Adding https binding from ASP.NET MVC application hostedRSS

10 replies

Last post Oct 03, 2019 06:04 PM by danimalik54

  • Adding https binding from ASP.NET MVC application hosted

    Sep 24, 2019 02:04 PM|danimalik54|LINK

    Hey,

    I have an Application hosted in IIS website "TestWebsite" and i am using Microsoft.Web.Administration for IIS Automation.

    I have to do following operations with bindings of the SAME website "TestWebsite" from "TestWebsite"

    1. 1- Add HTTPS binding with SSL certificate to the website "TestWebsite" from same application (code to add binding will be in same "TestWebsite")
    2. 2- Remove the Binding.

    I have done the following code and weird thing is that on localhost it is adding the https binding but even before manager.commitchange(). This line throw exception on local host, so i removed this line but on Windows Server its not adding the binding even after successfully running the code. (without commitchanges(),  i hv no idea how its working on localhost without it)

    using (ServerManager iisManager = new ServerManager())
    {
    	var website = iisManager.Sites.Where(x => x.Name == "TestWebsite").FirstOrDefault();
    	if (website != null)
    	{
    		var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
    		store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
    		var pfxPath = Server.MapPath(model.PfxPath);
    		var certificate = new X509Certificate2(pfxPath, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
    		store.Add(certificate);
    		store.Close();
    		var certHash = certificate.GetCertHash();
    
    		string bindingInformation = string.Format("{0}:{1}:{2}", "*", "443", model.UserCustom);
    		var binding = website.Bindings.Add(bindingInformation, certHash, store.Name);
    		binding.Protocol = "https";
    		store.Close();
    
    		website.ApplicationDefaults.EnabledProtocols = "http,https";
    		iisManager.CommitChanges();
    	}
    }
    

    I receive following errors.

    1- A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

    Is there some permission related error? What i am doing wrong in it?

    Your help will be appreciated

    Thank you  :)

    Danial Malik :)

  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 25, 2019 02:02 AM|Jalpa Panchal|LINK

    Hi,

    The reason behind the issue is Administrators group doesn’t have permission to access the private key file which is under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys".

    the default administrators group and system account have full control for this folder. You can resolve the issue by giving proper permission to access the folder.

    You can refer below article for more detail:

    Default permissions for the MachineKeys folders

    Regards,

    Jalpa

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 25, 2019 01:55 PM|danimalik54|LINK

    I did set those permissions, but its still now working.

    I have Microsoft.Administrator.Web version 7 and unable to update it to the latest one because it has dependencies from .NET Standard.

    I am using Visual Studio 2015, Do you think the issue could be because of not updated version or Microsoft.Administrator.Web?

  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 25, 2019 10:08 PM|lextm|LINK

    danimalik54

    I have Microsoft.Administrator.Web version 7 and unable to update it to the latest one because it has dependencies from .NET Standard.

    That indicates you are using the wrong assembly.

    https://blog.lextudio.com/whats-microsoft-web-administration-and-the-horrible-facts-you-should-know-b82f2c974da6 

    Lex Li
    IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 26, 2019 05:19 AM|danimalik54|LINK

    Hi,

    I have migrated to DotNet Standard Version and using Visual Studio 2019 now.

    I have updated Microsoft.Web.Administration to 11 using Nuget Package Manager. Where as the link you shared above says, we must not use Nuget Package and use the one from the %SystemRoot%\system32\inetsrv.

    And if i use it from System 32, it would be of IIS 10 and on Staging it must be different as i am using Windows Server 2012 (IIS 8) and for Production IIS 8.5.

    So how would recommend the package to be used? From Nuget or from System 32 or Microsoft.Web.Administration.Jexus (but its in beta yet)?

    UPDATE:

    I have upgraded the Version to Web.Administrator 11 but its still throwing same exception when i do commitchanges();

    Its strange that it also add binding on IIS website on local environment but also throws exception 
    here is the exception

    A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

    UPDATE:
    I have added the dll from %SystemRoot%\system32\inetsrv and got same result.

    I have no idea what is going on with the library. Its absolutely unstable.

  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 26, 2019 02:54 PM|lextm|LINK

    danimalik54

    So how would recommend the package to be used? From Nuget or from System 32 or Microsoft.Web.Administration.Jexus (but its in beta yet)?

    I wrote it clearly in my blog post. Read it again please.

    I am the owner of Microsoft.Web.Administration.Jexus and I just removed it from nuget.org. You should never use that as well.

    Lex Li
    IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 26, 2019 04:29 PM|danimalik54|LINK

    As as mentioned that %SystemRoot%\system32\inetsrv and gives same result and throw exception

    "A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)"

    This is what i understood from your article.

    Whats should be the way out?

  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 30, 2019 02:43 AM|Jalpa Panchal|LINK

    Hi,

    This 

    danimalik54

    "A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)"
    error is certificate related error.

    usually happens if you added the cert as a local admin or another user instead of the account you’re on.

    to fix the issue you could follow the below steps:

    Open up certificates in MMC
    Step 1: Open up a Run window and type “mmc”
    Step 2: Click File > Add/Remove Snap-In
    Step 3: Add > Certificates, Click OK
    Step 4: Choose “Computer Account”, then “Local Computer” and proceed.
    Step 5: Hit OK


    Export Certificate in MMC
    Step 1: Open “Certificates”
    Step 2: Open the folder where your certificate is stored.
    Step 3: Right Click on Certificate, All Tasks, Export
    Step 4: Export to the server Desktop

    re-import your certificate into IIS. Restart IIS.

    You could also refer below link for more detail:

    https://knowledge.digicert.com/solution/SO22115.html

    also, check that your certificate is not expired. 

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 30, 2019 04:45 AM|danimalik54|LINK

    Hi @Jalpa Panchal

    Thank you for replying but the problem is we don't have just one certificate to make it work, we have custom domain allowed for clients where they can also install SSL with one click.

    I have generated the certificate using LetsEncrypt and now want to install it for users binding in IIS.

    The process you mentioned has to be automated, is that possible too?

  • Re: Adding https binding from ASP.NET MVC application hosted

    Sep 30, 2019 05:35 AM|Jalpa Panchal|LINK

    Could you share your iis binding detail of https and certificate detail?

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Adding https binding from ASP.NET MVC application hosted

    Oct 03, 2019 06:04 PM|danimalik54|LINK

    Hey @Jalpa Panchal @lextm

    After setting the permissions of MachineKeys folder this exception below is gone.

    A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

    However now its giving another exception of which there is not much help available online, here is the exception

    Attempted to access an unloaded appdomain. (Exception from HRESULT: 0x80131014)

    I have updated the code little bit, i stored the certificates in IIS "Server Certificates" Section and storing ThumbPrint in database, and when user want to apply SSL binding, i am reading the certificate using Certificate ThumbPrint and applying binding, however on manager.CommitChanges(); it is throwing "Attempted to access an unloaded appdomain" exception.

    However, It is also adding the SSL binding in IIS even after throwing exception but it without application of the certificate, when i edit that binding the required certificate appears in the SSL Certificates dropdown. (Check the screenshot)


    Below is the code:

    using (ServerManager iisManager = new ServerManager())
    {
    	var website = iisManager.Sites.Where(x => x.Name == "IISWebSiteName").FirstOrDefault();
    	if (website != null)
    	{
    		var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    		store.Open(OpenFlags.OpenExistingOnly);
    		var certificate = store.Certificates.Find(X509FindType.FindByThumbprint, model.CertificateThumbprint, true);
    		var certHash = certificate[0].GetCertHash();
    
    		string bindingInformation = String.Format("{0}:{1}:{2}", "*", "443", "abc.domain.com");
    		var binding = website.Bindings.Add(bindingInformation, certHash, store.Name);
    		binding.BindingInformation = binding.BindingInformation;
    		binding["certificateHash"] = "{CertificateThumbprintFromDatabase};
    		binding.Protocol = "https";
    		binding["sslFlags"] = 1;
    
    		store.Close();
    		iisManager.CommitChanges();
    	}
    }