I have a web app made in C# using asp.net core 2.0.
This app is hosted in IIS, as this is the recommended way to expose it to the internet.
I am now making some services hosted in the same local lan as the webapp, which need to connect to the above webappp. I can connect to the public iis server which of course works. However, would it also be possible to directly connect to the Kestrel server managed by IIS? So instead of connecting to public_ip/somewhere, connect to kestrel-local-ip:port/somewhere. The advantages would be:
avoid an extra hop
the kestrel app is still hosted and managed by IIS, so no worrying about self-hosting/management.
Reading the documentation here: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/aspnet-core-module?view=aspnetcore-2.1 it states: "Additional checks are performed, and requests that don't originate from the module are rejected.". Reading the Github repro, this seems to be an HTTP header called "MS-ASPNETCORE-TOKEN".
So is this scenario possible somehow? To connect directly to IIS but ALSO to kestrel directly?
If it is possible, should I do this? The performance gains seem immense as I have a lot of small requests which Kestrel can handle really well.
I have test this scenario。
when APP kestrel behind iis,
you can use netstat command get the kestrel process "port".
and then curl the "localhost:port" , you will get the 400 bad request, also you can get a error log indicate the MS-ASPNETCORE-TOKEN token .
you can curl the "localhost:port"again with the MS-ASPNETCORE-TOKEN request header.
Related
I have ASP.NET MVC website that runs on my local sever and I need to check mobile area.
So I decided to connect to it via Android Emulator (AVD)
As I read IIS server reject incoming requests from remote devices.
So from this thread I think I found solution
Post
I make all described on his github and get this
So as I understood it can receive external requests now.
And I tried to make request from AVD (192.168.2.106:3000)
And I get this
So as I understood it got path, but IIS still not receive external request.
Maybe someone faced this problem and can help me solve it?
I have an ASP.Net MVC application that I have added SignalR to. After following the "Getting Started" tutorial (with modifications of course since it's going in my application) I got it working on localhost. However once it's in the production environment, I get the following error:
WebSocket connection to 'ws://xxxxx/signalr/connect?transport=webSockets&clientProtocol=1.5&connectionToken=xxxxx' failed: Connection closed before receiving a handshake response.
I can access /signalr/hubs (I get a js file). Any ideas as to why this would happen?
This may be due to the fact that your web server doesn't support WebSockets (IIS 7.5, for instance. It may also be due to the fact that you are using a "proxy" server like ARR and it just cannot "route" WebSocket requests.
The first thing I would try to do is to disable WebSockets on SignalR, just as a debug tool. Here's how: SignalR - How do I disable WebSockets
If your problem persists, it's a general SignalR problem but at least you will have a more specific error. If the problem stops, now you know it is a server issue.
I am writing a FastCGI application interface library in C#/Mono, running on a plain-'ol Linux box (Vagrant and/or EC2), using Nginx as the web server. I am trying to make my implementation comply with the FastCGI 1.0 spec. As such I am prepared to receive a FCGI_GET_VALUES record, and respond with FCGI_GET_VALUES_RESULT. However, my experience is that Nginx FastCGI is not sending this. So, the questions I am trying to answer:
(1) OK, the web server's not required to send FCGI_GET_VALUES, it's optional. So, has it fallen out of use? Do other FastCGI server implementations still use this or not? Is there a way to configure Nginx FastCGI to enable it?
(2) Three defined config values go back to the web server in the FCGI_GET_VALUES_RESULT record: max concurrent transport connections the app will accept; max concurrent requests the app will accept; whether the app multiplexes connections. Lacking FCGI_GET_VALUES, what alternative methods, if any, exist to communicate or configure Nginx's FastCGI module with such settings?
1) I recently went on a search for an open source web server with support for FastCGI management messages. I skimmed the source code of several very quickly, including nginx. The only one that looked like it had code to send FCGI_GET_VALUES was OpenLiteSpeed. I didn't get round to testing it before giving up on FastCGI I'm afraid, and it didn't look like it actually paid any attention to the values it received.
