Recently I've decided to install an intranet web application (Open Atrium) in our company, but almost immideately I found myself in trouble.
We have huge directory - subdirectory file system with mixed Greek (Non Unicode) and English filenames. It seems that neither Apache nor IIS can handle reading or writing these files through browser.
What I am trying to achieve is to retain Filenames intact during reading and especially when uploading them.
Note: Transliteration process is not an option due to renaming files will loose their meaning, thus the existened ammount of files are huge and just cannot be renamed
So, my question are : am I missing something? are there any other servers (e.g JSP) which handle this problem gracefully?
Thank you in advance
My configuration is Xampp on Windows, Drupal 6, Open Atrium
I am not sure what you looking for, but I can give you some tips. The way you handle the files can be setup on web.config under the globalization. One of this parametres maybe need to be change, if its the file name that you can not read, then the fileEncoding must be correctlty set to your file names.
<configuration>
<system.web>
<globalization
fileEncoding="utf-8"
requestEncoding="utf-8"
responseEncoding="utf-8"
culture="en-US"
uiCulture="de-DE"
/>
</system.web>
</configuration>
Some MSDN links about globalization.
http://msdn.microsoft.com/en-us/library/39d1w2xf.aspx
http://msdn.microsoft.com/en-us/library/system.web.configuration.systemwebsectiongroup.globalization.aspx
Related
Is there a way to tell IIS to read configurations from a different file than web.config?
Why would anyone do this?
Convenience. When working with static resources like an .aspx, or .js, or an MVC view file, it is often sufficient to hit Refresh in the browser to see the effect of that change.
Also, more specific to our scenario is that we re-use some of our code-base in different flavors of the web site, their differences being defined in their respective .config files, and each of these sites run locally on our development clients.
Getting the change to a different location than the one you are actually working in is somewhat time-consuming: A Publish operation will properly compile and copy the entire web application to the target location, copying the individually changed file manually is often... fiddly.
So what I would like for to be possible is this:
I work on my project in c:\workbench\FlavMaster3000. In this folder I create the various flavors of web.config files:
web.apple.config
web.banana.config
web.cherry.config
I create sites in IIS that represents each flavour and set their directory to the same as above.
https://local-apple/
https://local-banana/
https://local-cherry/
And I would like for IIS to read each site's configurations from the respective flavor of .config.
Is this at all possible, or am I a dreamer with a hopeless dream?
-S
You can put your specific configuration in external file(s) and link those files in your web.config file as shown below. However downside is way web.config is watched for any changes in it and gets applied immediately when you save web.config, these external files will not be monitored and you will require to manually restart app pool.
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings configSource="Myconfigs/myappSettings.config"/>
<connectionStrings configSource="Myconfigs/myconnections.config"/>
<system.web>
<pages configSource="Myconfigs/mypages.config"/>
<profile configSource="Myconfigs/myprofile.config"/>
<httpHandlers configSource="Myconfigs/myhttpHandlers.config"/>
<httpModules configSource="Myconfigs/myhttpModules.config"/>
</system.web>
</configuration>
I have an ASP.NET MVC5 website in development which I will shortly need to deploy to an IIS8 webserver. I'm trying to get the security model for the web.config file right, and in particular I want to:
Prevent secrets in the web.config file being exposed in my source control system
Protect the deployed web.config from prying eyes (I don't own the server).
From searching on SO and other sites I can see that there are specific tools/techniques to address each scenario:
'Included' sections in web.config that do not get saved to the SCCS.
Encrypted web.config files. Or encrypted sections of the file to be more precise.
I'm fine with both of those, but I can not for the life of me see how to combine the two techniques to solve both problems simultaneously. Is it possible to encrypt an external section? Is this even the right approach given that many of the answers are several years old now and address older versions of ASP.NET/MVC.
I can't be the first do want to do this so I'm sure I'm missing something obvious.
It has been suggested that this might already be answered here, however that question is about encrypting sections in the main web.config file, and I am asking about encrypting external sections. By that I mean sections that are 'included' using the configSource XML attribute.
