I have a website on IIS 7. This website has a HttpModule with an AuthorizeRequest event handler.
This event does not fire for CSV files and I can access the file without logging in, I guess this is because IIS7 is not configured to require form autentication for CSV files.
How can I set this?
This will impact all files, but you can add a mapping to your server configuration:
Go to the properties of your website and click on "Handler Mappings".
In the upper right corner click, "Add Module Mapping".
Put "*.csv" in the Request Path.
Select "IsapiModule" for module.
Find the aspnet_isapi.dll in the framework folder of the appropriate .net framework you are using under Executable.
Give it a name.
Check the tabs in "Request Restrictions" for more options.
This should force any .csv request to parse through asp.net (thus invoking formsauthentication) before servicing the request.
EDIT: Alternatively you can add a wildcard script mapping as desribed here: http://learn.iis.net/page.aspx/508/wildcard-script-mapping-and-iis-7-integrated-pipeline/
This will force authentication to all non-.net files (pdfs, docs, anything).
this answer explains how to achive what I was looking for.
I inserted in web.config the lines in chapter 3 and 4 of the referenced guide, and
changed ".htm" with ".csv", maybe someone can optimize the solution for *.csv files. but for me it does what I needed.
Related
Am developing asp .Net web application.
In one of my aspx file am using file to download using generic handler. Everything works great. But when am testing i felt a strange problem. That, if am uploading a image or document with file name containing aspx character for Eg; aspxphoto as file name.
Uploading doesnt have any any problem but when i try to download it is throwing error in Generic handler file as
Object reference not set to an instance of an object.
Can anyone help me why this problem happends and how can i fix it?
You will not be able to do this. The IIS handler wants to "handle" the ASPX. You should simply not allow it, or if you have to, rename it to .aspx.uploaded or something. If you allowed, it you could open yourself to hacking.
As another option, you may be able to create a virtual that implements ("no processing") - possibly using the HTTP Handler under the virtual and just disabling script / execute permissions (under handler >> Edit Feature Permission >> Script OR under Virtual >> Edit permissions >> Special >> Turn Execute off.
I would not recommend the last, since it will add complexity when migrating between test and live AND for recovery (DR).
I've written an ASP.net web application. In the interest of following the advice in "The Pragmatic Programmer" to put application logic in configuration, I wrote a large XML file that describes various business rules.
When I test the application on my local development workstation, I copy the file to c:\xxxxx\myfile.xml and then write the code to read the file from this location.
What is the correct way to deploy this xml file as part of my web application so that it gets read from the directory in which the web application is deployed?
Update: The XML file in question is for server-side configuration and should never be available for download to the end-user.
If you're not embedding this as a resource, you should:
Create a directory under which this file will reside.
Create the file and set its Build Action to Content.
Create a web.config file in that directory which forbids access to the directory so you don't expose your business rules to the Internet.
Add a setting in your application's main web.config that gives the path to this file relative to the root of the application, i.e. "~/MySecureFolder/MyBusinessRules.Xml".
Have some code that calls HttpServerUtility.MapPath Method to convert the value from the setting in web.config to a virtual path.
I don't know if this is what you want - Click on the XML file, then open the Property Window and find the "Build Action" property. Set the value to "Embedded Resources"
I think what you need to do is:
Add the XML file to your web application project in Visual Studio
Right click on the file and select 'Properties...'
Set the Build Action to 'Content' and Copy to Output Directory to 'Do not copy'
this will ensure that your XML file is deployed along with the rest of your web app.
If you want to make available your XML file from http requests to your server, you should
place it in your web publication folder.
This ASP instruction should help you to find your publication path:
Request.ServerVariables("APPL_PHYSICAL_PATH")
So, I've created my wonderful winforms app that I want to unleash upon the world, and now I am trying to create a simple website to host some basic information and link to the setup file (msi installer file )....
I have a button on the asp.net page and the setup file setupApp.msi in same folder as the asp.net page. I am currently trying the following:
Response.Redirect("http://./SetupApp.msi");
But this best guess at what to do is not working. Is there something wrong with Mime types here? What do I need to put in the click event to allow users to download this file?
The path you are passing in to the method is not valid (there's no server name called ".").
You can pass in a relative path and it should work fine because ASP.NET will resolve the path:
Response.Redirect("SetupApp.msi")
Or if it's not in the same folder, try one of these:
Response.Redirect("../Downloads/SetupApp.msi")
Response.Redirect("~/SomeFolder/SetupApp.msi")
Keep in mind that you don't necessarily have to do the whole redirect at all. Instead of writing code in an ASPX file you could just have a link to your MSI:
Download my app!
I have a root directory on a web server that is linked to a number of URLs. I want to use the application begin request event of a global.asax file to divert requests to the directories containing the content for the relevant web sites. So in psuedo code terms something like this -
If URL.Contains("www.somthing.com") Then divert user to directory x
If URL.Contains("www.somthingelse.com") Then divert user to directory y
I thought I'd be able to accomplish this by just dropping a global.asax file with the relevant code into the web servers root directory (I want to avoid complications such as a web.config file as it's contents will affect other applications I have in sub directories).
Unfortunately, this approach does not seem to work as the application begin request event doesn't appear to fire. I've got round the problem by adding a default.aspx file and making it the default document for the root directory. This appears to work, I presume this is because asp.net compiles the default.aspx file and in turn compiles the global.asax file which allows the events to fire?
Is my workaround the best way to accomplish what I need to do or is there a simpler way to get the global.asax events to fire using a single file?
Sounds like you're looking for a Host Header based redirection.
You can accomplish this by configure your
ISA Server like this or your IIS like this.
In the filesystem I have
/file.aspx
/directory/default.aspx
I want to configure IIS so that it returns the appropriate file (add the aspx extension) or directory (default content page) as follows:
/file -> /file.aspx
/directory -> /directory/default.aspx
/directory/ -> /directory/default.aspx
I have configured the Wildcard application mapping set to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll. When the "Verify that file exists" is unchecked, the the file request works but not the directory request (returns 404). When the "Verify that file exists" is checked, the directory request works but not the file request.
How can I configure it so that both the file and directory requests will work?
I recommend using UrlRewriter:
http://urlrewriter.net/
This allows you to create all the mappings above that you desire. One thing that you'll have to do (if you're using IIS 6 or earlier) is configure IIS so that all extensions are handled by asp.net. The documentation explains how to do this. Then you create a bunch of rules in your web.config (or separate rewriter.config as I use) in the form of regular expressions to create your mappings.
Incidentally, for the above example, you probably don't need to do anything for the last two rules. IIS will take care of those automatically. For the first rule it will be something like:
<rewrite url="^/file$" to="/file.aspx" />
You could get more clever and write generalized rules so you don't have to write one rule per file.
You'll have to add an ASP.NET global.asax or HttpModule that maps the / request to default.aspx.
I looked at url rewriting, but ultimately decided on a simpler solution. I just moved the file.aspx into a directory and renamed it to default.aspx.