{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Summer. ? 凉城 的问题《web.config error with Azure Emulator/IIS Express a》','https://www.manongdao.com/q-686633.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Before anyone gets confused, this is for IIS Express, not IIS.
We have an MVC5 app that requires SSL Client Certificate authentication. In development, this runs within the Azure Emulator, in VS2013 which runs under Admin privileges (for port 80/443).
When we launch the App inside VS2013 (F5) it runs it within the Azure Emulator but it immediately throws an HTTP Error 500.19 - Internal Server Error with details
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
And the config source is our MVC5 app's web.config, at the following line:
<security>
<access sslFlags="SslNegotiateCert" />
</security>
Interestingly, I have already setup the c:\users\<my_username>\Documents\IISExpress\Config\applicationhost.config to have
<section name="access" overrideModeDefault="Allow" />
There isn't much documentation on this but whatever we can glean off Google indicates that for regular IIS Express, that should be sufficient. I suspect running IIS Express within the Azure Emulator+Admin privileges breaks something but can't diagnose this.
Does anyone have an idea how to get this working?
Ok, so this question and it's answer helped a lot. As suspected, the
c:\users\<my_username>\Documents\IISExpress\Config\applicationhost.configdoesn't seems to matter since Azure Emulator seems to spawn another instance of IIS Express which doesn't care about that file.The proper way seems to be to "unlock" that setting via AppCmd.exe, so the solution is as follows:
Add a startup task inside your Azure Cloud Service.
<Webrole> ... </WebRole>Add a
UnlockSslSettingsSection.cmdfile to your solution's project and then add the following two lines (both lines are critical, don't refactor).Inside solution explorer, go to project, right click the
UnlockSslSettingsSection.cmd=> properties => set 'Copy to Output Directory' as 'Copy always'