IIS Express defaulting to port 44300 for HTTPS when enabling SSL
Solution 1
This question has been answered by Divya over on the IIS forums.
Once you enable SSL for a website in WebMatrix, it defaults to port 44300 and does all the bindings in the background. I am hoping that you tried to change this port to 443 in the config file. Once that is done and saved, you also need to modify the binding in http.sys. You would need to delete the existing entry for port 44300 and add the entry for port 443. To do this, you could use httpcfg (WinXp/Win2003) or 'netsh http' (WinVista/Win2K8/Win7). Here are the commands for netsh:
1) Get the appid and certhash for the existing entry of 44300 (I assume, you are going to use the same certificate which WebMatrix installs by default. If you want to change the certificate as well, get the certificate hash of the certificate from the certificate store):
netsh http show sslcert
. In the output search for entry for port 44300 and copy certhash and appID.2) Delete the entry for 44300:
netsh http delete sslcert ipport=0.0.0.0:44300
3) Add a new entry for port 443 with certhash and appID copied in step 1.
netsh http add sslcert ipport=0.0.0.0:443 certhash=<certhash> appid=<appid>
After configuring the entry in http.sys, you need to restart http service for the changes to take effect.
net stop http
net start http
As noted by others, there are several nice ways of getting your SSL certs.
netsh http show sslcert > output.txt
or (my preferred method):
netsh http show sslcert | clip
Solution 2
Since I have spent much time on this topic , I would like to share my finding. I am reposting segment from my other post minus the code. Some background and explanation:
==========================================
After researching aroud, I was able to solve this issue with IIS Express and an override of the Controller class's OnAuthorization
method (Ref#1). I have also gone with the route recommended by Hanselman (Ref#2). However, I was not complete satisfied with these two solutions due to two reasons:
- Ref#1's
OnAuthorization
only works at the action level, not at the controller class level - Ref#2 requires a lot of setup (Win7 SDK for
makecert
),netsh
commands, and, in order to use port 80 and port 443, I need to launch VS2010 as administrator, which I frown upon.
So, I came up with this solution that is quite simplistic with the following conditions:
I want to be able to use the
RequireHttps
attribute at Controller class or action levelI want MVC to use HTTPS when the
RequireHttps
attribute is present, and use HTTP if it is absentI do not want to have to run Visual Studio as administrator
I want to be able to use any HTTP and HTTPS ports that are assigned by IIS Express
I can reuse the self-signed SSL cert of IIS Express, and I do not care if I see the invalid SSL Prompt
=========================================
You can find my solution/code here ==> ASP.NET MVC RequireHttps in Production Only
Solution 3
The port 44300 is sequential: 00 mean that its the first application you have configured as SSL enabled; 01 will be the second one and so on.
Since I also require my website to only work in HTTPS by adding the [RequireHttps]
global attribute, I had some trouble debugging. When launched, it was automatically redirecting to https://localhost/
To fix this problem when debugging a web site, I simply create a new RequireHttpsAttribute
that specify the port
#if DEBUG
public class RequireHttpsAttribute : System.Web.Mvc.RequireHttpsAttribute
{
protected override void HandleNonHttpsRequest(System.Web.Mvc.AuthorizationContext filterContext)
{
base.HandleNonHttpsRequest(filterContext);
var result = (RedirectResult)filterContext.Result;
var uri = new UriBuilder(result.Url);
uri.Port = 44301;
filterContext.Result = new RedirectResult(uri.ToString());
}
}
#endif
Use this class when debugging only. When deployed to IIS7, you should use Url rewriting to redirect to HTTPS.
