I need to find out the base URI of an ASP.NET Web API application hosted in IIS 7.5+, right after the app's startup, but before any client request may have reached it. The scenario where I need this is the following: a periodic check is performed, through a timer that runs independent of user requests and which is triggered together with the app startup (same process); if this check passes certain conditions, some registered users will receive an email containing a hyperlink to my web application. Now, I don't want to hardcode that link anywhere, but rather get it dynamically from the web application itself. It would be simple to figure it out from inside the context of a client request and then cache it in memory but, as you can imagine, the timer might go off before any request reaches the server.
How could I then determine correctly the application's base URI? I was thinking the most appropriate place would be the Global.asax.cs file, during the web app's startup, yet i couldn't find anything that looked helpful.
Given a full URL such as "http://mydomain.com/MyApplication/Controller/Action", you can get some of this information from the System.Web.Hosting.HostingEnvironment.ApplicationHost object. You can get the following:
ApplicationVirtualPath -> "/MyApplication"
SiteName => "Default Web Site"
However, you will not be able to get the domain name before an actual request comes in. This is because an IIS website can accept requests for many different domains, some of which are only known via DNS and never configured anywhere.
For example, your website could respond to both mydomain.com and www.mydomain.com. Which is the correct one that you want to put in your link?
You can configure your IIS website to only accept connections that request a particular host, but that cannot be retrieved from an ASP.NET application.
Related
I have looked into the iis logs and can see a post verb for calls made to asmx services. Is there any way to identify the parameters passed when calling the web methods. I am analysing an application in production and this information will be really useful. While no code changes can be made, I have permissions to change iis log settings.
IIS includes no ability in its logging to log POST fields (or the content of the request body).
To log that kind of data, easiest to add to to the web application's (ie. global.asax) BeginRequest event.
If you have receiving significant data (eg. file uploads) you might want to think about how much data that will generate.
In my asp.net website, I am working with three servers with three different providers. the DNS points to one. When users login, I want to use a lookup table to find the proper server where the user info resides and transfer the users there. The main restrictions is:
I cannot use a different sub domain or url for each server. (the user would see a www.example.com/userData in all cases)
I understand that I cannot use server.transfer because they have different httpcontext. Also this is not a load balancing issue even though each server has its own IIS and SQL server. The location of each user is determined beforehand.
What are my options to do so?
I have just started to learn C# and Asp.Net and I have a specific project in mind but I need to be able to manipulate cookies client side and I can't find good documentation for this so I decided to ask for help to get a starting point.
I want to make a desktop application that is a little to complex for my actual knowledge but I need a starting point: I need to be able to load a list of usernames and passwords and proxies and proxyuser and proxy pass. This little part of the application will use the accounts and proxies to login to a webpage using httpclient. When I send a GET request to the login page I get back a response that contain some hidden parameters that I must assign to some variables and a cookie. I don't know how to save that cookie in a location that I choose (the application folder under the "cookies" folder) with the name that I choose (the username used for login should be the name of that cookie). After I sort thru the response I have to send a POST request to the server with all the hidden parameters and the user and pass parameters and the cookie. The server will send back a response with another cookie that I want to save in the same location as the first one with the same name (overwritten ). This cookie will be used later in the program to do other actions on that server under that login. All this requests must use a certain proxy with its credentials, proxy that will change every time I use a new login.
I managed to find out how to use the HTTP Client from Asp.Net Web API to send the get req or to post but I have no idea how to get such a control over cookies that the site want to store on my computer and how to use different private proxies for each login... I did all the above using PHP and CURL and is very easy to control the cookies using cURL but I need to do it in C# and make a desktop app so ... Asp.Net Web API and HTTP Client is the key I think...
Please give me a hand to start my project and don't dismiss my question just because I'm to noob with .net or c# :)
Thank You!
Get this library http://nuget.org/packages/Microsoft.Net.Http/
Create an instance of HttpClientHandler. It has a CookieContainer property. You can set all the cookies you want in there.
Create an instances of HttpClient as pass the HttpClientHandler instance into the constructor.
All HTTP requests you make with HttpClient will now have the cookies attached.
I have a system which will update some UI details regarding user notification every X seconds (just like StackOverflow's notification, gmail inbox and so on).
I am planing to have a webservice that will check for new notifications and have it called every X seconds. The fact is: I do not want to make it public for everyone, I want to make it accessible only to my system, so it is the only one able to consume it.
Is there any way to do that? Using a WebService is not required, if you have other approach I would like to hear it.
My system is built using ASP.NET 4.0 and Microsoft's MVC framework. Could I call an action to do that?
My question is similar to this: How do I secure ASP.NET web service to only allow relative path calling?
But as far as I understood the answer, he proposed that the webservice could be turned into an ordinary class method inside the system that is not accessible from outside. This does not work for me because I want to access it from the client side.
Thanks,
Oscar
ps: changing infrastructure configs (ex: hosting it in an internal server) would be hard to do...
EDIT: what I want to achieve with this webservice is to update the notifications number. This should be done without refreshing the page, for this reason I thought about verifying with the server if there are any notifications and, if there are, update the UI.
Edit2: I could transform this webmethod in an ordinary method inside my system, that would be no problem. The question would then change to How do I wire the client to this method? Maybe calling an action using javascript and then inside this action calling the method?
Deploy this WebService on a different web site and then configure this site to be accessible only from IP : 127.0.0.1. Also checkout this blog post - you could install the IP Security and then:
Lastly, to create the restrictions, open up the IIS Manager and select
the website that you want to restrict. Open the IP Address and Domain
Restrictions module, and then in the actions panel (on the right side)
choose Edit Feature Settings.... To only allow local browsing, you
should deny by default. Choose Deny from the dropdown, and hit OK.
Then add your exceptions -- the IP's or ranges that you want to allow
access to. To do that, choose Add Allow Entry... from the action
panel, and add all the exceptions you need.
Now, only applications running on the same web server can access this web service.
I have several websites that use a HTTPModule (wrapped in a dll) to authenticate users and store an authentication object in the application cache for ~10 hours. I then set a cookie containing the cache key on the users machine.
I'm now looking for a way to allow admins to clear a specific cache object for all websites for any given user (effectively logging them out) causing them to automatically log back in (via windows authentication) next time they visit any of the sites.
I was planning to have a single administration website with the facility to reset logins - but I can't change the application cache for other websites for obvious security reasons.
Is there any way of passing a signal to those sites that use the authentication module so that they can clear their own application cache?
Note: I have read up on memcached but I would like to avoid a solution that isn't 'Standard ASP.NET' if possible.
Here are two ideas:
If they are on the same server, you could have a file containing the active logins in the file system, that all projects can access.
Add a generic handler to each project, that resets the login of a given user. Call this from another project when he gets logged out there. You could add a passphrase for security reasons.
EDIT: I just thought of a better solution:
Create a central "authentication" project that keeps track of the login status. Call it from the websites (e.g. through generic handlers, webservice, ...) to log out a user or check his status.
I've opted to piggyback code onto the existing HTTPModule.
I check for a custom user-agent string, if it exists I clear the relevant cache entries based on a query string and return a custom HTTP header upon success.
The only extra overhead is checking the user-agent for each request which I can live with.
With this setup I can now use a WebRequest object (injecting my custom user-agent string) from my central site to send messages to all sites using the module.