Develop Reference

Generic Handler for Site Root

I'm trying to get a handler to be called for the site root request by the browser, i.e. http://my.example.com. Given the code below, if I call /Test, the handler works as expected, but without that, I get the HTTP Error 403.14 - Forbidden (directory browsing isn't allowed).
Windows Server 2012-R2 / IIS 8.5
There is no MVC involved
ScriptModule-4.0 module is inherited so extensionless works
Similar to this question from 2012 that was never properly answered
Generic handler is given as an example...could also be a Soap Web Service
I've tried various combinations of slashes and asterisks for the handler path without success.
Generic handler:
Public Class Test
Implements IHttpHandler
Public Sub ProcessRequest(Context As HttpContext) _
Implements IHttpHandler.ProcessRequest
With New StringBuilder
.AppendLine("<html>")
.AppendLine("<head>")
.AppendLine("<title>Test</title>")
.AppendLine("</head>")
.AppendLine("<body>")
.AppendLine("<p>Hello World</p>")
.AppendLine("</body>")
.AppendLine("</html>")
Context.Response.Write(.ToString)
End With
End Sub
End Class
...and in web.config I have the following:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation strict="false" explicit="true" debug="true" targetFramework="4.5.2" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<system.webServer>
<handlers>
<add verb="*" name="Test" type="MyApp.Test" path="Test" />
</handlers>
<defaultDocument enabled="true">
<files>
<clear />
<add value="Test" />
</files>
</defaultDocument>
</system.webServer>
</configuration>

The solution I came up with, but I'm open to other ideas.
In web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation strict="false" explicit="true" debug="true" targetFramework="4.5.2" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<httpRuntime targetFramework="4.5.2" />
<!-- Required for Web Services via Handlers -->
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
</system.web>
<system.webServer>
<handlers>
<add verb="GET,POST" name="Test" type="MyApp.Test" path="Test" />
</handlers>
<modules>
<add name="AppModule" type="MyApp.AppModule" />
</modules>
<defaultDocument enabled="false" />
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>
And then added the AppModule class where I evaluate HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath and do a HttpContext.Current.RewritePath so the handler defined above will pick it up.
my.example.com
my.example.com/AnyFolder/MyApplication
Matching for "~/" works if the web app is at the site root in IIS or is set up as an app within a site:
Public Class AppModule
Implements IHttpModule
Friend WithEvents WebApp As HttpApplication
Public Sub Init(ByVal HttpApplication As HttpApplication) _
Implements IHttpModule.Init
WebApp = HttpApplication
End Sub
Private Sub WebApp_BeginRequest(sender As Object, e As EventArgs) _
Handles WebApp.BeginRequest
With HttpContext.Current
If .Request.AppRelativeCurrentExecutionFilePath = "~/" Then .RewritePath("~/Test")
End With
End Sub
Public Sub Dispose() _
Implements IHttpModule.Dispose
Throw New NotImplementedException()
End Sub
End Class

Simple Web API Controller returning 404

I just created a basic Web Controller in my project. I hit debug and try to browse to /api/duedate and I get a 404. I am new to controllers and have been looking at every tutorial I can find. None of them say I need to add anything more to get this to work.
Imports System.Net
Imports System.Web.Http
Public Class DueDateController
Inherits ApiController
' GET api/duedate
Public Function GetValues() As IEnumerable(Of String)
Return New String() {"value1", "value2"}
End Function
' GET api/duedate/5
Public Function GetValue(ByVal id As Integer) As String
Return "value"
End Function
' POST api/duedate
Public Sub PostValue(<FromBody()> ByVal value As String)
End Sub
' PUT api/duedate/5
Public Sub PutValue(ByVal id As Integer, <FromBody()> ByVal value As String)
End Sub
' DELETE api/duedate/5
Public Sub DeleteValue(ByVal id As Integer)
End Sub
End Class
My web.config looks like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="webPages:Version" value="2.0"/>
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers></system.webServer>
</configuration>

I believe you need to add a route.
Routing in VB
If you read the last comment in this thread it should show you how to add routing to your app.

