I have a website running in IIS 6.0, the website is an asp.net with framework 4.0
We have an application that is not hosted on the client, is hosted in our side. The client ask to allow access only for specific IPs.
So I added the list of IPs in the web.config, like this:
<security>
<ipSecurity allowUnlisted="false">
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="XXX.XXX.XXX.114" subnetMask="255.255.255.0" allowed="true"/>
<add ipAddress="XXX.XXX.XXX.85" subnetMask="255.255.255.0" allowed="true"/>
</ipSecurity>
</security>
In this example only two IPs have access to the side.
Should I need to do an extra step? because is not working. Is it the best way to do it?
Thank you.
I think your answer is in this link IP Security
Compatibility
Version Notes
IIS 7.5 The <ipSecurity> element was not modified in IIS 7.5.
IIS 7.0 The <ipSecurity> element was introduced in IIS 7.0.
IIS 6.0 The <ipSecurity> element replaces the IIS 6.0 IPSecurity metabase property.
Related
Pretty new to .NET Core, and am trying to understand how everything works together when using IIS integration.
A couple of questions: If I want my site to run over HTTPS, do i need to configure my WebBuilder with a certificate, or should i be selecting HTTPS on the binding in IIS manager, or both?
Does the UseUrls WebBuilder method also instruct IIS what port is should listen on? How does IIS know which port it should talk to the .NET Core application on?
When you host your .NET Core app behind IIS, IIS is acting as a reverse proxy to Kestrel web server. IIS will receive the HTTP request and pass it to Kestrel, the magic happen inside a new IIS module called AspNetCoreModule that you have to install on your server. As usual, to configure your IIS application you'll be using a web.config file in which you'll find a description of how IIS is interacting with your app: timeouts, pathes of the application, environment variables and so on... For instance, mine look like that:
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
</handlers>
<aspNetCore
requestTimeout="00:20:00"
processPath="%LAUNCHER_PATH%"
arguments="%LAUNCHER_ARGS%"
stdoutLogEnabled="false"
stdoutLogFile=".\logs\stdout"
forwardWindowsAuthToken="true">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="development" /> <!-- value could be "development", "staging" or "production"-->
</environmentVariables>
</aspNetCore>
</system.webServer>
The reason why you want to set it up that way is that Kestrel is a very light weight and nervous web server but it's missing a layer of applicative features that IIS can add up: Windows authentication via Kerberos, restarting the app in case of a crash, pool management...
I like a lot this article regarding this topic: https://weblog.west-wind.com/posts/2016/Jun/06/Publishing-and-Running-ASPNET-Core-Applications-with-IIS
For HTTPS, it's enough to configure IIS to listen on a secure HTTPS port and to define the certificate only on IIS.
UseUrls() won't be taken into account by IIS, it will work the other way around, IIS will tell your app on which port it should be listening to, UseUrls() will be taken into account if you launch your app directly.
I have the following httpredirect in the web.config which is being ignored. This web.config is on the root of a hybrid webforms and MVC web application. Both locations in the example below are webforms pages.
<configuration>
<system.webServer>
<httpRedirect enabled="true" exactDestination="true" httpResponseStatus="Permanent">
<add wildcard="*/foldername/" destination="/anotherfolder/file.aspx" />
</httpRedirect>
</system.webServer>
</configuration>
This is on localhost btw but the httpredirect should work on both the localhost and the live server. What am I doing wrong?
NOTE: There are a lot of instructions on the web pointing to the URL Rewrite IIS module. I can't install this on the live server so that's not an option.
https://www.iis.net/configreference/system.webserver/httpredirect
For anyone in the future. Check Modules are installed from above link.
I installed a deployed and working website (Windows Server 2003, IIS 6) onto an AWS instance, however unless I append a route name, the IIS default webpage is returned. For example, www.mysite.com returns the IIS page, while www.mysite.com/Home brings up the website.
