Azure Web App - adding basic auth through applicationHost.xdt? - iis-7

I have an Azure Web App with basic authentication configured for non-PROD environments inside web.config, like below:
<configSections>
<section name="basicAuth" type="Devbridge.BasicAuthentication.Configuration.BasicAuthenticationConfigurationSection" />
</configSections>
<basicAuth allowRedirects="true">
<credentials>
<add username="username" password="password"/>
</credentials>
</basicAuth>
<system.webServer>
<modules>
<add name="MyBasicAuthenticationModule" type="Devbridge.BasicAuthentication.BasicAuthenticationModule"/>
</modules>
<!-- the rest of the web.config follows -->
Everything works fine, but whenever we do a PROD deployment with changes to web.config, a manual change to the file is required to disable basic auth (as mentioned, we need it on non-prod only).
So I wonder - is there a way to enable basic authentication with applicationHost.xdt file? Since this is a file that is not changed very often, it would make our life easier.
I already checked the IIS Manager extension, but don't see anything that would allow me to make this work. Any hints are appreciated!
UPDATES - adding my web.config (that I'd like to update with applicationHost.xdt)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

According to your description, I assumed that you are using DevBridge Azure Power Tools which supports basic authentication for Windows Azure websites. I followed this project Devbridge.BasicAuthentication.Test to test XDT Transform on my side. I could make it work on my side, you could refer to it.
1.Create a Release-dev configuration
Click "Build > Configuration Manager", add a new configuration for the web project.
2.Add a web configuration file named Web.Release-dev.config and configuration the content as follows:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<!--make sure the configSections is the first child element under configuration-->
<configSections xdt:Transform="InsertBefore(/configuration/*[1])" />
<configSections xdt:Locator="XPath(/configuration/configSections[last()])">
<section name="basicAuth" type="Devbridge.BasicAuthentication.Configuration.BasicAuthenticationConfigurationSection" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
</configSections>
<configSections xdt:Transform="RemoveAll" xdt:Locator="Condition(count(*)=0)" />
<basicAuth allowRedirects="true" xdt:Transform="InsertAfter(/configuration/configSections)">
<credentials xdt:Transform="InsertIfMissing">
<add username="test" password="test" xdt:Transform="InsertIfMissing"/>
</credentials>
</basicAuth>
<system.webServer xdt:Transform="InsertIfMissing">
<modules xdt:Transform="InsertIfMissing">
<add name="MyBasicAuthenticationModule" type="Devbridge.BasicAuthentication.BasicAuthenticationModule" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
</modules>
</system.webServer>
</configuration>
Note: You could refer to Xdt transform samples. Also, you could follow this official document about the syntax of xdt:Transform and xdt:Locator attributes that you use in your Web.config transform files.
3.Publish the web project by using the release-dev configuration:
4.Check the deployed web.config file via KUDU:
Browser the site, you could see the following screenshot:
UPDATE
For a workaround, I assumed that you could exclude web.config file from your git repository. And add the web.config file under "D:\home\site\wwwroot" and Devbridge.BasicAuthentication.dll under "D:\home\site\wwwroot\bin" for your DEV and QA environment to enable basic auth as follows:

Related

iis reverse proxy showing error 404 for services

I have Asp.net MVC 4 Application with WCF services. Project is hosted in iis Production Server P125 (10.10.10.125), there are few other sites hosted in same server. Our Web / Front End Server is working as Reverse proxy for production server (Url Rewrite and Application Request Routing installed) As,
185.132.x.x is public ip of Web Server acting as reverse proxy only (Windows Server 2016).
Our application is hosted at port 8899 of Application server ip 10.10.10.125
185.132.x.x:8080 <= reverse proxy => 10.10.10.125:8899
Website is working fine, all the pages/actions are working fine of MVC application, except the services (rest.svc , winact.svc)
whenever we hit 185.132.x.x:8080/rest.svc its showing error :
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /rest.svc
I dont know why ?
all our services are showing same error, while the services are working fine with 10.10.10.125:8899/rest.svc on local network as well as from the WebServer itself.
On remote login to WebServer(185.132.x.x) and browsing/accessing the application and services (.svc) via 10.10.10.125:8899, its working fine.
I am using the Reverse Proxy as :
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://10.10.10.125:8899/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
After spending 48 hours i have figured out that, configuring serviceHostingEnvironment resolved the issue of services (.svc) and my Web.config on WebServer(185.132.x.x) is like :
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off"/>
<compilation debug="false" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5" />
<pages>
<namespaces>
<add namespace="System.Web.Helpers"/>
<add namespace="System.Web.Mvc"/>
<add namespace="System.Web.Mvc.Ajax"/>
<add namespace="System.Web.Mvc.Html"/>
<add namespace="System.Web.Optimization"/>
<add namespace="System.Web.Routing"/>
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://10.10.10.125/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

ASP.NET WebSite SSL with Visual Studio 2015

I'm currently working on a ASP.NET WebSite Security Project in School.
My objective is to start up my website with the URL of HTTPS, securing it with SSL.
I have been researching high and low over the net for guidance on how to properly enable SSL.
I'm using VISUAL STUDIO 2015 , and i have seen that the project properties can automatically enable SSL and then create a self-signed certificate.
I have actually gotten my website to be running at a URL - https://localhost:443/Example.aspx
It worked.. Then i played around with it here and there and i realised it requires VS 2015 to be run as administrator for it to work..
But i'm not sure if i'm setting up the SSL properly..
My queries are actually..
How do i properly set up SSL for my project using self signed certificate, with makecert to create a localhost certificate and assigning port 443 via IIS (Default WebSite bindings) ?
How do i set the start up URL to be HTTPS?
Do i have to enabled SSL for my project?
For query 2, i have actually researched, and many stated that, right clicking on my project then Property Pages -> Start Options -> Configure from there.
But this is actually what i get..
I tried playing around with the Start URL but it doesn't work at all.. I think maybe IIS is preventing it from working.. And i know there must be of something that i'm doing wrongly.. And i compared the Property Pages window and it's different from what i see from others..
Query 3,
These are the codes i used for my Web.Config file.
<system.webServer>
<!--<modules runAllManagedModulesForAllRequests="true" >
<remove name="UrlRoutingModule"/>
</modules>-->
<modules>
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules>
</system.webServer>
Inside my applicationhost.config file
<site name="FinancialHub" id="2">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="C:\Users\Dom\Documents\Visual Studio 2015\WebSites\FinancialHub" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:6868:localhost" />
<binding protocol="https" bindingInformation="*:443:localhost" />
</bindings>
</site>
Might have more queries along the way.. All i can think of now is the foundation and fundamentals which i have done wrongly i presume..
Everything is messy.. I sincerely apologise.. I tried my best to search for what i can but to no avail..
Really appreciate any procedural help..
In Web.Config:
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" enabled="True">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="Off"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
</rule>
</rules>
</rewrite>
</system.webServer>

IIS prohibit direct access to images

I have one website created in IIS and the root web-share has some sub-folders for stroring images, css, js files which the pages are using. However, user is able to access the images if they know the image name (http://hello.com/images/abc.jpg).
Is there any way to disable direct access of resources ? Please note that I have just started learning asp.net, so it will be great if the answers could be a bit descriptive.
I have come to know about the URL rewrite method but just how could not get it to work.
EDIT: I put this web.config in my images folder and now its doing the opposite, blocking images on pages and allowing them directly.
Any help is appreciated.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
<system.webServer>
<rewrite>
<rules>
<rule name="RequestBlockingRule1" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*\.(gif|jpg|png)$" />
<conditions>
<add input="{HTTP_REFERER}" pattern="^$" negate="true" />
<add input="{HTTP_REFERER}" pattern=" http://iolab023/.*" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
If you want to prevent direct access to context (from a client/browser), you can use the configuration section to block it. In your web.config at the root of your site, you can use this configuration to disable "images" subdir from being accessed. If you look at your applicationhost.config you'll see this section is already configured to prevent access to the "bin" folder directly by clients. You just need to add "images" to that list, either in applicationhost.config or in a web.config like below.
(if you don't see any configuration at all in applicationhost.config, that means you'll need to install requestFiltering feature in IIS using "add/remove programs" or Web Platform Installer).
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments applyToWebDAV="true">
<add segment="images" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>

Set header from URL Rewrite on Azure Websites - AppCmd or applicationhost.config?