To help anyone else out and to simplify having to read through that long post. You need to create and modify your global.asax file to include this:
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
RouteTable.Routes.MapHttpRoute("WebApi1",
"api/{controller}/{id}",
defaults:=New With {.id = System.Web.Http.RouteParameter.Optional})
End Sub

ASP.NET Webforms Module, context user is null

When a video request is handled by the HTTP Module (code below) such as /website/uploads/Video/M2U00001_2.mp4 the _context.User is null.
When I run this in VS2010 on my local machine using the Visual Studio Development server _context.User is set. After I deploy to IIS 7 (.net 4.0) _context.User is Null.
'_context.User' is not Null when the http module processes an aspx page but it is Null when processing javascript, images, videos or CSS.
Can anyone explain why _context.User is null and possible solutions that will ensure _context.User is not null.
public Class VideoSecurityModule
Implements IHttpModule
Private WithEvents _context As HttpApplication
Public Sub Dispose() Implements IHttpModule.Dispose
End Sub
Dim myUserManager As UserManager
Public Sub Init(ByVal context As HttpApplication) Implements IHttpModule.Init
_context = context
myUserManager = New UserManager
End Sub
Public Sub OnAuthorizeRequest(ByVal source As Object, ByVal e As EventArgs) Handles _context.PostAuthenticateRequest
Const networkAuthenticationRequiredStatusCode As Integer = 511
Try
If IsVideoUrl() Then
If _context.User Is Nothing Then
LogManager.WriteMessage("_context.User is nothing:", "")
End If
Dim userId As Integer = myUserManager.GetUserIdByUserName(_context.User.Identity.Name)
If (UserRequiresAuthorization(userId)) Then
If Not UserIsAssignedToCourseContainingVideo(userId) Then
LogAccessDeniedMessage()
_context.Response.StatusCode = networkAuthenticationRequiredStatusCode
_context.Response.ClearContent()
_context.Response.Write("UnAuthorized User")
_context.Response.End()
End If
End If
End If
Catch ex As Exception
LogManager.WriteException(ex, "")
End Try
End Sub
End Class

To ensure that _context.User is set add the runAllManagedModulesForAllRequests="true" to the modules section of the web.config like below.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="ScriptModule" />
<remove name="RadUploadModule" />
<remove name="RadCompression" />
<remove name="VideoSecurityModule" />
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode,runtimeVersionv2.0" />
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode,runtimeVersionv2.0" />
<add name="VideoSecurityModule" type="LMS.VideoSecurityModule"/>
</modules>