It's probably bad form to answer ones own question, but I had a flash of inspiration and after a couple of hours of experimentation I have it working how I want.
The bit I had got all wrong was that I was trying to encrypt the external files. It does not work like that. Here's how it does work, at least, this is how it works for me on an IIS8.5 and ASP.NET v4.0.30319 server.
ConnectionStrings
Create the connectionStrings section in a separate file, e.g. Web.connectionStrings.config:
<?xml version="1.0"?>
<connectionStrings>
<add name="MyConnection" connectionString="{your connection string here}"
providerName="System.Data.SqlClient" />
</connectionStrings>
Ref this file from web.config:
<connectionStrings configSource="Web.connectionStrings.config" />
Make sure the external file is not under source code control so it does not get uploaded to your SCCS.
Deploy BOTH files, either as part of your deployment process or deploy the secure file manually if you're really paranoid.
Encrypt the connectionStrings section of the web.config normally, using the aspnet_regiis.exe command mentioned in the article mentioned by Afzaal. This process actually encrypts the contents of the Web.connectionStrings.config file and leaves the web.config file unchanged. You need to leave the external file in place but as it is now encrypted this is quite safe.
appSettings
Create your security-critical settings in a separate file, e.g. Web.appSettings.config.
<?xml version="1.0"?>
<appSettings>
<add key="wc1" value="web.app.config1" />
<add key="wc2" value="web.app.config2" />
</appSettings>
Ref this file from web.config:
<appSettings file="Web.App.config">
{other non-secure appSettings}
</appSettings>
Again, ensure the secure file is not under source control, and deploy both files to the production server.
Encrypt the appSettings section of the web.config file.
Unlike the connectionStrings section, this does not alter the external file at all. Instead, settings from both web.config and the external file are merged (external file takes precedence if duplicate keys are encountered) and are stored in an encrypted form in web.config.
At this point you can remove the Web.appSettings.config file as its contents are now incorporated into the main file.
Points to note:
If you introduce another Web.appSettings.config file at a later time, and restart the site, the contents of that file will override the encrypted settings in web.config. This may or may not be useful. When you remove the file and restart the site, the settings revert to the encrypted ones again.
If you decrypt the appSettings section, ALL the current settings are written back into the main web.config file, including those that originally came from the external file. You'll need to remember to remove them if you're just changing a setting and then re-encrypting the file again.
I am creating a very simple site that was originally just a bunch of HTML / CSS files. Then I needed to add a little bit of server-side logic so I thought I'd use ASP.NET Web Pages as they sound like a suitable solution.
So I changed index.html to index.cshtml, added the code I needed and I though that would be it (I also added this basic web.config file:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
</configuration>
However, launching this on local IIS Express yielded this error:
Could not determine which version of ASP.NET Web Pages to use.
In order to use this site, specify a version in the site’s web.config file. For more information, see the following article on the Microsoft support site: http://go.microsoft.com/fwlink/?LinkId=254126
So I added this to my web.config:
<appSettings >
<add key="webPages:Version" value="2.0" />
</appSettings >
Now the site starts but handles UTF-8 really weirdly - although all the HTTP headers, file encodings and meta tags are correctly set to UTF-8, my national characters display incorrectly. I found this question: Do I need web.config for non-ASCII characters? but it didn't really solve my problem.
I though, what can be wrong with my setup? When I create a new site in WebMatrix and copy my files over to it, it all works fine, even without specifying the Web Pages version in web.config. And the only difference I can see is the presence of bin folder in the WebMatrix-generated project.
So the question is, do I need to have the bin folder as part of my source files too? I don't really feel like checking 1.5MB worth of binary files into Git should be necessary just to add one dynamic line in my index.cshtml but maybe that's how it is?
Thanks for either confirming this or showing me some better way.
ASP.NET WebPages requires a BOM on UTF-8 pages or it won't read the page as UTF-8. And if it doesn't do that, it won't output a UTF-8 encoded page.
This isn't an ASP.NET issue, but rather a WebPages issue. WebPages processes the real page, and it doesn't interpret the html to know that it should be UTF-8. The only way it knows is by looking for a BOM.