Dan Atkinson
Contact me: Twitter (DMs open) CV at Careers Overflow Profile at LinkedIn I am a developer working in ASP.NET MVC from the early CTPs through to ASP.NET Core. I work in both VB.NET and C#, but also write a lot of scripts in Powershell which I have become increasingly enamoured by due to some of the language features introduced in later versions. I originally started professional software development using ASP.NET (webforms). I then switched jobs and worked almost exclusively in ColdFusion. It gave me the chance to get to know MVC a lot more through the Mach-II framework - an implementation of MVC for Coldfusion. When ASP.NET MVC came out, convinced our employers to migrate due to a wider availability of software engineers (it was incredibly difficult to get good ColdFusion developers!). When it came to picking up ASP.NET MVC, I felt I had a much stronger advantage than if I had continued using 'classic' ASP.NET webforms. I answered more questions in the first two months on here, than I did in five years at Experts Exchange, and I enjoy the fact that stackoverflow is more community based. Initially spurred on by the challenge of "doing better than Jonathon Bolster", I found that helping out is extremely enjoyable and helping people of all technical skill levels is great fun. You can request proof of my identity using my Keybase proof.
Updated on May 14, 2020Comments
-
Dan Atkinson almost 4 years
When you initially set up IIS Express to enable SSL, it defaults the port to 44300. Unfortunately, when I try to access my site in on
https://localhost/
it doesn't work unless I use the port number 44300 -https://localhost:44300/
.The links are generated using the following:
<%= Html.ActionLink("Index", "Index", "Home", new { @action = "https://" + Request.Hostname + Url.Action("Index", "Home") }) %>
Although an ugly solution, the
@action
keyword can override the generated route, but it means that the application would seemingly need to be aware of any non-standard ports (eg 44300).The problem with that is that I'd be writing something to solve a problem that would only occur in a development environment.
So my question is... How do I change the port to 443 and have IIS Express like it?
Config for my site is below:
<site name="MySite" id="2" serverAutoStart="true"> <application path="/"> <virtualDirectory path="/" physicalPath="C:\Inetpub\MySite" /> </application> <bindings> <binding protocol="http" bindingInformation=":80:" /> <binding protocol="https" bindingInformation=":44300:" /> </bindings> </site>
Many thanks in advance.
Update:
This question has been answered by Divya over on the IIS forums.
-
Dan Atkinson almost 12 yearsIt's this very thing that I wanted to avoid - having code that tries to handle this situation. In the end, I moved to Windows 7 and IIS 7, effectively removing my need for this hack.
-
Pierre-Alain Vigeant almost 12 yearsSure, when deploying, you rely on proved and trusted method already provided by IIS, but when debugging, it is useful.
-
Dan Atkinson almost 12 yearsAbsolutely. I would possibly add debug regions into the code in order to avoid non-production code being released.
-
Pierre-Alain Vigeant over 11 yearsI'm adding the #if DEBUG to put an emphasis on the debug-only part
-
springy76 over 11 yearsThis idea can't be used for team development or development on different machines: The used port is not persisted in solution- or project- config files, only inside local IIS-Express installation.
-
Pierre-Alain Vigeant over 11 years@springy76 are you sure, because I can clearly see
<IISExpressSSLPort>44301</IISExpressSSLPort>
in my project file? -
springy76 over 11 years@Pierre-AlainVigeant yes, absolutely sure since I'm using version control and there were no changes in .sln or .csproj files -- not even the .csproj.user file has been changed. I can close VS and restart und the SSL settings are still the same --just no indication of port 44300 although it's working well and definitely using IIS-Express.
-
rymo about 11 yearson my Win7 machine,
netsh http show sslcert
returned over 100 entries and 44300 was at the top. so use commandsnetsh http show sslcert | more
ornetsh http show sslcert > output.txt
to make things easier on yourself. -
Alpha over 10 years@rymo As a side approach, you may use
netsh http show sslcert ipport=0.0.0.0:44300
which will filter down to that specific one. -
Mariusz Pawelski about 9 yearsor another solution:
netsh http show sslcert | clip
to copy the result to clipboard then paste it in your text editor and search there -
Danniel Little over 7 yearsIf you get 'the parameter is incorrect' in this step 3) in Dan's this post, try netsh http add sslcert ipport=0.0.0.0:44300 appid={appid} certhash=<certhash> see stackoverflow.com/questions/779228/…