I have just installed sp1 for visual studio 2010 and now i am debugging my asp.net projects and websites with IIS Express. I know i can enable ssl from project's properties. but what i want to figure out is how to enable and require SSL for few pages like Login.aspx and Register.aspx.
I believe in IIS we can do such things from IIS manager but, there seems to be no management area for IIS express except a small icon in system tray. I have not installed IIS express with webmatrix but as a standalone application.
You can do it with Url Rewriting. If you have a certificate installed for your site in IIS, but you have headers configured for https and http, then the pages of the site can be accessed via either method. You can use a url rewrite to force all requests to a given page to be https, like so:
<rewrite >
<rules>
<clear />
<rule name="Redirect Login Page" stopProcessing="true">
<match url="^Login.aspx(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/Login.aspx{R:1}" />
</rule>
I have used this in a few applications and it works well.
You can also do things programmatically. See Request.IsSecureConnection and (only) redirect as necessary.
A bit off topic, but the above does have some caveats when you have a front end device/concentrator.
Related
We have an ASP.NET Web API application (.NET 4.*) which is hosted as a website in IIS. The ASP.NET application contains server-side rendered pages, but also a REST API which is available at /api/v1.
A new API is in development, which is using ASP.NET Core (.NET 7) and will be hosted as an IIS application (believe me, we cannot get around that for now) under the main website (which contains the ASP.NET Web API application).
The new API should also be available on /api, but since this is an application under the main website, if we would use /api for the new application, the REST API of the main website would not receive requests anymore. Hosting it under /api/v2 is not possible as IIS applications cannot contain a / in the alias (and we also do not prefer a version in the path anymore).
Instead, we would like to create the application using another name, /foo for example, and use rewrite rules in the web.config to rewrite from the main website to the new application, eg.:
<system.webServer>
<rewrite>
<rules>
<rule name="Foo">
<match url="^api\/((?!v1).*)$" />
<action type="Rewrite" url="foo/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
But this doesn't seem to work. It looks like the request is rewritten, but still handled by the main website, not by the sub application. Is it not possible to rewrite (not redirect!) a request from a website to a sub application within that website? If not, any other suggestions to host both applications on the same starting path (it should remain two separate applications)? At the moment, there is no possibility for a reverse proxy which could solve this issue.
If you want to access requests starting with /api by typing /foo in the browser address bar, you can try the following rule:
<system.webServer>
<rewrite>
<rules>
<rule name="Foo">
<match url="foo(.*)" />
<action type="Rewrite" url="api{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
We have a classic asp site (not asp.net) that we have been migrating over to MVC bit by bit. Currently MVC project runs as an application under classic asp in IIS, with its own app pool. This arrangement is working.
I have been told to look into running the remainder of the classic asp pages from inside MVC project, making the MVC project the main project in IIS.
I have been searching for a viable solution but haven't found any yet. This question is very similar to mine but there are no answers.
Can i create a folder (classicasp) inside the MVC project, move my remaining active classic asp pages to this folder and then run these from here? The url will be like
http:/www.somewebsite.com/classicasp/somepage.asp
Is it possible? If yes, how will i handle the MVC routing to point to classic asp pages?
Or should I reverse the arrangement and run classic asp site as an application under MVC in IIS???
Please let me know if you need more information.
You can put classic asp pages in your root folder in your mvc site (or a sub folder within the root folder), so yes, the url http://www.somewebsite.com/classicasp/somepage.asp should work if the location of the file is along the lines of C:\path-to\root\classicasp\somepage.asp
As far as routing goes, don't do it with MVC, use the IIS rewrite module
You're probably better off using the module to generate the rules rather than writing them into web.config directly, but here's what a sample rule would look like in web.config. It enables you to find an article at mysite.com/article.asp?id=10 with the url mysite.com/article/10
<system.webServer>
<rewrite>
<rules>
<rule name="RewriteUserFriendlyURL1" stopProcessing="true">
<match url="^article/([^/]+)/?$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="article.asp?id={R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
I have a feeling this should be easy, but I'm struggling to find out how to do it.
