Error 404 on /bin browsing - asp.net

I run IIS 7.5 on Windows Server 2008 R2.
I'm getting a 404: file not found error when I browse the "/bin" folder. I understand that this is a security policy by Microsoft.
I tried doing what is written in here but it didn't solve the issue. Any ideas?
EDIT:
Should be noted that I have no security issues. I run the IIS for direcotry browsing in a private network. Eventually I need to perform crawling and indexing on it. The problem is that pages under "/bin" and '/AppConfig" are not being crawled because of the 404 error.
I just need a solution for this issue. Again, no security issues are relevant here.

Bin folder is not intended as a place where a developer should put web pages.
In IIS 7.5 you can configure
Open Internet Information Services (IIS) Manager
In the Connections pane, go to the connection, site, application, or directory for
which you want to modify your request filtering settings.
In the Home pane, double-click Request Filtering.
In the Request Filtering pane, click the Hidden Segments tab
Select the relative path that you want to show (BIN folder), and then click Remove in the Actions pane.
The same can be done via web.config
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments applyToWebDAV="false">
<remove segment="Bin" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Anyway, in orded to avoid problems on development server and on any deploy server, i think that the easiest solution is to move that pages to another folder.
Read here:
ASP.NET recognizes certain folder names that you can use
for specific types of content.
The following table lists the reserved folder names and the type
of files that the folders typically contain.
Note
The content of application folders, except for the App_Themes folder,
is not served in response to Web requests,
but it can be accessed from application code.
App_Browsers Contains browser definitions (.browser files) that
ASP.NET uses to identify individual browsers and determine their
capabilities.
App_Code Contains source
code for shared classes and business objects
App_Data Contains application data files
including .mdf database files, XML files, and other data store files.
App_GlobalResources
Contains resources (.resx and .resources files) that are compiled
into assemblies with global scope.
App_LocalResources Contains resources (.resx and
.resources files) that are associated with a specific page, user
control, or master page in an application
App_Themes Contains a collection
of files (.skin and .css files, as well as image files and generic
resources) that define the appearance of ASP.NET Web pages and
controls.
App_WebReferences Contains reference contract files (.wsdl files),
schemas (.xsd files), and discovery document files (.disco and
.discomap files) that let you create a Web reference for use in an
application.
Bin
Contains compiled assemblies (.dll files) for controls, components,
or other code that you want to reference in your application.

Access \bin folder over network share, e.g. \\myserver\mysite\bin
Write ashx handler or asmx web service which will scan \bin folder for you and return the result for you, e.g. Directory.GetFiles(Server.MapPath("~\bin"))

Related

Where does IIS look for files

Can anyone explain, please, exactly how .net works. I create a web site in Visual Studio and publish it to a local server to a folder at
D:\WebSites\Project1
I create a web site in IIS and provide the address of the folder containing the files for the web site. When I publish the site, using 'fixed naming and single page assemblies', all the .aspx files go in the folder on the D drive and a dll for each page goes in the bin folder inside that folder.
I would assume that when someone wants to view a page in their browser, IIS retrieves the file(s) required from the folder specified, they get processed and turned into html and sent to the browser.
Recently when someone clicked a button on a page that calls a web service - a file not found error was reported. Apparently
C:\Temp\bx5tn2js.dll
could not be found. The thing is - why did IIS decide to look in C:\Temp for a file?
And, in the error message was a load of references to xml serialization. What is being serialized?
This file looks like the compile files that asp.net generates on compile.
This folder can be setup on web.config on compilation session with the
tempDirectory="C:\Temp"
If you do not have set this option asp.net is use a default folder that is usually inside the asp.net directory, inside the windows folder. But if you have set this, and this folder did not have the correct permissions, then asp.net fails to compile the project, and you can get a message like that.

Obscured URL in ASP.Net Webforms

I am working on a ASP.Net web forms application which I inherited from a programmer who has already left the company a few months ago.
The application is deployed in our intranet servers and user go the application via the url:
http://TestApp/App1/(12345abcde)/login.aspx
When I checked the IIS Server, the application's folder is only set to
\inetpub\wwwroot\TestApp\App1\
and from that folder, you could see the login.aspx file.
I'd like to ask what IIS settings did the previous programmer tweaked so that the URL is a bit obscured, where the imaginary(?) folder named (12345abcde) has been inserted. Which settings do I need to check for in the IIS for this?
Another question is that in the login.aspx file, the following can be found: Codebehind="Login.aspx.vb", but the same file Login.aspx.vb is not on the application's directory. Although I did see that there is a bin folder where a dll file resides. Is it possible that the vb code behind file is compiled into that DLL?
By the way, if there is an available dll viewer which I could download, kindly post the same so that I could inspect the DLL in the webforms app.
Appreciate your inputs. Thanks.
This comes from using cookieless sessions in ASP.NET.
Basically, instead of storing the session id in a cookie, it is passed as part of the URL, which makes the app usable even when cookies are disabled in a browser.
To enable/disable this feature, use the following web.config entry:
<sessionState cookieless="true" />
Regarding your second question: when you use the "publish web site" function in Visual Studio, all code-behind files are compiled to DLLs (in the bin folder), and the ASPX file are changed to include a reference to the corresponding DLL (in the <#Page > directive).
And regarding the "dll viewer": have a look at .NET Reflector.

