Return
-
Title
Configure system-wide web proxy for .NET web applications -
Description
A proxy server is configured on the Active Roles Administration Service, Active Roles Synchronization Service, or Password Manager server and has already been configured in the Windows Server Internet Options, but the application is still not able to access external resources through the proxy. -
Cause
These applications does not support proxies directly. They rely on the Microsoft .NET Framework to establish an Internet connection. Depending on the proxy type and environmental configurations, .NET Framework may require a special configuration so it can connect to the Internet using the proxy. -
Resolution
- Stop the application service
- Open Notepad as Administrator
- Open C:\Windows\Microsoft.NET\framework\v4.0.30319\config\machine.config and search for <system.net>
If it does exist, edit this section as appropriate. If it does not exist, add the following text as the second line from the end (</configuration>) and substitute the proxy address as appropriate for the environment:
<system.net>
<defaultProxy>
<proxy autoDetect="false" bypassonlocal="true" proxyaddress="http://proxy:8080"" />
</defaultProxy>
</system.net>- Save the file
- Apply the above changes on the following three files
- C:\Windows\Microsoft.NET\framework\v4.0.30319\config\web.config
- C:\Windows\Microsoft.NET\framework64\v4.0.30319\config\machine.config
- C:\Windows\Microsoft.NET\framework64\v4.0.30319\config\web.config
- Open an elevated command prompt and run the following command, replacing the proxy address:
netsh.exe winhttp set proxy http://proxy:8080 bypass-list="*.example.com"
Note: The bypass-list argument is optional- Verify the proxy setting
netsh.exe winhttp show proxy
Optionally a bypass list can also be added to .NET FrameworkExample for bypassing 10.*.*.* , *.domain.int and *.example.com
<system.net> <defaultProxy> <proxy autoDetect="false" bypassonlocal="true" proxyaddress="http://proxy:8080"" /> <bypasslist> <add address="10\.\d{1,3}\.\d{1,3}\.\d{1,3}" /> <add address="[0-9a-zA-Z]+\.example\.com$" /> <add address="[0-9a-zA-Z]+\.domain\.int$" /> </bypasslist> </defaultProxy> </system.net>- Reboot server
Detailed documentation for configuring .NET Framework proxy can be found on the following Microsoft links:
.NET Framework Proxy Configuration
.NET Framework bypasslist Element (Network Settings)
.NET Framework Disclaimer:One Identity does not provide support for .NET Framework or for problems that arise from improper modification of the configuration files. The .NET Framework configuration files contain critical configuration data. Make sure to back up the files before modifying them.