I am converting my app from .net framework to .net core 2.1. Now I am facing two issues
1) In .net framework we could use HttpClientCertificate cert = Request.ClientCertificate; So how can we use Request.ClientCertificate in .net core.
2) In .net framework we could set location config like
<location path="MyPath">
<system.webServer>
<security>
<access sslFlags="Ssl.SslRequireCert,SslNegotiateCert,Ssl128" />
</security>
</system.webServer>
</location>
I want to use <access sslFlags="Ssl.SslRequireCert,SslNegotiateCert,Ssl128" /> in net core. How can I do these 2 things. Any help?
To access client certificate you can either:
use HttpContext.Connection.ClientCertificate property
get certificate using header: Request.Headers["X-ARR-ClientCert"]
To use sslFlags you have to add it in the web.config file (exactly like for the standard .NET Framework). webconfig file is auto-generated once you publish your app. Once you open it you can add
access sslFlags to it:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\IdentityServer4Demo.dll" stdoutLogEnabled="false" stdoutLogFile="\\?\%home%\LogFiles\stdout" />
</system.webServer>
</location>
<location path="account">
<system.webServer>
<security>
<access sslFlags="Ssl,SslNegotiateCert,SslRequireCert" />
</security>
</system.webServer>
</location>
<system.webServer>
<security>
<access sslFlags="SslNegotiateCert" />
</security>
</system.webServer>
</configuration>
Related
I'm exploring HTTP verbs like LINK and UNLINK. There is a simple website on IIS 10 for this purpose but looks like it doesn't allow these methods by default. I added a couple of rules in Request Filtering for verbs and still getting 405 error.
UPD
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<trace enabled="true" writeToDiagnosticsTrace="true" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<verbs>
<add verb="LINK" allowed="true" />
<add verb="UNLINK" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
</configuration>
I deployed my Asp Net Core 3.1 project on a server provided by a hosting company. Firstly, there was no problem with my project but my hosting company has changed IIS security options. Full trust option is converted to Medium. After that when I enter my web site I get 500 Internal Server Error. What can I do? How to change default Asp Core Trust options?
Error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
<?xml version="1.0" encoding="utf-8"?>
<location path="." allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal"
policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Medium" originUrl="" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed" />
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\admin.exe" arguments="" stdoutLogEnabled="false" hostingModel="InProcess" stdoutLogFile=".\logs\stdout">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
</environmentVariables>
</aspNetCore>
<!-- maxAllowedContentLength = 1GB (the value is in Bytes) -->
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>
</location>
EDIT
Hi again. When I enter the website a day later, I saw that my problem was solved. Why? Really, I don't know :)
I am using .net core 2.2, and when deploying IIS, the following error occurs.
I added permission for the file and also installed .net core sdk.
(SDK 2.1.811, .NET Core Runtime 2.1.23)
What causes these errors?
web.config file
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\JbeAdminApp.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
</system.webServer>
This is the first time I have launched an ISS Windows Server 2016 and an ASP.NET application.
Any clues on what is needed to be done to get this app running?
Here is my web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\Groliapp.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</location>
</configuration>
<!--ProjectGuid: 06d4355d-1388-4f21-88d8-c0b4afb3c673-->
Usually when you do not have the .NET Core Runtime installed in your server, this error could happen.
Did you already install the .NET Core Runtime in your server?
In case you did not installed yet, here is the link to download.
https://dotnet.microsoft.com/download/dotnet-core/current/runtime
I added the following to my web.config so users can not download my plugins:
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Plugins" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
Now I have the problem that not only domain.com/Plugins/MyPlugin.dll is blocked, but also domain.com/Scripts/ckeditor/plugins/ckplugin.js.
Is there a way to configure a hiddenSegment to only affect the root directory?
I solved this via a web.config inside my plugins folder, where I block *.dll files from being downloaded:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="Plugins*.dll_*" path="*.dll" verb="*" type="System.Web.HttpForbiddenHandler" />
<add name="Plugins*.pdb_*" path="*.pdb" verb="*" type="System.Web.HttpForbiddenHandler" />
</handlers>
</system.webServer>
</configuration>
I've made some additional modifications on top of Christoph's answer to suite my use case, but I will leave this here for future references.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!-- Make sure this directory cannot be served. -->
<location path="Plugins"> <!-- Change this to your path -->
<system.webServer>
<handlers>
<add name="DisallowServe" path="*.*" verb="*" type="System.Web.HttpNotFoundHandler" /> <!-- Return 404 instead of 403 -->
</handlers>
</system.webServer>
</location>
</configuration>