stackoom
  简体   繁体   中英

IIS website works with localhost, but not using an IP address

 原文  2023-02-02 12:27:14       c#/ .net/ angular/ iis/ active-directory

Question

I have an Angular frontend with a .NET framework backend, which has the following web.config file (nothing else about authorization/authentication):

<location path="Tokens">
  <system.webServer>
    <security>
        <authentication>
            <windowsAuthentication enabled="true" />
            <anonymousAuthentication enabled="false" />
        </authentication>
    </security>
  </system.webServer>
</location>
<system.webServer>
  <security>
      <authentication>
          <windowsAuthentication enabled="false" />
          <anonymousAuthentication enabled="true" />
      </authentication>
  </security>
</system.webServer>

I am using AD login, which is the Tokens controller, the rest is secured by JWT tokens.

My current problem is, I wish to test the website with other computers in the domain using IIS and the website works if I use localhost , but as soon as I use my IP, errors start appearing.

My frontend configuration JSON:

{
  ...
  "apiAddress": "https://IP:50505/",
  ...
}

And the backend web.config also contains this:

<add key="WhitelistedServerUrls" value="https://IP:34622" />

So if the IP in the config files is localhost , then everything works as it should, but if I exchange that for my actual IP, then I get CORS errors as shown in the image below: 在此处输入图像描述

None of these errors appear if I use localhost. Below is the list of the things I've tried:

  • CORS should be correctly set up in the code, but just to make sure, I also configured it in the HTTP Response Headers feature in IIS
    • this fixed CORS errors, but brought different errors, also signalr had an error that CORS origin is set up twice
  • I also added the website https://IP to local intr.net in settings
    • prior to this, I was getting a login popup, doing this fixed it
  • my bindings for both frontend and backend are https with a self-signed certificate
    • browser notifies, that the certificate is not valid

My guess is that my IIS is not configured correctly, as the website works if I use localhost instead of an IP address.

1 answers

solution1
 0  2023-02-03 17:00:30

You enabled Windows authentication, so that when CORS preflight request (anonymous OPTION request) sent by the browser arrives on IIS, 401 is returned by IIS and triggers the errors you see.

You will have to use IIS CORS module to properly process such preflight requests,

https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question IIS Website working using localhost but not with IP Address or domain names IIS - Unable to access url by ip address instead of localhost How to use DirectoryEntry(“IIS://Localhost/W3SVC”) to change IP address with several host header entries Getting HTTP Error 400 when using IP address instead of localhost using a custom url on iis server instead of IP Address Replacing localhost with IP address in webservice Looking for External IP Address on Localhost IIS Url Rewriting IP Address How to create twitter new application using localhost address in website HttpClient https request fails using hostname, but works using IP address
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM