Configure IIS Express for external access to VS2010 project

snumpy picture snumpy · Mar 25, 2011 · Viewed 94.4k times · Source

I am developing a project in VS2010 and am able to view my site locally via IIS Express. I would like to enable external access over the network.

All my research has sent me to this blog entry: http://blogs.iis.net/vaidyg/archive/2010/07/29/serving-external-traffic-with-webmatrix-beta.aspx, which is helpful but does not seem to show how to configure bindings for a project started in visual studio (I cannot find the screen in the screenshots, and I have edited binding info in applicationhost.config, but it does not seem to be reflected when I run the site from visual studio).

Answer

vikomall picture vikomall · Mar 25, 2011

1 After editing applicationhost.config file (located in the IISExpress folder in your documents), your site bindings should look like below:

<bindings>
  <binding protocol="http" bindingInformation="*:8080:*" />
</bindings>

Bindings consist of three parts. Firstly an IP address or list, or as in this case, a wildcard. Secondly the port number, and thirdly a hostname, or list, or wildcard (for filtering by Host header). For development purposes, a wildcard is most suitable here as you will likely be using a unique port.

2 Because you are using non-localhost binding, additional permissions are required. You could run VS as administrator, or preferably you should add URL ACLs to grant the required permissions. In the example below permission is given to everyone, but you could use your own username.

Note: The urlacl must exactly match the binding. So a urlacl for http://*:8080 will allow a binding of *:8080:*, but not a binding of *:8080:localhost even though the latter is a subset of the former. this means if, instead of using a wildcard, you list host headers in applicationhost.config, you must add a matching urlacl for each.

The steps for configuring HTTP.sys for external traffic are similar to setting up a site to use a reserved port. On Windows 7 or Windows Vista, from an elevated command prompt, run the following command:

netsh http add urlacl url=http://*:8080/ user=DOMAIN\username

On Windows XP, run the following command from an elevated command prompt:

httpcfg set urlacl /u http://*:8080/ /a D:(A;;GX;;;WD)

Note 2 If running VS as administrator or adding ACL entries doesn't solve your problem, then run IIS Express from the command line and check if there are any binding registration failure messages. To start from the command line, give this command:

iisexpress.exe /site:"your-site-name"

3 Finally you will need appropriate firewall entries. For this it is easiest to use the "Windows Firewall with Advanced Security" console.

Under "Inbound Rules" choose "New Rule...".

  • Rule Type is "Custom".
  • Program is Services->Customize...->Apply to services only. (Although IIS Express is not a service, the HTTP multiplexer it uses is).
  • Protocol is TCP
  • Specific Ports: List all the ports for all of your IIS Express bindings. You can come back to this rule and add ports at any time. (If this becomes tiresome, you might add a range such as 40000-65534 which covers the entire range used by Visual Studio, but be aware this is less secure).
  • Action is "Allow the connection"
  • Profile will be one of the following. If in doubt, choose "Domain + private".
    • "Domain", If yours is a corporate desktop and will only be running on the local domain
    • "Domain + Private" If yours is a private development machine in a non-corporate environment, or a corporate laptop which also needs to work when working from home.
    • "Domain, Private and Public", if you need to do demonstrations on non-private networks.
  • Name should be something like "IIS Express Dev Server"