From 4a2e6c63f03c5de6dbfbfdd18b4925aa0bf33760 Mon Sep 17 00:00:00 2001 From: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com> Date: Fri, 10 Sep 2021 17:03:53 -0700 Subject: [PATCH] RC1 httpsys by chris/4 (#23257) --- aspnetcore/fundamentals/servers/httpsys.md | 29 ++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/aspnetcore/fundamentals/servers/httpsys.md b/aspnetcore/fundamentals/servers/httpsys.md index 53f798258920..20aec7cee807 100644 --- a/aspnetcore/fundamentals/servers/httpsys.md +++ b/aspnetcore/fundamentals/servers/httpsys.md @@ -5,7 +5,7 @@ description: Learn about HTTP.sys, a web server for ASP.NET Core on Windows. Bui monikerRange: '>= aspnetcore-2.1' ms.author: riande ms.custom: mvc -ms.date: 02/07/2020 +ms.date: 09/09/2021 no-loc: [Home, Privacy, Kestrel, appsettings.json, "ASP.NET Core Identity", cookie, Cookie, Blazor, "Blazor Server", "Blazor WebAssembly", "Identity", "Let's Encrypt", Razor, SignalR] uid: fundamentals/servers/httpsys --- @@ -53,7 +53,7 @@ HTTP.sys is mature technology that protects against many types of attacks and pr ## HTTP/2 support -[HTTP/2](https://httpwg.org/specs/rfc7540.html) is enabled for ASP.NET Core apps if the following base requirements are met: +[HTTP/2](https://httpwg.org/specs/rfc7540.html) is enabled for ASP.NET Core apps when the following base requirements are met: * Windows Server 2016/Windows 10 or later * [Application-Layer Protocol Negotiation (ALPN)](https://tools.ietf.org/html/rfc7301#section-3) connection @@ -63,6 +63,30 @@ If an HTTP/2 connection is established, [HttpRequest.Protocol](xref:Microsoft.As HTTP/2 is enabled by default. If an HTTP/2 connection isn't established, the connection falls back to HTTP/1.1. In a future release of Windows, HTTP/2 configuration flags will be available, including the ability to disable HTTP/2 with HTTP.sys. +## HTTP/3 support + +[HTTP/3](https://quicwg.org/base-drafts/draft-ietf-quic-http.html) is enabled for ASP.NET Core apps when the following base requirements are met: + +* Windows Server 2022/Windows 11 or later +* An `https` url binding is used. +* The [EnableHttp3 registry key](https://techcommunity.microsoft.com/t5/networking-blog/enabling-http-3-support-on-windows-server-2022/ba-p/2676880) is set. + +The preceding Windows 11 Build versions may require the use of a [Windows Insider](https://insider.windows.com) build. + +HTTP/3 is discovered as an upgrade from HTTP/1.1 or HTTP/2 via the `alt-svc` header. That means the first request will normally use HTTP/1.1 or HTTP/2 before switching to HTTP/3. Http.Sys does not automatically adds the `alt-svc` header, it must be added by the application. The following code is a middleware example that adds the `alt-svc` response header. + +```C# +app.Use((context, next) => +{ + context.Response.Headers.AltSvc = "h3=\":443\""; + return next(context); +}); +``` + +Place the preceding code early in the request pipeline. + +Http.Sys also supports sending an AltSvc HTTP/2 protocol message rather than a response header to notify the client that HTTP/3 is available. See the [EnableAltSvc registry key](https://techcommunity.microsoft.com/t5/networking-blog/enabling-http-3-support-on-windows-server-2022/ba-p/2676880). Note this requires netsh sslcert bindings that use host names rather than IP addresses. + ## Kernel mode authentication with Kerberos HTTP.sys delegates to kernel mode authentication with the Kerberos authentication protocol. User mode authentication isn't supported with Kerberos and HTTP.sys. The machine account must be used to decrypt the Kerberos token/ticket that's obtained from Active Directory and forwarded by the client to the server to authenticate the user. Register the Service Principal Name (SPN) for the host, not the user of the app. @@ -284,6 +308,7 @@ Requirements to run gRPC with HTTP.sys: ::: moniker-end + ::: moniker range="< aspnetcore-6.0" [HTTP.sys](/iis/get-started/introduction-to-iis/introduction-to-iis-architecture#hypertext-transfer-protocol-stack-httpsys) is a [web server for ASP.NET Core](xref:fundamentals/servers/index) that only runs on Windows. HTTP.sys is an alternative to [Kestrel](xref:fundamentals/servers/kestrel) server and offers some features that Kestrel doesn't provide.