One of the most popular tools for ASP.NET or ASP.NET Core application development is IIS Express. We can’t deny it. Unless we need specific requirements, IIS Express is a sort of de-facto web server for debugging on developers’ local machines. With IIS Express, we can easily access to our local web applications with no problem during the debugging time.
There are, however, always cases that we need to access to our locally running website from another web browsers like mobile devices. As we can see the picture above, localhost is the loopback address so we can’t use it outside our dev box. It’s not working by simply replacing the loopback address with a physical IP address. We need to adjust our dev box to allow this traffic. In this post, we’re going to solve this issue by looking at two different approaches.

At the time of writing this post, we’re using Visual Studio (VS) 2015, as VS 2017 will be launched on March 7, 2017.

Network Sharing Options and Windows Firewall

Please make sure that all screenshots for this section are taken from Windows 10. Open my current connected network (either wireless or wired).
Make sure that the “Make this PC discoverable” option is turned on.
This option enables our network in “Private” mode on Windows Firewall:

Mac Unblock Allow Application Network Access For An Appointment

MAC Filtering ASUS Router. If it talks on your network, wireless networks included, it has a unique MAC address that never changes. On an ASUS router, you have two options for using MAC filtering. If the application is being blocked from getting an internet connection by VIPRE, you can allow it through the firewall by following these instructions: Open VIPRE; Go to the Firewall tab; Click View Settings; Click the Exceptions button; Select Any other Application and click Edit; Here you can change anything that is set to Block to Prompt. Enable Back To My Mac in the iCloud preference pane. Now, when you’re connected to the internet on your local network or anywhere else, you see your other computer in the list of Devices in the. Think of your Mac's IP address (used to connect it to the network) as a hotel, ports as room numbers and applications as guests. With the firewall turned off every application has access to every.

WARNING!!!: If our PC is currently connected to a public network, for our better security, we need to turn off the private network settings; otherwise our PC will get vulnerable from malicious attacks.

Update Windows Firewall Settings

In this example, the locally running web app uses the port number of 7314. Therefore, we need to register a new inbound firewall rule to allow access through the port number. Open “Windows Firewall with Advanced Security” through Control Panel and create a new rule with options below:

  • Rule Type: Port
  • Protocol: TCP
  • Port Number: 7314
  • Action: Allow the Connection
  • Profile: Private (Domain can also be selected if our PC is bound with domain controllers)
  • Name: Self-descriptive name of anything! eg) IIS Express Port Opener

Now, all traffic through this port number is allowed from now on. So far, we’ve completed the basic environment settings including firewalls. Let’s move onto the first option using IIS Express itself.

1. Updating IIS Express Configurations Directly

When we install VS, IIS Express is also installed at the same time. Its default configuration file is located at somewhere but each solution that VS 2015 creates has its own settings that overwriting the default one and it’s stored to the .vs folder like:
Open applicationhost.config for update.

View the code on Gist.

Add another binding with my local IP address like:

View the code on Gist.

We can easily find our local IP address by running the ipconfig command. We’re using 192.168.1.3 for now.
IIS Express has now been set. Let’s try our mobile web browser to access the local dev website by IP address.
All good! It seems to be working now. However, if we have more web applications running on our dev environment for our development work, every time we create a new web application project, we have to register the port number, allocated by IIS Express, to Windows Firewall. No good. Too repetitive. Is there any other convenient way? Of course there is.

2. Conveyor – Visual Studio Extension

Conveyor can sort out this hassle. At the time of this writing, its version is 1.3.2. After installing this extension, run the debugging mode by typing the F5 key again and we will be able to see a new window like:
The Remote URL is what we’re going to use. In general, the IP address would look like 192.168.xxx.xxx, if we’re in a small network (home, for example), or something different type of IP address type, if we’re in a corporate network. This is the IP address that the mobile devices use. Another important point is Conveyor uses the port number starting from 45455. Whatever port number IIS Express assigns the web application project, Conveyor forwards it to 45455. If 45455 is taken by others, it looks up one and one until a free port number exists. Due to this behaviour, we can easily predict the port number range, instead of the random nature of IIS Express. Therefore, we can register the port number range starting from 45455 to whatever we want, 45500 for example.
Now, we can access to our local dev website by using this port number pool like:
If we’re developing a web application using HTTPS connection, that wouldn’t be an issue. If no self-signed certificate is installed on our local dev machine, Conveyor will install one and that’s it. Visiting the website again through HTTPS connection will display the initial warning message and finally gets the page.
We’ve so far discussed how to remotely access to our local dev website using either IIS Express configuration or Conveyor. Conveyor gets rid of repetitive firewall registration, so it’s worth installing for our web app development.

