I'm following https://jeffreyfritz.com/2017/11/modern-configuration-for-asp-net-4-7-1-with-configurationbuilders/ for my ASP.NET 4.7.2 application but we have this in the Web.config:
<connectionStrings configSource="myconfig.config"/>
I was hoping I could transiently set the values in myconfig.config using environment variables by changing this block to:
<connectionStrings configBuilders="Env" configSource="myconfig.config"/>
But this gives me a compiler error:
A section using 'configSource' may contain no other attributes or elements.
Here's what myconfig.config looks like:
<?xml version="1.0" encoding="utf-8"?>
<connectionStrings>
<add name="db1" connectionString="conn1" providerName="prov1" />
<add name="db2" connectionString="conn2" providerName="prov2" />
<add name="db3" connectionString="conn3" providerName="prov3" />
</connectionStrings>
Any ideas? I've been trying to search up how to make the two work in conjuction to no avail!
The solution, for anyone facing this, is to put the "configBuilders" attribute on the target file as so:
<?xml version="1.0" encoding="utf-8"?>
<connectionStrings configBuilders="Env">
<add name="db1" connectionString="conn1" providerName="prov1" />
<add name="db2" connectionString="conn2" providerName="prov2" />
<add name="db3" connectionString="conn3" providerName="prov3" />
</connectionStrings>
Also, because another issue popped up after.. make sure you are using "configSource" as an attribute and not "file".
Related
I am trying to implement Content-Security-Policy with the NWebSec NuGet package
The basic configuration level is working at this moment but trying to add nonce for each script and style in the project.
How to add a nonce to the below tags for inline?
#Styles.Render("~/Content/css/file")
For BundleConfig,
bundles.Add(new ScriptBundle("~/Content/Scripts").Include(
"~/Content/Scripts/General.js"
));
I tried with a new class and it's working but with the NWebSec package I going nowhere.
Below is their solution with #Html.CspScriptNonce() directives and this is working.
<script #Html.CspScriptNonce()>document.write("Hello world")</script>
<style #Html.CspStyleNonce()>
h1 {
font-size: 10em;
}
</style>
The solution I tried was to use #Styles.RenderFormat in the following way:
#Styles.RenderFormat("<link href=\"{0}\" rel=\"stylesheet\" " + #Html.CspStyleNonce() +"/>","~/Content/css/file")
When using NWebSec with ASP.Net MCV Bundles, you can not apply a Nonce, but luckily you don't need to.
There might be something you need to change in your web.config though. In the nwebsec > httpHeaderSecurityModule > securityHttpHeaders > content-Security-Policy section, make sure that self="true" for both style-src and script-src. self="true" is the default, though, so if you don't need those elements for any other declarations, you can omit them.
Here's the nwebsec section in my web.config. I'm using both style and script bundles, and have no third-party scripts.
<nwebsec>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd">
<securityHttpHeaders>
<content-Security-Policy enabled="true">
<default-src self="true" />
<font-src self="true">
<add source="https://fonts.gstatic.com" />
</font-src>
<object-src none="true" />
<style-src self="true">
<add source="https://fonts.googleapis.com" />
</style-src>
<base-uri none="true" />
</content-Security-Policy>
</securityHttpHeaders>
</httpHeaderSecurityModule>
</nwebsec>
I would like to encrypt a subsection of a web.config (not a top level section). for example:
<SomeSection>
<settings>
<add name="foo" value="bar" />
</settings>
<secretSettings>
<add name="password" value="foobar" />
</secretSettings>
</SomeSection>
Is there a way to encrypt the <secretSettings> subsection similar to this method? Note I cannot simply move the subsection into a main section because there is code which is outside of my control that is currently using it.
I want to transform some attributes but I can't add a name or key attribute to use xdt:Locator="Match(name)" or xdt:Locator="Match(key)".
For example, I could have:
<parentElement>
<children>
<add key="ExampleKey">
<thing attribute="blablabla"></thing>
</add>
</children>
</parentElement>
How could I replace the thing attribute "blablabla" by another value?
UPDATE 1: in addition to that, I can't insert other attributes in the "thing" markup because it throws some errors via the dll that uses the attribute.
UPDATE 2: it appears that I had to use SlowCheetah, and then it worked well. Thanks to the preview, I found out I can add xdt:Transform="Replace" to the parent element, just like this:
<parentElement xdt:Transform="Replace">
<children>
<add key="ExampleKey">
<thing attribute="blablabla"></thing>
</add>
</children>
</parentElement>
And now it works perfectly! :)
You can find the element using an XPath expression with a Condition locator instead of Match, as described in the documentation. i.e.
<?xml version="1.0" encoding="utf-8"?>
<parentElement xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<children>
<add>
<thing attribute="falala" xdt:Transform="SetAttributes" xdt:Locator="Condition(#attribute = 'blablabla')"></thing>
</add>
</children>
</parentElement>
I've traditionally always put #using directives in my ASP.NET Razor pages at the top, along with the #model directive. However, for my overall layout, I want to make sure the DOCTYPE declaration is at the very beginning of the document, so I want to push the #using down a bit. Would you following be valid?
<!DOCTYPE html>
<html>
#using My.Library;
<head>
<title>Test web page</title>
...
Also, is there any documentation on where the #using directive can be used in Razor pages? I can't seem to find any. Is it valid to use it after some other Razor code, for example, or does it have to appear first?
It is valid and you can use #using any where before that you need that library.
MSDN:
HTML markup lines can be included at any part of the code.
so you can put DOCTYPE at the top of page.
Up to .Net 4.5...
There is a web.config file in the Views folder, you can add namespaces in there, that is global to all views:
e.g:
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.Routing" />
<add namespace="System.Globalization" />
<add namespace="My.Library" />
</namespaces>
The MvcReCaptcha library looks very solid, and appears to have some good developer adoption, but when I tried it for the first time today, using the supplied HTML helper, my app won't run. I have the helper in a partial view as follows:
<fieldset>
<legend>3. Verify that you are a human.</legend>
#Html.GenerateCaptcha()
</fieldset>
I have the namespace included in web.config as instructed:
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="MvcReCaptcha.Helpers"/>
</namespaces>
</pages>
(Other namespaces removed for brevity)
And I have my private and public keys defined in appSettings. I can see no way that I deviate from the examples on the CodePlex page except that I am using Razor. Can anyone offer some insight into what I may be doing wrong?
If you are using Razor you need to add the MvcReCaptcha.Helpers namespace to the <namespaces> section of ~/Views/web.config file and not the one in ~/web.config.