The underlying connection was closed. Cannot run Asp.Net core 2.1 web api application using HTTP.sys?

13
votes

I created a new Asp.net core 2.1 web application and then select "API" template. (I changed the Authentication to "Windows". Then I added the following code to use Http.Sys for Windows authentication. (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.1&tabs=aspnetcore2x)

using Microsoft.AspNetCore.Server.HttpSys; // Added

    public static void Main(string[] args)
    {
        CreateWebHostBuilder(args).Build().Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>()
            // Added
            .UseHttpSys(o => 
            {
                o.Authentication.Schemes = AuthenticationSchemes.NTLM | 
                                           AuthenticationSchemes.Negotiate;
                o.Authentication.AllowAnonymous = false;
            });

The following message shows the output message when running the application.

info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
      User profile is available. Using 'C:\Users\...\AppData\Local\ASP.NET\Da
taProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
info: Microsoft.AspNetCore.Server.HttpSys.HttpSysListener[0]
      Start
info: Microsoft.AspNetCore.Server.HttpSys.HttpSysListener[0]
      Listening on prefix: https://localhost:5001/
info: Microsoft.AspNetCore.Server.HttpSys.HttpSysListener[0]
      Listening on prefix: http://localhost:5000/
Hosting environment: Development
Content root path: C:\work\WebApplication1
Now listening on: https://localhost:5001
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.

However, the browser shows error of "This site can't be reached (The connection was reset)" when access https://localhost:5001/api/values? enter image description here

Tested with powershell

PS C:\work> Invoke-WebRequest https://localhost:5001/api/values
Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ Invoke-WebRequest https://localhost:5001/api/values
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

PS C:\work> Invoke-WebRequest http://localhost:5000/api/values
Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.
At line:1 char:1
+ Invoke-WebRequest http://localhost:5000/api/values
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

The following message is returned by Fiddler.

fiddler.network.https> HTTPS handshake to localhost (for #3) failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host

The Internet Explorer returns the following message.

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost:5001 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

3
c#asp.netasp.net-core.net-core
I'm having the same issue, did find a solution for this?Bidou
If you are using https secure protocol, you need to add/install the Self-Signed certificate in ACL and needs to be added in "Trusted Root Certification Authorities" for localhost.Bhavik Patel
Could you send the result of a curl -v ..., that would give us a ton of informationTomap
I also have same issue struggling for whole afternoon, if remove HTTPS binding, it works, not sure why.Ethan Wu

3 Answers

2
votes

You need to add/install the Self-Signed certificate in ACL and needs to be added in "Trusted Root Certification Authorities" for localhost.

Or

u can comment app.UseHttpsRedirection(); and in launchSettings.json u need to have something like this :

"applicationUrl": "http://localhost:5000",

and 

"iisExpress": {
  "applicationUrl": "http://localhost:49845",
  "sslPort": 0 //44382
1
votes

For me I had to comment out the app.UseHttpsRedirection() line in the Configure(..) method of the Startup class and use http://localhost:5000.

            // app.UseHttpsRedirection();

I imagine that if I want to use https I would have to follow @Bhavik Patel advice and intsall a self-signed certificate.

0
votes

i have the following code and it works for me. In the configure services i have 

 services.AddAuthentication(Microsoft.AspNetCore.Server.HttpSys.HttpSysDefaults.AuthenticationScheme);

and in the program.cs

.UseStartup<Startup>()
            .UseKestrel()
            .UseHttpSys(options =>
            {
                options.Authentication.Schemes = AuthenticationSchemes.NTLM;
                options.Authentication.AllowAnonymous = false;
                options.MaxConnections = 1000;
            })
            .UseIISIntegration()