Azure Emulator / IIS Express和SSL客户端证书身份验证出现web.config错误
[英]web.config error with Azure Emulator/IIS Express and SSL Client cert authentication
问题描述
Before anyone gets confused, this is for IIS Express , not IIS. 
在让所有人感到困惑之前,这是针对IIS Express而不是IIS的。
We have an MVC5 app that requires SSL Client Certificate authentication. 我们有一个需要SSL客户端证书身份验证的MVC5应用。 In development, this runs within the Azure Emulator, in VS2013 which runs under Admin privileges (for port 80/443). 在开发中,它在VS2013的Azure仿真器中运行,该操作系统以Admin特权(对于端口80/443)运行。
When we launch the App inside VS2013 (F5) it runs it within the Azure Emulator but it immediately throws an HTTP Error 500.19 - Internal Server Error with details 当我们在VS2013(F5)中启动该应用程序时,它将在Azure仿真器中运行它,但会立即引发HTTP错误500.19-内部服务器错误并显示详细信息
This configuration section cannot be used at this path.
And the config source is our MVC5 app's web.config, at the following line: 配置源是我们的MVC5应用的web.config,位于以下行:
<security>
<access sslFlags="SslNegotiateCert" />
</security>
Interestingly, I have already setup the c:\\users\\<my_username>\\Documents\\IISExpress\\Config\\applicationhost.config to have 有趣的是,我已经设置了c:\\users\\<my_username>\\Documents\\IISExpress\\Config\\applicationhost.config
<section name="access" overrideModeDefault="Allow" />
There isn't much documentation on this but whatever we can glean off Google indicates that for regular IIS Express, that should be sufficient. 关于这方面的文档并不多,但是我们可以从Google收集到的所有信息表明,对于常规的IIS Express,这已经足够了。 I suspect running IIS Express within the Azure Emulator+Admin privileges breaks something but can't diagnose this. 我怀疑在Azure Emulator + Admin特权下运行IIS Express会破坏某些功能,但无法诊断出来。
Does anyone have an idea how to get this working? 有谁知道如何使它工作?
1 个解决方案
解决方案1
4 2014-06-10 21:36:14
Ok, so this question and it's answer helped a lot. 好的,所以这个问题及其答案很有帮助。 As suspected, the c:\\users\\<my_username>\\Documents\\IISExpress\\Config\\applicationhost.config doesn't seems to matter since Azure Emulator seems to spawn another instance of IIS Express which doesn't care about that file. c:\\users\\<my_username>\\Documents\\IISExpress\\Config\\applicationhost.config怀疑的是, c:\\users\\<my_username>\\Documents\\IISExpress\\Config\\applicationhost.config似乎无关紧要,因为Azure仿真器似乎生成了另一个不在乎该文件的IIS Express实例。
The proper way seems to be to "unlock" that setting via AppCmd.exe, so the solution is as follows: 正确的方法似乎是通过AppCmd.exe“解锁”该设置,因此解决方案如下:
Add a startup task inside your Azure Cloud Service.
在您的Azure云服务中添加启动任务。 - Edit ServiceDefinition.csdef 编辑ServiceDefinition.csdef
- Add the following to your Role (for me this went inside
<Webrole> ... </WebRole>将以下内容添加到您的角色中(对我来说,这在<Webrole> ... </WebRole>
<Startup> <Task commandLine="UnlockSslSettingsSection.cmd" executionContext="elevated" taskType="simple" /> </Startup>- Edit ServiceDefinition.csdef
Add a
UnlockSslSettingsSection.cmdfile to your solution's project and then add the following two lines (both lines are critical, don't refactor).将UnlockSslSettingsSection.cmd文件添加到解决方案的项目中,然后添加以下两行(这两行都很重要,请不要重构)。IF NOT DEFINED APPCMD SET APPCMD=%SystemRoot%\\system32\\inetsrv\\AppCmd.exe %APPCMD% unlock config /section:system.webServer/security/accessInside solution explorer, go to project, right click the
UnlockSslSettingsSection.cmd=> properties => set 'Copy to Output Directory' as 'Copy always'在解决方案资源管理器中,转到项目,右键单击UnlockSslSettingsSection.cmd=> properties =>将“复制到输出目录”设置为“始终复制”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.