what's removing my basic authentication header? - asp.net

I'm having some problems running a webservice on my local machine. it's an asp.net webservice, which is using a .Net 4.0 Classic application pool. It works fine on everybody else's machine, and the live servers.
The problem: most request rely on basic authentication, which fails every time, with the correct credentials. Debugging, I can see that the basic authentication part of the header has been removed by something along the chain.
also, Application_BeginRequest in global.asax gets hit twice. Once with the original header (which then appears not hit any of the webservice endpoints) and then with the basicauth-less version.
The issue seems to go away if I switch the app pool to integrated, but unfortunately this isn't an issue as it fails for different reasons then.
I'd welcome any ideas of what is removing the basic auth from the header. I thought perhaps something in my IIS config, but I've reinstalled IIS without any luck.

Well it's fixed now. The noly thing I believe I changed was installing SP1 for visual studio 2010. I'm very doubtful that that was really the source of the problem though

Related

.Net core application failing to upload via FTP, hosted on IIS

I have a problem deploying a .net core application via FTP which is hosted on IIS.
The main DLLs (core application) that I want to update just wont upload, FTP just gives me a generic permission error message. I think the reason is because they are in use because then I stop the application pool, upload and restart it works just fine.
But this isn't really a solution, are there any other methods of publishing that will alleviate this problem?
Edit:
"open for write: failure"
Is the only error I'm getting. I can't find anything online and the only solution I have is restart the app pool.
I found an answer and I figured it should be here for future Googling.
The issue is as I first expected IIS proxies the request to kestrel and that means the process is in use as far as Windows is concerned. There are three solutions.
The Good Solution
Have two (or more) VMs on azure behind a load balancer. Have a script which turns off the sites one at a time, does what it needs to do and turns them back on. Do this right and no downtime!
Intermission
Before I talk about the other solutions a little explanation. I have not been working with .NET for a long time but apparently there was this thing you could do where you add a app_offline.htm and it will temporarily take down the site for you.
In the context of IIS and .Net Core it also releases the process, which is really useful as it solves my problem! Although I had to visit the web page first for it to take effect, unless I'm mistaken.
The Bad Solution
Use an automated script to rename _app_offline.htm to app_offline.htm. Do the upgrade and then revert that change. Takes your site down, kind of ugly but scripting is always better than...
The Ugly Solution
You only have access to FTP, no remote admin or proper deployment process because... reasons.
Upload an app_offline.htm, upload as little as possible and hope it doesn't break anything before deleting or renaming app_offline.htm.
Also you would have to perform any DB migrations by using EnableAutomaticMigrations = true because you have no server access or scripting methods.

ASP pages do not load

First off, I'm not a web developer, so I might be asking the question in the wrong place. Unfortunately, I've tried searching regarding my problem but most of the issues I see are web-developer server side issues, so I'm runnig out of places to turn.
The problem: I'm trying to navigate a website, and eventually it decides to try running a ".asp" page. However, my browser just hangs (attempted Firefox and IE11), until it eventually times out. However, when I've run the same website on other machines (such as my phone), those pages load flawlessly. The fact that it's browser independent seems to suggest it's something with my local machine (Win7). I've ensured the IIS feature is turned on and the process is running, but still nothing.
The only other evidence I have is while searching for ASP tutorials, there was an example designed to show the current date/time which didn't work. The rest of the page which was straight HTML was then fine. I'm not sure if it's possible that some native binary for a scripting language isn't loading, but I'm not sure how I can debug that.
To summarise, my questions are as follows:
What could stop an ASP page being loaded on a client machine?
What can I do to ensure the right dependencies are present on a client machine such that it can load ASP pages?
To note, I'm not aware of anything I've installed which would affect this. The only code related program on my PC is Visual C++ Express 2013, but I'm not sure what that would do. .Net 4.5 is installed but I don't know how to tell what script the asp page is attempting to execute.
* What could stop an ASP page being loaded on a client machine?
IIS?
IIS is the one responsible for parsing asp code.
IIS takes your ASP code, and then, transforms it into html code, then sends it to the client.
There might be an issue with your windows 7 computer, but there is nothing related to ASP.
* What can I do to ensure the right dependencies are present on a client machine such that it can load ASP pages?
There are no such dependencies. Your client makes a call to a server, which returns html code.

