I created a service with OpenIDDict and .Net6, everything was working fine and the url https://auth.myserver.local/.well-known/openid-configuration, served with IIS, was working correctly.
I wanted to add an SSO service and loggin in with my AD user, so I followed this guide: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-6.0
I installed the ADFS service on my server (the same server of IIS) and I was able to sign in.
Then I noticed that If I go to the main page of my service (https://auth.myserver.local) the service still works great, but if I try to reach https://auth.myserver.local/.well-known/openid-configuration I receive a 503 error - service unavailable.
I've made some research in IIS logs but I cannot find requests on that url anymore, It seems something is getting the request before IIS.
I tried to stop the ADFS service with no success.
Anyone experienced something similar? My server is Windows Server 2019.
Thanks.
I finally found the solution!
It seems there are reserved url on windows registry. If there's a filter here, the request doesn't reach IIS.
you can check them with this command:
netsh http show urlacl
I found the /.well-known/ filter on port 433 at the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo
Removing it, everything started again. This was set up by Active Directory Federation Services (ADFS), wich was installed for test purpose and then uninstalled.