I'm "playing" around with custom inbound URL routing and have came across a problem.
When I pass my custom route a URL to examine, that ends in *.+, my class is not fired when i submit the request.
An example URL would be "~/old/windows.html"
When I step through this in the debugger, my RouteBase implementation doesn't fire. If i edit the url that i pass to the constructor of my route to try to match against "~/old/windows", my implemetation is fired as expected.
Again, If i change the url ro examine to "~/old/windows." the problem reoccurs.
My Route Implementation is below :-
public class LegacyRoute : RouteBase
{
private string[] _urls;
public LegacyRoute(string[] targetUrls)
{
_urls = targetUrls;
}
public override RouteData GetRouteData(HttpContextBase httpContext)
{
RouteData result = null;
string requestedURL = httpContext.Request.AppRelativeCurrentExecutionFilePath;
if (_urls.Contains(requestedURL, StringComparer.OrdinalIgnoreCase))
{
result = new RouteData(this, new MvcRouteHandler());
result.Values.Add("controller", "Legacy");
result.Values.Add("action","GetLegacyURL");
result.Values.Add("legacyURL", requestedURL);
}
return result;
}
public override VirtualPathData GetVirtualPath(RequestContext requestContext, RouteValueDictionary values)
{
return null;
}
}
In the RoutesConfig file I have registered my route like so :-
routes.MapMvcAttributeRoutes();
routes.Add(new LegacyRoute(new[]{"~/articles/windows.html","~/old/.Net_1.0_Class_Library"}));
Can anyone point out why there is a problem?
By default, the .html extension is not handled by .NET, it is handled by IIS directly. You can override by adding the following section in Web.config under <system.webServer> -
<handlers>
<add name="HtmlFileHandler" path="*.html" verb="GET" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
As pointed out here. The above will route EVERY .html file request to .NET, you might want to be more specific by providing a more complete path if you don't want your routing to handle every .html file.
I've found the problem, and I'm sure this will help out a lot of fellow developers.
The problem is with IIS Express that is running via Visual Studio.
There is a module configured in the applicationhost.config called :-
UrlRoutingModule-4.0
This is how it looks in file :-
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="managedHandler,runtimeVersionv4.0" />
You need to set the preCondition Parameter to "".
To do this :-
Run you app via Visual Studio
Right click on IIS Express in your system tray, select "Show All Applications"
Click on the project you wish to edit, then click the config URL.
Open the file with Visual Studio, Locate the module and ammend.
Hope this helps anyone else, who ran into a similar problem.
Related
I have an ASP.NET MVC app running in an Azure app service with one staging slot, and a build and release pipeline in VSTS.
I want the production instance to have Allow / in robots.txt and Disallow / in the staging slot at all times.
Currently we are changing robots.txt manually every time we do a swap but this is error prone
How can I automate this process?
To solve this problem I did consider creating the robots.txt file dynamically based on app settings set in the Azure portal (set to stay with the slot), however this won't work since after the swap happens prod will have the staging Disallow rule.
Can anyone advise the best way to manage this?
Robots are mainly used by search engines to crawl and check pages on the public websites. Staging and other deployment slots are not public (and should not be public — unless you have a good reason for that), and thus it doesn't make much sense to configure and manage it. Secondly, in most cases I would recommend to redirect any public request to your production slot and keep staging offline and active for internal use cases only. This would also help you to manage the analytics and logs coming from the public only, and not being polluted with internal and deployment slots stuff.
Anyways, if you are still inclined to do this, then there is one way that you can manage this. Write your own routing to control the robots file, and then render a content-type: text/plain page, which would be dynamic based on whether it is a staging or production request. Something like this,
// Create the robots.txt file dynamically, by controlling the URL handler
[Route("robots.txt")]
public ContentResult DynamicRobotsFile()
{
StringBuilder content = new StringBuilder();
content.AppendLine("user-agent: *");
// Check the condition by URL or Environment variable
if(allow) {
content.AppendLine("Allow: /");
else {
content.AppendLine("Disallow: /");
}
return this.Content(stringBuilder.ToString(), "text/plain", Encoding.UTF8);
}
This way you can manage how the robots.txt is created and you would be able to control the allow disallow for the robots. You can create a separate controller or an action only in the home controller of your app.
Now that you know how to do, you can setup the environment variables for the production/staging slots to check other requirements.
I use below code and It works for me
[Route("robots.txt")]
public ContentResult DynamicRobotsFile()
{
StringBuilder content = new StringBuilder();
if (System.Configuration.ConfigurationManager.AppSettings["production"] != "true")
{
content.AppendLine("user-agent: *");
content.AppendLine("Disallow: /");
}
return this.Content(content.ToString(), "text/plain", Encoding.UTF8);
}
web.config
<appSettings>
<add key="production" value="false" />
</appSettings>
<system.webServer>
<handlers>
<add name="RobotsTxt" path="robots.txt" verb="GET" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
EDITED
I use this version now.
