I am creating a very simple site that was originally just a bunch of HTML / CSS files. Then I needed to add a little bit of server-side logic so I thought I'd use ASP.NET Web Pages as they sound like a suitable solution.
So I changed index.html to index.cshtml, added the code I needed and I though that would be it (I also added this basic web.config file:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
</configuration>
However, launching this on local IIS Express yielded this error:
Could not determine which version of ASP.NET Web Pages to use.
In order to use this site, specify a version in the site’s web.config file. For more information, see the following article on the Microsoft support site: http://go.microsoft.com/fwlink/?LinkId=254126
So I added this to my web.config:
<appSettings >
<add key="webPages:Version" value="2.0" />
</appSettings >
Now the site starts but handles UTF-8 really weirdly - although all the HTTP headers, file encodings and meta tags are correctly set to UTF-8, my national characters display incorrectly. I found this question: Do I need web.config for non-ASCII characters? but it didn't really solve my problem.
I though, what can be wrong with my setup? When I create a new site in WebMatrix and copy my files over to it, it all works fine, even without specifying the Web Pages version in web.config. And the only difference I can see is the presence of bin folder in the WebMatrix-generated project.
So the question is, do I need to have the bin folder as part of my source files too? I don't really feel like checking 1.5MB worth of binary files into Git should be necessary just to add one dynamic line in my index.cshtml but maybe that's how it is?
Thanks for either confirming this or showing me some better way.
ASP.NET WebPages requires a BOM on UTF-8 pages or it won't read the page as UTF-8. And if it doesn't do that, it won't output a UTF-8 encoded page.
This isn't an ASP.NET issue, but rather a WebPages issue. WebPages processes the real page, and it doesn't interpret the html to know that it should be UTF-8. The only way it knows is by looking for a BOM.
Related
Consider a group of developers working on an ASP.net web application. Each developer would like to have a private version of the web.config.
By "private" I mean that a developer can freely change the file to suit their dev/test needs at any given moment, without it affecting other team members and without ending up in source control.
How can one go about achieving this with Visual Studio 2015?
My closest solution so far is to have a "private" Solution Configuration with a matching Web.config Transformation file ("web.private.config") that's excluded from source control.
But this is not a satisfactory solution because:
a. The transformation is not run automatically when debugging (with F5). The developers need to remember to run it manually.
b. The result of the transformation ends up in the main "web.config" file which is, naturally, included in source control.
We had a very similar problem but only needed personalized versions of the <appSettings> section in Web.config.
In this situation the inclusion of an external file through configSource turned out to be problematic, as this attribute completely replaces the <appSettings>-node. So there remains no way to keep global key/values AND personal key/values for all developers. The whole section is completely replaced by the included private file.
What we need is both global and private <appSettings>. The solution we found was the file attribute. It allows to merge Web.config settings with settings from an additional file.
We ended up with a construct like this one:
<!-- Web.config with global appSettings) -->
...
<appSettings file="Web.PERSONAL.config">
<add key="BaseUrl" value="https://projectname.dev.local" />
...
</appSettings>
...
<!-- Web.PERSONAL.config with personal appSettings -->
<?xml version="1.0" encoding="utf-8"?>
<appSettings >
<add key="EmailSmtpUser" value="my.name#my.domain.com" />
<add key="EmailSmtpPwd" value="***" />
</appSettings >
If you put identical keys in both files, the Web.PERSONAL.config version will overwrite the Web.config version.
The file Web.PERSONAL.config must be excluded from Git through .gitignore .
Keep in mind:
While configSource works for ALL nodes in Web.config, the file attribute is restricted to <appSettings>.
Have web.config include an external file (via configSource) and add that file to .gitignore
The correct answer is to host your local development site in a separate location from your Visual Studio solution. You can then use publish profiles to publish changes to that location and web.config transforms to maintain a separate local config for each developer. Each developer would use a different publish profile which transforms the web.config with their own transform and deploys the transformed web.config to the publish location. You can then attach a debugger to the published site using Visual Studio's Debug > Attach To Process option.