I'd like to set a request header (HTTP_HOST to be precise) from Web.config, using the IIS URL Rewrite module, on Azure Websites. Basically I'd like to have something like this in my site's Web.config:
<system.webServer>
<rules>
<clear />
<rule name="My rule" enabled="true">
<match url=".*" />
<serverVariables>
<set name="HTTP_HOST" value="my value" />
</serverVariables>
<action type="None" />
</rule>
This results in an error that HTTP_HOST is not allowed to be set. This is normal and with standard IIS the next step would be to add HTTP_HOST to the <allowedServerVariables> element to applicationhost.config directly or through AppCmd. However I couldn't find any hints on being able to access this config somehow.
Is it possible to somehow modify the apphost config, or add allowed server variables somehow else?
It is possible to alter Azure's ApplicationHost.config by applying xdt transformations.
Upload the file to the /site and restart your site for the changes to to take effect:
ApplicationHost.xdt
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_HOST" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
See also:
https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
http://azure.microsoft.com/nl-nl/documentation/articles/web-sites-transform-extend/
Expanding on Joris' answer, you should use xdt:Transform="InsertIfMissing" and xdt:Locator="Match(name)" otherwise it won't work the way you expect it to (here's an example of it not working as-expected, and another example).
So your applicationHost.xdt should look like this:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>

asp.net url rewriting with IIS integrated pipeline mode

I am new to ASP.NET. I created a web application and decided to use url rewriting. I tried several solutions like http://urlrewriting.net and http://urlrewriter.net/index.php/support/configuration
These solutions worked fine on my localhost. But when I uploaded it to a shared hosting service provider, all my web pages get 500 internal server errors.
THe web hosting provider told me HttpModules and HttpHandlers are incompatible with IIS Integrated Pipeline mode. They said I'm supposed to move my settings into system.webServer...I tried doing that but must have messed up somewhere because I now get 404 errors. Can someone tell me how to get url rewriting to work for my scenario? Here's what my original web.config looks like:
<configSections>
<section name="urlrewritingnet"
restartOnExternalChanges="true"
requirePermission ="false"
type="UrlRewritingNet.Configuration.UrlRewriteSection,
UrlRewritingNet.UrlRewriter" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.0"></compilation>
<httpModules>
<add name="UrlRewriteModule"
type="UrlRewritingNet.Web.UrlRewriteModule, UrlRewritingNet.UrlRewriter" />
</httpModules>
</system.web>
<urlrewritingnet
rewriteOnlyVirtualUrls="true"
contextItemsPrefix="QueryString"
defaultPage = "default.aspx"
defaultProvider="RegEx"
xmlns="http://www.urlrewriting.net/schemas/config/2006/07" >
<rewrites>
<add name="Rewrite" virtualUrl="^~/([^\/]+)/(\d+)$"
rewriteUrlParameter="ExcludeFromClientQueryString"
destinationUrl="~/$1.aspx?id=$2"
ignoreCase="true" />
<add name="Rewrite" virtualUrl="^~/(search|administrator|Default|logout)$"
rewriteUrlParameter="ExcludeFromClientQueryString"
destinationUrl="~/$1.aspx"
ignoreCase="true" />
</rewrites>
</urlrewritingnet>
I think what they are saying is
1) You have to use the rewriter in .NET
2) You have to set it up to use the URL Rewriter, which sits under system.webServer, not system.web.
If I am correct, they are using the URL Rewriter: http://www.iis.net/download/urlrewrite
NOTE: They may not allow your custom HTTP handler (yes, I know it is a published third party, but ISPs are funny like that).

Resources