How do I impersonate using aspnet_personalization Windows Authentication

Having trouble figuring out how to impersonate another user while using aspnet_personalization with Windows authentication.
I am using asp.net's personalization framework on my page:
<asp:WebPartManager ID="WebPartManager1" runat="server" >
<Personalization Enabled="True" />
</asp:WebPartManager>
My page is in an existing web app that uses AuthenticationMode="Windows" (which I cannot change, and IIS is also set to Windows Authentication). This web app has a page that allows super-users to impersonate any other user. This is accomplished by manipulating a connection string that is built dynamically every time we hit the database.
My problem is that aspnet_personalization still uses windows authentication. When I try to edit the connection string used by aspnet_personalization dynamically, aspnet does not seem to use it - it still uses the username of the current NT account.
I have the following in my web.config's configuration tag:
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="AnotherConnectionString" connectionString="Data Source=serverName;Initial Catalog=dbName;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
applicationName="/"
connectionStringName="AnotherConnectionString" />
</providers>
</membership>
<profile enabled="true" defaultProvider="TableProfileProvider">
<providers>
<clear />
<add name="TableProfileProvider" type="Microsoft.Samples.SqlTableProfileProvider" connectionStringName="AnotherConnectionString" table="aspnet_Profile" applicationName="/" />
</providers>
<!--<properties></properties>-->
</profile>
I tried editing the connection string by adding code as follows whenever we impersonate a user, hoping asp.net would use it, but it does not:
Dim settings = ConfigurationManager.ConnectionStrings("AnotherConnectionString")
Dim fi = GetType(ConfigurationElement).GetField("_bReadOnly", BindingFlags.Instance Or BindingFlags.NonPublic)
fi.SetValue(settings, False)
settings.ConnectionString = "data source=serverName;database=dbName;user id=" & login & "; password=" & password
I did confirm on page_load of the page containing the webPartManager that "AnotherConnectionString" does contain the desired username, but asp.net_personalization still calls its stored procs using the NT username.
ANSWER:
Stackoverflow won't let me post an answer. That's ridiculous, so after I post the answer inside the question, I'm deleting my account and will encourage others to do the same.
I solved the problem by extending SqlPersonalizationProvider:
Imports System.Web.UI.WebControls.WebParts
Public Class MySqlPersonalizationProvider
Inherits SqlPersonalizationProvider
Protected Overrides Sub LoadPersonalizationBlobs(ByVal webPartManager As System.Web.UI.WebControls.WebParts.WebPartManager, ByVal path As String, ByVal userName As String, ByRef sharedDataBlob() As Byte, ByRef userDataBlob() As Byte)
Dim impersonatedName As String = MySession.UserLoginName()
path = path & "|" & impersonatedName
userName = impersonatedName
MyBase.LoadPersonalizationBlobs(webPartManager, path, userName, sharedDataBlob, userDataBlob)
End Sub
Protected Overrides Sub SavePersonalizationBlob(ByVal webPartManager As System.Web.UI.WebControls.WebParts.WebPartManager, ByVal path As String, ByVal userName As String, ByVal dataBlob() As Byte)
Dim impersonatedName As String = MySession.UserLoginName()
path = path & "|" & impersonatedName
userName = impersonatedName
MyBase.SavePersonalizationBlob(webPartManager, path, userName, dataBlob)
End Sub
End Class
And then in web.config:
<system.web>
<webParts>
<personalization defaultProvider="AspNetSqlPersonalizationProvider">
<providers>
<remove name="AspNetSqlPersonalizationProvider"/>
<add name="AspNetSqlPersonalizationProvider"
type="MyProject.MySqlPersonalizationProvider"
connectionStringName="MyConnectionString"
applicationName="/"></add>
</providers>
</personalization>
</webParts>
<profile enabled="true" defaultProvider="TableProfileProvider">
<providers>
<clear />
<add name="TableProfileProvider" type="Microsoft.Samples.SqlTableProfileProvider" connectionStringName="iCaseHomepage" table="aspnet_Profile" applicationName="/" />
</providers>
</profile>
</system.web>
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="MyConnectionString" connectionString="Data Source=MyServerName;Initial Catalog=MyDatabaseName;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
and on the page:
<asp:WebPartManager ID="WebPartManager1" runat="server" >
<Personalization Enabled="True" />
</asp:WebPartManager>

Looks like I'm allowed to post an answer now. I guess I won't delete my account after all. But geez, SO isn't very friendly to noobs.
Anyway, I solved the problem by extending SqlPersonalizationProvider:
Imports System.Web.UI.WebControls.WebParts
Public Class MySqlPersonalizationProvider
Inherits SqlPersonalizationProvider
Protected Overrides Sub LoadPersonalizationBlobs(ByVal webPartManager As System.Web.UI.WebControls.WebParts.WebPartManager, ByVal path As String, ByVal userName As String, ByRef sharedDataBlob() As Byte, ByRef userDataBlob() As Byte)
Dim impersonatedName As String = MySession.UserLoginName()
path = path & "|" & impersonatedName
userName = impersonatedName
MyBase.LoadPersonalizationBlobs(webPartManager, path, userName, sharedDataBlob, userDataBlob)
End Sub
Protected Overrides Sub SavePersonalizationBlob(ByVal webPartManager As System.Web.UI.WebControls.WebParts.WebPartManager, ByVal path As String, ByVal userName As String, ByVal dataBlob() As Byte)
Dim impersonatedName As String = MySession.UserLoginName()
path = path & "|" & impersonatedName
userName = impersonatedName
MyBase.SavePersonalizationBlob(webPartManager, path, userName, dataBlob)
End Sub
End Class
And then in web.config:
<system.web>
<webParts>
<personalization defaultProvider="AspNetSqlPersonalizationProvider">
<providers>
<remove name="AspNetSqlPersonalizationProvider"/>
<add name="AspNetSqlPersonalizationProvider"
type="MyProject.MySqlPersonalizationProvider"
connectionStringName="MyConnectionString"
applicationName="/"></add>
</providers>
</personalization>
</webParts>
<profile enabled="true" defaultProvider="TableProfileProvider">
<providers>
<clear />
<add name="TableProfileProvider" type="Microsoft.Samples.SqlTableProfileProvider" connectionStringName="iCaseHomepage" table="aspnet_Profile" applicationName="/" />
</providers>
</profile>
</system.web>
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="MyConnectionString" connectionString="Data Source=MyServerName;Initial Catalog=MyDatabaseName;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
and on the page:
<asp:WebPartManager ID="WebPartManager1" runat="server" >
<Personalization Enabled="True" />
</asp:WebPartManager>

