Environment:
asp.net core app
IIS
I want to map these two urls to different iis website with different application pools.
These two websites have the same domain e.g example.com but the only different part is after slash i want another websites handles file upload because of the time needed the connection to be open and so on
- http://example.com
- http://example.com/upload
so that i can do something like this in web.config in just the second url
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="52428800" />
</requestFiltering>
</security>
or as my app is an asp.net core app be able to increase request time out
<aspNetCore processPath=".\abc.exe" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" requestTimeout="00:10:00" />
is the above solution is logical?
how can i achieve having these two bindings?
are there any other solutions for handling such scenario when an upload for security concerns and other reasons need to be separated from other part of the web app?
They can't be different websites (as listed in IIS Manager) but they can be different app pools.
In IIS Manager, right-click on the subfolder ("upload") and click "Convert to Application". Then you can assign it to whichever app pool you like.
If it is not a subfolder of the site already, then you can right-click the root of the website and click 'Add Application'. Then select the name ("upload"), the app pool, and the physical path where the files are.
Related
I have built an ASP.NET Core Web API in Visual Studio 2017 using the Web API template. When I test it during development it runs using IIS Express and works as expected. The index.html file is served from the wwwroot folder, makes some AJAX requests to the ASP.NET server which makes some HTTP requests to a third party API to obtain some data which is eventually returned to the browser. No datbase involved. I tried to publish to IIS so that another person at my company can use it locally on their machine (which will have IIS running). I published through Visual Studio 2017's publisher:
Right click on project and publish to IIS (following directions from this tutorial: https://learn.microsoft.com/en-us/aspnet/web-forms/overview/deployment/visual-studio-web-deployment/deploying-to-iis)
When I publish, a web page opens with the URL I put as the destination URL:
localhost/ProjectName
but I get this error: HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
There is not config error identified on that screen.
Here's what my web.config looks like:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule"
resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\StandardsGenerator.dll"
stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</configuration>
<!--ProjectGuid: 78162755-cd01-4a5c-8863-1087bd7f6f8f-->
Is there something wrong with this configuration? If anyone can point to resources that describe what should be in a web.config file that may be helpful.
Also, when I publish the app and navigate to localhost/ProjectName I expect an index.html file to be served from the wwwroot directory. In my test environment I configured this in my LaunchSettings.json. Where do I configure the start page for a published app?
Regarding 500.19 errors, there are multiple reasons why you could encounter this error. To troubleshoot this further, please enable detailed errors for this application from IIS. To do so, launch IIS, select the specific website. Open Error pages section in the center panel. Right click on the page and select "Edit Feature Settings". Choose "Detailed errors" here. You can also follow this blog which speaks on the same lines - https://blogs.msdn.microsoft.com/rakkimk/2007/05/25/iis7-how-to-enable-the-detailed-error-messages-for-the-website-while-browsed-from-for-the-client-browsers/
Reproduce the issue and share the error message here. IIS generally gives out which module/configuration needs tweaking.
To answer your second question regarding start page, Select the website, click on "Default Document" and add the "index.html" page here and move it to top. This way, whenever the user accesses your website, he will see the index.html first.
Pretty new to .NET Core, and am trying to understand how everything works together when using IIS integration.
A couple of questions: If I want my site to run over HTTPS, do i need to configure my WebBuilder with a certificate, or should i be selecting HTTPS on the binding in IIS manager, or both?
Does the UseUrls WebBuilder method also instruct IIS what port is should listen on? How does IIS know which port it should talk to the .NET Core application on?
When you host your .NET Core app behind IIS, IIS is acting as a reverse proxy to Kestrel web server. IIS will receive the HTTP request and pass it to Kestrel, the magic happen inside a new IIS module called AspNetCoreModule that you have to install on your server. As usual, to configure your IIS application you'll be using a web.config file in which you'll find a description of how IIS is interacting with your app: timeouts, pathes of the application, environment variables and so on... For instance, mine look like that:
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
</handlers>
<aspNetCore
requestTimeout="00:20:00"
processPath="%LAUNCHER_PATH%"
arguments="%LAUNCHER_ARGS%"
stdoutLogEnabled="false"
stdoutLogFile=".\logs\stdout"
forwardWindowsAuthToken="true">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="development" /> <!-- value could be "development", "staging" or "production"-->
</environmentVariables>
</aspNetCore>
</system.webServer>
The reason why you want to set it up that way is that Kestrel is a very light weight and nervous web server but it's missing a layer of applicative features that IIS can add up: Windows authentication via Kerberos, restarting the app in case of a crash, pool management...
I like a lot this article regarding this topic: https://weblog.west-wind.com/posts/2016/Jun/06/Publishing-and-Running-ASPNET-Core-Applications-with-IIS
For HTTPS, it's enough to configure IIS to listen on a secure HTTPS port and to define the certificate only on IIS.
UseUrls() won't be taken into account by IIS, it will work the other way around, IIS will tell your app on which port it should be listening to, UseUrls() will be taken into account if you launch your app directly.
I'm using ASP.NET Core RC1 as server to host my Aurelia app. My app was working just fine but the last couple of weeks something changed so that the app does no longer load when hosted on Azure. I'm not sure if it is something I changed or if it's a change on the Azure side but I'm leaning towards the latter.
