I'd like the server web.config configuration to match the client as closely as possible. All clients use a proxy auto-configuration script.
Is there any way to specify this script file in web.config?
Yes
Directly under <configuration>:
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy scriptLocation="--- your script location here ---" bypassonlocal="True" />
</defaultProxy>
</system.net>
Related
in asp.net we can use the following setting in web.config to point to a wpad.dat file to read all the proxy setting, is there a way we can achieve the same thing in asp.net core?
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy autoDetect="True" scriptLocation="http://wpad.dat" />
</defaultProxy>
</system.net>
How to use BizTalk Health Monitor with an authenticating proxy?
Is there anyway to use the BHM, specifically the "Repository Update" option, when you're behind an authenticating proxy?
I think you can create a file "ChkBHMRep.exe.config” in the BHM setup folder and update like this :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy usesystemdefault="true" />
</defaultProxy>
</system.net>
</configuration>
It is indeed ChkBHMRep.exe which checks for BHM repositories updates
Let me know if it works
JP Auconie
BHM team
I like to secure all aspx files in a folder ~/Secure/ secure such that specific IP addresses can access the folder's aspx files. I added the following web.config file to the folder, hoping that it adds to the parent web.config:
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</configuration>
The problem is that I get this error when I try to access to any of the aspx pages in the folder:
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
What does it take to make this idea happen? I like to just include one web.config file to a folder and that enforces the IP address authorization. I like this idea, since it is no-code and config only.
You cannot do it in the website web.config only.
If you can use IIS manager:
Open IIS Manager, locate the site, click on the folder you want to protect, then click on IP address and Domain Restrinctions.
Also click on "Edit feature settings" in the right Actions panel" to specify actions for unspecified clients (i.e. Deny with Forbidden, or simply Deny With Not Found).
This will generate the right configuration for you.
In your root web.config use the location element:-
<location path="Secure">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
This is my web.config which has some tags for blocking Ipaddress
<configuration>
<connectionStrings>
...
</connectionStrings>
<appSettings>
....
</appSettings>
<runtime>
....
</runtime>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="127.0.0.1" allowed="true"/>
<add ipAddress="83.116.19.53" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
</configuration>
My intention is to block any other IP except the above. The above is the only Ip address I want the website to be accessible from . But with "ipSecurity" tag I am always getting
500 - Internal server error and the site runs fine without it.
I have made sure that "IP and Domains Restrictions" are installed on the server.
Please let me know if I am missing anything.
Thank you.
For others that run into this issue. The cause of the issue is that Feature Delegation doesn't allow the feature to be managed by web.config.
To Fix:
Verify that the Feature is enabled for web.config management
In IIS 7, click on the root server
Double click Feature Delegation (under management)
Scroll down to IPv4 Address and Domain Restrictions
Change the delegation to Read/Write (in my case it was Read Only, which was the issue)
Hope this helps someone else.
For Windows 10 and Visual Studio 2015 note that the ApplicationHost.config file has been relocated to the .vs\config folder in your project's folder hierarchy. You will need to edit the project specific version of the ApplicationHost.config file found there with...
<section name="ipSecurity" overrideModeDefault="Allow" />
If you only edit the ApplicationHost.config located in your Documents\IISExpress folder this will not affect your existing application (MVC5 appl in my case).
Open the applicationHost.config file (located at %windir%\system32\inetsrv\config\applicationHost.config) and edit the ipSecurity section.
Change this line:
<section name="ipSecurity" overrideModeDefault="Deny" />
To:
<section name="ipSecurity" overrideModeDefault="Allow" />
Are you editing the config by hand or through IIS manager?
See this post about that error message as you may not have that feature delegation enabled
http://forums.asp.net/t/1220987.aspx
Try this outside System.Webserver tag
<location path="Default WebSite">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="127.0.0.1" allowed="true"/>
<add ipAddress="83.116.19.53" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
</location>
Hopefully this will help someone...
I am running IIS express on Windows 7 locally and did the following - Control panel > Programs > Programs and features > Turn Windows features on or off
In the Windows Features dialog ensure the IP Security option is checked:
I also had to open up my applicationhost.config (under %userprofile%\Documents\IISExpress\config) file and change the following:
<section name="ipSecurity" overrideModeDefault="Deny" />
To
<section name="ipSecurity" overrideModeDefault="Allow" />
Don't forget custom site delegation. This allows you to only allow delegation to sites you intend.
I am trying to clean up our web.config file such that per-deployment specific stuff is not kept in the main config. I have managed with the connections strings and some of the mailSettings, but I need the from attribute as well as the configSource, but this doesn't seem to be allowed.
Currently I have this:
web.config:
<system.net>
<mailSettings >
<smtp configSource="email.config" from="me#blahblah.com" />
</mailSettings>
<defaultProxy>
<proxy bypassonlocal="True" usesystemdefault="False" />
</defaultProxy>
</system.net>
email.config
<network host="myhost" password="" userName="" />
Ideally I would have the set the configSource on either mailSettings or system.net, but this isn't supported.
Is there a better way to do this?
OK, this is a missunderstanding on my part. I didn't think I could do:
<system.net>
<mailSettings >
<smtp configSource="email.config" />
</mailSettings>
</system.net>
and:
<smtp from="someone#stackoverflow.com">
<network host="myhost" password="" userName="" />
</smtp>
Which you can. Hopefully me being daft in public will help someone else retain their dignity and not have to ask daft questions.
You have to decide: If you use configSource it wins and the other settings are ignored. What are your reasons for using both? If this is a Debug / Release issue you can use two different configSource files and copy them to the right places with an after build action.