Introduction
My ServiceStack service handles route parameters that often contain periods ie:
/people/search/b.j./upton. Initially, asp.net/ServiceStack would throw a "404 - Not Found" exception when it encountered this route. I tried encoding %2E the periods with no luck but eventually resolved the issue after seeing some related questions by setting the relaxedUrlToFileSystemMapping property (info) within my web.config.
Problem
This worked perfectly until today when I had to change my service location from the default path to a custom path by adding <location path="api"> (as described here) to my web.config. Since adding the location node in web.config the relaxedUrlToFileSystemMapping setting is no longer applied and my routes with periods /api/people/search/b.j./upton are breaking once again resulting in '404 - Not Found' exceptions from ServiceStack.
Setup
ServiceStack - v3.9.56
IIS 7.5 / IIS Express (happens on both)
web.config:
<location path="api">
<system.web>
<httpHandlers>
<add path="*" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" />
</httpHandlers>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
...
</location>
Question
Anyone have an idea why the relaxedUrlToFileSystemMapping property is ignored when it is moved from the default path to within my custom <location path="api"> in web.config?
Thanks!
After some tinkering with my web.config I was able to resolve this by moving the relaxedUrlToFileSystemMapping entry into it's own node outside of the <location> node. I'm not sure if this is a recommended approach (multiple <system.web> entries?) or might cause some other conflict(s) but after running a full system test of the service everything is working fine again so I'm going with this for now.
My updated and complete web.config for reference:
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
</system.web>
<location path="api">
<system.web>
<httpHandlers>
<add path="*" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" />
</httpHandlers>
</system.web>
<connectionStrings>
<add name="AppDb" connectionString="data source=AppHost\SQLEXPRESS;Initial Catalog=db;User Id=AppUser;password=AppPwd;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add path="*" name="ServiceStack.Factory" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" preCondition="integratedMode" resourceType="Unspecified" allowPathInfo="true" />
</handlers>
</system.webServer>
</location>
</configuration>
Did you change the root path in the AppHost file
public override void Configure(Container container)
{
SetConfig(new EndpointHostConfig { ServiceStackHandlerFactoryPath = "api" });
}
Related
I've got an ASP.NET Core app that I'm deploying to Azure that takes in a string in the URL that contains colon (a time stamp).
For example: http://localhost:5000/Servers/208.100.45.135/28000/2017-03-15T07:03:43+00:00, or http://localhost:5000/Servers/208.100.45.135/28000/2017-03-15T07%3a03%3a43%2B00%3a00 URL-encoded.
This works perfectly fine when running locally using Kestrel (dotnet run), but after deploying to Azure I receive this error: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
A quick search reveals that it's due to invalid characters being used in the URL, namely the colon. The traditional fix is to add this section to web.config:
<system.web>
<httpRuntime requestPathInvalidCharacters="" />
</system.web>
However, after adding this to my web.config on Azure, I observe no change. I imagine this is due to differences in ASP.NET Core's hosting model.
Here is my current web.config:
<configuration>
<system.web>
<httpRuntime requestPathInvalidCharacters=""/>
<pages validateRequest="false" />
</system.web>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Server.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
</system.webServer>
</configuration>
And the relevant controller header...
[HttpGet]
[Route("{serverIpAddress}/{serverPort}/{approxMatchStartTimeStr}")]
public IActionResult GetMatchEvents(string serverIpAddress, string serverPort, DateTimeOffset approxMatchStartTimeStr)
{
...
}
How can I get IIS/Azure to allow the colon character in URLs?
The issue you're running into isn't related to the colon (:) in the path, it's really the plus (+) that IIS doesn't like. It doesn't matter if the plus is encoded as "+" or "%2B". You have two options:
Move the plus/DateTimeOffset from the path to the query string where IIS doesn't mind it.
Configure the IIS request filtering module to "allowDoubleEscaping".
Example web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Server.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
</system.webServer>
</configuration>
The system.web section of your current web.config isn't relevant to ASP.NET Core.
