I have an ASP.net MVC3 app running under IIS7 with forms auth enabled. There is also a co-hosted Nancy service hosted under a folder in the application.
The problem is that anytime a Nancy service returns a 401 (Unauthorized) status the request is automatically redirected to the login page.
is there a way to tell ASP.net to ignore 401 errors returning from that folder and just return the original json response?
I know this is old but I'll reply anyway.
It sounds like you have Forms Auth for the MVC website, and using Nancy as an API under say /nancy
To disable the authentication in that directory path you can add a location in your web.config, you most likely have one already to setup Nancy to run.
Something like:
<location path="nancy">
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpHandlers>
<add verb="*" type="Nancy.Hosting.Aspnet.NancyHttpRequestHandler" path="*"/>
</httpHandlers>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<add name="Nancy" verb="*" type="Nancy.Hosting.Aspnet.NancyHttpRequestHandler" path="*"/>
</handlers>
</system.webServer>
</location>
All you need to do in here is allow anonymous access, this can be done by adding authorization into system.web. Update the system.web like so:
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpHandlers>
<add verb="*" type="Nancy.Hosting.Aspnet.NancyHttpRequestHandler" path="*"/>
</httpHandlers>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
And this should ignore authentication for the folder now.
In the controller you can paint the Action (or entire Controller) with the AllowAnonymousAttribute
[AllowAnonymous]
public ActionResult DoSomething()
{
return View();
}
Related
I have an asp.net webforms application that has windows authentication enabled. I need to enable anonymous authentication on a folder “Test” in the website which contains images . I did that by adding
<location path="Test">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
Now any requests to images in Test folder is unauthenticated and everything works as expected until I introduced a generic handler for this folder which fetches files from the backend storage if the file is not found in the “Test” folder and boom it broke! Anonymous authentication doesn’t work anymore. Updated web.config file below -
<location path="Test">
<system.webServer>
<handlers>
<add verb="*" path="Test" requireAccess="None" name="Handler1" type="WebApplication1.Test.Handler1, Anonymous" />
</handlers>
<security>
<authentication>
<anonymousAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
I inspected the request using fiddler and it returns HTTP/1.1 401 Unauthorized message if I have the handler section in config but if I remove the handler section from config everything just works fine and I can see the valid response in fiddler. Any insight into what could be wrong here?
Finally I was able to resolve it myself by modifying the location configuration as shown below by adding system.web to allow all users
<location path="Test">
<system.webServer>
<handlers>
<add verb="*" path="Test" requireAccess="None" name="Handler1" type="WebApplication1.Test.Handler1, Anonymous" />
</handlers>
<security>
<authentication>
<anonymousAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
I published a website yesterday, and I don't have any authentication form on my website.
This is my web.Config :
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="Default.aspx"/>
</files>
</defaultDocument>
</system.webServer>
</configuration>
But when I try to browse my website, it gives me 403 error! I don't have any authentication form on my website, why it's happened?
403 is for access denied/forbidden, can you check your IIS which you have hosted. Looks like some IIS settings like Application Pool, Framework settings.
Looks like Application which its targeting to the framework needs to be explicitly selected.
I'm building a project in Visual Studio using C#.
When I try to run the program I get Error Http 404.
My question is how can I change my URL
http://localhost:55188/login.aspx?ReturnUrl=%2f
to
http://localhost:55188/Index.aspx.
The page login.aspx does no longer exist.
This is my web.config
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms defaultUrl="addRole.aspx" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="LoggedIn.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
Thank you.
The page you try to reach requires authintication and your web.config says login.aspx can provide that. Change your web.config and you'll be fine.
Here is your web.config without authentication requirements:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
As Matthias Aslund correctly started, you have specified that you want your users to be authenticated but have not specified which Login page you wish users to be redirected to in order to login by using the "LoginUrl" attribute on the forms element in the Web.config file. The default value of "Login.aspx" is therefore being used, as specified on this MSDN page on the LoginUrl attribute. The "DefaultUrl" attribute has a different purpose and is used as the default page to redirect users to after logging on if one is not specified using the "ReturnUrl" querystring value that is visible in your URL above - see the MSDN page on the DefaultUrl attribute for more.
