What is limiting the port range for HTTPS in .NET Core 2.2?

Question

In the launchSettings.json I have the following. It works and I can access Swagger and the rest of the page using https://localhost:44300.

{ ...
  "iisSettings": {
    "windowsAuthentication": false, 
    "anonymousAuthentication": true, 
    "iisExpress": {
      "applicationUrl": "http://localhost:52088",
      "sslPort": 44300
    }
  }, ...
}

When I alter "sslPort": 44300 to e.g. "sslPort": 44299, I can still access the stuff by altering the URL accordingly.

However, when I set the value to 5100, I've noticed that the contents aren't accessible anymore. In fact, it seems that the working range is rather limited and only concentrated around 44300.

What is that about?!

I've turned off the firewall, just in case. In the config I've tried adding the urls like this. No changes in the behavior.

WebHost.CreateDefaultBuilder(args)
  //.UseUrls("https://localhost/5100")
  .UseStartup<Startup>();

How can I force the app to run properly on the port of my choice?

Following docs for .NET Core 2.2, I added the configuration of the redirection as follows. As feared, it had no effect on the issue.

services.AddHttpsRedirection(_ =>
{
  _.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
  _.HttpsPort = 5100;
});

Noticing that the docs themselves suggest 5001 as an alternative port number, I'm starting to suspect that the issue might be located entirely elsewhere. I'v recreated the setup on a different machine and was able to reproduce the error. Still, both are computers configured by me, so it'd be great if someone not-me'ish could confirm the behavior.

I've got a tip to use Nmap to check the port answers and apparently there's something answering on the port 5100. The same can be confirmed using TelNet. However, the Swagger as well as the calls using PostMan fail still...

Answer 1

The documentation for IIS Express states (my emphasis):

If you want to test SSL access to your site, you can do this with IIS Express by using an SSL port between 44300 and 44399 and using the IIS Express self-signed certificate. Trying to use SSL with a port outside this range results in a URL binding failure when your website is launched under IIS Express.

There are instructions in the linked docs.microsoft.com page that cover how to configure your machine to allow this. The short version is:

1. WIN-R > mmc.exe
2. File Menu > Add/Remove Snap-in...
3. Choose Certificates in the left-hand side and click the Add > button
4. Choose Computer Account, Next > and then Finish
5. Click Ok to dismiss the Add or Remove Snap-ins window
6. Expand Certificates (Local Computer) > Personal > Certificates in the treeview on the left-hand side
7. Find the certificate issued to localhost with a Friendly Name of IIS Express Development Certificate > Double click to open it
8. Move to the Details tab and scroll all the way down to find the Thumbprint
9. Copy & Paste the value out (click on it in the listview and the value will be dropped into the text field at the bottom of the window)

Now you've captured the thumbprint for the certificate:

1. Open a command prompt as administrator
2. Run the command netsh http add sslcert ipport=0.0.0.0:5100 certhash=**Insert_Thumbprint_From_Step_9_Above_Here** appid={00112233-4455-6677-8899-AABBCCDDEEFF}
3. Restart IIS Express / your debugging session

IIS Express should now bind to 5100 (you can change the port in the command in step 2 above to one of your choice), letting Visual Studio pop a browser window that loads your site.