We use telerik radchart for charting in our app, we've been using it for some time and recently upgraded to 2013.2.717.40 in our app (which was the most recent version our expired subscription had).
Since then, we get a 403 error when using a chart image:
ASPX:
<%# Register Assembly="Telerik.Web.UI" Namespace="Telerik.Charting" TagPrefix="telerik" %>
<%# Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>
<telerik:RadChart ID="RadChart" IntelligentLabelsEnabled="True" runat="server" CssClass="RadChart" DefaultType="Spline" />
The web.config has:
<httpHandlers>
<add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />
</httpHandlers>
and
<handlers>
<remove name="ChartImage_axd" />
<add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode" />
</handlers>
And I get a 403 permission denied on the url for the ChartImage.axd
The image is correctly created and cached in the appropriate temporary folder we've configured for use.
In processmonitor, as soon as that file is correctly written, the 403 failed request trace log file is created (we've enabled failed request tracing)
That file contains:
ModuleName IsapiModule
Notification 128
HttpStatus 403
HttpReason Forbidden
HttpSubStatus 0
ErrorCode 0
ConfigExceptionInfo
Notification EXECUTE_REQUEST_HANDLER
ErrorCode The operation completed successfully. (0x0)
I'm now at a loss.
I can't see anything being denied permissions and it looks like the web.config is set right for charting. If I take off the query string I get an error page as required parameters are missing, so the mapping appears to be working.
Any ideas?
The problem turns out to be that the Telerik RadChart when using image files on disk, as opposed to session storage (UseSession=False) does some checks on the path passed in for the temporary image directory, and the encrypted filename passed to ChartImage.axd to make sure you're not doing some hacking.
We were using:
/App/GeneratedImages
Which was causing the files to be written to the right place on disk, however, when the Telerik component checked this against the image path, they didn't match enough causing Telerik to throw a 403 itself.
I may or may not have determined this with the help of Reflector.
We changed to use:
~/GeneratedImages
Which made things work, I need to understand better why /App/GeneratedImages didn't map right. But for now Production is restored :)
Related
I have configured my controller to return a view from a custom location rather than the typical Views folder. This has been achieved by adding the following code to Global.asax
var razorEngine = ViewEngines.Engines.OfType<RazorViewEngine>().First();
razorEngine.ViewLocationFormats = razorEngine.ViewLocationFormats.Concat(new string[]
{
"~/UI/app/{1}/Views/{0}.cshtml"
}).ToArray();
It is working fine but i am facing issues with linking css, images and js files to the cshtml page. When loading the page, seems like those files are 404 not found and on the console i receive "Failed to load resource: the server responded with a status of 404 (Not Found)".
Not sure if I am missing something or why it is unable to find the path to my content files.
The way i referenced the content files were as follows: ~/path to the location
Solved the issue by adding web config to the custom directory and making sure the BlockViewHandler path was set to "*.cshtml".
e.g. From
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
To
<add name="BlockViewHandler" path="*.cshtml" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
Hope it helps others :)
I'm dealing with a legacy classic asp app, and I would like to prevent files that start with underscore "" from being retrieved via a browser request. Ideally I want any file that starts with "" to show a 404 not found exception.
The reason being is I don't want to name my files with the .Inc extension because It makes it a pain in development as I lose syntax highlighting, intellisense, and other things I'm using in Visual Studio.
As this is running in IIS8, is there any way I can filter the request to block these files before the ASP handler processes the page?
Temporary Answer:
I mapped ASPClassic in the http handlers twice. First I mapped it to _*.asp. However I used an invalid dll for the asp dll, which will cause an error:
The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
Which is a 404.2
Then I mapped the normal *.asp handler.
HttpHandlers don't pass to the next HttpHandler if it matches a request.. So the first HttpHandler to match the request is the one that get's used.
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<remove name="ASPClassic"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
<add name="ASPClassic_No" path="_*.asp" verb="GET,HEAD,POST" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll2" resourceType="File" />
<add name="ASPClassic" path="*.asp" verb="GET,HEAD,POST" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="File" />
</handlers>
</web.Server>
Furthermore, server side includes still work on these files because SSI isn't request dependent.
If anyone knows a cleaner, non hacky way of doing this, I'm all ears!
I was using this asp file to do it prior to this:
<%
notFound_fullName = Request.ServerVariables("SCRIPT_NAME")
notFound_pathArray = split(notFound_fullName, "/")
notFound_fname = notFound_pathArray(UBOUND(notFound_pathArray))
If (InStr(1, notFound_fname, "_") = 1) Then
Response.Status ="404 Not Found"
Response.End
End If
%>
However, I ran into a scenario where I needed it to be included on a page that included it on the page, while also including it on the page that was being included.
E.g.
_cUser -> include 404handler code (alone with no other includes)
_baseWebService -> Include _AllClasses (includes 404 handler again)
Which won't work with option strict, becuase it's either redefining variables, or the variable isn't defined because option strict is on....
I am trying to implement a Custom HttpHandler (for the first time), I have been given a tutorial to follow but couldn't get it to work. I then found another tutorial but couldn't get that to work, they are both giving me the same error message.
The custom handler is to protect people from downloading certain file types, although i think the error is somekind of configuration problem as I can't get the website to work at all once I add the httpHandlers to the Web.Config file.
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Could not load type 'FileProtectionHandler'.
Source Error:
Line 47: </compilation>
Line 48: <httpHandlers>
Line 49: <add verb="*" path="*.pdf" type="FileProtectionHandler"/>
Line 50: </httpHandlers>
If you require more code please let me know.
Thanks for any help. J.
<%# WebHandler Language="VB" Class="FileProtectionHandler" %>
Imports System
Imports System.Web
Imports System.Web.Security
Imports System.IO
Imports System.Web.SessionState
Public Class FileProtectionHandler : Implements IHttpHandler
Private Function SendContentTypeAndFile(ByVal context As HttpContext, ByVal strFile As [String]) As HttpContext
context.Response.ContentType = GetContentType(strFile)
context.Response.TransmitFile(strFile)
context.Response.[End]()
Return context
End Function
Private Function GetContentType(ByVal filename As String) As String
' used to set the encoding for the reponse stream
Dim res As String = Nothing
Dim fileinfo As New FileInfo(filename)
If fileinfo.Exists Then
Select Case fileinfo.Extension.Remove(0, 1).ToLower()
Case "pdf"
If True Then
res = "application/pdf"
Exit Select
End If
End Select
Return res
End If
Return Nothing
End Function
Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
context.Response.ContentType = "text/plain"
context.Response.Write("Hello World")
End Sub
Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
Get
Return False
End Get
End Property
End Class
I had similar problem. Solution was in root namespace defined in properties.
In my code I do not have namespace, so in this case you need to use
type="[namespace or root namespace].[your class name]"
Try filling out the namespace that the class lives in as well as the assembly it's built to.
Something like this
<add verb="*" path="*.pdf" type="FileProtectionHandler, Beswick"/>
or possibly this
<add verb="*" path="*.pdf" type="Beswick.FileProtectionHandler, Beswick"/>
or this
<add verb="*" path="*.pdf" type="Beswick.FileProtectionHandler"/>
Just had the same problem adding a new IHttpHandler to an existing project. The handler I added had build action property "Content" rather than "Compile". Changing it to compile fixed the issue
.NET 4.5 WebForm ,it was fixed for me after adding the ProjectName.ClassName
<httpHandlers>
<add verb="*" path="scripts/*" validate="false" type="ProjectName.NoAccessHandler"/>
</httpHandlers>
and I have extra part not positive if it actaully do anything under system.webServer -> Handlers I have this
<Handlers>
<add verb="*" path="scripts/*" name="NoAccessHandler"
preCondition="integratedMode" type="NoAccessHandler"
resourceType="Unspecified"/>
</Handlers>
I've just come back to this issue after a lengthy break from it. I'm not sure if i've got it fully working as yet as from first testing it's not protecting the file if a user isn't logged into the website, but I am no longer getting the error message.
I found the fix to the problem here: HttpHandler 101 FAIL
If none of these answers works, and your project is a Web Appliccation (as opposed to a Web Page as in HttpHandler 101 FAIL), check the build output path. I had recently changed my platform to x86, which changed Properties ->Build -> Output path to
bin\x86\Debug
I changed this back to
bin\
and it worked.
I encountered a similar error while debugging an Azure Web App locally (the error persisted when deployed to Azure). I suspect that the error has something to do with locally stored configuration/compilation files, which are not updated properly even when the solution is cleaned and rebuilt. I had two different projects which produced identically named dll's (albeit to different locations), not sure if this had any effect on the issue.