OS X v10.5.1 and later include an application firewall you can use to control connections on a per-application basis (rather than a per-port basis). This makes it easier to gain the benefits of firewall protection, and helps prevent undesirable apps from taking control of network ports open for legitimate apps.

Configuring the application firewall in OS X v10.6 and later

Mac unblock allow application network access for an appointment

Use these steps to enable the application firewall:

  1. Choose System Preferences from the Apple menu.
  2. Click Security or Security & Privacy.
  3. Click the Firewall tab.
  4. Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and password.
  5. Click 'Turn On Firewall' or 'Start' to enable the firewall.
  6. Click Advanced to customize the firewall configuration.

Configuring the Application Firewall in Mac OS X v10.5

Make sure you have updated to Mac OS X v10.5.1 or later. Then, use these steps to enable the application firewall:

App
  1. Choose System Preferences from the Apple menu.
  2. Click Security.
  3. Click the Firewall tab.
  4. Choose what mode you would like the firewall to use.

Advanced settings

Block all incoming connections

Selecting the option to 'Block all incoming connections' prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:

  • configd, which implements DHCP and other network configuration services
  • mDNSResponder, which implements Bonjour
  • racoon, which implements IPSec

To use sharing services, make sure 'Block all incoming connections' is deselected.

Allowing specific applications

To allow a specific app to receive incoming connections, add it using Firewall Options:

  1. Open System Preferences.
  2. Click the Security or Security & Privacy icon.
  3. Select the Firewall tab.
  4. Click the lock icon in the preference pane, then enter an administrator name and password.
  5. Click the Firewall Options button
  6. Click the Add Application (+) button.
  7. Select the app you want to allow incoming connection privileges for.
  8. Click Add.
  9. Click OK.

Mac Unblock Allow Application Network Access For An Appt

You can also remove any apps listed here that you no longer want to allow by clicking the Remove App (-) button.

Automatically allow signed software to receive incoming connections

Applications that are signed by a valid certificate authority are automatically added to the list of allowed apps, rather than prompting the user to authorize them. Apps included in OS X are signed by Apple and are allowed to receive incoming connections when this setting is enabled. For example, since iTunes is already signed by Apple, it is automatically allowed to receive incoming connections through the firewall.

If you run an unsigned app that is not listed in the firewall list, a dialog appears with options to Allow or Deny connections for the app. If you choose Allow, OS X signs the application and automatically adds it to the firewall list. If you choose Deny, OS X adds it to the list but denies incoming connections intended for this app.

If you want to deny a digitally signed application, you should first add it to the list and then explicitly deny it.

Some apps check their own integrity when they are opened without using code signing. If the firewall recognizes such an app it doesn't sign it. Instead, it the 'Allow or Deny' dialog appears every time the app is opened. This can be avoided by upgrading to a version of the app that is signed by its developer.

Enable stealth mode

Mac Unblock Allow Application Network Access For An Apple

Enabling stealth mode prevents the computer from responding to probing requests. The computer still answers incoming requests for authorized apps. Unexpected requests, such as ICMP (ping) are ignored.

Mac Unblock Allow Application Network Access For An Appropriate

Firewall limitations

The application firewall is designed to work with Internet protocols most commonly used by applications – TCP and UDP. Firewall settings do not affect AppleTalk connections. The firewall may be set to block incoming ICMP 'pings' by enabling Stealth Mode in Advanced Settings. Earlier ipfw technology is still accessible from the command line (in Terminal) and the application firewall does not overrule any rules set using ipfw. If ipfw blocks an incoming packet, the application firewall does not process it.