I am following http://msdn.microsoft.com/en-us/library/ff649647.aspx#Step13 to add Username Authentication in WCF. At the step that I have to create a temporary certificate for SSL, I have the following questions:
The server that the WCF will be deployed on its IIS does not have Visual Studio, therefore I am not sure what I'm supposed to do for the part in link http://msdn.microsoft.com/en-us/library/ff648498.aspx that Step 3: Create and Install Your Temporary Service Certificate by using Visual Studio command prompt.
Also I am using IIS 8, and the steps in Step 13: Configure Security Settings in IIS does not follow smoothly as described in the step by step. If anybody has some experience to configure the Web site in IIS to use Secure Sockets Layer (SSL) encryption and anonymous security, I'd appreciate some pointers.
Ad1)
You can download makecert and put it on the target machine (its just a simple tool no need for full VS) or you can run the command on the different machine it will create and install certificates in the LocalMachine/My store. Then you can export this certificate using mmc tool with certifacate addin and install it on the target machine in the same place (again using mmc). When you are exporting it make sure you have the "include private key" checkbox checked.
Ad2) I dont have access to IIS8 atm but the description on the msdn sounds OK. The only tip i can think of is to make sure you have a port open for HTTPS communication. Its done using httpcfg tool
http://msdn.microsoft.com/pl-pl/library/ms733768(v=vs.110).aspx
Related
I need to install a cert to allow a browser to talk to localhost via our app. The .pfx file created for this purpose works great when imported with the Windows 10 MMC tool. But that's a lot of steps to make our users do manually.
By following the steps in this answer (Install a pfx certificate in a users store in Windows using WiX), I can build an MSI and it runs on the target machine without errors.
However, the cert does not exist in the usual "Certificates - Local Computer" MMC tool, nor can the cert be bound to the app with netsh. After a bit of searching, it turns out the cert is installed "somewhere in IIS", and is only visible in the IIS tool (?!).
Using openssl, I converted the .pfx to a .pem file. When running the MSI, this DOES seem to install the cert to the proper place (?!). However, the cert is missing the private key, so it also can't be bound with netsh ('SSL Certificate add failed, Error 1312').
What on earth is going on, and how can I make Wix install the certificate properly?
Well, I guess I figured it out. I tried running the MSI on a virgin Windows 10 installation, and the .pfx file installed correctly and can be bound ok.
So, my guess is that "something" is checking the local computer to see if IIS is installed, and makes the decision to install the cert in a place that only IIS can see or use it. There's probably a lot more going on behind the scenes, but that's the gist of it.
In summary, use a .pfx file to get the private key, and remember that the installation will only work on computers without IIS installed.
I am hoping someone can shed some light on this situation. I have a WEB API that I am running in IIS Express. I was using it with SSL enabled. I have a console application that calls it like so:
https://localhost:12345/api/Controller/Method/arg
This was working great up until today. All of a sudden the client throws an exception when trying to connect stating:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
I have gone through and made sure that the IIS Express Development Certificate is in place under personal certificates. I have also done a repair on IIS Express. I also do not get this problem if I put the URL into Internet Explorer. I have no problem connecting to the WEB API when I go over normal HTTP. What would make this seemingly start happening for no reason?
Misha Beskin's answer to this question resolved it for me. Still no idea what caused it to get messed up in the first place.
After spending a lot of time for me the solution was pretty simple
I just opened the Certmgr.msc ---> deleted the localhost certificate from the Trusted Root certification authorities.
Then opened my solution (after I had run the identity sever) clicked run the visual studio asked fro me if I want generate new certificate to iis express (ssl), I had clicked yes and then it started to work properly:)
I'm running Windows 7 (x64) with VS 2010 SP1 and the Windows Azure SDK 1.5. I'd like to be able to debug a web application on an iPhone connected to the same network to shorten debug cycles.
IIS is running on this machine and can see that a temporary site is being created when I debug the Azure project. Is there a way to add an additional binding to the IIS site so that I can connect from the the iPhone when the debug is started? I can manually add a binding once the debugger starts up but this is lost when I stop debugging.
This is a very old thread, but I came across it trying to do the same thing- after more searching I found this: and it worked great for me (Using Passport to pass the traffic)
http://blog.sacaluta.com/2012/03/windows-azure-dev-fabric-access-it.html
you can use port forwarding to do that.
netsh interface portproxy add v4tov4 listenport=800 connectaddress=127.255.0.0 connectport=82 protocol=tcp
More info here: http://fabriccontroller.net/blog/posts/remotely-accessing-the-windows-azure-compute-emulator/
I have managed to find a solution that kind of works.
I went to IIS manager and created a new website that points to the folder were I'm developing, on the port 8000.
Now I can access it through http://ip-of-server:8000, and also debug the application.
Hope it works for you also.
I have discovery this solution http://blog.piyushthacker.com/?p=24
Works fine for me :)
In newer version (1.3 and higher) you may need to change file IISConfigurator.exe.config file like in this solution http://blog.syntaxc4.net/post/2011/01/06/changing-the-windows-azure-compute-emulator-ip-address.aspx
I use Fiddler to create a proxy server (tick options Act as system proxy on startup, Monitor all connections and Allow remote computers to connect), configure the remote browser to use the proxy server, and access my Azure website via http://ipv4.fiddler:81/ Technique from here.
There is a solution for this,
Look at This SO Answer,
which is based on this post
I'm currently developping a website with Visual Studio 2010 and IIS Express 7.5 on Windows 7 x64 in a VirtualBox VM.
I have followed this article and made it works like a charm.
Working with SSL at Development Time is easier with IISExpress
The problem comes when I shut down my machine and start it back the next day. It doesn't work anymore, I have to redo the whole opertations in order to make it work.
Does anyone has an idea why everything is screwed up each time I restart my machine?
Thanks in advance.
I've had this exact problem with full blown IIS 7.5 and Server 2008.
My particular problem came about when moving the server authentication certificate (and associated private key) around (through dragging) in the MMC Certificate Manager.
There's a step in the tutorial you linked to where they ask you to "drag" the certificate from Personal to Trusted Root Certificates. I'd suggest deleting that certificate from the Certificate Manager and importing it directly into the Trusted Root Certificates.
I had the same problem with a Code-signing private certificate, after reboot it was gone.
I found this on ServerFault:
Right-click the certificate in MMC console ->All Tasks-> Manage Private Keys.
Add the needed users to access Now, Reboot the system and try it will work.
enter image description here
Try editing the app.config as an administrator.
The other thing is you VM's hard drive might be writing changes to a read only delta which get's dropped when you restart, hence nothing is saved
Thias was the solution for me:
http://blogs.msdn.com/b/asiatech/archive/2013/03/25/case-study-ssl-does-not-work-in-iis-7-5-after-server-reboots.aspx
Delete the certificate from the computer store and import it again. Dont drag and drop it from the user store.
I've been trying to connect my Azure VM role to my domain and was following the steps provided by the Windows Connect Azure team blog as shown here: . However, I hit a snag when I was asked to click on the certificates Tab and create a certificate. Wonder of wonders, there is no Certificates tab that appears on the properties of the VM role properties page. All I see are the following tabs: Virtal Hard Disk, Configuration, Settings, Endpoints and Virtual Network. Any clue as to wjhat I might be doing wrong? I will appreciate any help greatly.
I'm guessing the tutorial you are following is for a web or worker roles?
If you're creating a Virtual Machine role, then I don't think you can specify the certificates to install. If you want to pre-install certificates, then you can do this yourself within the VM image?