I think there is a lot of value in standardising dev environments so that one can just download the solution and run it.
Custom, long term/permanent, developer specific configs will sooner or later lead to a subtle bug that will be tricky to find.
My solution to your problem would be to find out the reason(s) why permanent individual configs are needed and have a look if these environment specific differences can be eliminated.
Is there a way to tell IIS to read configurations from a different file than web.config?
Why would anyone do this?
Convenience. When working with static resources like an .aspx, or .js, or an MVC view file, it is often sufficient to hit Refresh in the browser to see the effect of that change.
Also, more specific to our scenario is that we re-use some of our code-base in different flavors of the web site, their differences being defined in their respective .config files, and each of these sites run locally on our development clients.
Getting the change to a different location than the one you are actually working in is somewhat time-consuming: A Publish operation will properly compile and copy the entire web application to the target location, copying the individually changed file manually is often... fiddly.
So what I would like for to be possible is this:
I work on my project in c:\workbench\FlavMaster3000. In this folder I create the various flavors of web.config files:
web.apple.config
web.banana.config
web.cherry.config
I create sites in IIS that represents each flavour and set their directory to the same as above.
https://local-apple/
https://local-banana/
https://local-cherry/
And I would like for IIS to read each site's configurations from the respective flavor of .config.
Is this at all possible, or am I a dreamer with a hopeless dream?
-S
You can put your specific configuration in external file(s) and link those files in your web.config file as shown below. However downside is way web.config is watched for any changes in it and gets applied immediately when you save web.config, these external files will not be monitored and you will require to manually restart app pool.
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings configSource="Myconfigs/myappSettings.config"/>
<connectionStrings configSource="Myconfigs/myconnections.config"/>
<system.web>
<pages configSource="Myconfigs/mypages.config"/>
<profile configSource="Myconfigs/myprofile.config"/>
<httpHandlers configSource="Myconfigs/myhttpHandlers.config"/>
<httpModules configSource="Myconfigs/myhttpModules.config"/>
</system.web>
</configuration>
I have an ASP.NET MVC5 website in development which I will shortly need to deploy to an IIS8 webserver. I'm trying to get the security model for the web.config file right, and in particular I want to:
Prevent secrets in the web.config file being exposed in my source control system
Protect the deployed web.config from prying eyes (I don't own the server).
From searching on SO and other sites I can see that there are specific tools/techniques to address each scenario:
'Included' sections in web.config that do not get saved to the SCCS.
Encrypted web.config files. Or encrypted sections of the file to be more precise.
I'm fine with both of those, but I can not for the life of me see how to combine the two techniques to solve both problems simultaneously. Is it possible to encrypt an external section? Is this even the right approach given that many of the answers are several years old now and address older versions of ASP.NET/MVC.
I can't be the first do want to do this so I'm sure I'm missing something obvious.
It has been suggested that this might already be answered here, however that question is about encrypting sections in the main web.config file, and I am asking about encrypting external sections. By that I mean sections that are 'included' using the configSource XML attribute.
It's probably bad form to answer ones own question, but I had a flash of inspiration and after a couple of hours of experimentation I have it working how I want.
The bit I had got all wrong was that I was trying to encrypt the external files. It does not work like that. Here's how it does work, at least, this is how it works for me on an IIS8.5 and ASP.NET v4.0.30319 server.
ConnectionStrings
Create the connectionStrings section in a separate file, e.g. Web.connectionStrings.config:
<?xml version="1.0"?>
<connectionStrings>
<add name="MyConnection" connectionString="{your connection string here}"
providerName="System.Data.SqlClient" />
</connectionStrings>
Ref this file from web.config:
<connectionStrings configSource="Web.connectionStrings.config" />
Make sure the external file is not under source code control so it does not get uploaded to your SCCS.
Deploy BOTH files, either as part of your deployment process or deploy the secure file manually if you're really paranoid.