When I add this code to my aspx ,
<telerik:RadEditor ID="REWelcome" runat="server"
AutoResizeHeight="True" Width="500px" ToolbarMode="Floating">
<Content>
</Content>
<TrackChangesSettings CanAcceptTrackChanges="False"></TrackChangesSettings>
</telerik:RadEditor>
And I got this error message ,
'~/Telerik.Web.UI.WebResource.axd' is missing in web.config.
RadScriptManager requires a
HttpHandler registration in web.config.
How can I solve it ?
In your web.config - add the following to the system.web (omit the system.web, just used to show you level:
<system.web>
<httpHandlers>
<add verb="*" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" validate="false" />
<add verb="*" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler, Telerik.Web.UI, Culture=neutral, PublicKeyToken=121fae78165ba3d4"></add>
<add verb="*" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler, Telerik.Web.UI, Culture=neutral, PublicKeyToken=121fae78165ba3d4"></add>
</httpHandlers>
The bottom two are not needed gnerally but I am assuming you want the extended features of the editor, like dialogs and spellchecking.
I also add location at the same level as system.web
<location path="Telerik.Web.UI.WebResource.axd">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
You also have to add the Telerik.Web.UI.dll file in the bin folder of your application.
That worked for me.
These are the handlers needed for RadEditor and RadScriptManager:
<httpHandlers>
<add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false"/>
<add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false"/>
<add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false"/>
</httpHandlers>
and
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<add name="Telerik_Web_UI_DialogHandler_aspx" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler"/>
<add name="Telerik_Web_UI_SpellCheckHandler_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler"/>
<add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource"/>
</handlers>
</system.webServer>
source: http://www.telerik.com/forums/telerik-web-ui-webresource-axd-is-missing-in-web-config-f25e27e5a5ac
if the error message is like this::
~/Telerik.Web.UI.WebResource.axd' is missing in web.config. RadScriptManager requires a HttpHandler registration in web.config. Please, use the control Smart Tag to add the handler automatically, or see the help for more information: Controls > RadScriptManager
Then you add the following into your web.config file:::
<httpRuntime targetFramework="4.5.2" />
<httpHandlers>
<add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
</httpHandlers>
I fixed it by changing the ASP Application pool from "Integrated" to "Classic" mode. All my configurations were correct, as described in other posts here. This is probably specific to my configuration, but may be worth trying.
I came across this issue while deploying to IIS 7.
You could set the Managed pipeline mode from Integrated to Classic. This indeed solves the problem with behaving IIS 7.5 as old 6.0 (with handler registered in old web.config node), but I wasn’t convinced that to use Telerik’s controls, I should use old type of pipeline.
Our old web.config file registered Telerik’s handler only in old section for IIS 6 (and that sufficed for cassini and IIS 6.0) and not in new section.
So I had to add this piece of xml to web.config :
<system.webServer>
<handlers>
<add name="Telerik.Web.UI.WebResource" path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" />
</handlers>
</system.webServer>
There is a very detailed KB article on this matter including all possible reasons for the error and how to fix it. Please check it out at Error: Web.config registration missing! The Telerik dialogs require a HttpHandler registration in the web.config file.
One of the best solutions is to open the web.config file and replace Telerik.Web.UI.DialogHandler.aspx with Telerik.Web.UI.DialogHandler.axd
<system.web>
<httpHandlers>
<add path="Telerik.Web.UI.DialogHandler.axd" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false"/>
</httpHandlers>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<remove name="Telerik_Web_UI_DialogHandler_axd"/>
<add name="Telerik_Web_UI_DialogHandler_axd" path="Telerik.Web.UI.DialogHandler.axd" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode"/>
</handlers>
</system.webServer>
and after that to set the RadEditor's DialogHandlerUrl property to "~/Telerik.Web.UI.DialogHandler.axd", i.e.
I got this error today when copying a published copy of a site from one server to another.
I figured that I shouldn't have to modify any scripts or code to get it to work again, after all, the site still worked just fine on its old server it is still being hosted on.