I've narrowed down the problem quite a bit. The app runs fine locally, with ASP.NET Core Kestrel server and also other servers (e.g. webpack-dev-server). I have continuous deployment setup from Visual Studio Team Services to an Azure Website. The app is published and a web.config is automatically created in my wwwroot:
<configuration>
<system.webServer>
<handlers>
<add name="httpplatformhandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
</handlers>
<httpPlatform processPath="%home%\site\approot\web.cmd" arguments="" stdoutLogEnabled="true" stdoutLogFile="\\?\%home%\LogFiles\stdout.log"></httpPlatform>
</system.webServer>
</configuration>
Nothing happens when I navigate to my site, e.g. http://demo.azurewebsites.net/. When looking at the console I get a 404. Once I actually got this error but I can't seem to bring it back: 502 - Web server received an invalid response while acting as a gateway or proxy server
I have index.html set as default document but it is not loading. If I enter it explicitly, the app works: http://demo.azurewebsites.net/index.html
If I remove the httpplatformhandler from the web.config, then it works as expected (index.html is loaded automatically). The same happens when I remove the web.config entirely. In these cases the MVC 6 WebAPI behind the scenes does not work at all. I assume that's just logical since I remove the platform handler.
So, why is this httpplatformhandler added? Is it necessary? Why is it created? Is there some setting in the Azure portal that I can adjust to prevent this handler to be configured like this?
I also found this link that seems to suggest that things are changing and that this httpplatformhandler is about to be replaced: Closer Look: Hosting ASP.NET Core on Azure App Service
I'm out on deep water here and any and all help is appreciated.
To get default document support with the static file server middleware you need to use app.UseFileServer() instead of app.UseStaticFiles()
There are two websites under the Default Web Site in IIS 6. The same code is deployed to both. An asp.net 4.0 web application with an httphandler.
On both websites the the mappings in the configuration settings are added.
The web.config files for both are also configured.
<handlers>
<add name="CAHandler" verb="*" path="*.handler" type="Namespace.CAHandler" />
<add name="CAHandler2" verb="*" path="calink.dll" type="Namespace.CAHandler" />
</handlers>
On the one website the handler returns "The connection was reset. The connection to the server was reset while the page was loading." error. Firefox error message.
Only difference i see with websites on IIS is the working one has the option - Under the directory tab - The content for this source should come from options, the working site has "The designated directory" option selected and a relative path to folder.
The non working one has "A directory located on this computer" and the path is absolute.
Please help.
The application folders in ASP.NET are used for storing various elements critical to running a website. I want to get a handle on understanding these folders in more depth, specifically the folder accessibility. According to the article on ASP.NET Web Site Layout:
The content of application folders,
except for the App_Themes folder, is
not served in response to Web
requests, but it can be accessed from
application code.
Any browser request to these folders results in a "404 - Page Not Found."
So what prevents folders like App_Code, App_Data, App_WebReferences, bin, etc. from being served to users? Is it an IIS hard coded "don't serve this folder?" Is it a permissions configuration? And is there anyway to knowingly/unknowingly circumvent this?
On my IIS7.5 config, found at C:\Windows\System32\inetsrv\config\applicationHost.config there is this section:
<hiddenSegments applyToWebDAV="true">
<add segment="web.config" />
<add segment="bin" />
<add segment="App_code" />
<add segment="App_GlobalResources" />
<add segment="App_LocalResources" />
<add segment="App_WebReferences" />
<add segment="App_Data" />
<add segment="App_Browsers" />
</hiddenSegments>
See also IIS Documentation.
In IIS7 on Windows Server 2008, ASP.NET is more tightly integrated into the entire processing pipeline, so I would imagine that in IIS7, it is very easy for ASP.NET to say "No, I'm not going to touch that."
In IIS6, IIS itself has very little direct knowledge of IIS, instead, it's all controlled through the ISAPI configuration.
In the IIS6 IIS Manager, right click a website, get Properties, go to the Home Directory tab, and then click Configuration in the lower right. This shows the ISAPI application extensions and what is done for each one.
For all the ASP.NET extensions (aspx, ascx, config, browser, a ton of others) it specifies handling to be done by C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
The ASP.NET system then has registered handlers for each of these file types defined in the global machine.config and/or web.config files at C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG
For instance, in the global web.config file, under httpHandlers element:
<add path="*.ascx" verb="*" type="System.Web.HttpForbiddenHandler" validate="true"/>
So it is not just these special folders, but many types of files, but many types of reserved files that are disallowed from browsing.
The .net framework itself intercepts requests to these folders (along with a bunch of other file types that you should be allowed to browse) and returns a 404 to IIS, which then gets passed back to the browser as "404 - Page Not Found".
So it doesn't happen at the permissions level, or even the IIS level. It's inside the framework -- probably in one of the HttpHandlers in the global web.config.
If you look in there, you can see a ton of file extensions that are explicitly configured to not be served. Presumably you could tweak the settings and cause it to serve, say, web.config files as xml (which is different than the usual behavior of saying that this file type is not served).
It's worth noting that I don't specifically see any of the special folders (app_code, etc) mentioned in the global web.config file. Maybe it's handled inside other HttpHandlers -- for instance, the handler for .aspx might contain some code that prevents serving of .aspx files located in special folders, etc.