No connection could be made because the target machine actively refused it 127.0.0.1:port with subdomain

Question

I am running an ASP.NET MVC 5 application which also hosts IdentityServer3. As many others have experienced before, when I connect to this endpoint...

http://tenant1.localhost:51515/identity/.well-known/openid-configuration?client_id=backoffice&redirect_uri=http%3A%2F%2Flocalhost%3A37046%2Findex.html&response_type=id_token%20token&scope=openid%20all_claims&state=1793477650&nonce=1172967295

... I get the following error:

No connection could be made because the target machine actively refused it 127.0.0.1:51515 at System.Net.HttpWebRequest.GetResponse() at RestSharp.Http.GetRawResponse(HttpWebRequest request) at RestSharp.Http.GetResponse(HttpWebRequest request)

(Note: Before you decide this is a duplicate, please read until the end of the question - I have done my homework before coming here for help)

Same result when I use HttpWebRequest, cURL or even with an app in Go. Here are some code samples that I use:

C# (using RestSharp):

var client = new RestClient("http://tenant1.localhost:51515/identity/.well-known/openid-configuration?client_id=backoffice&redirect_uri=http%3A%2F%2Flocalhost%3A37046%2Findex.html&response_type=id_token%20token&scope=openid%20all_claims&state=1793477650&nonce=1172967295");
var request = new RestRequest(Method.GET);
request.AddHeader("postman-token", "a09c64d2-e0c6-a416-d5ad-92079f0676b9");
request.AddHeader("cache-control", "no-cache");
IRestResponse response = client.Execute(request);

cURL:

curl -X GET \
'http://tenant1.localhost:51515/identity/.well-known/openid-configuration?client_id=backoffice&redirect_uri=http%3A%2F%2Flocalhost%3A37046%2Findex.html&response_type=id_token%20token&scope=openid%20all_claims&state=1793477650&nonce=1172967295' \
-H 'cache-control: no-cache' \
-H 'postman-token: 271bbbe6-bcb1-b999-80e5-9193f0c134ba'

I made a few alternatives for these samples, for instance by including a host header (value tenant1.localhost:51515) or using that same uri as the proxy for the web clients. Unfortunately they all return the same error.

Strangely enough all of the requests I make with my browser or Postman succeed. JavaScript code that connects to the endpoints also works. There's one exception to this: as soon as as I have a Fiddler session running, this is the response I get from Postman:

[Fiddler] The connection to 'tenant1.localhost' failed. <br />Error: ConnectionRefused (0x274d). <br />System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:51515

I have been looking for a solution for days now but I can't seem to find the right one but it seems clear that only in server side code the problem occurs. Here's what I have tried so far. I included the applicationhost.config and hosts file to show how I 'enabled' subdomains for my web application (which are internally used to identify the tenants). Furthermore I use IIS Express for local development and IIS for production environments.

Applicationhost.config

<site name="MyApp" id="5">
    <application path="/" applicationPool="Clr4IntegratedAppPool">
        <virtualDirectory path="/" physicalPath="D:\Source\MyApp" />
    </application>
    <bindings>
        <binding protocol="http" bindingInformation="*:51515:localhost" />
        <binding protocol="http" bindingInformation="*:51515:tenant1.localhost" />
    </bindings>
</site>

Hosts file

127.0.0.1 tenant.localhost

Netstat

This is the result when I execute netstat -anb:

This is the result of netstat -na | find '51515':

I am not sure what these values mean so I could use some input here. Just to make sure I disconnected from the Internet and disabled both firewall and anti virus scanners, with no result.

Proxy

These are my Internet Options settings. As you see, everything is checked out:

I tried all sorts of combinations with the proxy settings in my web/app.config files. I don't think this will play a major role in resolving the issue as I have the same problems with my Golang app (which is merely a code snippet generated by Postman). I even tried to use Fiddler as the proxy by setting the url to http://127.0.0.1:8888. As to be expected, any server side proxies for the WebRequest instances didn't help either.

<system.net>
  <defaultProxy> 
    <proxy usesystemdefault="False"/> 
  </defaultProxy>
</system.net>

Visual Studio

I run both projects (host and client app) as an administrator in VS2017
I changed the port of the hosting application numerous times

Question

Given the numerous questions about this topic the only remarkable difference I see is that I use a subdomain in my url. Whenever I don't use a subdomain everything works perfectly!

If this assumption appears to be correct, how can I trick the DNS, firewall or any other blocking mechanism to accept requests from the subdomain(s)? Maybe a proxy could help?

@LexLi I just did but the same result unfortunately. I updated the question with my findings of the last run. — hbulens, Jul 18 '17 at 13:17
Then change hosts file to use [::1] instead of 127.0.0.1. Sounds like your server only accepts IP v6. — Lex Li, Jul 18 '17 at 13:52
Well spotted, if you rewrite your comment as an answer, I'll accept it. I have also found a workaround which I'll post afterwards. — hbulens, Jul 18 '17 at 15:29

score 0 · Accepted Answer · answered Jul 18 '17 at 17:54

The netstat output shows that only IP v6 addresses are used, which is not quite typical, but should be OK if for some reason IP v4 is not used on the machine. Then you cannot expect IP v4 packets (to 127.0.0.1) be processed by the server.

One quick solution is to set in hosts file a record of [::1] instead of 127.0.0.1.

hbulens · Answer 2 · 2017-11-20T14:31:56.367

Although Lex Li's answer is better, I would just like to provide an alternative solution for the issue. I extended my C# code sample from the question to this:

var client = new RestClient("http://tenant1.localhost:51515/identity/.well-known/openid-configuration?client_id=backoffice&redirect_uri=http%3A%2F%2Flocalhost%3A37046%2Findex.html&response_type=id_token%20token&scope=openid%20all_claims&state=1793477650&nonce=1172967295");
client.Proxy = new WebProxy("http://localhost:51515");

var request = new RestRequest(Method.GET);
request.AddHeader("postman-token", "a09c64d2-e0c6-a416-d5ad-92079f0676b9");
request.AddHeader("cache-control", "no-cache");
IRestResponse response = client.Execute(request);

So to answer my own question: yes a proxy could help. By adding a proxy to the RestClient with a URI that does not contain a subdomain, the webrequest works like a charm.