This is what I believe happened:
I copied the site files over, hooked up a site and bindings to it in IIS, and then tried to run it.
I got errors, and was forced to modify file handler bindings, the .net framework version of the app pool, and install new server roles/features to get it to at least produce this error.
I then deleted everything in the folder and re-copied the site files and it started working again.
IIS must have modified my site files in some way that prevented the site from working, and restoring the original code fixed it.
I know this is a very specific set of circumstances, but hopefully if someone else has the same situation some day they can solve it in the same simple way that I did.
I have a handler, on runtime it create a watermark on images from a specific folder. The problem is that it worked, but now it doesn't.
All that I did was to changed the hosting.
My web.config looks like this:
<handler>
<add verb="*" name="ImageWatermarkHandler" type="ImageWatermarkHandler"
path="Pics/*.jpg,Pics/*.png" modules="IsapiModule"
scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll"
resourceType="Unspecified" preCondition="integratedMode" />
</handler>
Can you please help me?
Under IIS 7, you have to specify custom http handlers and modules under the configuration/system.webServer/handlers element of your web.config (unlike older IIS versions, where the element is configuration/system.web/httpHandlers).
There's difference between integrated mode (you only need the handlers part) and classic mode(you need both handlers and httpHandlers). For details see the MSDN entry
Edit: At first I haven't noticed the precondition for integrated mode, could it be that the new hosting runs your app in classic mode?
your config file should look like this,
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="Pics/*.jpg,Pics/*.png" type="ImageWatermarkHandler"/>
</httpHandlers>
</system.web>
<system.webServer>
<handlers>
<add verb="*" path="Pics/*.jpg,Pics/*.png" name="ImageWatermarkHandler" type="ImageWatermarkHandler"/>
</handlers>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
</configuration>
for more information,
http://msdn.microsoft.com/en-us/library/bb515343.aspx
Please help with HttpHandler
There is a HttpHandler that handles links to mysite.ru.
Registered in Web.Config as follows:
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="mysite.ru" type="App_Code.SyncHttpHandler"/>
</httpHandlers>
</system.web>
</configuration>
Now through the Handler open only references of the form:
mysite.ru
mysite.ru/struct/
mysite.ru/articles/
How to make the handler to intercept and treatment on the links of the form:
mysite.ru/files/images/img.jpg
mysite.ru/files/scripts/script.js
If I write so that you can run any links, including SyncHttpHandler/Google.ru.
And I need to be able to run only links a specific site.
<add verb="*" path="mysite.ru/*.*" type="App_Code.SyncHttpHandler"/> don't work
<add verb="*" path="*.*" type="App_Code.SyncHttpHandler"/> open any links
<httpHandlers>
<add verb="*" path="*.js" validate="false" type="SyncHttpHandler" />
<add verb="*" path="*.jpg" validate="false" type="SyncHttpHandler" />
</httpHandlers>
you can use this.
Typically, IIS process all static files by its own static file handler. So you need to first configure your IIS to pass all files (extensions) under this path to ASP.NET run-time. Exact steps (although similar) will depend upon IIS version - for example, see here for IIS 6.
Next part would be making sure that ASP.NET runtime passes all those requests to your handler. As such, I think that your config should work but if it doesn't then try using wild-cards. For example,
<add verb="*" path="mysite.ru/*.*" type="App_Code.SyncHttpHandler"/>
or perhaps,
<location path="mysite.ru" >
<system.web>
<add verb="*" path="*.*" type="App_Code.SyncHttpHandler"/>
</system.web>
</location>
I have a website running on a IIS 7.5 server with ASP.NET 4.0 on a shared host, but in full trust.
The site is a basic "file browser" that allows the visitors to login and have a list of files available to them displayed, and, obviously, download the files. The static files (mostly pdf files) are located in a sub folder on the site called data, e.g. http://example.com/data/...
The site uses ASP.NET form authentication.