After lengthy experimentation, the solution for me was to go to Solution Explorer in Visual Studio, right-click on the project --> Properties. Under the Application tab, change the Target framework to something else (I changed 4.6 to 4.6.1). You will get a prompt saying that the project will be reloaded, click OK. After reload, do the same thing reverting back to your original version (4.6 for me). This fixed the issue for me.
It would be nice to understand the root cause of the issue. I still get the error sometimes when reopening the project, and I have to go through the above steps again.
Changing the order and keeping as below in config file fixed my issue.
<system.webServer>
<handlers>
<remove name="traceverbhandler" />
<remove name="optionsverbhandler" />
<add name="extensionlessurlhandler-integrated-4.0" path="*." verb="*" type="system.web.handlers.transferrequesthandler" />
<remove name="extensionlessurlhandler-integrated-4.0" />
</handlers>
</system.webServer>
I'm struggling to get my HttpHandler to process requests for jpg and gifs.
I've gone to the website's Handler Mappings and added the following line:
Path: *.jpg,*.gif
State: Enabled
Path Type: Unspecified (I've also tried setting this to File)
Handler: IsapiModule
Entry Type: Local
Running through Visual Studio works, so I know its not my code. It also works on IIS6.
I've tried setting the app up in both classic and integrated mode.
Here's the appropriate Handler mappings specified in the web.config:
<add name="*.jpg,*.gif_*" path="*.jpg,*.gif" verb="*" type="ThumbnailGenerator,Utilities" preCondition="integratedMode,runtimeVersionv2.0" />
<add name="JPEG-GIF" path="*.jpg,*.gif" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
I fixed this by clearing out the handlers from web.config, then manually adding the using IIS: [Handler Mappings] -> [Add managed handler]
I'm not sure what difference this made, because the web.config looks pretty much the same as I had setup before, but now it works.
I'm trying to map requests for classic asp pages to be handled by .net, so that it runs through a custom httpmodule.
In IIS I have remapped asp requests to aspnet_isapi.dll - I'm sure I've done this bit right
Now in my test app I am getting this error:
Server Error in '/TestASPRedirect' Application.
--------------------------------------------------------------------------------
This type of page is not served.
Description: The type of page you have requested is not served because it has been explicitly forbidden. The extension '.asp' may be incorrect. Please review the URL below and make sure that it is spelled correctly.
Requested URL: /testaspredirect/test.asp
Searching online for this error shows a load of people having problems with cassini, but this is not really relevant, I am testing this on both IIS 5.1 on XP dev machine, and have tested on IIS6 also getting the same error.
I have followed instructions for adding and registering a httphandler (see http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308001), but I don't know what to put in the ProcessRequest routine to ensure the request gets passed on. What is the default .net httphandler, can I just map to this in web.config?: so something like:
<httpHandlers>
<add verb="*" path="*.asp" type="standard.nethttphandler"/>
</httpHandlers>
How do I tell asp.net that it needs to pass ASP requests on and not block?
Actually you are only one step far from the success. Adding following section to your Local website(or virtual directory) web.config file:
<configuration>
...
<system.web>
<compilation>
<buildProviders>
<add extension=".asp" type="System.Web.Compilation.PageBuildProvider"/>
</buildProviders>
</compilation>
<httpHandlers>
<add path="*.asp" verb="*" type="System.Web.UI.PageHandlerFactory" validate="true"/>
</httpHandlers>
</system.web>
It looks like the .asp extension is mapped to the HttpForbiddenHandler.
If you're using ASP.NET 1.1 then open the following file:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\machine.config
If you're using ASP.NET 2.0 then open this file:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config
Search for "path="*.asp"", then comment out that line. It'll like something like:
<!-- machine.config/ASP.NET 1.1-->
<add path="*.asp" verb="*"
type="System.Web.HttpForbiddenHandler"/>`
<!-- web.config/ASP.NET 2.0-->
<add path="*.asp" verb="*"
type="System.Web.HttpForbiddenHandler" validate="true"/>`
Locate the below file:
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\<FramworkVersion>\Config\web.config
where <FramworkVersion> is folder name:
open it in an XML editor .. (even notepad is fine)
and add below line :
<add path="*.asp" verb="*" type="System.Web.UI.PageHandlerFactory" validate="True"/>
under below XPath:
configuration/system.web/httpHandlers
replace the existing one!
Add below line:
<add extension=".asp" type="System.Web.Compilation.PageBuildProvider"/>
under below XPath:
/configuration/system.web/compilation/buildProviders
Worked like gem for me :)