Reputation: 941
connection to local raven instance doesn't work using https
I am trying to run a client application on the same server that hosts our IIS-hosted raven server (build 2947). The IIS site that hosts raven is bound to an SSL certificate/hostname - we would like to enforce secure requests only (and redirect http requests to https). When I set the connection to use the https protocol:
Url=https://ravendb.somewhere.net;Database=StaffDb
I get a 401 denied error when the connection is opened. If I disable the redirect and connect to localhost non-securely, it works fine:
Url=http://localhost;Database=StaffDb
The docs suggest SSL can only be enabled when running as a service - does this mean our scenario of running within a secure IIS site is not possible?
Upvotes: 0
Views: 294
Answers (2)
Reputation: 941
With thanks to Ayende Rahien for support provided offline, it turned out this issue is actually due to a feature of IIS itself:
Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
Ayende's blog provides some more context, and I fixed this by following steps outlined in a Microsoft support article:
Method 2: Disable the loopback check (less-recommended method) The second method is to disable the loopback check by setting the DisableLoopbackCheck registry key.
To set the DisableLoopbackCheck registry key, follow these steps:
.....
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Right-click Lsa, point to New, and then click DWORD Value.
5. Type DisableLoopbackCheck, and then press ENTER.
6. Right-click DisableLoopbackCheck, and then click Modify.
7. In the Value data box, type 1, and then click OK.
8. Quit Registry Editor, and then restart your computer.
Upvotes: 0
Reputation: 22956
When using SSL, you must use the specified hostname in the certificate.
Upvotes: 1
Related Questions
- RavenDB Cloud certificates issue in Azure app service
- C# Connect to Ravendb keeps failing with error: This server requires client certificate for authentication, but none was provided by the client
- RavenDb - CertificateNameMismatchException in secured mode
- Unable to connect RavenDB Cloud, in Microservice (AWS Lambda)
- RavenDB "Connection Was Reset" - After Enabling SSL
- Cannot access RavenDB Management Studio with Embedded Db
- Raven.Server.exe Failed to grant rights for listening to http
- Unable to authenticate to RavenDB server on local network
- RavenDB connections over HTTPS
- RavenDB IIS authentication/authorization