If you no longer have any authentication in your application, that is to say any user can access your application without a username and password, then you need to change your Web.config as follows. It is extremely important that you are clear that any user who is able to reach your application will now be able to access any part of it, and that there will be no restrictions based on the fact that the user is authenticated/known to the application, is a specific user, or is in a specific role.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="None" />
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
This replaces the whole of the contents of your Web.config file you have provided above, but you must be clear that this removes all authentication from your application (which appears to be what you want).
Introduction
My ServiceStack service handles route parameters that often contain periods ie:
/people/search/b.j./upton. Initially, asp.net/ServiceStack would throw a "404 - Not Found" exception when it encountered this route. I tried encoding %2E the periods with no luck but eventually resolved the issue after seeing some related questions by setting the relaxedUrlToFileSystemMapping property (info) within my web.config.
Problem
This worked perfectly until today when I had to change my service location from the default path to a custom path by adding <location path="api"> (as described here) to my web.config. Since adding the location node in web.config the relaxedUrlToFileSystemMapping setting is no longer applied and my routes with periods /api/people/search/b.j./upton are breaking once again resulting in '404 - Not Found' exceptions from ServiceStack.
Setup
ServiceStack - v3.9.56
IIS 7.5 / IIS Express (happens on both)
web.config:
<location path="api">
<system.web>
<httpHandlers>
<add path="*" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" />
</httpHandlers>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
...
</location>
Question
Anyone have an idea why the relaxedUrlToFileSystemMapping property is ignored when it is moved from the default path to within my custom <location path="api"> in web.config?
Thanks!
After some tinkering with my web.config I was able to resolve this by moving the relaxedUrlToFileSystemMapping entry into it's own node outside of the <location> node. I'm not sure if this is a recommended approach (multiple <system.web> entries?) or might cause some other conflict(s) but after running a full system test of the service everything is working fine again so I'm going with this for now.
My updated and complete web.config for reference:
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
</system.web>
<location path="api">
<system.web>
<httpHandlers>
<add path="*" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" />
</httpHandlers>
</system.web>
<connectionStrings>
<add name="AppDb" connectionString="data source=AppHost\SQLEXPRESS;Initial Catalog=db;User Id=AppUser;password=AppPwd;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add path="*" name="ServiceStack.Factory" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" preCondition="integratedMode" resourceType="Unspecified" allowPathInfo="true" />
</handlers>
</system.webServer>
</location>
</configuration>
Did you change the root path in the AppHost file
public override void Configure(Container container)
{
SetConfig(new EndpointHostConfig { ServiceStackHandlerFactoryPath = "api" });
}
I wrote a httphandler to handle all XSLT requests.
The name of the handler is XSLTHandler.cs.
web.config
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpHandlers>
<add verb="*" path="*.xsl" type="XSLTHandler" />
</httpHandlers>
</system.web>
</configuration>
I got this error message, dont know how to fix it.
Configuration Error Description: An error occurred during the
processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.
Parser Error Message: Could not load type 'XSLTHandler'.
What you're missing is the assembly and namespace that XSLTHandler belongs in, from MSDN. So if it's located in your current project, it should look like this:
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.xsl"
type="WebApplicationName.XSLTHandler, WebApplicationName" />
</httpHandlers>
</system.web>
</configuration>
The MSDN link shows how to configure for both the classic and integrated modes
https://msdn.microsoft.com/en-in/library/ms228090(v=vs.80)
Note that you need to provide the proper namespace of the handler you are using
Example:
<configuration>
<system.web>
<!--Classic-->
<httpHandlers><add verb="*" path="*.sample" name="HttpHandler" type="Handler.kHttpHandler"/></httpHandlers>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<!--Integrated mode-->
<handlers><add verb="*" path="*.sample" name="HttpHandler" type="Handler.kHttpHandler"/></handlers>
</system.webServer>
</configuration>