how to remove cookies from my website - asp.net

I developed a website with Asp.net Website project, and recently I added some https protocol on it. my problem is that the website shows that it is saving cookies, while I really do not like to save any cookies from my users.
I am not familiar with cookies very much but I am sure I did not put any code to save user cookies, how I can be sure If there would not be any cookies for my users and delete any settings for this and why this happening automatically?
my project is a very simple single page website with no form and authentication
here is my web.config if needed.
<?xml version="1.0"?>
<configuration>
<system.web>
<httpRuntime enableVersionHeader="false" targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5"/>
<customErrors mode="On" />
<sessionState mode="Off" />
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\(compressionType)\(AppPool)\(WebSite)\compressed files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" staticCompressionLevel="9" />
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/atom+xml" enabled="true" />
<add mimeType="application/xaml+xml" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true" dynamicCompressionBeforeCache="true"/>
</system.webServer>
</configuration>
Appreciate very much

ASP.Net has by default session state (https://msdn.microsoft.com/en-us/library/ms178581.aspx) turned on, which in turn relies on cookies by default. If you don't need session state (because users don't logon etc) you can turn it off in the web.config file. Just add
<sessionState mode="Off">
under the
<system.web>
element.

Related

IIS Compression setting for batch request mime type 'multipart/mixed'

I have a web api service that accepts batch requests from a web app. I have defined the mime type 'multipart/*' to be compressed in the web.config but the response is not compressed. I'm not sure why it is not working as normal single requests (not sent as a multipart/mixed are compressed fine).
<httpCompression>
<dynamicTypes>
<clear />
<add enabled="true" mimeType="text/*" />
<add enabled="true" mimeType="application/javascript" />
<add enabled="true" mimeType="application/json" />
<add enabled="true" mimeType="multipart/*" />
<add enabled="false" mimeType="*/*" />
</dynamicTypes>
<staticTypes>
<clear />
<add enabled="true" mimeType="text/*" />
<add enabled="true" mimeType="application/javascript" />
<add enabled="true" mimeType="application/json" />
<add enabled="true" mimeType="multipart/*" />
<add enabled="false" mimeType="*/*" />
</staticTypes>
</httpCompression>
The actual response mime type starts with 'multipart/mixed' but varies depending on the boundary id appended to it.
Content-Type:multipart/mixed; boundary="0bb00cbc-234a-4264-87dc-60109719e79f"
The request is sending up an Accepted-Encoding header so I don't think the problem is there I think it is something to do with IIS match the mime type.
Any ideas would be awesome!
Thanks,
Jon
I also ran into this, and was able to get around this by using this NuGet package:
https://www.nuget.org/packages/Microsoft.AspNet.WebApi.MessageHandlers.Compression/
This also supports the compression of the batch responses.
Info on how to use it is on the github page:
https://github.com/azzlack/Microsoft.AspNet.WebApi.MessageHandlers.Compression

Compression in WebApi hosted on Azure

My Web Api is hosted on AzureWebsites and exposed through Azure Api management. I just wondering how the compression will be enabled in such scenario? Will it be something on azurewebsites or it should be done through Api management portal and HOW?
This should enable gzip on every IIS-compatible host:
<system.webServer>
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="application/*" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="application/*" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
</system.webServer>

Enable compression fontawesome-webfont.svg

I am always getting RED mark "enable compression for fontawesome-webfont.svg"
on https://developers.google.com/speed/pagespeed/insights/
Compressing resources with gzip or deflate can reduce the number of bytes sent over the network.
Enable compression for the following resources to reduce their transfer size by 175KiB (70% reduction).
Compressing /fonts/fontawesome-webfont.svg?v=4.0.3 could save 175KiB (70% reduction).
I already did IIS provided compression options:
Static files only
Dynamic application responses only
Both static files and dynamic application responses
By default, IIS doesn't map the MIME type for SVGs. You will have to update your Web.config to include the correct mappings for SVGs like so:
<system.webServer>
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/atom+xml" enabled="true" />
<add mimeType="application/xaml+xml" enabled="true" />
<add mimeType="*/*" enabled="false" />
<!-- HERE -->
<add mimeType="image/svg+xml" enabled="true" />
<add mimeType="application/font-woff" enabled="true" />
<add mimeType="application/x-font-ttf" enabled="true" />
<add mimeType="application/octet-stream" enabled="true" />
<!-- HERE -->
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>
For more details on this, check out this answer. To test whether compression is working or not, use the Chrome Developer Tools and check the HTTP response header contains the following:
Content-Encoding: gzip

Configuring IIS dynamic compression of Json

I'm having problems testing the dynamicCompression of my Json output. The Application is an MVC/WEBAPI5 application and the request I'm investigating is a Get WebAPI request.
Im getting Json back but its not being compressed.
I've followed the steps to configure dynamic compression of Json in IIS8 in How can I get gzip compression in IIS7 working?
as :
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="application/json; charset=utf-8" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/atom+xml" enabled="true" />
<add mimeType="application/xaml+xml" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
I have the compression module installed and i can see the following in the FailedRequestTracelog for this particular call:
You can see in my fiddler trace that it does seem to be a matching type despite it saying this is not the case in the FailedRequestTrace output.
Any ideas?
You can take a look at my below blog post on one way of doing compression in Web API.
http://blogs.msdn.com/b/kiranchalla/archive/2012/09/04/handling-compression-accept-encoding-sample.aspx
If you would like to use IIS for compression, take a look at the following post:
https://stackoverflow.com/a/17331627/1184056

HTTP Post filters out Content-Type "text/xml"

My page is written in ASP.Net, and our site runs IIS 7.5.
I'm trying to receive an Xml document from an outside source posting to a page in our website. I can send a test document from a web page and receive it, using Content-Type “application/x-www-form-urlencoded”. The sender's documents are Content-Type "text/xml." I have modified the web.config to try various things, all of which still give us a "blank" document from the sender. Is there some setting that I"m still missing that would cause this?
My web.config settings are:
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<sessionState mode="Off" cookieless="true" />
<httpRuntime requestValidationMode="2.0" enableVersionHeader="false" />
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="P3P" value="policyref='https://oursite/w3c/p3p.xml',CP='NON DSP COR CUR OUR IND PUR ONL PHY'" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="POST,GET" />
<add name="Access-Control-Allow-Headers" value="content-type:text/xml;charset=utf-8"/>
</customHeaders>
</httpProtocol>
<staticContent>
<mimeMap fileExtension=".aspx" mimeType="text/xml" />
<mimeMap fileExtension=".aspx" mimeType="application/x-www-form-urlencoded"/>
</staticContent>
<httpErrors errorMode="Detailed" />
<httpCompression>
<staticTypes>
<add mimeType="text/xml" enabled="true"/>
</staticTypes>
<dynamicTypes>
<add mimeType="text/xml" enabled="true"/>
</dynamicTypes>
</httpCompression>
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true" />
</requestFiltering>
</security>
</system.webServer>

Resources