Up and running with IIS 7.5 Express

I’ve been excited to play around with IIS Express since Scott Guthrie’s announcement. I recently loaded up VS2010 SP1 and decided it was time to play around with IIS. The promise is wonderful – a  lightweight but rich version of IIS – including SSL, URL Rewrite, media support, etc. - that doesn’t require elevated privileges to run and can even run on Windows XP. 

After installing IIS Express through the Web Platform Installer things went awry. From the reading I had done on the subject it seemed like the express version would be a quick and easy alternative to the full blown IIS, but unfortunately configuration is (right now) a bit of a PITA requiring IIS Express config file editing, net shell configuration changes and quite a bit of trial and error.

I was expecting IIS Express to be a portable solution – but now see that it is going to be a bit of a pain to get configured how I like it when I move PCs or reimage my box. A certain amount of this is necessary due to the elevated privileges we need but are trying to circumvent (in my example below using well-known/reserved ports 80 and 443) but I wonder if updates to IIS Express application bindings could have been moved from the applicationhost.config file to individual websites’ web.config files allowing everything to be stored in version control systems, allowing multiple users to share said configurations and, in general, making life a little easier for everyone concerned…As things stand it is actually a lot easier – when one has admin permissions on their box – to get up and running quickly with the full blown version of IIS...

The Adventure

I immediately ran into problems using IIS Express with an ASP.NET MVC 3 application that relies on port 80 for http and 443 for https. Essentially, IIS express expects ports between 44300 (defaulting to this value) and 44399 to be used for SSL and trying to use another port, say 443, results URL binding failure…

A Great Intro to IIS Express

Too late in the process I came across the following video from MvcConf which goes over IIS Express in great detail and is a must for anyone using this tool:

http://channel9.msdn.com/Series/mvcConf/mvcConf-2-Vaidy-Gopalakrishnan-IIS-Express

Step #1 – Enable SSL in IIS Express

Add the following binding to the applicationhost.config file:

<binding protocol="https" bindingInformation="*:44300:localhost" />




Step #2 – Change SSL PORT



IIS 7.5 Express uses port 44300 by default – not 443. RequiresSSL seems to default to port 443 causing secured pages to fail loading. The following resources led me to figuring out the issue:



http://forums.iis.net/t/1171280.aspx



and



http://learn.iis.net/page.aspx/1005/handling-url-binding-failures-in-iis-express/



The following needs to be executed from the command prompt running as Administrator…



' if you already have port 443 setup, you'll need to remove your existing entry
netsh http delete sslcert ipport=0.0.0.0:443
' Get SHA1 thumbprint - You will need to remove spaces
certmgr.exe /c /s /r localMachine MY
' Create a unique UUID using 
uuidgen.exe
netsh http add sslcert ipport=0.0.0.0:443 certhash=<your SHA1 thumbprint> appid={<your UUID>}
' add access control list entry to allow port 443 to be used by IIS Express when running as non-admin user
netsh http add urlacl url=https://localhost:443/ user=everyone
' restart http service
net stop http
net start http


Step #3 – Add binding for port 80



The next two steps are essentially a rinse and repeat of steps 1 and 2, but things are a little quicker this time round since we don’t have any certificate information to figure out. Add an additional http binding in your applicationhost.config file, this time binding port 80





<binding protocol="http" bindingInformation="*:80:localhost" />




Step #4 – Add ACL entry for port 80





netsh http add urlacl url=http://localhost:80/ user=everyone



net stop http



net start http




Fin



That’s it. If you followed these steps – and made sure all instances of IIS Express have been stopped and restarted – you should now be able to use ports 443 and 80 using IIS Express. Not a whole lot of fun but you should now be able to run a pretty feature rich web server without the need to run VS as an administrator…

Comments

msleman said…
A few notes:
1. You'll need the Windows SDK to get certmgr.exe

2. netsh http add sslcert ipport=0.0.0.0:443 certhash= appid={}

is printed after running certmgr in the previous step. You'll need to remove any spaces in it.

3. Make sure appid={} has {} around your guid.
lafosse-john said…
I pulled my hair out (not that I have much ) for two days without sleep trying to configure the regular IIS 7 server installed in Windows 7. I found many a page with the installation answer. Sure I got the Welcome screen but anything other than that was permissions nightmare. I really want to follow this tutorial but I'm exhausted mentally. The SQL Server 2008 simply doesn't work. If this web site is an actual solution I'd be surprised and if it does function I'm not convinced I can get it working.
lafosse-john said…
I spent days trying to set this up and nothing worked. I got through drupal which i've set up with several times in xampp and shared hosts. my problem is the SQL server 2008 is the most confusing set up I have every seen. Why? promote an easy to use Web Matrix solution and bundle it with Stephen Hawking level configuration settings? This advice you bring gives me hope but I've literally abandon this seemly simple solution from Microsoft because it is too chaotic to configure.
lafosse-john said…
netsh is not recognized?
lafosse-john said…
Go with a CentOS 5.6 installation with Webmin in Virtual Box. The MySQL setup is easy and Webmin makes server configuration actually dare I say it fun.
evanlarsen said…
Is there anyway to configure IIS express to do SSL through ports 44310 in the web.config of the application?

Popular posts from this blog

Excel - Adding an existing Pivot table to the data model

Getting Started with Mirth (Part 1)

Mirth