Loading a different web.config file at runtime fo ASP.NET

I have a web application which I want to use for multiple business areas. I do not want to have multiple instance of the web app code on the web server.
So as an example: I have //MyWebSite/Virtual_Directory_1 refers to c:\Inetpub\wwwroot\MyWebApp pointing to Database_A
What I want is to setup another Virtual Directory as follows:
//MyWebSite/Virtual_Directory_2 refers to c:\Inetpub\wwwroot\MyWebApp pointing to Database_B.
The I was thinking of doing this was by having separate web.config files, but I am not sure how to actually do this.
Any help will be appreciated.
Thanks
Parag
You can split your configuration to multiple files and you can also create 1 or more virtual directories in IIS for a single Physical directory. However this means you would have 2 instance of your web application available on your web container but both utilizing the same configuration files no matter they are split on multiple files.
You can also have a web.config file for each sub directory in your web application and each file can override its parent web.config settings (Not every thing is overridable).
To create a virtual directory on the run dialogue box type inetmgr... The IIS Manager will open up. Right click on the default web site if on the client OS and select New then Virtual Directory. Virtual Directory setup wizard will appear. Follow the simple steps it has to offer and you end up creating 2 virtual directories for a single source directory.
If you just want to have different functionalities (i.e. pointing to different database) for each web app instance then consider web.config configuration sections instead.. and have database connection strings saved against a key in app settings and load the specific database connection string considering which resource is accessed.
Have a look at the article on this location:
One way of doing it I guess would be to have a shared web.config file and then have multiple connection strings in that config file that match the virtual directory name.
<connectionStrings>
<add name="VirtualDir1" connectionString="data source=BLAHBLAH" />
<add name="VirtualDir2" connectionString="data source=BLAHBLAH" />
</connectionStrings>
When getting the connection string simply reference like:
ConfigurationManager.ConnectionStrings(Request.ApplicationPath).ConnectionString
Although to be honest I think a little time spent with build projects and having multiple copies of the code with their own config files will save you pain in the long run.

ASP.NET Serving Word Documents

I have an application that has a subfolder called "Docs" (actually a virtual directory) where I keep all of my word documents. I don't want these documents to be accessed by any unauthenticated users but for some reason regardless of what I put in my root web.config or my "Docs" web.config IIS still serves the word up to any user.
I assume the files in that folder are .doc
Unless you have modified your IIS configuration, .doc files are not handled by ASP.NET (they should by default be handled by the straight IIS file handler). That means the asp.net dll never sees the request, and so any settings in ASP.NET's web.config file are meaningless.
You would need to configure IIS to identify .doc files as being handled by the ASP.NET dll, or use a wildcard mapping so that all files on your server go through ASP.NET (keep in mind that this adds overhead to have every single static file request go through a full server side programming framework)
Your virtual directory is a separate app that might not be governed by the root. Add the web.config and mappings to the virtual directory.
If this is just a personal thing (your question reads two ways), I would just use an IIS-level password on the folder by removing anonomous access.

web.config in nested folder

I am trying to install an app inside of another web app. I have my .aspx pages and some code that I was putting into the main app's app_code folder. I've added my own web.config file for my connection string and such but I think there's a conflict. So my question is a two parter. First, what is the best way to install an app inside of another app, i.e should I use the main apps app_code folder or add my own, and second, would there be a conflict with the two web.config files. I was under the impression that the files pulled from the most specific web.config file. It appears there is a problem with my security and I am unable to access my file. I was attributing this to the two web.config files,
thanks.
If the nested application has had its folder turned into an application (right-click on it in IIS, Properties, and on the "Application" tab, "Create" a new application), you should put the code in the local App_Code folder:
- \RootFolder // Root of website
|- \App_Code // App_Code at root
|- \NewApplication // Seperate application in IIS, has "web in a box" icon in IIS
| |- \App_Code // App_Code of new application
If the nested application isn't a true application (in the IIS sense), then you will need to have the code files in the root App_Code folder.
This also has a bearing on your web.config - if the nested application is a true application, then you'll be able to have a full web.config at the level you want - however if it's not an IIS application, then there are limitations as to what you are able to put in subsequent web.configs - some elements are only allowed in the web.config at the application root, and can't be overridden by other settings.
What's the actual error you are seeing?
Regarding your first question, I would rather have them deployed on different folder. And second, if you have, for instance, a web site inside the default web site, you will have both web.config, but the more specific will override some of the attributes of the web.config from the default web site, but the ones that are not override will be there, (ie, HTTPHandlers, HTTPModules, the site will try to load those, so you will need to add the remove tag inside the HttpModules to remove them).
Hope this clarify your question

Resources