My question is: How do I get the ASP.NET engine to handle the requests for the static files in the data folder, so that request for files are authenticated by ASP.NET, and users are not able to deep link to a file and grab files they are not allowed to have?
If you application pool is running in Integrated mode then you can do the following.
Add the following to your top level web.config.
<system.webServer>
<modules>
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
</system.webServer>
Now you can use the standard ASP.NET permissions in your web.config to force forms authentication for all files in the directory.
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms" />
</system.web>
I had the same problem with getting roles to authenticate. Through trial and error I finally got it to work with a small edit to #Joel Cunningham's code:
<modules runAllManagedModulesForAllRequests="true" >
I used these two sites as references: http://forums.iis.net/t/1177964.aspx and http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis-integrated-pipeline/
This is an old thread, but I happened on it and ran into the same problem as Egil. Here is the version of Joel's fix that includes roles:
<modules runAllManagedModulesForAllRequests="false">
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="RoleManager" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
Addendum:
As #eych noted the accepted answer also blocks access to the ~/Content folder (or wherever you have your CSS), and ~/Scripts, and so on.
If you want to allow exceptions -- i.e. allow certain files/folders to be accessible by unauthenticated users -- you can do that by means of the location element. Add the following to web.config:
<location path="Content">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Update:
An alternative solution is to is to leave access on by default -- which will allow access to your CSS / JavaScript / etc. -- and apply the "lock" (only) to the folder where the static content is stored:
<location path="data">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Caveat: in our case (an MVC site) we needed to decorate all our controller actions (except login) with [AuthorizeAttribute]. Which is a good idea anyway, but had previously not been necessary (because previously any unauthorized request was redirected to the login page).
I wanted to know why it would be required to re-add modules (with default options) that are added by default for the Integrated Pipeline, so I dug a little deeper.
You need to remove and re-add the modules because, by default, the modules aren't added with the default options. They have a precondition added for backwards compatibility to run only for content handled by a registered ASP.NET handler (e.g., .aspx pages).
The default looks like this:
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"
preCondition="managedHandler" />
By removing the modules and re-adding them without a precondition, those individual modules run for every request (including your static content). It is more granular than enabling runAllManagedModulesForAllRequests.
You can read about it in a couple articles from when the Integrated Pipeline was introduced with IIS 7:
ASP.NET Integration with IIS 7
How to Take Advantage of the IIS 7.0 Integrated Pipeline
Note that there is a typo or the module name in the second article (and #John's answer) was changed from FormsAuthenticationModule to FormsAuthentication at some point.
The set of working modules in IIS 7.5 thru 8.5 looks like this for me:
<system.webServer>
<modules>
<!-- Re-add auth modules (in their original order) to run for all static and dynamic requests -->
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
<remove name="RoleManager" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules>
</system.webServer>
If you application pool is running in Classic mode, you can do the following. You will have to repeat these steps for each file extension you'd like to handle, but I'm using .html here.
First, add a page build provider to the Web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation>
<buildProviders>
<add type="System.Web.Compilation.PageBuildProvider" extension=".html"/>
</buildProviders>
</compilation>
</system.web>
</configuration>
Then add a page handler factory:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<httpHandlers>
<add type="System.Web.UI.PageHandlerFactory" path="*.html" verb="*"/>
</httpHandlers>
</system.web>
</configuration>
Then add a page handler:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<add scriptProcessor="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" requireAccess="Script" preCondition="classicMode,runtimeVersionv2.0,bitness32" path="*.html" verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" name="HtmlHandler-Classic-32" />
<add scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" requireAccess="Script" preCondition="classicMode,runtimeVersionv2.0,bitness64" path="*.html" verb="GET,HEAD,POST,DEBUG" name="HtmlHandler-Classic-64"/>
</handlers>
</system.webServer>
</configuration>
This worked for me. (Credit: http://www.ifinity.com.au/Blog/EntryId/66/How-To-301-Redirect-htm-or-html-pages-to-DotNetNuke-aspx-pages.)