[Route("/robots.txt")]
public ContentResult RobotsTxt()
{
var sb = new StringBuilder().AppendLine("User-Agent: *");
if (_env.IsProduction())
{
sb.AppendLine("Allow: /");
sb.AppendLine("Disallow: /admin");
}
else
{
sb.AppendLine("Disallow: /");
}
sb.AppendLine(string.Empty);
sb.AppendLine($"Sitemap: {this.Request.Scheme}://{this.Request.Host}/sitemap.xml");
return this.Content(sb.ToString(), "text/plain", Encoding.UTF8);
}
and I use IWebHostEnvironment to detect prod or not
public class SeoController : Controller
{
private readonly IWebHostEnvironment _env;
public SeoController(IWebHostEnvironment env)
{
_env = env;
}
}
I'm seeing lots of entries in my logs from this request:
/signalr/negotiate
The error is:
The controller for path '/Account/Login' was not found or does not implement IController
I have a JS client connecting to an AppHub that requires authentication:
[Authorize]
[HubName("appHub")]
public class AppHub : Hub
{
// content
}
This is happening because there's an 'signalr` session alive with an expired cookie attempting to connect:
I'm not sure why the request is automatically seeking out this page. It's not specified anywhere in my web.config, routes, or elsewhere. Why is this happening?
I'd like to prevent the signalR client from attempting to connect if the user is unauthenticated. How can this be achieved?
If I understand your issue correctly then you are going to want to create your own custom class to handle this by inheriting the AuthorizeAttribute class: https://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.118).aspx
For example:
public class MyCustAuthorize : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new HttpUnauthorizedResult();
}
else
{
//modify this to do whatever you want to happen if unauthorized
filterContext.Result = new RedirectResult("/session/noaccess/");
}
}
}
Then you can decorate it with your custom class instead of the default authorize
(example is from a mvc controller but should be able to function the same on your hub)
So this:
[Authorize]
public class AdminController : Controller
{
Becomes this:
[MyCustAuthorize]
public class AdminController : Controller
{
I believe the /Account/Login is the default path for forms auth so that is why it is directing there if it is not defined within your config file.
Alternatively you could insert the specific url to redirect to if that is what you are searching for by placing the following loginUrl attribute value in your auth section > forms element in the web.config:
It looks like this may be similar to these other answers to questions already asked here and these may provide your solution:
Stackoverflow 1
Stackoverflow 2
Have you tried stopping the connection in the client when they are no longer authorized?
$.connection.hub.stop();
Your app is using FormsAuthentication, so the Authorize attribute is redirecting to the login page by default when it fails to authorize.
You can disable this by adding the following to your web.config:
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication" />
</modules>
This will remove all the default behaviors.
You might have something in your app.config that looks like
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
</providers>
</membership>
Which is what is adding these default behaviors for you.
I'm having trouble getting the Hangfire (1.5.8) dashboard to work inside of an IIS Virtual Directoy. Everything works beautifully in my dev environment where my application is simply mapped to the root of localhost. Our beta server, on the other hand, uses Virtual Directories to separate apps and app pools.
It's an ASP.Net MVC site using Hangfire with an OWIN Startup class. It gets deployed to http://beta-server/app-name/. When I attempt to access either http://beta-server/app-name/hangfire or http//beta-server/hangfire I get a 404 from IIS.
For the purposes of troubleshooting this, my IAuthenticationFilter simply returns true.
Here is my Startup.cs, pretty basic:
public class Startup
{
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
GlobalConfiguration.Configuration
.UseSqlServerStorage(new DetectsEnvironment().GetEnvironment());
app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
AuthorizationFilters = new[] {new AuthenticationFilter()}
});
app.UseHangfireServer();
}
}
Does anyone have a working implementation that gets deployed to a Virtual Directory? Are there any OWIN middleware admin/management tools I can use to dig into what URL is getting registered within IIS?
I ended up fixing this simply by adding the HTTPHandler to the section in web.config.
<system.webServer>
<handlers>
<add name="hangfireDashboard" path="hangfire" type="System.Web.DefaultHttpHandler" verb="*" />
</handlers>
</system.webServer>
I had a similar issue in ASP.NET Core 2.0 and it required proper authorization setup (I use a middleware to protect the route, so I did not rely on authorization in my example):
app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
Authorization = new [] {new HangfireDashboardAuthorizationFilter()}
});
/// <summary>
/// authorization required when deployed
/// </summary>
public class HangfireDashboardAuthorizationFilter : IDashboardAuthorizationFilter
{
///<inheritdoc/>
public bool Authorize(DashboardContext context)
{
// var httpContext = context.GetHttpContext();
// Allow all authenticated users to see the Dashboard (potentially dangerous).
