Calling HTTPS on self-hosted C# service using PowerShell gives 404 error

1 Aug

 

A short post on something that was making me bold. So maybe I save you some hears 😉

 

Problem (no challenge this time)

 

You have a Self Hosted C# webservice. This web service is configured to listen to base address https://host.domain.com:8733

  1. You have created a selfsigned certificate as example below:

New-SelfSignedCertificate -DnsName host.domain.com -NotAfter “2020/01/01” -FriendlyName “Test Cert” -CertStoreLocation Cert:\LocalMachine\My

  1. You added the certificate also to the Trusted Root Certification Authorities on the server. So the cert chain will be valid !

     

  2. You have configured the binding and listener for example as below: (certhash should be replaced by the hash from the cert above)

netsh http add urlacl url=https://*:8733/Config_Service user=EVERYONE delegate=yes

netsh http add sslcert ipport=0.0.0.0:8733 certhash=‎aaaaaaaaaaaaaaaaaaaaaa appid={3a1d638b-1b51-482a-dddd-218a589c2e69}

  1. Now on the host it selfs you call the webservice from out your browser as :

     

    https://host.domain.com:8733/Config_Service/ConfigService/api/list/configuration

     

    You will get a 404

     

  2. Now you go to external workstation and open a web browser and go to:

    https://host.domain.com:8733/Config_Service/ConfigService/api/list/configuration

     

    And succeed! You get the expected results.

     

  3. Now you open a PowerShell on the server and execute:

     

    Invoke-RestMethod
    -Urihttps://host.domain.com:8733/Config_Service/ConfigService/api/list/configuration”
    -Method
    Get

     

    And you will get again the 404 as

    Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.

     

    If you get this error below you didn’t setup the certificate correctly, see step 1 and 2

    Invoke-RestMethod : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

     

  4. You try the same PowerShell on the external workstation. And it works …..

 

 

So local it looks not working …… Hmmmm

 

Solution

 

It’s very simple, but took me some time to find … Just disable the DisableLoopbackCheck on the server 😉

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck = 1 (as dword)

No restart needed.

 

Hope this helps you,

Michel Kamp

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: