user eventually gets:
ERR_CONNECTION_TIMED_OUT
It's up to you which option you prefer.
I usually have a catch-all site on all servers that respond to any requests not picked up by real sites and just displays a basic 404 page.
The third option is to actually allow http:// but then redirect to https:// as mentioned in the comments. For that solution you have to install the URL rewrite module and add a redirect rule.
My single binding option is the leanest, but it all depends on how you want you site to handle http:// requests.
Create Rule in your web.config which will force to open in https only as shown below
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
For IIS? Start the IIS Manager, click on your site and double click "SSL Settings" and check "Require SSL".
What I have done using Apache: add redirect from http to https

"This webpage is not available" from localhost after SSL removed

When I attempt to debug my ASP.NET MVC 5 project I am getting the IIS error "This webpage is not available". Here is the sequence of events that led to this:
The project was originally using SSL and IIS Express and working fine.
I wanted to use Fiddler and saw that Fiddler doesn't (easily) monitor https traffic, so went into the project properties (F4) tab and changed it back to use http.
This is when I started seeing the error "The page can't be displayed". I noticed that even though my ProjectUrl and Start URL in the project properties window was http://localhost:57505, when I debugged, the URL would change to https.
A complication (sorry, I don't remember what it was) prompted me to use Local IIS (IIS 7.5) instead of IIS Express.
I restarted IIS and I decided to get rid of the SSL certificate in IIS but that didn't help.
Because nothing worked I changed the project back to use SSL. Now I am seeing "This webpage is not available" when I debug.
I have rebooted and recycled frequently
I'm not sure what to do next because my project is unusable right now. Any help appreciated.
Did you happen to had an entry in web.config that force a redirection to the HTTPS site?
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="^account/logon$|^account/register$" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Note that redirectType="Permanent", it will return Permanent Redirect(301) to your browser. This will be cached permanently on your browser so you couldn't access the normal HTTP site even if you've removed this redirection. You will need to manually clear your browser caches to fix it.
If it happens with other projects as well then try to disable windows firewall or any other firewalls on the system and hopefully it should work.
Also try to run the website without fiddler and see if it works.
I had similar problem and it was the firewall causing it.
With HTTPS, you can only have one "web site" per ip_address:port. So https://localhost, https://example.com, it's all the same (modulo certificate errors.)
HTTP, however, allows multiple web sites per ip_address:port pair, via the "HOST" header in the HTTP 1.1 spec. IIS needs to know what site you want, and it defaults to binding the web site to the machine's hostname. (That is probably what is getting you.)
If you just want all requests that resolve to your host (like "localhost") to hit the same web site, edit the site bindings in inetmgr and set "Host Name" to empty string or *.

Azure Website 301 Redirect - Where Do I Put It?

I want to direct some of my other domains to my primary domain which is hosted at a Windows Azure website.
(For the sake of those that find working with CNAME's and DNS a little "foggy" (like I did) I'm going to layout the details.)
I have the domain www.myDomain.example correctly resolving.
I now want to point www.myOtherDomain.example to www.myDomain.example
At my registrar I have created a CNAME to point
www.myOtherDomain.example to myInternalAzureSite.azurewebsite.net
and then successfully configured it in the in the Azure Website domain manager tool.
Now, when I enter www.myOtherDomain.example into a browser I get the proper web page at www.myDomain.example, however, the address in the browser is still www.myOtherDomain.example not www.myDomain.example as desired.
I understand the two most desirable ways to accomplish this are either:
Forward myOtherDomain.example (which costs $ at some registrars)
Do a 301 permanent redirect
If I have all that correct, I have found many suggestions of HOW to do the 301 redirect, however, I can't seem to figure out WHERE to actually put the redirect?
Windows Azure Websites run IIS. You can use URL rewriting to create rules to rewrite one URL to another.
Instructions:
Create a website in Windows Azure.
In the Scale section, select a web site mode of Shared or Standard and save changes.
In the Configure section, on the domain names group, add the old domain name (or names) and the new domain name and save changes.
In your domain registrar or DNS provider for the old domain and the new domain, change the DNS records to point to the new Windows Azure Website. Use a "CNAME (Alias)" record and point it to the website's domain on Windows Azure, like this: "mywebsite.azurewebsites.net."
Upload your new website's contents to Windows Azure.
In the root of the new website, create a file named Web.config with a contents like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect old-domain to new-domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.old-domain.example$" />
</conditions>
<action type="Redirect" url="http://www.new-domain.example/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Verify that any request to http://www.old-domain.example/path?query will receive a "301 Moved Permanently" response with a Location header for http://www.new-domain.example/path?query.
For documentation refer to Using the URL Rewrite Module.
For examples refer to Redirect to new domain after rebranding with IIS URL Rewrite Module and IIS URL Rewrite – Redirect multiple domain names to one.
There's no need to upload web.config file as there is one that you can access through the Azure interface.
Open the settings pane for your App Service and click App Service Editor (Preview) in the Development Tools section towards the bottom of the left hand menu.
Click Go to open the Editor in a new tab. You will see the web.config file on the left. Click it to edit in the main pane.
One word of warning - this editor autosaves as you type! I'm sure we'd all do this anyway but I'd recommend preparing your code in an editor and pasting it in.
I was able to add a section without having to manually restart the App Service.
You can also do the redirect by placing this code in your web.config file under the configuration node:
<configuration>
<location path="oldpage1.php">
<system.webServer>
<httpRedirect enabled="true" destination="http://example.com/newpage1" httpResponseStatus="Permanent" />
</system.webServer>
</location>
<location path="oldpage2.php">
<system.webServer>
<httpRedirect enabled="true" destination="http://example.com/newpage2" httpResponseStatus="Permanent" />
</system.webServer>
</location>
</configuration>
I've taken a simpler approach and just added the extra required domains to the Azure App Service via the Custom Domains menu - per the screenshot below. No need to touch the main websites web.config file at all. No need for any explicit 301 redirect. In Custom Domains page, just assign the domains, add the SSL bindings by uploading your HTTPS certificates - hit the site!