// handled through middleware
return true; // httpContext.User.Identity.IsAuthenticated;
}
}
There is not need to change anything in web.config.
For more information check Hangfire documentation about this topic.
I had the exact same problem. In my case, this was because of bad configuration - the Startup class was not called. So try to add the following to your config file:
<add key="owin:appStartup" value="YourProject.YourNamespace.Startup, YourProject" />
<add key="owin:AutomaticAppStartup" value="true" />
Hope this helps.
Martin
I am going to implement HttpHandler in order to allow file downloading from my site based on session values. If the session exist allow the user to download the file otherwise redirect to index page which is the login page for the site. My code is working perfect in iis express when I run my website in iis server the handler is not working.
For IIS express the web.config file has the following sections which I have added. The below configuration is working in iis express.
<system.web>
<httpHandlers>
<add verb="*" path="*.pdf" type="QDMS.FileHandler" />
Same add tag for all the files to restrict downloading without session.
</httpHandlers>
</system.web>
The configurations for IIS servers which is not working is below.
<system.webServer>
<handlers>
<add name="Files" path="*.pdf,*.doc,*.docx,*.rar,*.zip,*.ppt,*.pptx,*.jpg,*.png,*.bmp,*.gif,*.html,*.htm,*.pps" verb="*" type="QDMS.FileHandler" resourceType="Unspecified" requireAccess="script" />
</handlers>
</system.webServer>
My File handler is below
using System;
using System.Web;
using System.Web.SessionState;
using QDMS.Old_App_Code;
namespace QDMS
{
public class FileHandler : IHttpHandler, IReadOnlySessionState
{
public bool IsReusable
{
get { return true; }
}
public void ProcessRequest(HttpContext context)
{
if (!CheckWetherTheRequestForFileExistOrNot(context)) return;
if (CheckUsersForFileDownloading(context))
context.Response.Redirect("~/index.aspx");
else
{
var rawURL = context.Request.RawUrl;
var dotIndex = rawURL.LastIndexOf(".", System.StringComparison.Ordinal);
var ext = rawURL.Substring(dotIndex);
context.Response.ClearContent();
context.Response.ClearHeaders();
context.Response.ContentType = MIMEEType.Get(ext);
context.Response.AddHeader("Content-Disposition", "attachment");
context.Response.WriteFile(rawURL);
context.Response.Flush();
}
}
public bool CheckWetherTheRequestForFileExistOrNot(HttpContext context)
{
string url = context.Request.RawUrl.ToLower().Trim();
if (url.Contains(".pdf") || url.Contains(".xls") || url.Contains(".xlsx") || url.Contains(".jpg") ||
url.Contains(".bmp") || url.Contains(".rar") || url.Contains(".doc") || url.Contains(".docx") ||
url.Contains(".png") || url.Contains(".gif") || url.Contains(".pptx") || url.Contains(".zip") ||
url.Contains(".ppt") || url.Contains(".pps") || url.Contains(".htm") || url.Contains(".html"))
return true;
else
return false;
}
public bool CheckUsersForFileDownloading(HttpContext context)
{
return (context.Session["FrontHiddenID"] == null) && (context.Session["HiddenID"] == null);
}
}
}
I am sure that in the section in the web.config file is not correct that is why it is not working. So I need suggestions to rectify my handlers section in web.config file.
Any advice and help regarding this issue will be higly appreciated
Your IIS handler should be like this :
<add name="Files" path="*.pdf" verb="*" type="QDMS.FileHandler" resourceType="Unspecified" requireAccess="Script" />
Two differences with your version :
only one file mask, you should register a handler for each file type
requireAccess="Script" with 'Script' having an upper-case 'S'
Hope this will help
To map a file-name extension in IIS 7.0 running in Classic mode
Open IIS Manager.
Expand the node for the Web server computer, expand Sites, and then expand Default Web Site.
Select the node for your application.
The Features View pane is displayed.
In Features View, double-click Handler Mappings.
On the Actions pane, click Add Script Map.
The Add Script Map dialog box is displayed.
In the Add Script Map dialog box, specify the following:
o Request Path. The name or file-name extension to map.
o Executable. The path of the .exe or .dll file that will handle the request. For Classic mode, specify the ASP.NET ISAPI extension (Aspnet_isapi.dll).
o Name. A descriptive name.
Click OK to close the Add Script Map dialog box.
Open the Web.config file for the application.
Locate the httpHandlers element of the system.web section and add an entry for the file-name extension.
To map a file-name extension in IIS 7.0 running in Integrated mode
Follow steps 1 through 3 of the previous procedure.
On the Actions pane, click Add Managed Handler.
The Add Managed Handler dialog box is displayed.
