I'm trying to get a handler to be called for the site root request by the browser, i.e. http://my.example.com. Given the code below, if I call /Test, the handler works as expected, but without that, I get the HTTP Error 403.14 - Forbidden (directory browsing isn't allowed).
Windows Server 2012-R2 / IIS 8.5
There is no MVC involved
ScriptModule-4.0 module is inherited so extensionless works
Similar to this question from 2012 that was never properly answered
Generic handler is given as an example...could also be a Soap Web Service
I've tried various combinations of slashes and asterisks for the handler path without success.
Generic handler:
Public Class Test
Implements IHttpHandler
Public Sub ProcessRequest(Context As HttpContext) _
Implements IHttpHandler.ProcessRequest
With New StringBuilder
.AppendLine("<html>")
.AppendLine("<head>")
.AppendLine("<title>Test</title>")
.AppendLine("</head>")
.AppendLine("<body>")
.AppendLine("<p>Hello World</p>")
.AppendLine("</body>")
.AppendLine("</html>")
Context.Response.Write(.ToString)
End With
End Sub
End Class
...and in web.config I have the following:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation strict="false" explicit="true" debug="true" targetFramework="4.5.2" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<system.webServer>
<handlers>
<add verb="*" name="Test" type="MyApp.Test" path="Test" />
</handlers>
<defaultDocument enabled="true">
<files>
<clear />
<add value="Test" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
The solution I came up with, but I'm open to other ideas.
In web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation strict="false" explicit="true" debug="true" targetFramework="4.5.2" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<httpRuntime targetFramework="4.5.2" />
<!-- Required for Web Services via Handlers -->
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
</system.web>
<system.webServer>
<handlers>
<add verb="GET,POST" name="Test" type="MyApp.Test" path="Test" />
</handlers>
<modules>
<add name="AppModule" type="MyApp.AppModule" />
</modules>
<defaultDocument enabled="false" />
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>
And then added the AppModule class where I evaluate HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath and do a HttpContext.Current.RewritePath so the handler defined above will pick it up.
my.example.com
my.example.com/AnyFolder/MyApplication
Matching for "~/" works if the web app is at the site root in IIS or is set up as an app within a site:
Public Class AppModule
Implements IHttpModule
Friend WithEvents WebApp As HttpApplication
Public Sub Init(ByVal HttpApplication As HttpApplication) _
Implements IHttpModule.Init
WebApp = HttpApplication
End Sub
Private Sub WebApp_BeginRequest(sender As Object, e As EventArgs) _
Handles WebApp.BeginRequest
With HttpContext.Current
If .Request.AppRelativeCurrentExecutionFilePath = "~/" Then .RewritePath("~/Test")
End With
End Sub
Public Sub Dispose() _
Implements IHttpModule.Dispose
Throw New NotImplementedException()
End Sub
End Class
Related
I am using ASP.NET Forms Authentication with an activation email. I have gotten the registration to work, which adds the user to the database and sends the activation email, the email is sent to the user and the click on it and are activated. I am able to login with the correct crednetials, but everytime- it just redirects to default.aspx at the root of my project. I tried adding links to pages in the sub directory allowed for that role- but it just brings you back to the login page. When you login again- it just goes back to default.aspx
Here is the code on login.aspx.vb
Imports System.Data
Imports System.Configuration
Imports System.Data.SqlClient
Imports System.Web.Security
Imports Microsoft.VisualBasic
Imports System
Partial Class login
Inherits System.Web.UI.Page
Protected Sub ValidateUser(sender As Object, e As AuthenticateEventArgs) Handles Login1.Authenticate
Dim userID As Integer = 0
Dim roles As String = String.Empty
Session("roles") = Nothing
Using con As New SqlConnection("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\BandDatabase.mdf;Integrated Security=True")
Using cmd As New SqlCommand("Validate_User")
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("#Username", Login1.UserName)
cmd.Parameters.AddWithValue("#Password", Login1.Password)
cmd.Connection = con
con.Open()
Dim reader As SqlDataReader = cmd.ExecuteReader()
If reader.Read() Then
userID = Convert.ToInt32(reader("UserId"))
roles = reader("RoleName").ToString()
Session("roles") = roles
End If
con.Close()
End Using
Select Case userID
Case 1
Login1.FailureText = "Username and/or password is incorrect."
Exit Select
Case 2
Login1.FailureText = "Account has not been activated."
Exit Select
Case Else
Dim ticket As New FormsAuthenticationTicket(1, Login1.UserName, DateTime.Now, DateTime.Now.AddMinutes(2880), Login1.RememberMeSet, roles,
FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)
If ticket.IsPersistent Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
Response.Redirect(FormsAuthentication.GetRedirectUrl(Login1.UserName, Login1.RememberMeSet))
Exit Select
End Select
End Using
End Sub
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
If Not Me.IsPostBack Then
If Me.Page.User.Identity.IsAuthenticated Then
FormsAuthentication.SignOut()
Response.Redirect("~/login.aspx")
Else
Session.Abandon()
Session.Clear()
End If
End If
End Sub
End Class
Here is the web config (root of project- I read something about having to put a web config in each directory)
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/login.aspx" slidingExpiration="true" timeout="2880">
</forms>
</authentication>
</system.web>
<!--https://www.codeproject.com/Articles/2905/Role-based-Security-with- Forms- Authentication-->
<location path="Admin">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Judges">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Judge" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Students">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Student" />
<deny users="*" />
</authorization>
</system.web>
</location>
Here is the directory structure...
directory structure
Full web config...
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ChartImageHandler" />
<add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
</handlers>
</system.webServer>
<connectionStrings>
<add name="Database" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True"
providerName="System.Data.SqlClient" />
<add name="BandDatabaseConnectionString" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\BandDatabase.mdf;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<httpHandlers>
<add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
validate="false" />
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91"
validate="false" />
</httpHandlers>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting" assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</controls>
</pages>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5">
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
</buildProviders>
</compilation>
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/login.aspx" slidingExpiration="true" timeout="2880">
</forms>
</authentication>
</system.web>
<!--https://www.codeproject.com/Articles/2905/Role-based-Security-with-Forms-Authentication-->
<location path="Admin">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Admin, Student, Judge" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="Judges">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Judge" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="Students">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Student" />
<deny users="?" />
</authorization>
</system.web>
</location>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
<add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" />
</appSettings>
<system.net>
<mailSettings>
<smtp deliveryMethod="Network" from="people#overthere.com">
<network host="localhost" userName="" password="" defaultCredentials="true" />
</smtp>
</mailSettings>
</system.net>
</configuration>
Web.config tells you where the login redirects to (Default.aspx):
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx"
loginUrl="~/login.aspx"
slidingExpiration="true" timeout="2880">
</forms>
</authentication>
i have a login page that uses the web.config to redirect to the default page.
i also use a separate login control on certain pages that redirects to the page they're on.
note: if a user is not allowed on the page/directory they're trying to log in on, they are automatically redirected to the default page.
I just created a basic Web Controller in my project. I hit debug and try to browse to /api/duedate and I get a 404. I am new to controllers and have been looking at every tutorial I can find. None of them say I need to add anything more to get this to work.
Imports System.Net
Imports System.Web.Http
Public Class DueDateController
Inherits ApiController
' GET api/duedate
Public Function GetValues() As IEnumerable(Of String)
Return New String() {"value1", "value2"}
End Function
' GET api/duedate/5
Public Function GetValue(ByVal id As Integer) As String
Return "value"
End Function
' POST api/duedate
Public Sub PostValue(<FromBody()> ByVal value As String)
End Sub
' PUT api/duedate/5
Public Sub PutValue(ByVal id As Integer, <FromBody()> ByVal value As String)
End Sub
' DELETE api/duedate/5
Public Sub DeleteValue(ByVal id As Integer)
End Sub
End Class
My web.config looks like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="webPages:Version" value="2.0"/>
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers></system.webServer>
</configuration>
I believe you need to add a route.