404.17 error - requested content appears to be script

I have a similar question to this one;
IIS 7.5
Server 2008
ASP.Net 4.0 web site
The error I get when trying to run the site is this:
HTTP Error 404.17 - Not Found
The requested content appears to be script and will not be served by the static file handler.
...
Most likely causes:
The request matched a wildcard mime map. The request is mapped to the static file handler. If there were different pre-conditions, the request will map to a different hander.
Now here comes the weird part:
THE WEIRD PART
The weird part is that on the develop server -- which is similar in every aspect to the production server -- everything runs smoothly.
Here's a list of things I cannot try, because I don't want to mess with the sever (it hosts many other sites):
Reinstalling .Net
Reinstalling IIS
Reinstalling anything
Running aspnet_regiis
Here's what I did try:
Republishing the site
Restarting the application pool
Changing the application pool to .Net 2.0 and back to .Net 4.0
Switching around between Integrated and Classic pipeline mode
Enabling 32-bit mode
Taking a look at Handler Mappings
Eventually I created a new application pool, and it sort of started working.
Q) "Sort of"?
A) Yes, sort of.
Now the site only works when the (new) app pool is set to .Net 4.0, Integrated,
and the site's Authentication has ASP.NET Impersonation set to Disabled.
Any change to these settings sets the server yelping "404.17" all over again.
Q) What's wrong with that?
A) What's wrong with that is that I NEED ASP.NET Impersonation for the site to function properly.
As always, your guidance is most needed.
HTTP Error 404.17 - Not Found
The requested content appears to be script and will not be served by the static file handler.
Usually this error occurs when you have the right IIS version installed to the respective .net framework. If it was a version (not installed) issue then you would have got a different error message. Anyways, I think by now you have resolved your matter, but I like to share some words with anyone else having this problem. These error messages gave me so much headache all last week and I had tried everything.
Best remedy is always to re install the latest .net in latest visual studio. And the important thing to do is uninstall the existing IIS(express or whichever you have) and re install it first. Then download the latest visual studio. This way visual studio installation can easily access you IIS and add the necessary application pool.
As for the error 404.17, it could simply be because the right application pool has not been assigned for the appropriate dot net version. If the right version is not there re installing visual studio is the only way I know. Also, I think you can try downloading another version of the Visual Studio too. For eg, download the ultimate if you have professional or vice versa. Hope this helps someone with similar problem.
Installing this windows server feature http activation is, what was missing for me.

asp.net sitemap security trimming not working when deployed

I have basic forms authentication set up and it works just fine locally against IIS express. When I deploy, the sitemap security trimming stops working (menu items are showing that shouldn't be there). If I try and go to one of the nodes that shouldn't be there with a user that does not contain the role required, they get kicked back to the the login screen. Because of that that, I know authentication is working properly.
Another developer I work with has it working just fine locally on his machine as well. The deployed web server is where it no longer works.
I don't believe there is a problem with any of the markup sine it works locally, so I'll withhold from posting the code. Every single example on the web matches up with what I have. The code also resides on a network on with no outside access.
No other posts have been found where someone ran into this issue.
Thanks in advance
After lots of experimenting, we think we narrowed it down. We are forced to use cookie-less session state on this system and that seems to be the problem. Our development machines have a major difference in that they have .net 4.5 installed on them. The production server as well as a few other developers only have .net 4.0 installed. If we allow a cookie, it works just fine. It seems that the paths are not being handled properly on the 4.0 machines in cookie-less session state which breaks the security trimming. Some more testing is needed to verify this. Unfortunately updating the production machine is not an option.

Make Cassini (VS Development Web Server) Stop Overriding My 404 Responses

I have noticed that while debugging my site, any request that results in a 404 and appears to refer to a path on the disk relative to my configured virtual directory is intercepted by Cassini and rudely replaced with a directory listing. I'm using Nancy Framework, but given that this problem appears to be at the web server level, I suspect Cassini would act the same way for MCV applications. I can't find any documentation on this "feature" other than a related commit message on the Cassini source that says "...directory listing only overrides 404 responses for directories".
I would much rather my development web server stop trying to outsmart my framework. I makes the debugging experience more than a little jarring. In an MVC framework the request URLs have nothing at all to do with file locations, so the fact I'm getting directory listings for some invalid requests and the correct 404 page for others gets annoying. Not to mention it's making several of my unit tests fail because they rely on auto-generated content in my 404 error pages (which I can't manually test either).
Is there any way to disable this functionality in Cassini? I know I could install IIS Express, but I'd rather not. Especially since my unit test runner and hosts file (this is a multi-domain application) are already configured just right.
Stop using Cassini and start using IIS Express instead.
Cassini has many shortcomings (SSL support being one, the problems you are seeing another and many more).
IIS Express is based on IIS code and is as close to IIS as can be while still being lightweight.

Resources