I've created a self hosted Nancy/SignalR application self-hosted in OWIN using Microsoft.Owin.Host.HttpListener and Microsoft.Owin.Hosting
Things work perfectly fine locally but as soon as I try to use anything but localhost to access the app I get a HTTP Error 503. The service is unavailable error. I can't even access the app using 127.0.0.1 or the machine name.
I've tried adding the port to urlacl using
http add urlacl http://*:8989/ user=EVERYONE but doesn't seem to do anything.
here are the OWIN start options that I've tried,
var options = new StartOptions
{
Url = "127.0.0.1",
App = GetType().AssemblyQualifiedName,
Port = _configFileProvider.Port
};
var options = new StartOptions
{
App = GetType().AssemblyQualifiedName,
Port = _configFileProvider.Port
};
Here is the source code for the file that starts and stops the server.
so it turns out you need to pass in a url into StartOptions in the same format as the urlacl.
Changing the start options to the code below fixed the problem. now the app is accessible across the network.
var options = new StartOptions("http://*:8989")
{
ServerFactory = "Microsoft.Owin.Host.HttpListener"
};
I spend many hours solving similar issue on Windows 8.1.
StartOptions options = new StartOptions();
options.Urls.Add("http://localhost:9000");
options.Urls.Add("http://127.0.0.1:9000");
options.Urls.Add("http://192.168.0.102:9000");
options.Urls.Add(string.Format("http://{0}:9000", Environment.MachineName));
WebApp.Start<Startup>(options);
I could not listen or was getting 503 error...
If you want to listen on several IP addresses, each address needs its own urlacl record:
Does NOT work:
netsh http>add urlacl http://+:9000/ user=EveryOne
OK:
netsh http>add urlacl http://localhost:9000/ user=EveryOne
netsh http>add urlacl http://127.0.0.1:9000/ user=EveryOne
etc.
After adding reservation for each address individually, everything works fine.
Thanks to the info that #kay.one provided I was able to access my self-hosted Web API 2.2 (OWIN/Katana, console app) from the same machine via IP address. However just consolidate it into a simple step-by-step:
In Main of Program.cs (for console app): WebApp.Start<Startup>("http://*:8080");
From Windows Command Prompt (run as Administrator) enter netsh http add urlacl http://*:8080/ user=EVERYONE
Go to Windows Firewall with Advanced Security and add an Inbound Rule that opens up TCP port 8080
You should then be able to access from another machine using IP address or computer name.
Disclaimer: I'm not a security expert so I don't know the security implications of doing this.
Related
I have a client-server application that works using a https connection with a self signed certificate and a Nancy Selfhost server.
After installing the application i run the following scripts to prepeare the server.
Add SSL Certificate to store
Check witch ip:ports are configured with netsh http show sslcert
Remove all registrations with port number 4443 (only if they are found with previous step):
netsh http del sslcert ipport=0.0.0.0:4443
netsh http del sslcert ipport=[::]:4443
netsh http del urlacl url=https://+:4443/
And then add url reservation with: netsh http add urlacl url=https://+:4443/ user=everyone
Add SSL Certicates with:
netsh http add sslcert ipport=0.0.0.0:4443 certhash=XXX appid={XXX}
netsh http add sslcert ipport=[::]:4443 certhash=XXX appid={XXX}
Then I start the server. The code for starting the self host server is:
public void Start(string baseUrl) {
string url = baseUrl;
Uri uri = new Uri(url);
var uris = new[]
{
new Uri($"{uri.Scheme}://localhost:{uri.Port}"),
};
server = new NancyHost(new CustomBootstrapper(url, Api1, Api2, applicationConfiguration), uris);
server.Start();
}
In this code is the baseURL the Hostname of the machine.
The client server connection works in most cases, but one situation it doesn't. This is when i try to run the the server on a specific computer. It has the following differences from other servers:
Windows 8
Pinging the hostname of this returns a IPv6 adress.
When starting the client application, it gives the following error:
The underlying connection was closed: Could not establsh trust relationship for the ssl/tls secure channel
Now i'm stuck, because I am not sure why it would not work.
Apparently I had some old certification registrations and url reservations still active. After clearing them all, the issue was resolved.
How do you make a Web API self host bind on all network interfaces?
I have the below code currently. Unfortunately, it binds only on localhost. So access to this server from other than localhost is failing.
var baseAddress = string.Format("http://localhost:9000/");
using (WebApp.Start<Startup> (baseAddress))
{
Console.WriteLine("Server started");
Thread.Sleep(1000000);
}
Just change the base address like this
var baseAddress = "http://*:9000/";
using (WebApp.Start<Startup> (baseAddress))
{
Console.WriteLine("Server started");
Thread.Sleep(1000000);
}
And it should bind correctlly to all interfaces.
If you get access exceptions, please DO NOT start Visual Studio as admin user. Add an URL reservation instead. The following example assumes that you want to open port 9000 as HTTP service on all ports & hostnames (http://+:9000/) without any user restriction.
Start a command console window as administrator and execute:
netsh
netsh> http add urlacl url="http://+:9000/" sddl=D:(A;;GX;;;S-1-1-0)
The SDDL translates to "all users" from your current domain / machine.
Modify your code accordingly:
var baseAddress = "http://+:9000/";
using (WebApp.Start<Startup> (baseAddress))
{
// your code here
}
You can delete the reservation by running:
netsh
netsh> http delete urlacl url="http://+:9000/"
However, Microsoft recommends to avoid Top-level wildcard bindings, see:
https://learn.microsoft.com/en-us/windows/win32/http/add-urlacl
For more information about the difference between http://*:9000/ and http://+:9000/ see:
What does a plus sign mean in a http url? -> http://+:80
I have a window service using self-hosted WebAPI.
HttpSelfHostConfiguration.HostNameComparisonMode set HostNameComparisonMode.Exact for hostname strong match.
var config = new HttpSelfHostConfiguration(uri);
config.HttpSelfHostConfiguration = System.ServiceModel.HostNameComparisonMode.Exact;
this._server = new HttpSelfHostServer(config);
_server.OpenAsync().Wait();
And URL reservation for the specified URL namespace for the domain.
netsh http add urlacl url=https://+:443/ user=EVERYONE
To bind an SSL certificate to a port number.
netsh http add sslcert ipport=0.0.0.0:443 certhash=xxxxxxxxxxx appid={xxxxxxxxx}
But Result appear HTTP 503 error.
I don't know state.
I had a similar problem. Problem in my case was duplicate urlacl for my URL.
netsh http show urlacl
...
http://+:80/api
http://127.0.0.1:80/api (or any IP)
Remove any possible duplicate urlacl for your program.
I can use HttpListener to listen for requests coming from the same computer, but I have not figured out how to make it listen to outside requests.
My prefix is:
"http://192.168.103.82:5000/"
I have also tried:
"http://*:5000/"
I can type my local network IP into the browser and get a response. However if I do the same thing from a different computer on the same network, no such luck.
Is there some extra configuration that I need to do? Is this an OS specific problem? I am running Windows 7 Home.
You need to allow port 5000 through Windows Firewall.
From the command: netsh http add urlacl
The following commands are available:
Commands in this context: add cacheparam - Adds HTTP service cache
parameter add iplisten - Adds an IP address to the IP listen list.
add sslcert - Adds a SSL server certificate binding for an IP
address and port. add timeout - Adds a global timeout to the
service. add urlacl - Adds an URL reservation entry. PS
C:\Users\dwalker> netsh http add urlacl ?
Usage: add urlacl [url=]
[ [user=]
[ [listen=]yes|no [delegate=]yes|no ]
|
[sddl=]
]
Parameters:
Tag Value
url - The fully qualified URL
user - The user or user-group name
listen - One of the following values:
yes: Allow the user to register URLs. This is the Default value.
no: Deny the user from registering URLs
delegate - One of the following values:
yes: Allow the user to delegate URLs
no: Deny the user from delegating URLs. This is the default value.
sddl - SDDL string that describes the DACL
Remarks: This command reserves the URL for non-administrator users and
accounts. The DACL can be specified by using an NT account name
with the listen and delegate parameters or by using an SDDL string.
Example:
add urlacl url=http://+:80/MyUri user=DOMAIN\user
add urlacl url=http://www.contoso.com:80/MyUri user=DOMAIN\user listen=yes
add urlacl url=http://www.contoso.com:80/MyUri user=DOMAIN\user delegate=no
add urlacl url=http://+:80/MyUri sddl=...
example: netsh http add urlacl user=Everyone url="http://192.168.103.82:5000/"
I'm trying to use C# and HttpListener with a prefix of anything other than localhost and it fails (i.e. if I give it server1, i.e.
http://localhost:1234 works, but
http://server1:1234 fails
The code is...
HttpListener listener = new HttpListener();
String prefix = #"http://server1:1234";
listener.Prefixes.Add(prefix);
listener.Start();
The failure occurs on listener.Start() with an exception of Access is denied..
I had the same issue once and i solved it by adding an URL reservation for the specified URL namespace for a user/users to the Network Shell (netsh). Here's an example on how to reserv an URL for every user, run this in the command prompt as an administrator:
netsh http add urlacl url=http://server1:1234/ user=Everyone
Here's an example on how reserv an URL for one user, run this in the command prompt as an administrator:
netsh http add urlacl url=http://server1:1234/ user=Steve
In this way you don't need to run the application as an administrator
Is your app running with elevated privilege?
Normal accounts cannot hook the Http pipeline without first making a reservation.
http://msdn.microsoft.com/en-us/library/Aa364673
It can be done programatically at install time. Let me know if this is of interest, and I'll dig out some code.
EDIT:
Actually, as I can't identify where the code came from at the moment, I can't post it here. There's a codeplex project for doing this kind of thing which is definitely worth picking apart.
/EDIT
Here's a way make the reservation on the command line:
http://www.casadehambone.com/HowToAddAURLACLAndAvoidAddressAccessDeniedExceptionInWindowsVista.aspx