Routing in VB
If you read the last comment in this thread it should show you how to add routing to your app.
To help anyone else out and to simplify having to read through that long post. You need to create and modify your global.asax file to include this:
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
RouteTable.Routes.MapHttpRoute("WebApi1",
"api/{controller}/{id}",
defaults:=New With {.id = System.Web.Http.RouteParameter.Optional})
End Sub
When a video request is handled by the HTTP Module (code below) such as /website/uploads/Video/M2U00001_2.mp4 the _context.User is null.
When I run this in VS2010 on my local machine using the Visual Studio Development server _context.User is set. After I deploy to IIS 7 (.net 4.0) _context.User is Null.
'_context.User' is not Null when the http module processes an aspx page but it is Null when processing javascript, images, videos or CSS.
Can anyone explain why _context.User is null and possible solutions that will ensure _context.User is not null.
public Class VideoSecurityModule
Implements IHttpModule
Private WithEvents _context As HttpApplication
Public Sub Dispose() Implements IHttpModule.Dispose
End Sub
Dim myUserManager As UserManager
Public Sub Init(ByVal context As HttpApplication) Implements IHttpModule.Init
_context = context
myUserManager = New UserManager
End Sub
Public Sub OnAuthorizeRequest(ByVal source As Object, ByVal e As EventArgs) Handles _context.PostAuthenticateRequest
Const networkAuthenticationRequiredStatusCode As Integer = 511
Try
If IsVideoUrl() Then
If _context.User Is Nothing Then
LogManager.WriteMessage("_context.User is nothing:", "")
End If
Dim userId As Integer = myUserManager.GetUserIdByUserName(_context.User.Identity.Name)
If (UserRequiresAuthorization(userId)) Then
If Not UserIsAssignedToCourseContainingVideo(userId) Then
LogAccessDeniedMessage()
_context.Response.StatusCode = networkAuthenticationRequiredStatusCode
_context.Response.ClearContent()
_context.Response.Write("UnAuthorized User")
_context.Response.End()
End If
End If
End If
Catch ex As Exception
LogManager.WriteException(ex, "")
End Try
End Sub
End Class
To ensure that _context.User is set add the runAllManagedModulesForAllRequests="true" to the modules section of the web.config like below.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="ScriptModule" />
<remove name="RadUploadModule" />
<remove name="RadCompression" />
<remove name="VideoSecurityModule" />
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode,runtimeVersionv2.0" />
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode,runtimeVersionv2.0" />
<add name="VideoSecurityModule" type="LMS.VideoSecurityModule"/>
</modules>
I have jquery call an asp.net webservice with an integer.
On our legaacy application which was ported to .net 4.0 I cannot get this call to work.
I can call a method which has no parameters but sending data to the web method returns the following error:
System.InvalidOperationException: Request format is invalid: application/json; charset=UTF-8.
at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
I created exactly the same code in a blank project and it worked fine. I couldnt see anything in the web.config that the blank project added that would make a difference.
the Jquery Code
$.ajax({
type: "POST",
url: "/WebService1.asmx/Test",
data: JSON.stringify({"code": 1234}),
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (msg) {
alert(msg);
}
});
My Web Service Code
<ScriptService()> _
<WebService(Namespace:="http://tempuri.org/")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<ToolboxItem(False)> _
Public Class WebService1
Inherits WebService
<WebMethod()>
Public Function Test(ByVal code As Integer) As String
Return "success"
End Function
<WebMethod()>
Public Function Hello() As String
Return "hello"
End Function
End Class
Web Config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings>
</appSettings>
<connectionStrings>
</connectionStrings>
<system.web>
<httpRuntime enableVersionHeader="false" />
<httpCookies httpOnlyCookies="true" requireSSL="false" lockItem="true" />
<trace enabled="false" pageOutput="true" requestLimit="40" localOnly="true"/>
<httpModules>
</httpModules>
<compilation debug="true" strict="true" explicit="true" targetFramework="4.0">
</compilation>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
</pages>
<authentication mode="Forms">
<httpHandlers>
</httpHandlers>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
</modules>
<handlers>
</handlers>
<httpErrors errorMode="Custom" >
</httpErrors>
</system.webServer>
</configuration>
DOH, I was working in the wrong web.config.
Like a lot of questions on SO the solution was to add the following.
<system.webServer>
<handlers>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>
</system.webServer>
I had the same problem and ending up running this command...
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i
Note that you will need your command prompt in Administrator mode for it to work.
Is there any section or code which allows us to set default page in web.config?
For example, when people first visit my website, I want them to see CreateThing.aspx rather than Default.aspx.
The solutions I already know:
Put this line of code => Response.Redirect("CreateThings.aspx") in Default.aspx Page_Load event but this method is really naive.
We can use IIS (default page configuration,) but I wanna do the same thing over on my ASP.NET application.
This could be another solution for now:
<defaultDocument>
<files>
<clear />
<add value="Default.aspx" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
</files>
</defaultDocument>
If using IIS 7 or IIS 7.5 you can use
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="CreateThing.aspx" />
</files>
</defaultDocument>
</system.webServer>
https://learn.microsoft.com/en-us/iis/configuration/system.webServer/defaultDocument/
Tip #84: Did you know… How to set a Start page for your Web Site in Visual Web Developer?
Simply right click on the page you want to be the start page and say "set as start page".
As noted in the comment below by Adam Tuliper - MSFT, this only works for debugging, not deployment.
Map default.aspx as HttpHandler route and redirect to CreateThings.aspx from within the HttpHandler.
<add verb="GET" path="default.aspx" type="RedirectHandler"/>
Make sure Default.aspx does not exists
physically at your application root.
If it exists physically the
HttpHandler will not be given any
chance to execute. Physical file
overrides HttpHandler mapping.
Moreover you can re-use this for pages other than default.aspx.
<add verb="GET" path="index.aspx" type="RedirectHandler"/>
//RedirectHandler.cs in your App_Code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
/// <summary>
/// Summary description for RedirectHandler
/// </summary>
public class RedirectHandler : IHttpHandler
{
public RedirectHandler()
{
//
// TODO: Add constructor logic here
//
}
#region IHttpHandler Members
public bool IsReusable
{
get { return true; }
}
public void ProcessRequest(HttpContext context)
{
context.Response.Redirect("CreateThings.aspx");
context.Response.End();
}
#endregion
}
If you are using forms authentication you could try the code below:
<authentication mode="Forms">
<forms name=".FORM" loginUrl="Login.aspx" defaultUrl="CreateThings.aspx" protection="All" timeout="30" path="/">
</forms>
</authentication>
if you are using login page in your website go to web.config file
<authentication mode="Forms">
<forms loginUrl="login.aspx" defaultUrl="index.aspx" >
</forms>
</authentication>
replace your authentication tag to above (where index.aspx will be your startup page)
and one more thing write this in your web.config file inside
<configuration>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="index.aspx" />
</files>
</defaultDocument>
</system.webServer>
<location path="index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
You can override the IIS default document setting using the web.config
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="DefaultPageToBeSet.aspx" />
</files>
</defaultDocument>
</system.webServer>
Or using the IIS, refer the link for reference http://www.iis.net/configreference/system.webserver/defaultdocument
I had done all the above solutions but it did not work.
My default page wasn't an aspx page, it was an html page.
This article solved the problem. https://weblog.west-wind.com/posts/2013/aug/15/iis-default-documents-vs-aspnet-mvc-routes
Basically, in my \App_Start\RouteConfig.cs file, I had to add a line:
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.IgnoreRoute(""); // This was the line I had to add here!
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
);
}
Hope this helps someone, it took me a goodly while to find the answer.
I prefer using the following method:
system.webServer>
<defaultDocument>
<files>
<clear />
<add value="CreateThing.aspx" />
</files>
</defaultDocument>
</system.webServer>