Run two web sites on same port on IIS 7.5?

We need to be able to run two versions of one ASP.net web application on the same intranet server and port number, but with one mapped to / and the other mapped to /experimental (not real names, but close enough).
C:\inetpub\wwwroot\Version1 => http://test1.organization.com/
C:\inetpub\wwwroot\Version2 => http://test1.organization.com/experimental
The first URL has already been exposed to some beta users and therefore needs to be kept somewhat stable. The second will contain experimental code that only users going to /experimental will see. We don't have the option of using a different server or a different port.
I've achieved this in the past by having / mapped to a site under Sites in IIS, then adding the second site as an application underneath it, and aliasing it to /site2.
Server
Sites
Default Web Site <= physical path mapped to first version and /
/ Application1 <= nested application mapped to second version and /experimental
However, this seems sloppy. Would it be cleaner to do this with a rewrite rule or with ARR? If so, how?
A combination of ARR and rewrite rules will solve this nicely. Here are the steps to follow:
Download and install ARR http://www.iis.net/download/ApplicationRequestRouting
In IIS Manager, select your machine in the Connections pane, double-click the Application Request Routing feature in the IIS section, click on the "Server Proxy" link in the Actions pane, then check the "Enable proxy" checkbox and choos the Apply action.
Change the bindings of your two existing websites, for instance, bind the Released website to port 81, and the Experimental website to port 82.
Create a new website and app pool, and bind it to http:*:80:. Name it "Default Web Site". Point its physical path to "%SystemDrive%\inetpub\DefaultWebSite"
Create a web.config file for the "Default" website, and write your routing rules there:
<rules>
<rule name="Reverse Proxy for Experimental" stopProcessing="true">
<match url="^.*/experimental/.*" />
<action type="Rewrite" url="http://{HTTP_HOST}:82/{R:0}" />
</rule>
<rule name="Reverse Proxy for Release" stopProcessing="true">
<match url=".*" />
<action type="Rewrite" url="http://{HTTP_HOST}:81/{R:0}" />
</rule>
</rules>
You may have to fiddle somewhat with your rewrite rules, you can experiment using the URL Rewrite Module applet on IIS, and read more about it here: http://learn.iis.net/page.aspx/500/testing-rewrite-rule-patterns/ For further help be sure and browse Ruslan Yakushev's blog: http://ruslany.net/
This will give you three completely separate websites, accessibly through a single facade on port 80 (though of course you can hit each website directly on port 81 and 82 if you need to: http://localhost:81/default.aspx, for example).
Can you run one of the sites at a different subdomain, say test1.organization.com and beta1.organization.com? If so then you can set them both up as top-level websites in IIS and set the Host Name on each Site Binding so they can both run on the same IP address and port.

Windows Azure: How to 301 non-www url to www for a domain

I recently deployed an Windows Azure application and configured DNS of my domain through DreamHost portal. Now my site is accessible through http://www.coziie.com, but not through non-www address.
I read in one of the articles that I should add an A record in DNS settings and point to virutal IP of Windows Azure. How do I get virutal IP of my Windows Azure deployment?
Or is there any better way to 301 redirect all non-www urls to www?
RESOLVED: I was able to solve this problem by simple configuring a website redirect settings in DreamHost DNS settings. A simple 301 redirect of http://coziie.com to www.coziie.com sorted out the issue.
You are talking about two separate issues here.
The first is to setup a DNS record so that your un-canonised url works. The second is to redirect the url if the site is accessed by it.
update I have removed the previous advice for CNAME from here as I didn't realise before that you cannot set the root domain to a CNAME record. It seems that with the ip restrictions of Azure you will have to point the root domain record at non-azure, asp.net hosting and then put a 301 redirect (such as the one further down my reply) to forward it on to the Azure domain (www domain).
When you have http://coziie.com/ pointing at your site and serving the page its then time to fix this because Google can get confused, think its two different sites and then dilute your page rank between the two.
The trick is to set up a 301 redirect. I believe the url rewriting tool started out as an addon for IIS7 but is now included in it? You might have to do a quick search on that.
Anyway, this is how I do it on an IIS7 server with the official url rewrite extension installed (this goes in your web.config):
<system.webServer>
<rewrite>
<rules>
<clear/>
<rule name="WWW Rewrite" enabled="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\."/>
</conditions>
<action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
</system.webServer>
Intellisense will complain that its not a recognised element but thats just a cosmetic issue while you are editing the file.
The VIP address is easily obtained by either looking at the portal (read deployment details) or by simply pinging your .cloudapp.net address. You can set an A record, but you must be prepared to update that in case you delete your deployment. Once you delete a deployment, the VIP address will be returned to the pool and there is pretty much a guarantee that you will get a new VIP address on the next deploy.
You can maintain your VIP address by using the Upgrade feature as opposed to new deployments. There are some limitations to this, but it works for updates that do not change the Service Definition broadly speaking.
We used to say that the VIP address was not guaranteed even if you did an update, but MS has come back with stronger language about guarantees. See here.
CNAMES are only for subdomains, like sub.example.com or www.example.com, you can't register a CNAME for example.com in other words. If your domain provider supports it you could create a redirect from example.com to www.example.com and then create a CNAME record for www.example.com, the CNAME will match www.example.com against example.cloudapp.net. My domain provider has a web console where I can do this easily, perhaps yours have too?

Resources