DNS Binding problem with SSL, IIS Express and Cloud Service

The problem

I recently stumbled on a problem which took me about 2 hours to realize but easy to fix.

I created a Cloud Service in Visual Studio 2013 Update 2 with a MVC Role, used ISS Express and full Azure Storage Emulator for my project.

Steps began, when I tried to add Windows Azure Active Directory to authenticate my app through this service. One of this steps was adding https/ssl for my app. After setting “SSL Enabled” value to true in my MVC project, VS generated an SSL URL. I debugged the solution and realised that the URL doesn’t work with a generic error “Cannot display the webpage”.

I googled this a bit and found that this is the case when there is a DNS problem between the site, iis express and the server (Windows 8.1 in my case). To check if this is a DNS problem use CMD (with admin priv):

netstat -aon | find /i "listening"

If there is no your-ip:your-port (in my case it was 127.0.0.1:44300), then it means that iss cannot bind the port with your network card.

The solution

When using cloud services, there is another way of telling the iis, that you have an endpoint. This information can be found in “ServiceDefinition.csdef”, in the EndPoints. My solution was to add a https input endpoint to the web role:

<WebRole name=”SOSStrona” vmsize=”Small”>
<Sites>
<Site name=”Web”>
<Bindings>
<Binding name=”Endpoint1″ endpointName=”Endpoint1″ />
<Binding name=”Endpoint2″ endpointName=”Endpoint2″ />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name=”Endpoint1″ protocol=”http” port=”80″ />
<InputEndpoint name=”Endpoint2″ protocol=”https” port=”44300″ />
</Endpoints>
….

Handling URL Binding Failures in IIS Express:
http://www.iis.net/learn/extensions/using-iis-express/handling-url-binding-failures-in-iis-express

Other problems concerning ISS Express and SSL (administrator priviliges):
http://stackoverflow.com/questions/17576450/iis-express-internet-explorer-cannot-display-the-webpage-until-restart

More information about endpoints and certificates:
http://msdn.microsoft.com/library/azure/ff795779.aspx

A great (old) blog post by Scott Hanselman about adding a certificate to a site running on a local ISS Express
http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx