MVC WebApplication no longer starts in IIS Express (redirects to https://localhost in Chrome)

Question

I was changing OAuth/Owin settings and Azure publish settings in a Web Application project this morning, but soon after we decided deployment will be to a specific IIS Azure VM (now visible across our local domain). All code/setting changes have been reverted.

At one point I also changed the drivers\etc\hosts file to allow a dummy name for Microsoft OAuth, but that has been reverted.

Notes:

• My startup URL is http://localhost:22222/
• I am running under IIS Express (as my local Dev VM will not allow me to install full IIS)
• When I start the Web Application with IE I simply get "This page can't be displayed"
• If I start it with Chrome I get "This webpage is not available", but it also changes the browser URL to https://localhost (note the s, i.e. using SSL).
• I have pulled the project down fresh from source control. No change.
• The project is under TFS source control.
• Another developer on the same project has the latest files and it works fine.
• If I run any other Web Application project, they work just fine.
• All OWIN registration of providers has been commented out. No change.
• Deleted the entire project folder and pulled fresh from TFS. No change. This probably means a local machine setting somewhere is the cause?

What could I have damaged in my Web Application to cause this problem? I have been scratching my head for hours now and nothing we try is working. The application simply will not start in any browser.

Project Web Settings tab:

Answer 1

Answer at bottom, given to this chromium issue [issue 444479] helped me:

Same here - I also believe caused by HSTS - see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

If you have (developed) any other localhost sites which send a HSTS header...

eg. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

...then depending on the value of max-age, future requests to localhost will be required to be served over HTTPS.

To get around this, I did the following.

• In the Chrome address bar type "chrome://net-internals/#hsts"
• At the very bottom of a page is QUERY domain textbox - verify that localhost is known to the browser
• If it is, DELETE the localhost domain using the textbox above
• Your site should now work using plain old HTTP

HTH,

Jay

ps. This is not a permanent solution, but will at least get it working between projects. If anyone knows how to permanently exclude localhost from the HSTS list please let me know :)

Give it a try.