使用 https 无法连接到本地 raven 实例
connection to local raven instance doesn't work using https
我正在尝试 运行 托管我们的 IIS 托管的 raven 服务器(内部版本 2947)的同一台服务器上的客户端应用程序。托管 raven 的 IIS 站点绑定到 SSL certificate/hostname - 我们只想强制执行安全请求(并将 http 请求重定向到 https)。当我将连接设置为使用 https 协议时:
Url=https://ravendb.somewhere.net;Database=StaffDb
打开连接时出现 401 拒绝错误。如果我禁用重定向并以非安全方式连接到本地主机,它会正常工作:
Url=http://localhost;Database=StaffDb
The docs suggest SSL can only be enabled when running as a service - 这是否意味着我们无法在安全的 IIS 站点中 运行ning 场景?
使用 SSL 时,您必须使用证书中指定的主机名。
感谢 Ayende Rahien 提供的离线支持,原来这个问题实际上是由于 IIS 本身的一个特性:
Windows XP SP2 and Windows Server 2003 SP1 include a loopback check
security feature that is designed to help prevent reflection attacks
on your computer. Therefore, authentication fails if the FQDN or the
custom host header that you use does not match the local computer
name.
Ayende's blog provides some more context, and I fixed this by following steps outlined in a Microsoft support article:
Method 2: Disable the loopback check (less-recommended method) The second method is to disable the loopback check by setting the
DisableLoopbackCheck registry key.
To set the DisableLoopbackCheck registry key, follow these steps:
.....
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Right-click Lsa, point to New, and then click DWORD Value.
5. Type DisableLoopbackCheck, and then press ENTER.
6. Right-click DisableLoopbackCheck, and then click Modify.
7. In the Value data box, type 1, and then click OK.
8. Quit Registry Editor, and then restart your computer.
我正在尝试 运行 托管我们的 IIS 托管的 raven 服务器(内部版本 2947)的同一台服务器上的客户端应用程序。托管 raven 的 IIS 站点绑定到 SSL certificate/hostname - 我们只想强制执行安全请求(并将 http 请求重定向到 https)。当我将连接设置为使用 https 协议时:
Url=https://ravendb.somewhere.net;Database=StaffDb
打开连接时出现 401 拒绝错误。如果我禁用重定向并以非安全方式连接到本地主机,它会正常工作:
Url=http://localhost;Database=StaffDb
The docs suggest SSL can only be enabled when running as a service - 这是否意味着我们无法在安全的 IIS 站点中 运行ning 场景?
使用 SSL 时,您必须使用证书中指定的主机名。
感谢 Ayende Rahien 提供的离线支持,原来这个问题实际上是由于 IIS 本身的一个特性:
Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
Ayende's blog provides some more context, and I fixed this by following steps outlined in a Microsoft support article:
Method 2: Disable the loopback check (less-recommended method) The second method is to disable the loopback check by setting the DisableLoopbackCheck registry key.
To set the DisableLoopbackCheck registry key, follow these steps:
.....
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Right-click Lsa, point to New, and then click DWORD Value.
5. Type DisableLoopbackCheck, and then press ENTER.
6. Right-click DisableLoopbackCheck, and then click Modify.
7. In the Value data box, type 1, and then click OK.
8. Quit Registry Editor, and then restart your computer.