IIS Express——让 SSL 发挥作用 [英] IIS Express -- Getting SSL to Work

问题描述

我无法让 IIS Express 接受我正在开发的 VS2010 MVC3 项目的安全连接.我可以让它接受端口 80 上的不安全连接，但不接受端口 443 上的安全连接.

I am unable to get IIS Express to accept secure connections for a VS2010 MVC3 project that I'm developing. I can get it to accept unsecure connections on port 80, but not secure on port 443.

基于谷歌搜索，我采取了以下步骤:

I've taken the following steps, based on googling:

1) 通过在 VS2010 命令行上执行以下命令，找到我的 IIS Express 服务器自签名证书的 SHA1 指纹:

1) Located the SHA1 thumbprint for my IIS Express Server self-signed certificate via executing the following on a VS2010 commandline:

certmgr.exe /c /s /r localMachine MY

结果是 9B088F80 A4FC3141 28F62890 70BA1FC4 49FDD009.后来才知道用指纹的时候需要把空格删掉.

The result was 9B088F80 A4FC3141 28F62890 70BA1FC4 49FDD009. I learned later that I need to delete the spaces when using the thumbprint.

2) 通过在提升的命令行提示符下执行以下操作，删除链接到端口 443 的任何证书:

2) Deleted whatever certificate was linked to port 443 by executing the following on an elevated commandline prompt:

netsh http delete sslcert ipport=0.0.0.0:443

3) 通过在 VS2010 工具菜单中运行创建 GUID 生成新的 GUID.就我而言，我得到了B0421A5B-FF61-47CE-892D-11AA3A9C7D2A.

3) Generated a new GUID by running Create GUID off the VS2010 Tools menu. In my case I got B0421A5B-FF61-47CE-892D-11AA3A9C7D2A.

4) 通过在提升的命令行提示符下执行以下命令，将自签名证书安装到端口 443:

4) Installed the self-signed certificate to port 443 by executing the following on an elevated commandline prompt:

netsh http add sslcert ipport=0.0.0.0:443 certhash=9B088F80A4FC314128F6289070BA1FC449FDD009 appid={B0421A5B-FF61-47CE-892D-11AA3A9C7D2A}

5) 通过从提升的命令行提示符运行以下命令来修改 ACL:

5) Modified the ACL by running the following from an elevated commandline prompt:

netsh http add urlacl url=https://localhost:443/ user=everyone

6) 通过添加端口 443 和 https 协议的绑定，修改了 IIS Express 的 application.config 文件.该文件的站点部分最终看起来像这样:

6) Modified the application.config file for IIS Express by adding a binding for port 443 and the https protocol. The sites section for the file ended up looking like this:

        <sites>
        <site name="Development Web Site" id="1" serverAutoStart="true">
            <application path="/">
                <virtualDirectory path="/" physicalPath="%IIS_BIN%AppServerempty_wwwroot" />
            </application>
            <bindings>
                <binding protocol="https" bindingInformation="*:443:localhost" />
                <binding protocol="http" bindingInformation="*:80:localhost" />
            </bindings>
        </site>
        <siteDefaults>
            <logFile logFormat="W3C" directory="%IIS_USER_HOME%Logs" />
            <traceFailedRequestsLogging directory="%IIS_USER_HOME%TraceLogFiles" enabled="true" maxLogFileSizeKB="1024" />
        </siteDefaults>
        <applicationDefaults applicationPool="IISExpressAppPool" />
        <virtualDirectoryDefaults allowSubDirConfig="true" />
    </sites>

7) 通过在提升的命令行提示符下执行以下命令重新启动 http 服务:

7) Restarted the http service by executing the following at an elevated commandline prompt:

net stop http
net start http

8) 将我的 MVC 项目属性页面的 Web 选项卡上的项目 URL 更改为以下内容:

8) Changed the Project URL on the Web tab of my MVC project's Property page to the following:

http://localhost/

在我进行此更改后，保存项目属性页触发了服务器的重新配置.

Saving the project property page triggered a reconfiguration of the server after I made this change.

当我从 VS2010 中启动 MVC 应用程序时，它正确地关联回 http://localhost(在端口 80，默认值；我没有包括让 IIS Express 在端口 80 上使用不安全/正常连接的所有步骤，但它们本质上是步骤 5 到 7，但重点是 http 和端口 80，而不是 https 和端口 443).

When I launch the MVC app from within VS2010 it correctly ties back to http://localhost (on port 80, the default; I haven't included all the steps for getting IIS Express to work with unsecure/normal connections on port 80, but they're essentially steps 5 thru 7, but focusing on http and port 80, not https and port 443).

但是，尝试转换到任何需要 https 的操作都会出现服务器拒绝连接"错误.

However, trying to transition to any action that requires https gets me a "server refused connection" error.

我做错了什么?

推荐答案

将项目设置为使用 IISExpress 后，在解决方案资源管理器中选择项目时按 F4 以显示属性并在属性集 SSL Enable 中设置 true 并在 SSL URL 下使用您想要的端口(在您的情况下为 443)设置 URLSSL.

After you've set a project to use IISExpress, press F4 while the project is selected on the solution explorer to bring up the properties and in the properties set SSL Enable set true and under SSL URL set the URL with the port (443 in your case) you want for the SSL.

这对我有用，无需深入了解，自签名证书是自动的.

This works for me without going under the hood and the self signed certificate was automatic.

要默认在该 URL 上运行项目，您可以右键单击该项目，选择属性，然后选择 Web 并将项目 URL 替换为 https://localhost:443

To run the project on that URL by default, you can right click on the project, select properties, then Web and replace the Project Url with https://localhost:443

这篇关于IIS Express——让 SSL 发挥作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！