In the Add Managed Handler dialog box, specify the following:
o Request Path. The file name or file-name extension to map.
o Type. The type (class) name of the managed handler. If the handler is defined in the App_Code folder of the ASP.NET application, its type name will appear in the drop-down list.
o Name. A descriptive name.
Click OK to close the Add Managed Handler dialog box.
Now I'm trying to work with System.Web.Routing. All is just fine, but I can't understand how to make form authentication work with url routing (return url, redirection, etc). Google says nothing. Help! :)
UPD: I forgot - I don't use MVC. That's the problem. How to use rounig and form authentication without MVC
UPD2: more about my problem
What I want to get: urls such “mysite.com/content/123”, “mysite.com/login/”, etc using Routes. It’s important to make login page works like “regular” ASP.NET login form (redirects to login from secure area when not login on, and redirect back to secure area when loggined).
That’s what I’m doing.
In global.asax on Application_Start, register routes like this:
routes.Add("LoginPageRoute", new Route("login/", new CustomRouteHandler("~/login.aspx")));
routes.Add("ContentRoute", new Route("content/{id}", new ContentRoute("~/content.aspx"))
{
Constraints = new RouteValueDictionary {{ "id", #"\d+" }}
});
Where CustomRouteHandler and ContentRoute – simple IRouteHandler classes, just like:
...
public IHttpHandler GetHttpHandler(RequestContext requestContext)
{
var page = BuildManager.CreateInstanceFromVirtualPath(VirtualPath, typeof(Page)) as IHttpHandler;
return page;
}
...
All seems to be perfect: I’m getting content.aspx when go to “/content/10” and login.aspx when go to “/login/”. But…
When I make content secured (in web.config, with deny=”?”), login form doesn’t work like expected.
Now I can’t reach the “/content/10” page:
0. I’m typing “/content/10” in my browser.
1. Site redirects to “/login/?ReturnUrl=%2fcontent%2f10”. (Hm… seems like all problems starts here, right? :)
2. I’m trying to log in. No matter what credentials I’m entered…
3. …site redirects me to “login?ReturnUrl=%2fContent%2f10” (yellow screen of error - Access is denied. Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.)
So, the problem is how to get ASP.NET understand real ReturnUrl and provide redirection after login.
These steps should allow you to implement the required behaviour.
To summarize:
You are using routing but not MVC. My example will map a url like http://host/Mysite/userid/12345 onto a real page at http://host/Mysite/Pages/users.aspx?userid=12345.
You want to control access to these addresses, requiring the user to logon. My example has a page http://host/Mysite/login.aspx with a standard login control, and the site is configured to use forms authentication.
Step 1
I've "hidden" the contents of the Pages folder using this web.config in the Pages folder:
<?xml version="1.0"?>
<configuration>
<system.web>
<httpHandlers>
<add path="*" verb="*"
type="System.Web.HttpNotFoundHandler"/>
</httpHandlers>
<pages validateRequest="false">
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<remove name="BlockViewHandler"/>
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>
</handlers>
</system.webServer>
</configuration>
This ensures that if anyone uses a url like http://host/Mysite/Pages/users.aspx?userid=12345, then they receive a standard 404 response.
Step 2
My top level web.config file contains (as well as all the standard stuff) this location element:
<location path="userid">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
This prevents anonymous access to urls of the form http://host/Mysite/userid/12345 which means users will be automatically redirected to login.aspx, then if they provide valid credentials, they will be redirected to the correct location.
Step 3
For reference here is my global.asax:
<script RunAt="server">
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
RegisterRoutes(RouteTable.Routes);
}
public static void RegisterRoutes(RouteCollection routes)
{
routes.RouteExistingFiles = true;
routes.Add("UseridRoute", new Route
(
"userid/{userid}",
new CustomRouteHandler("~/Pages/users.aspx")
));
}
</script>
And here is my route handler:
using System.Web.Compilation;
using System.Web.UI;
using System.Web;
using System.Web.Routing;
using System.Security;
using System.Web.Security;
public interface IRoutablePage
{
RequestContext RequestContext { set; }
}
public class CustomRouteHandler : IRouteHandler
{
public CustomRouteHandler(string virtualPath)
{
this.VirtualPath = virtualPath;
}
public string VirtualPath { get; private set; }
public IHttpHandler GetHttpHandler(RequestContext
requestContext)
{
var page = BuildManager.CreateInstanceFromVirtualPath
(VirtualPath, typeof(Page)) as IHttpHandler;
if (page != null)
{
var routablePage = page as IRoutablePage;
if (routablePage != null) routablePage.RequestContext = requestContext;
}
return page;
}
}
The first result I got from a Google search is Frederiks excellent post on forms authentication in ASP.NET MVC. Note that the post was relevant for an early version of ASP.NET MVC, you will have to write and test the code.
HTH, Indy