Introduction
HTTP.sys is a Windows-based web server for ASP.NET Core. It is an alternative to Kestrel Server and it has some features that are not supported by Kestrel. It is built on the HTTP.sys Kernel mode driver. It cannot be used with IIS Express or IIS due to it is incompatibility with the ASP.NET Core modules.
Following are the features supported by HTTP.sys
- Windows Authentication
- Response caching
- WebSockets
- Direct file transmission
- Port sharing
- HTTPS with SNI (Server Name Indication)
- HTTP/2 over TLS
- It supports Windows 7 and Windows Server 2008 R2 and later
It is very useful for deployments where we need to expose the server directly to the internet without IIS. It is built on HTTP.sys so it does not require a reverse proxy server for protection against attacks. HTTP.sys provides robustness, security and scalability of web server and it is mature technology which protects against many kinds of attacks. This web server is a good choice for internal deployments when Windows authentication kind of feature used that is not available with Kestrel Server.
Configure Windows Server
Following are the items required to configure this Windows server.
- Install the version of .NET framework on which our application runs
- Required preregistered URL prefixes to bind HTTP.sys and set up SSL certificate. If we do not reregister URL, our application needs to be run with administrator privileges. Our application can run without administrator privileges only if it binds to the localhost using HTTP with a port number greater than 1024.
- We need to open the firewall ports to allow to reach HTTP.sys.
Configure ASP.net Core application
Following are the steps to configure the ASP.NET application for HTTP.sys.
- The package Microsoft.AspNetCore.Server.HttpSys is required for HTTP.sys web server, so it needs to be referenced in the project. If we use Microsoft.AspNetCore.All meta package, we need not install any other packages.
- The next step is to configure HTTP.sys server using UseHttpSys extension method of WebHostBuilder in the main method of Program class. Here, we can also specify HTTP.sys options.
Program.cs
- public class Program
- {
- public static void Main(string[] args)
- {
- BuildWebHost(args).Run();
- }
-
- public static IWebHost BuildWebHost(string[] args) =>
- WebHost.CreateDefaultBuilder(args)
- .UseStartup<Startup>()
- .UseHttpSys(options =>
- {
- options.Authentication.Schemes = AuthenticationSchemes.None;
- options.Authentication.AllowAnonymous = true;
- options.MaxConnections = 100;
- options.MaxRequestBodySize = 30000000;
- options.UrlPrefixes.Add("http://localhost:5000");
- })
- .Build();
- }
HTTP.sys options
- Maximum client connections
The maximum number of concurrent open TCP connections for the application using MaxConnections property. The connection can be unlimited, it this property set to null.
- Maximum request body size
We can override the value of the maximum request body size by using MaxRequestBodySize property. The default value for maximum request body size is 30,000,000 bytes (28.6 MB approximately). We can also override the value by using the RequestSizeLimit attribute on the action method. This is the recommended way.
- [RequestSizeLimit(200000000)]
- public IActionResult Index()
- {
- return View();
- }
Configure URLs and ports to listen on
ASP.net core application binds to "http://localhost:5000" by default. We can configure URL prefixes and Port by using one of the following method,
- Using "UseUrl" extension method
- The URLs command-line argument
- The ASPNETCORE_URLS environment variable
- The UrlPrefixes property on HttpSysOptions
The main advantage of UrlPrefixes is that we get an error message immediately if we try to add a prefix in a wrong format. The main advantage of "UseUrls" method is that we can more easily switch between HTTP.sys and Kestrel.
Authentication
It exposes the HTTP.sys authentication configurations. It contains two properties,
- Schemes: It defines authentication type none, basic, NTLM etc
- AllowAnonymous: It allows anonymous user if it is set to true
It can be modified any time before to disposing of the listener.
- MaxAccepts
It is the maximum number of concurrent accepts.
- EnableResponseCaching
It attempts kernel mode caching for responses with eligible headers.
- RequestQueueLimit
It allows to user set / get the maximum number of requests that will be queued up in Http.Sys server
- ThrowWriteExceptions
If it is set to true, it should throw exceptions when the response body writes fail due to client disconnects. The default value is set to false.
- Timeouts
It exposes the HTTP.sys timeout configuration. It may be modified any time before to disposing of the listener.
Both HTTP.sys and IIS rely on the Http.sys kernel mode driver to listen for and processing requests. IIS provides an easy way to configure the application whereas HTTP.sys server everything we need to configure by our self. The netsh.exe tool can help us to configure HTTP.sys. We can assign SSL certificates and reserve URL prefixes by using this tool. To run this tool, required administrative privileges.
Some third-party tools can be used to configure HTTP.sys server. These tools are not provided by Microsoft and these tools run as administrator by default
- http.sys Manager
It provides UI for configuring SSL, Options, certificate trust list, reservations and prefix.
- HttpConfig
It also able to configure SSL and URL prefixes. It exposes few more configuration options than the http.sys Manager. It cannot create a new CTL (Certificate Trust List) but can be assigned to existing.
The default launch profile is IIS Express in Visual Studio. To run application as a console application, we need to manually change the selected profile or alternatively run project using CLI
Summary
Http.sys web server introduced with .net core framework 2.0. It is an alternative of Kestrel server. It runs only with Windows. It cannot be used with IIS (or IIS express) as it is incompatible with the ASP.NET Core Module.