I tried adding a route:
routes.MapPageRoute("/", "Home", "~/Default.aspx");
but it had no effect. I tried to hack around it by suffixing the URL with "Home" in Application_BeginRequest (Globals.asax.cs) and redirecting it, but
I much prefer and would welcome a clean solution to this problem. I suspect the issue is rooted in the enhanced security of IIS 8.5, but am not expert enough to understand how and why.
AWS Versions:
Windows Server 2012 R2
IIS 8.5
Have you tried this?
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="home.html" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
http://www.iis.net/configreference/system.webserver/defaultdocument
As the title states is it possibly to host a dynamic (that would be .aspx correct?) website locally (IIS 8) on a computer running Windows 8 Enterprise? I've installed all the IIS components, added the website as many guides on Google will show but I get error 9 as stated here:http://support.microsoft.com/kb/942055
my web.config is as follows:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="false" targetFramework="4.0"/>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I also have the correct version set for the site (.NET 4.0) and tried resetting all feature delegations. At this point I'm thinking of just doing a cheese puff solution and just running the site via the built in server within Visual Web Developer.
"Stock" ASP.NET Web.Config file
When I create a standard, empty ASP.Net Web Forms Application targeting .NET Framework 4.0, here's the standard Web.config file that's generated:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections />
<connectionStrings />
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/" />
</authentication>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>
EDIT: I removed the Membership, Role, Profile, and SessionState sections that were previously here. These aren't, strictly, required but are part of the standard Empty ASP.Net Web Forms Application template to help you get started quickly. What is shown above is the minimum Web.config you need.
NOTE: Don't worry about the debug="true" in the <Compilation /> element. You should have that attribute set to false in production anyway.
I Suspect it's your IIS Configuration
After re-reading your question, I suspect that you haven't properly configured IIS to host the site properly.
First, I want to start by saying that there's Internet Information Services (IIS), the actual web server, that can be installed on Windows 8 as well as server OSes such as Windows Server 2012. There is also IIS Express, used for development and which is a replacement for the old Development Web Server (code-named Cassini) in VS2008 and VS2010 (prior to SP1 when IIS Express was made available through an additional installation).
It sounds to me like you have installed IIS under Windows 8 Program and Features. Now you need to create a site in IIS that points to where your web application is located on your hard disk.
Open IIS Manager
Expand your machine name in the Connections pane on the left.
Expand the Sites folder. There should already be a site called Default Web Site.
Right-click the Sites folder and choose Add Website....
Give the site a name. Choose the DefaultAppPool for now (you can change it later).
Under Physical path, browse to where your web site/application is located on your hard disk.
Click OK.
There are other options on that page and you can find help on them at MSDN. That may be enough to get you started, though.
I'm trying to set up Windows authentication in my web app, but I cannot make it work. The app run in my computer (Windows 7 x64), I am in a domain network, and the app is running on the real IIS, not the Cassini web server.
What I have done so far:
Enable basic authentication in IIS. (I have also tried to enable Windows Authentication)
Web.config <authentication mode="Windows"></authentication>
I have tried with and without <identity impersonate="true"/>
I have put the AuthorizeAttribute within my controllers.
I have tried also the <add key="autoFormsAuthentication"
value="false"/> fix for MVC3 Beta.
What I got:
I can open the page that has no AuthorizeAttribute, I put a breakpoint and this is what I get in different properties related with authentication:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
"IIS APPPOOL\\ASP.NET v4.0 DefaultAppPool"
Environment.UserDomainName
"IIS APPPOOL"
Environment.UserName
"ASP.NET v4.0 DefaultAppPool"
User.Identity.Name
""
Of course I cannot open any page with the [Authorize] attribute.
The only thing I want is get the Windows user name of the user that is accessing the web application. How should I do it?
It worked after reboot the computer. No idea what was wrong.
I had the same problem, it got resolved after I added the following tag in my <appSettings> in my root web.config.
<add key="enableSimpleMembership" value="false"/>
along with this
<add key="autoFormsAuthentication" value="false"/>