2) I'll cover what I know about each parameter individually:
FCGI_MAX_CONNS: Don't think there's any way to directly specify this in nginx. Maybe you could do something with http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
OpenLiteSpeed has an option to limit the number of connections to a fastcgi server.
FCGI_MPXS_CONNS and FCGI_MAX_REQS: nginx doesn't support multiplexing FastCGI over a single connection. I couldn't find a web server that did.
For reference, I skimmed through the source code of these web servers, and none of them look like they send FCGI_GET_VALUES:
apache2 (mod_fastcgi, mod_fcgi, mod_proxy_fcgi), caudium, monkey, hiawatha, jetty, lighttpd, nginx, cherokee
Some of them did process FCGI_GET_VALUES_RESULT though.
I have an asp.net application working in https (SSL). This is working well in my local computer and Amazon AWS(production environment).
But when I host this application in office (for testing) some strange things happens.
I can see the https in browser and the lock sign.
Fiddler also showing that the output is encrypted and shows port 443.
But HttpContext.Current.Request.IsSecureConnection returns false
And HttpContext.Current.Request.Url.Scheme returns http.
In the office we are using Juniper SSG firewall and TMG 2010 (Forefront Threat Management Gateway 2010). So server receive request through Juniper and TMG 2010. Thanks in advance.
To reduce costs I suspect that the SSL certificate is installed on the TMG Gateway and that this gateway is simply rewriting the request to standard HTTP when passing it to the actual web server. So by the time the request hits IIS and your web application it is a standard plain HTTP request.
This tripped my up after deploying to Amazon's Elastic Beanstalk environment. I couldn't see any way to get the load-balancer to allow the SSL request straight through to the server. Instead it was always terminating the SSL at the load-balancer and passing plain http back to the server.
I found this documentation: Elastic Load Balancing Concepts - X-Forwarded Headers.
Essentially the load-balancer injects a number of additional HTTP Headers into each request before forwarding it to the back-end server. The most relevant one is X-Forwarded-Proto which tracks the protocol used to connect from the client's browser to the load-balancer. This can be checked like so:
var loadbalancerReceivedSSLRequest = string.Equals(Request.Headers["X-Forwarded-Proto"], "https");
var serverReceivedSSLRequest = Request.IsSecureConnection;
if (loadbalancerReceivedSSLRequest || serverReceivedSSLRequest)
{
// SSL in use.
}
else
{
// SSL not in use.
}
Well another way to check is to check the port
if(context.Request.Url.Port == 443)
Note: check which port is used for secure connections, usually it is 443
See duplicate: Customizing the cassini webserver
I have a web service hosted using Cassini web server. It works fine if I reference it by localhost, but when I use my machine's name (even using the browser locally), I get:
Server Error in '/' Application.
HTTP Error 403 - Forbidden.
Version Information: Cassini Web Server 1.0.40305.0
How can I configure it to accept all requests?
Cassini is specifically build to reject any outside connections. You could rebuild from sourcecode if you want it to accept outside connections.
Edit:
In reply to the below comment on what to edit in the sourcecode, you'd probably want to change the following in Server.cs on line 88:
_socket = CreateSocketBindAndListen(AddressFamily.InterNetwork,
IPAddress.Loopback, _port);
Into something like this:
_socket = CreateSocketBindAndListen(AddressFamily.InterNetwork,
IPAddress.Any, _port);
This will bind the listening socket to all available IP addresses on the system instead of only to the localhost address (127.0.0.1).
To update this answer, IIS Express is a new alternative that allows this.
http://weblogs.asp.net/scottgu/archive/2010/06/28/introducing-iis-express.aspx
To avoid anyone else having to go further, if you need a lightweight web server for production use, IIS-Express is not recommended (by themselves) for that purpose .