I have an application that has a subfolder called "Docs" (actually a virtual directory) where I keep all of my word documents. I don't want these documents to be accessed by any unauthenticated users but for some reason regardless of what I put in my root web.config or my "Docs" web.config IIS still serves the word up to any user.
I assume the files in that folder are .doc
Unless you have modified your IIS configuration, .doc files are not handled by ASP.NET (they should by default be handled by the straight IIS file handler). That means the asp.net dll never sees the request, and so any settings in ASP.NET's web.config file are meaningless.
You would need to configure IIS to identify .doc files as being handled by the ASP.NET dll, or use a wildcard mapping so that all files on your server go through ASP.NET (keep in mind that this adds overhead to have every single static file request go through a full server side programming framework)
Your virtual directory is a separate app that might not be governed by the root. Add the web.config and mappings to the virtual directory.
If this is just a personal thing (your question reads two ways), I would just use an IIS-level password on the folder by removing anonomous access.
Related
Currently working on an internationalization project. One of the requirements is to take static files published from a content management system and serve the correct language version based on the locale. Unfortunately the published files are .aspx and include references to master pages and potentially other controls.
If the pages are inside the web root, this is pretty easy. I just have something in global Application_BeginRequest that takes a request for /abc.aspx and rewrites it to /content/[locale]/abc.aspx.
For ease of deployment and a couple of other reasons, I would really like these files to be outside the web root. e.g. site is in "D:\www_root\site\" and content is in "D:\content".
Is there a way to achieve this?
You can create a virtual directory in IIS that points to d:\content.
A virtual directory is a directory name (also referred to as path) that you specify in IIS and map to a physical directory on a local or remote server. The directory name then becomes part of the application's URL, and users can request the URL from a browser to access content in the physical directory, such as a Web page or a list of additional directories and files.
I run IIS 7.5 on Windows Server 2008 R2.
I'm getting a 404: file not found error when I browse the "/bin" folder. I understand that this is a security policy by Microsoft.
I tried doing what is written in here but it didn't solve the issue. Any ideas?
EDIT:
Should be noted that I have no security issues. I run the IIS for direcotry browsing in a private network. Eventually I need to perform crawling and indexing on it. The problem is that pages under "/bin" and '/AppConfig" are not being crawled because of the 404 error.
I just need a solution for this issue. Again, no security issues are relevant here.
Bin folder is not intended as a place where a developer should put web pages.
In IIS 7.5 you can configure
Open Internet Information Services (IIS) Manager
In the Connections pane, go to the connection, site, application, or directory for
which you want to modify your request filtering settings.
In the Home pane, double-click Request Filtering.
In the Request Filtering pane, click the Hidden Segments tab
Select the relative path that you want to show (BIN folder), and then click Remove in the Actions pane.
The same can be done via web.config
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments applyToWebDAV="false">
<remove segment="Bin" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Anyway, in orded to avoid problems on development server and on any deploy server, i think that the easiest solution is to move that pages to another folder.
Read here:
ASP.NET recognizes certain folder names that you can use
for specific types of content.
The following table lists the reserved folder names and the type
of files that the folders typically contain.
Note
The content of application folders, except for the App_Themes folder,
is not served in response to Web requests,
but it can be accessed from application code.
App_Browsers Contains browser definitions (.browser files) that
ASP.NET uses to identify individual browsers and determine their
capabilities.
App_Code Contains source
code for shared classes and business objects
App_Data Contains application data files
including .mdf database files, XML files, and other data store files.
App_GlobalResources
Contains resources (.resx and .resources files) that are compiled
into assemblies with global scope.
App_LocalResources Contains resources (.resx and
.resources files) that are associated with a specific page, user
control, or master page in an application
App_Themes Contains a collection
of files (.skin and .css files, as well as image files and generic
resources) that define the appearance of ASP.NET Web pages and
controls.
App_WebReferences Contains reference contract files (.wsdl files),
schemas (.xsd files), and discovery document files (.disco and
.discomap files) that let you create a Web reference for use in an
application.
Bin
Contains compiled assemblies (.dll files) for controls, components,
or other code that you want to reference in your application.
Access \bin folder over network share, e.g. \\myserver\mysite\bin
Write ashx handler or asmx web service which will scan \bin folder for you and return the result for you, e.g. Directory.GetFiles(Server.MapPath("~\bin"))
We're having the same setup and receiving the same problem as:
IIS 6 with wildcard mapping and UNC virtual directory problem
Setup
Server 2003 32bit, IIS 6
ASP.NET wild card mapping
A virtual directory mapped to an UNC share serving static images for a CMS in a load balancing environment
My question if it's possible to turn off asp.net from virtual and only serve static files e.g. images in the virtual directory, to avoid the problem with too many open connections?
If it's not possible I'll guess I have to implement a solution like Version control of uploaded images to file system to server the files from a local disc.
I found a possible solution at http://blog.stevensanderson.com/2008/07/07/overriding-iis6-wildcard-maps-on-individual-directories/ that removes the wild card mapping and makes it possible to turn of execution of asp.net files.
There is not a way to remove .NET from a subdirectory as it is part of an application at this point (your root directory). However, this method works just fine for keeping .NET from processing your static content.
