Debugging A Web Site With A Host Header

Web Development Tools Microsoft August 13th, 2008
If you have downloaded the RTM version of SP1 for Visual Studio 2008, you may get an error when trying to debug a Web Site with a host header on IIS 6 or IIS 5.1. The error message reads : “Unable to start debugging on the web server. An authentication error occurred while communicating with the web server. Please see Help for assistance.”

ErrorMessage
( figure 1 : mistake message when debugging a Web Site with a horde header. In this shell, the host header is www.test.com )
Scope
This topic lone appears on Web Sites configured with a host heading on machines with IIS 6 or IIS 5.1 and the RTM translation of the .Net Framework 3.5 SP1 .
Background
Lukasz Pawlowski, a course of study mangager on the Reporting Services team, published a bang-up web log post describing the cause and explanation of the authentication error. Paraphrasing Lukasz :
“ This error is caused by a security change made to the .Net Framework in SP1. The .Net Framework 3.5 SP1 now defaults to specifying the Host Name used in the request URL in an SPN in the NTLM authentication box. The NTLM authentication process includes a challenge issued by the destination computer and sent back to the node computer. When Windows receives a challenge it generated itself, authentication will fail unless the connection is a loop topology back connection. When a Web Site is configured with a horde header, the master of ceremonies name is neither the machine name nor the loop back IP address nor the machine ’ sulfur IP cover, therefore Windows fails the authentication requests. ”
If you are interest, Lucasz describes the issue in much more detail and provides a radio link to data about the attacks this change protects against. Full Post
Work Around
There are two possible work-arounds. The recommend access is to map your host header name to the closed circuit back address in the register. The steps are listed below. A less secure cultivate around is to disable the loop topology back assay, as described in hypertext transfer protocol : //support.microsoft.com/kb/896861 .

Specify host names

To specify the host names that are mapped to the loopback savoir-faire and can connect to Web sites on your computer, follow these steps :

1. Click Start, chatter Run, type regedit, and then click OK .
2. In Registry Editor, locate and then click the following register key :
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
3. Right-click MSV1_0, period to New, and then click Multi-String Value .
4. character BackConnectionHostNames, and then press ENTER .
5. Right-click BackConnectionHostNames, and then click Modify .
6. In the Value data box, type the server list or the server names for the sites that are on the local anesthetic calculator, and then click OK .
7. Quit Registry Editor, and then restart the IISAdmin service and run IISReset .

hope this helps you debug Web Sites configured to use host headers.

Joe Cartano | SDET | Visual Studio Web Developer

Leave a Reply

Your email address will not be published.