Encrypt the connectionStrings section of the web.config normally, using the aspnet_regiis.exe command mentioned in the article mentioned by Afzaal. This process actually encrypts the contents of the Web.connectionStrings.config file and leaves the web.config file unchanged. You need to leave the external file in place but as it is now encrypted this is quite safe.
appSettings
Create your security-critical settings in a separate file, e.g. Web.appSettings.config.
<?xml version="1.0"?>
<appSettings>
<add key="wc1" value="web.app.config1" />
<add key="wc2" value="web.app.config2" />
</appSettings>
Ref this file from web.config:
<appSettings file="Web.App.config">
{other non-secure appSettings}
</appSettings>
Again, ensure the secure file is not under source control, and deploy both files to the production server.
Encrypt the appSettings section of the web.config file.
Unlike the connectionStrings section, this does not alter the external file at all. Instead, settings from both web.config and the external file are merged (external file takes precedence if duplicate keys are encountered) and are stored in an encrypted form in web.config.
At this point you can remove the Web.appSettings.config file as its contents are now incorporated into the main file.
Points to note:
If you introduce another Web.appSettings.config file at a later time, and restart the site, the contents of that file will override the encrypted settings in web.config. This may or may not be useful. When you remove the file and restart the site, the settings revert to the encrypted ones again.
If you decrypt the appSettings section, ALL the current settings are written back into the main web.config file, including those that originally came from the external file. You'll need to remember to remove them if you're just changing a setting and then re-encrypting the file again.
Recently I've decided to install an intranet web application (Open Atrium) in our company, but almost immideately I found myself in trouble.
We have huge directory - subdirectory file system with mixed Greek (Non Unicode) and English filenames. It seems that neither Apache nor IIS can handle reading or writing these files through browser.
What I am trying to achieve is to retain Filenames intact during reading and especially when uploading them.
Note: Transliteration process is not an option due to renaming files will loose their meaning, thus the existened ammount of files are huge and just cannot be renamed
So, my question are : am I missing something? are there any other servers (e.g JSP) which handle this problem gracefully?
Thank you in advance
My configuration is Xampp on Windows, Drupal 6, Open Atrium
I am not sure what you looking for, but I can give you some tips. The way you handle the files can be setup on web.config under the globalization. One of this parametres maybe need to be change, if its the file name that you can not read, then the fileEncoding must be correctlty set to your file names.
<configuration>
<system.web>
<globalization
fileEncoding="utf-8"
requestEncoding="utf-8"
responseEncoding="utf-8"
culture="en-US"
uiCulture="de-DE"
/>
</system.web>
</configuration>
Some MSDN links about globalization.
http://msdn.microsoft.com/en-us/library/39d1w2xf.aspx
http://msdn.microsoft.com/en-us/library/system.web.configuration.systemwebsectiongroup.globalization.aspx
I have succesfully added localization to my website. Came next day and it does not work. After reading alot of posts and did some troubleshooting my self. I found out that the Page ignores the page.aspx.en-US.resx. Because I dont have a standard resx for the page it shows the label caption i have in the designer. I just took out the en-US and made it the default( page.aspx.resx). The page correctly displays the strings that are in the resource file.
I have used the tutorial from MSDN and the same tutorial you can find it All over the internet I even contributed to te tutorial on MSDN. when you are using Authentication or Impersonation you must grant access to the APP_LocalResources folder through the web.config
<location path="App_LocalResources">
<system.web>
<authorization>
<allow users="*">
</authorization>
</system.web>
That I found out yesterday and solved the problem, but now It does not use the page.aspx.en-US.resx , unless it's the default I find it very strange. Does someone has the solution or suggestion?
I found the solution to my challenge. In order for the resource files to work you have to have a default resource file in combination with the other resource files e.g.:
default.aspx.resx
default.aspx.en-US.resx
default.aspx.nl-NL.resx
Even if you have only one language and you want to use resource files you have to have the default resource file for it to work, otherwise it will ignore any resource file you may have under the App_LocalResources.