From your site that you linked:
Alternative
If you don’t like to use adsutil.vbs, you can achieve the same by exploiting what appears to be a bug in IIS Manager. Turn your subdirectory into an application (from its Directory tab, click “Create”). Then edit its script mappings to remove aspnet_isapi.dll. Then go back and “Remove” the application you just created. The metabase’s new ScriptMaps value will be retained, even though the option has now disappeared from the GUI.
I have uploaded a simple hello world on my IIS server 7 (shared hosting). It doesn't work. Is it necessary to add a web config and what's the minimum in that case ?
Thanks.
Error says:
Server Application Unavailable
The web application you are attempting
to access on this web server is
currently unavailable. Please hit the
"Refresh" button in your web browser
to retry your request.
Here's the script, very basic :)
<%# Page Language="VB" %>
<html>
<head>
<title>ASP.NET Hello World</title>
</head>
<body bgcolor="#FFFFFF">
<p><%= "Hello World!" %></p>
</body>
</html>
A individual, site-specific web.config is not required to be present in order to get a basic "Hello World" site up and running in IIS7, however, it's rather unusual not to have one.
IIS7, unlike previous versions, effectively has the ASP.NET worker process component "built-in". This allows web.config files to specify configuration of not only your ASP.NET site itself, but also how the IIS server hosting your site should be configured (i.e. you can specify (for example) the default document type in an ASP.NET web.config file).
If you don't specify an individual web.config for your ASP.NET site, the IIS7 server will use the "default" web.config, which is usually located in your "windows" folder within the system-wide configuration of the .NET framework itself.
This article:
Working With Configuration Files in IIS 7
from the MSDN library states:
Configuration Files
Configuration exists in a physical
directory in either server-level
configuration files or in Web.config
files. Every configuration file maps
to a specific site, application, or
virtual directory.
Server-level configuration is stored
in the following configuration files:
Machine.config. This file is located in
%windir%\Microsoft.NET\Framework\framework_version\CONFIG.
Root Web.config for the .NET Framework. This file is located in
%windir%\Microsoft.NET\Framework\framework_version\CONFIG.
ApplicationHost.config. This file is located in
%windir%\system32\inetsrv\config.
Site, application, and virtual and
physical directory configuration can
be stored in one of the following
locations:
A server-level configuration file. When configuration for a site,
application, directory, or URL is
stored in a server-level configuration
file, you must use a location tag to
specify the site, application,
directory, or URL to which the
configuration applies.
A parent-level Web.config file. When configuration for an application,
directory, or URL is stored in a
parent-level configuration file, you
must use a location tag to specify the
child at which the configuration
applies.
The Web.config file for the site, the application, or the directory.
When you configure settings for an
application, directory, or URL, the
configuration is stored in the same
directory as the site, application, or
directory. You do not need to use
location tags.
Storing configuration settings in a
parent configuration file is helpful
when:
You want to store configuration settings in a configuration file that
is accessible by only certain users or
groups. For example, the
ApplicationHost.config file is
available only to the Administrator
account and to the members of the
Administrators group on a specific
computer, as well as to domain
administrators when a computer is part
of a domain.
You want to configure a feature at the URL-level (also known as
file-level).
Also, see the following article for further information:
The new Configuration System in IIS 7
EDIT:
Regarding the specific error message that you're getting, I've seen this before on an IIS7 server, and the problem turned out to be the Application Pool that the site was set to use wasn't "running". Going into the IIS7 admin gui and starting the Application Pool cured the problem.
I have also seen this error caused wen the relevant permissions have not been set on the folder containing your website code.
See here, here, and here for further information.
Of course, since you're testing a shared hosting environment, you probably don't have access to the web server itself, and it's difficult to know exactly what you do have access to, administration-wise, through your hosting provider, but they probably have some kind of interface to set permissions on folders/files, so I'd look there first.
Failing that, you may have to include a web.config file in your "test" site as that will allow you to set configurations within IIS7 that you may otherwise have no access to.
Failing that, you may need to speak to your web host's support team.
It should be enough to inherit from machine.config. What's the exception?
I am not sure about the shared Hosting environment. But If you try to create a web application ( try ASP.Net Empty web application template) and just use Response.write("Hello World !") . it will work without any web.config.
I tried my self and it work successfully.
Only problem is that It may ask you if you wanted to debug your application then it requires to add "compilation = true" attribute in web.config.
I have an ASP.NET application.
It resides within another ASP.NET application.
I put my DLL in the other apps bin folder and have a subdirectory with my aspx files.
I can't edit the main app's Web.config.
So where can I store configuration settings?
For example, this is an app that will get deployed to various clients. I want to store the client name used for display in the headers and such. And the location of a logo file.
You can put a web.config file on the folder your ASPX files reside and .NET will take care of nesting them and aggregate its contents.
You can also just create a Settings.config XML file and put it wherever you want (the .config extension will prevent it from being viewable through an HTTP request), then wrap it with a Settings class and talk to that Settings class from your application.
You can use Settings.Settings to store it. This example might help. You can have multiple settings files and access any of them, just as you would for any other class.