web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / On-premise BC 26.0 web...
Small and medium business | Business Central, N...
Answered

On-premise BC 26.0 web client problem (AntiSSRF)

(6) ShareShare
ReportReport
Posted on by RO-28041347-0 18
Are there anyone out there, who can use the newest 26.0 on-premise BC (W1 variant), especially it's web client?
 
I downloaded and installed the newest Business Central 26.0 (2025 April) on-premise release to an Azure VM. No extensions, no localizations, en-us regional settings, entirely vanilla. Still, the web client keeps throwing errors. (The browser cannot display a single Business Central page, just the error page.)
First I tried it configured to http as it is by default. The error in the Event Viewer was:
 
Category: Microsoft.AspNetCore.Server.Kestrel
EventId: 13
ConnectionId: 0HNC6ALRO8DI2
RequestId: 0HNC6ALRO8DI2:00000001
RequestPath: /BC260W1/
Connection id "0HNC6ALRO8DI2", Request id "0HNC6ALRO8DI2:00000001": An unhandled exception was thrown by the application.
Exception: 
System.InvalidOperationException: The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, but the current request is not an SSL request.
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.CheckSSLConfig(HttpContext context)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetAndStoreTokens(HttpContext httpContext)
   at Microsoft.Dynamics.Nav.WebClient.Controllers.HomeController.Index() in s:\repo\src\Platform\Client\Web\Prod.Client.WebCoreApp\Controllers\HomeController.cs:line 46
   at lambda_method14(Closure, Object, Object[])
 
Next, I configured it to https (SSL), setting the thumbprint of a self-signed certificate according to the documentation, etc.. After that, the error in the Event Viewer it this: 
 
Category: Microsoft.Dynamics.Nav.Common.Http.AntiSSRFWrapper
EventId: 0
ConnectionId: 0HNC6ATF3RUGA
RequestId: 0HNC6ATF3RUGA:0000000C
RequestPath: /BC260W1/csh
TransportConnectionId: vm92RxGS4KcWa6hd8ekxpg
HttpMethod: GET
Uri: https://daxrobcdevdemo:7085/BC260W1/client/metadata/navigation
{OriginalFormat}: HTTP {HttpMethod} {Uri}
MemberName: LogSSRFException
FilePath: s:\repo\src\Platform\ClientServerShared\Prod.Common\Http\AntiSSRFWrapper.cs
LineNumber: 52
ExceptionType: System.Security.SecurityException
 
Exception: 
System.Security.SecurityException: Non routable addressed detected: <mycomputername>
 
Error accessing Website BC260W1
Type: System.Security.SecurityException
Source: Microsoft.Dynamics.Nav.Common
HResult: -2146233078
StackTrace:
     at Microsoft.Dynamics.Nav.Common.Http.AntiSSRFHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in s:\repo\src\Platform\ClientServerShared\Prod.Common\Http\AntiSSRFHandler.cs:line 38
     at Microsoft.Dynamics.Nav.Client.ConnectionExceptionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in s:\repo\src\Platform\Client\Shared\Prod.Client.ServiceConnection\RequestResponse\Handlers\ConnectionExceptionHandler.cs:line 24
     at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
     at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
     at Microsoft.Dynamics.Nav.Common.Http.HttpServiceClient.CallService[T](String requestUrl, HttpMethod method, Object content) in s:\repo\src\Platform\ClientServerShared\Prod.Common\Http\HttpServiceClient.cs:line 101
     at Microsoft.Dynamics.Nav.Client.ConnectionStateManager.CallServer[T](Func`1 callServer, Nullable`1 options) in s:\repo\src\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionStateManager.cs:line 50
 
 
After that, I tried BC 25.6 on-premise. I used the exact same configuration steps and settings, and the 25.6 web client works seamlessly, with and without SSL. Also verified, that the URLs and other settings do not have typos for 26.0. Finally I compared the web client folders of the 25.6 and 26.0 versions, and saw, that some DLLs have changed, and this fantastic AntiSSRFWrapper is a newcomer. Do you have any ideas, how can I make the 26.0 version work? Or any help regarding the configuration of the antiSSRF dll, or how to whitelist the BC service?
I have 2 restrictions (from customer): I must use on-prem BC, not cloud, and I cannot have 2 separate computers, in other works, I cannot separate the web client and the BC service to separate VMs.
 
Thanks in advance!
____________________________________________________________________________________________________________________________________________________________________________
 
Meanwhile I found a solution: in the navsettings.json, the "Server" tag/attribute must have "localhost" value, it does not like the explicit name of the computer.
Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Suggested answer
    Jainam M. Kothari Profile Picture
    Jainam M. Kothari 12,130 Super User 2025 Season 2 on at
    On-premise BC 26.0 web client problem (AntiSSRF)
  • Suggested answer
    Suresh Kulla Profile Picture
    Suresh Kulla 50,233 Super User 2025 Season 2 on at
    On-premise BC 26.0 web client problem (AntiSSRF)
    Are you using SSL and have you tried adding the website to the safe list ?
     
     
  • Suggested answer
    Khushbu Rajvi. Profile Picture
    Khushbu Rajvi. 19,158 Super User 2025 Season 2 on at
    On-premise BC 26.0 web client problem (AntiSSRF)
  • Verified answer
    YUN ZHU Profile Picture
    YUN ZHU 92,727 Super User 2025 Season 2 on at
    On-premise BC 26.0 web client problem (AntiSSRF)
    Hi, Microsoft recently updated the BC26.0 installation package. If you are using an older version, please try installing the new one.
    Update 26.0 for Business Central 2025 release wave 1
     
    Thanks.
    ZHU
  • Suggested answer
    RO-28041347-0 Profile Picture
    RO-28041347-0 18 on at
    On-premise BC 26.0 web client problem (AntiSSRF)
    Thank you all for the fast answers!
     
    The problem occured on an on-premise BC, that has been installed from the Dynamics.365.BC.32481.CZ.DVD.zip file. Fortunately, the Web client and the BC service are in my case on the same machine, and the web client could be fixed in the navsettings.json: the "Server" tag/attribute must have "localhost" value, not the explicit name of the computer.
     
    By the way, the currently most up-to-date installer (Dynamics.365.BC.33317.W1.DVD.zip) also has a minor problem, but this time regarding the .NET Core V2.0. The web client installation fails, if the machine does not have IIS and .NET Core V2.0 installed previously. The initial BC install does not even finish the installation of the IIS before restarting the entire machine. The solution for that is to start a Repair from the BC installer, which also fails, but at least finishes the installation of the IIS. Then one has to install manually the .NET Core 2.0 starting the msi in the Dynamics.365.BC.33317.W1.DVD.zip\Prerequisite Components\DotNetCore folder. After that, another Repair from the BC installer can install the web client successfully.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
Rishabh Kanaskar Profile Picture

Rishabh Kanaskar 4,308

#2
Sumit Singh Profile Picture

Sumit Singh 2,798

#3
Nimsara Jayathilaka. Profile Picture

Nimsara Jayathilaka. 2,793

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans