I have IIS 7.0 on my development machine and IIS 6.0 on my server. On my development machine I was able to set a handler map on a directory within my site called /ViewHtml/ and I mapped it to asp.net. In my global.asax I check the request sent to asp.net for /ViewHtml/ and I serve the appropriate html file(html version of a Doc, Power Point, or Excel file) located outside this apps virtual directory. I am doing it this way because all files are permission protected, we didn't want to put these files in are database due to scalability, and I need to hide the path to these file on the server. This all works in IIS 7.0 exactly how I would like it to. Although I have not been able to get my IIS 6.0 server configured to map all requests to that directory to asp.net.
Any ideas? Thanks Guys?
I set up a web application using the same configuration you're using and I'm also getting the 404. I don't know why it works in IIS 7, but here's what I had to do to fix it.
Create a class that implements the System.Web.IHttpHandler class. move the the code from Application_BeginRequest to your implementation of IHttpHandler.ProcessRequest.
Now you just have to register your HTTP handler with ASP.NET. To do so add an entry in your Web.config at /configuration/system.web/httphandlers.
Web.config Example:
...
<httpHandlers>
<clear />
<add verb="*" path="*" type="namespace.classname, assemblyname" />
</httpHandlers>
...
That entry is telling ASP.NET to handle HTTP requests with any extension and any HTTP method by running the code in your HTTP hander. Note that I'm also clearing all the previously definded handlers (defined in the machine's web.config).
Note that you will still need the Application Mapping configured in IIS.
If I understand the problem correctly, it sounds like you need add a "Wildcard Application Mapping" for your virtual directory. In other words, you want to forward all requests to any file extension to ASP.NET's ISAPI extension.
To do so, open the properties of your virtual directory. On the Virtual Directory tab (Home Directory tab if it's a web site), click the Configuration... button. Click the Insert... button next to the bottom list box in the dialog that shows up. In this dialog, choose "%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" as the executable and make sure to un-check "Verify that file exists" checkbox, since the files to be requested don't live in your virtual directory.
I hope this helps!
i think your problem is all about access policy , you have to make sure that the access policy is Read and not None , cz with None you have no permission to even read files from your website
Related
I created a set of ASP pages which receive HTTP requests. Some of these requests pull data from a database, and few of them open text files to get info. My path to these text files are pretty straight-forward on my web server, and I refer to these in my web.config as below in the appSettings node.
<add key="MasterPath" value="C:\inetpub\wwwroot\VecoXtra\" />
However, my client (who is going to use this) has set up my scripts on their server but wants to use a UNC path to these files, and the process stops when changing it to:
<add key="MasterPath" value="\\10.10.6.2\euro$\INETPUB\VeXtra\StaticFiles\" />
I read somewhere to double up the slashes, but to no avail, as I think there are some permissions issues here. I tried identity in my config and adding my windows administrator login to the application pool but nothing allows me to access these files.
I changed the Applcation Pool AND the setting to load profile to true and it kicked into gear.. thanks for letting me talk it through :)
I created a custom http module and want to add this module to the web config. The web application is a project that contains several "sub applications". A sub application is just a folder, and within that folder it has its own web.config. I'm doing this so each application has its own application related contents.
Now I created a custom http module. When adding this to the root web.config, the module is working properly. When adding the http module config to the directory-level web.config (e.g. /Applications/MyApplication/web.config) the module is not initialized anymore.
This is the root config which is working fine.
<httpModules>
<add name="MyFirstHttpModule" type="CustomModule.CustomModule,CustomModule" />
</httpModules>
Kindly help
ASP.net configuration already supports configuration inherance. You just have to add a new web.config in the specified folder.
ASP.NET website's Web.config is part of an inheritance chain. Your website's subfolders can have Web.config. This allows for setting general settings at the site level and overriding them when necessary. Any settings in the base Web.config that aren't overridden in the subfolder stay in effect, so the "child" Web.config can be pretty small. You can continue to nest them, so sub-sub-subfolders can get their own Web.config if needed.
A good example is the Web.config file in an ASP.NET MVC application's View folder which does things like preventing directly viewing the View templates
You can read more here.
If a request is received for a file in the SubDir1 directory that does
not exist, ASP.NET begins to search the configuration hierarchy,
starting at the most local Web.config file (which is located in the
current directory, if it exists, or a parent directory). ASP.NET is
searching for an error Element for customErrors (ASP.NET Settings
Schema) element where the statusCode attribute equals "404". Once
ASP.NET finds the configuration setting for the 404 error, the URL in
the redirect attribute is returned as the response.
I've got a website which has a virtual directory that also includes a website, and when I try to launch a page from the virtual directory, I receive an IIS 7.5 error that the name (from the connection string) is already in the collection. This wasn't a problem before I added a domain user as the Identity in the app pool. Does anyone know why this is happening? I was under the impression that sub level application's web.config overrides the parent's by default. And again, this was once working until I added a custom Identity.
The error on the page is "Parser Error Message: The entry 'dbname' has already been added."
Where the dbname is in both connection strings (i.e. parent and virtual directory). I can't delete one of the connection strings because the virtual directory is only created for test purposes, but in production it runs as its own website.
A sub web.config doesn't override a parent regardless of application. All web.configs will stack up all the way to the root of the primary application. In order for sub-application folder to make use of a connection string key that is already in use it must first be removed or all connection strings must be cleared. If you want this to be a truly stand alone application as a child add this to your connection strings:
<connectionStrings>
<clear />
<your connection string>
<connectionStrings>
If you just want to remove the single connection string use this:
<remove key="yourConnectionStringName" />
#u84six,
Today this had happened to me.
I had some websites and webservices in the same root website. The root is the default iis website (Default Web Site) and i think it was pointing to C:\Inetpub\wwwroot. Its a development environment.
After i read this answer, i found out that one of my webservices was the root website (still not sure what changed it... maybe visual studio after a migration from 2010 to 2012). That webservice was using the connectionString in conflict. I change the path back to C:\Inetpub\wwwroot\ and everything went to normal.
Maybe something similar happened to you.
I'm trying to get a custom handler to work for a specific URL (or set of URLs) in ASP.NET 3.5.
The handler doesn't actually do anything significant yet - it just logs the request. I can post the code if anyone things it's relevant, but I really don't think it's being called at all. (In particular, for normal exceptions I get a custom error page and logging... here I'm just getting the vanilla IIS 404.)
Here's the relevant bit of the web.config file:
<system.web>
<httpHandlers>
<add verb="GET,POST" path="*.robot" validate="false"
type="CSharpInDepth.Wave.RobotHandler, CSharpInDepth"/>
</httpHandlers>
</system.web>
(Obviously there's other stuff in that section too, but I don't think it's relevant.)
Locally, running under the dev server, it works fine. On my real box, I always get a 404. Everything under the web site directory itself is the same (replicated via svn). That includes the bin directory containing CSharpInDepth.dll, which I've verified contains CSharpInDepth.Wave.RobotHandler.
I try to fetch http://csharpindepth.com/foo.robot and just get a 404.
I've tried with and without the assembly name, specific URLs or wildcarded ones... nothing's working.
I'm sure I've just missed some simple flag somewhere in the IIS configuration, but I'm blowed if I can find it...
EDIT: It's IIS version 6. Attempting to add *.robot to the ISAPI filter now...
Well if the hosting box is IIS7 in integrated pipeline you need to add it into the other bit of the config:
<system.webmodules>
....
<modules>
<add name="RobotHandler" type="CSharpInDepth.Wave.RobotHandler, CSharpInDepth"/>
</modules>
....
</system.webmodules>
If it's IIS6 then you'll need to map *.robots to the ASP.NET ISAPI DLL.
(For the non-Skeets you do this as follows)
Open up IIS admin.
Right click on
the Web site you want to configure
and select Properties form the
context menu. This will display the
Web Site Properties dialog.
Select
the Home Directory tab and click the
Configuration button. This will
display the Application
Configuration dialog box.
Click
Add.
Select the aspnet_isapi.dll
from the .NET framework directory,
the extension you want mapped and
either All Verbs, or just the ones
you want to map.
Click ok.
Jon,
You'll have to configure the IIS script mappings to pass *.robot to aspnet_isapi.dll.
On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.
Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?
e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?
Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:
<location path="Secret" allowOverride="false">
<system.web>
<authorization>
<deny users="*" />
</authorization>
<httpHandlers>
<remove path="*.*" verb="*"/>
</httpHandlers>
</system.web>
</location>
I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.
Well, if you can access IIS settings, UrlScan can help. For IIS 7, request filtering can help a lot.
http://learn.iis.net/page.aspx/473/using-urlscan
http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/
There are some things you can do with web.config like defining security settings etc...
Other times you have to use HttpModules or HttpHandlers, look here:
http://msdn.microsoft.com/en-us/library/aa719858(VS.71).aspx
If not, you can find different ISAPI, but in this case you need access to IIS.
For example, the ISAPI for emulating rewrite mod apache:
> http://www.codeplex.com/IIRF
The other question, yes ASPNETDB.MDF in APP_Data is protected normally (it depends on your administrator). To change the path, change the connectionstring.
There are two cases:
If the server is using IIS7 then there is equivalent functionality available using the web.config approach for all files.
If the server is using IIS6 or earlier (and for the time being this is by far the most likely case for shared hosting) then its more of a problem. If you can force all your requests to go via the ASP.NET handler (which normally requires access to the server to configure) then again the web.config approach will work but otherwise you're going to need other tools and a sympathetic hosting provider. For this reason alone one probably wants IIS7...
That said for asp.net there are files that are protected by default anyway - files in app_data as already mentioned plus specific file types (like .config). Additionally one would expect a decent host to provide a directory that is not accessible via the web - ours offer a private and a web folder, both accessible via FTP but only the contents of the latter via the web.
As per the [documentation on Application Folders][1], IIS won't serve requests to content stored in the /app_data folder although your application can read and interact with those files.
ASP.NET recognizes certain folder names that you can use for specific types of content. The following table lists the reserved folder names and the type of files that the folders typically contain.
Note
The content of application folders, except for the App_Themes folder, is not served in response to Web requests, but it can be accessed from application code.