I have a website that I want to restrict to HTTPS. It is an asp.net vnext website (not mvc) that is deployed to Azure. It is serving up static files without going through the ASP.NET pipeline.
In previous versions of asp.net, you could add system.webServer rules to do a redirect. This is gone from vNext. If I was using Mvc I could use the RequireHttps attribute or I could write custom middleware to do the redirect, but this only kicks in when the asp.net pipeline is activated. My html and js (it's a SPA app) would still be served up. If I was deploying to IIS instead of Azure, I could configure it there.
So, how do I tell an azure website to only respond on port 443 without a web config file?
According to Azure Documentation you can add a web configuration file for applications written in any programming language supported by Azure (Node.js, PHP, Python Django, Java). You can find detailed information here.
Here is a sample:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
You can achieve the redirect by adding the web.config file to your deployment. The documentation says:
when hosted on Azure App Service- Azure creates the file automatically during deployment, so you never see it. If you include one as part of your application, it will override the one that Azure automatically generates.
for additional level of security probably you can use nsg. Azure documentation says NSG as "you can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network".
You can try using cli to create a nsg and put rule in there to block traffic to port 80.
Creating redirects for Coldfusion pages to .Net pages through web.config. Looking for guidance on handling .cfm request and converting them to .aspx on a windows server with IIS 7.5. Ideally 301 redirects for SEO purposes.
Anyone know an efficient way to handle .cfm request and convert them to .aspx through web.config?
I work with Coldfusion 9.x.x on IIS 7.5 and 8 and here is what we do.
Say you have a link that appears like this:
http://example.com/index.cfm?articleid=12&displayText=title-of-the-article
You'll need this basic structure added to your web.config file:
<rewrite>
<rules>
<rule name="Article Stripper" stopProcessing="true">
<match url="^([\w-_+]+)/([\w-_+]+)" ignoreCase="false" />
<action type="Rewrite" url="/index.cfm?articleid={R:1}&displayText={R:2}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
To produce something like this:
http://example.com/12/title-of-the-article
You can do using Application_BeginRequest() event in Global.asax.
Please check out following link for further details on it.
Asp.net processing of .CFM files or Redirects from .cfm to .aspx page
I want to host multiple Top Level Domains (TLDs) off of the same web application.
Scenario: www.mywebsite.com has language sub-folders of /en-us/, /en-gb/, /fr-ca/, /ja/, etc...
So www.mywebsite.com/en-gb/ would be the UK version of the site.
UK users should go to www.mywebsite.co.uk but be routed to www.mywebsite.com/en-gb/
In IIS, I've set the bindings for this web application to handle both www.mywebsite.com and www.mywebsite.co.uk domains.
The URL Rewrite 2.0 module is added to IIS and includes this rule:
<rewrite>
<rules>
<rule name="CanonicalHostNameRule" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.mywebsite\.co\.uk$" />
</conditions>
<action type="Rewrite" url="http://www.mywebsite.com/en-gb/{R:1}" />
</rule>
</rules>
</rewrite>
Users who go to www.mywebsite.co.uk have the URL rewritten to www.mywebsite.com/en-gb/, however, I want the URL to remain www.mywebsite.co.uk for them, and in fact, I would want the www.mywebsite.com/en-gb/ to be rewritten to www.mywebsite.co.uk for consistency.
I'm still not even quite sure what the proper terminology is for what I want to do. So far I've run across 'multi-tenancy', 'application request routing', 'URL routing', 'URL rewriting', and a few others.
Here are a few resources I've been reading to try and figure out how best to handle this. Am I on the right track? I haven't found a good example that demonstrates doing this with TLD's.
Scott Forsyth - Multiple Domains Under One Site
Scott Guthrie - URL Routing With ASP.NET 4 Webforms
Stackoverflow - MVC Routes Based On A SubDomain