User unable to verify account using Asp.Net

I have a simple create user wizard and custom membership provider which was taken from here
Now I am following this tutorial by scott Mitchell and creating new user using wizard and able to send email by setting Disable create property user to "False" so that whenever user recieves the activation link he needs to click that and verifies his account.
Now the problem is when he creates new user it is working fine and when he tried to login immediately he gets message that he needs to ativate the link first in order to login.
And after registration he gets email and when he clicks the link it gives me error that there is no user in the database.
As you can see below that user gets activation link
When the user tried to click it he gets that he is not found in the database
And if i check in the administration tool If I check the user is available without a tick beside it.
Here is my web.config:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="HDIConnectionString"
connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|HDIMembershipProvider.mdf"/>
</connectionStrings>
<system.web>
<roleManager defaultProvider="CustomProvider">
<providers>
<add connectionStringName="HDIConnectionString" name="CustomProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<membership defaultProvider="HDIMembershipProvider">
<providers>
<clear/>
<add name="HDIMembershipProvider" type="HDI.AspNet.Membership.HDIMembershipProvider" connectionStringName="HDIConnectionString" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Clear"/>
</providers>
</membership>
<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" loginUrl="Login.aspx" />
</authentication>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
</system.web>
<appSettings>
<add key="adminEmail" value="noreply#xyz.com"/>
</appSettings>
<system.net>
<mailSettings>
<smtp from="xyz#gmail.com">
<network host="smtp.gmail.com" password="password" port="587" userName="xyz#gmail.com"/>
</smtp>
</mailSettings>
</system.net>
</configuration>
And code behind for createuser.aspx:
Protected Sub CreateUserWizard1_SendingMail(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.MailMessageEventArgs) Handles CreateUserWizard1.SendingMail
Dim userInfo As MembershipUser = Membership.GetUser(CreateUserWizard1.UserName)
'Construct the verification URL
Dim verifyUrl As String = Request.Url.GetLeftPart(UriPartial.Authority) & Page.ResolveUrl("~/Verify.aspx?ID=" & userInfo.ProviderUserKey.ToString())
'Replace <%VerifyUrl%> placeholder with verifyUrl value
e.Message.Body = e.Message.Body.Replace("<%VerifyUrl%>", verifyUrl)
End Sub
Verify Page_Load:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'Make sure that a valid querystring value was passed through
If String.IsNullOrEmpty(Request.QueryString("ID")) OrElse Not Regex.IsMatch(Request.QueryString("ID"), "[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}") Then
InformationLabel.Text = "An invalid ID value was passed in through the querystring."
Else
'ID exists and is kosher, see if this user is already approved
'Get the ID sent in the querystring
Dim userId As Guid = New Guid(Request.QueryString("ID"))
'Get information about the user
Dim userInfo As MembershipUser = Membership.GetUser(userId)
If userInfo Is Nothing Then
'Could not find user!
InformationLabel.Text = "The user account could not be found in the membership database."
Else
'User is valid, approve them
userInfo.IsApproved = True
Membership.UpdateUser(userInfo)
'Display a message
InformationLabel.Text = "Your account has been verified and you can now log into the site."
End If
End If
And here is the database screenshot:

#Tim and Baldy-I have finally got working but not with UserID.I don't know what's wrong with the GUID and I tried it with username and it's working perfectly.
So if any modifications with the GUID please let me know.

You are passing a guid type to the GetUser method of the Membership class.
UPDATE Have tested this now. Passing a GUID does call the correct overload - GetUser(object providerUserKey). So this answer is not relevant.
How can you be sure that this is being inferred to the correct overload at runtime?
GetUser has both string and object single parameter overloads, therefore it would make sense to pass the guid in as an object so you are explicitly stating which overload you want to call.
The framework may be calling ToString() on your guid, which would invoke the overload that looks up the username rather than the provider key.
Not at a computer right now, but it should go like this...
Dim key as new object()
'put the guid in the object type
key = Userid
Dim user = Membership.GetUser(key)