I have found a number of pieces of information on having multiple ASP.NET configuration files for a web deployment. However, I am still unsure if I can accomplish what I want to accomplish.
Basically, the website I am working on can be deployed to three different sites. Depending on the site that it is deployed to, the configuration settings need to be changed. What I would like to do is have configuration files for each possible configuration (full web.config files) and then be able to tell a deployment build which config file to use for a particular deployment (I can edit this manually if necessary).
Is there something as simple as pointing to a different .config file, or do I need to do something more sophisticated?
EDIT: One particular concern that I have is that I also need settings in system.net for mail settings, etc. So, I'm not looking to only override the appSettings.
Thanks
Any configuration section - such as <smtp> - can be "externalized", e.g. stored in an external file.
Other than the file= statement on <appSettings> (which is available only for app settings :-() it's not a "additional" setting - you just point your config system to an external file.
So you could have this in your app.config/web.config:
<system.net>
<mailSettings>
<smtp configSource="smtp.test.config" />
</mailSettings>
</system.net>
and this in your smtp.test.config:
<?xml version="1.0" encoding="utf-8" ?>
<smtp>
<network host="smtp.test.com" port="244" userName="test" password="secret" />
<specifiedPickupDirectory pickupDirectoryLocation="C:\temp\mails"/>
</smtp>
This works as of .NET 2.0 (maybe even 1.x), and it works for every configuration section - but not for configuration section groups like <system.web>.
Of course, you can now create additional config files, like smtp.staging.config and so forth, and now your problem has been reduced to replacing a single line in your web.config.
You can do this using an installation script, a XML preprocessor, or even by human intervention.
It doesn't completely solve the problem as .NET 4 and the web.config transformations hopefully will, but it's a step and a bit of help.
On your main web.config add the following attribute to appSettings
<appSettings file="Web.site1.config">
Then, asp.net will see both files as one. You can edit web.config in order to include a different external file, depending on the Site.
You can do this in .Net Framework 4. ScottGu shows a quick demo of it in his recent talk in Sweden. In his example he has staging, production etc. with each file having (potentially) different content.
On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.
Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?
e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?
Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:
<location path="Secret" allowOverride="false">
<system.web>
<authorization>
<deny users="*" />
</authorization>
<httpHandlers>
<remove path="*.*" verb="*"/>
</httpHandlers>
</system.web>
</location>
I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.
Well, if you can access IIS settings, UrlScan can help. For IIS 7, request filtering can help a lot.
http://learn.iis.net/page.aspx/473/using-urlscan
http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/
There are some things you can do with web.config like defining security settings etc...
Other times you have to use HttpModules or HttpHandlers, look here:
http://msdn.microsoft.com/en-us/library/aa719858(VS.71).aspx
If not, you can find different ISAPI, but in this case you need access to IIS.
For example, the ISAPI for emulating rewrite mod apache:
> http://www.codeplex.com/IIRF
The other question, yes ASPNETDB.MDF in APP_Data is protected normally (it depends on your administrator). To change the path, change the connectionstring.
There are two cases:
If the server is using IIS7 then there is equivalent functionality available using the web.config approach for all files.
If the server is using IIS6 or earlier (and for the time being this is by far the most likely case for shared hosting) then its more of a problem. If you can force all your requests to go via the ASP.NET handler (which normally requires access to the server to configure) then again the web.config approach will work but otherwise you're going to need other tools and a sympathetic hosting provider. For this reason alone one probably wants IIS7...
That said for asp.net there are files that are protected by default anyway - files in app_data as already mentioned plus specific file types (like .config). Additionally one would expect a decent host to provide a directory that is not accessible via the web - ours offer a private and a web folder, both accessible via FTP but only the contents of the latter via the web.
As per the [documentation on Application Folders][1], IIS won't serve requests to content stored in the /app_data folder although your application can read and interact with those files.
ASP.NET recognizes certain folder names that you can use for specific types of content. The following table lists the reserved folder names and the type of files that the folders typically contain.
Note
The content of application folders, except for the App_Themes folder, is not served in response to Web requests, but it can be accessed from application code.