Programmactly change in your web.config in releasemode - web-config

I have been roaming around the internet to figure out what the best solution to my issue would be, but I cant seem to find a satisfying answer.
My problem is, that I wish an administrator of my website to be able to change a server-setting (email, password and Exchange server endpoint url) - this should be possible to do in the browser, so the admin doesnt have to open up the web.config file.
The settings are rarely set, but the possibility for it HAS to be present.
What I do now, is that once the admin fills out my form, my controller will set the new values in the web.config AppSettings:
<appSettings>
<add key="ewsUser" value="some#thing.com" />
<add key="ewsPW" value="somePW" />
<add key="ewsUrl" value="https://outlook.ews.com/xxx.asmx" />
</appSettings>
This is where my big concern begins, because of all my research through out the internet.
Lets say my application now is online, and is being used by hundreds of people 24/7, would this solution then be an issue?
I have read that if you make changes to your web.config file it will make your application restart on the server, without throwing off any clients. But will this affect the session the clients are in right in that moment? Will the server forget their sessions?
I've read a bit on bad practices, and this article states how it could be solved by making a new .config file and link to that config file in the web.config AppSettings. But is this really necessary? I find it a bit more messy than my current solution.
Any ideas, thoughts and/or facts would be appriciated.

Writing to a web.config is indeed a bad practice. When changing a web.config file your application will restart. Not sure about the sessions though but they will probably reset. And what about the situation where you deploy a new version of your application and accidentally overwrite the web.config?
Two solutions that might be helpful:
Create a simple key/value table in a database
Create your custom XML format and write/read to a file (and name the file for example mysettings.config instead of mysettings.xml to prevent direct access from a webbrowser)
To speed-up things you could cache these values in memory after reading.

Related

Keycloak CSS is not updating in browser

I am upgrading Keycloak from 9.x to 12.x in a development environment. I initially copied some custom themes forward, and found that the styling was badly broken (no surprise). I reviewed my FTL files, copied some of the core changes into my theme, and things are much better - just some minor issues to adjust.
Now the problem. I've made the changes to my login.css file, but those changes aren't showing up in the browser. It continues to fetch an old version of my custom CSS file.
What I have tried (multiple times for most of these):
Clear browser cache
Restart Keycloak
Check ownership/permissions of theme files
Restart entire server
Load CSS file directly
Load CSS file directly with meaningless parameter added (trying to bypass any possible middleman caching)
Confirm new version of Keycloak is the one running
Load page in other browsers
I've also now grepped the entire Keycloak directory for some of the CSS rules I've removed, and I can't find any copies of the "old" css file anywhere that might be getting referenced by accident.
Also, there are no messages in the Keycloak log when loading the CSS file.
I want to figure out how to get Keycloak to deliver the updated CSS to the browser.
Blind guess, so please don't blame me if it doesn't work. (question should include minimal reproducible example):
Edit /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml and update it as follows:
<theme>
<staticMaxAge>-1</staticMaxAge>
<cacheThemes>false</cacheThemes>
<cacheTemplates>false</cacheTemplates>
...
</theme>
For me it worked when changed this file
standalone.xml
like below way
<cacheThemes>false</cacheThemes>
<cacheTemplates>false</cacheTemplates>
I think it is because I am using single instance mode instead cluster ha mode.
Apart from disabling cache, as described above, you can also adjust the theme resource URLs, breaking the client-side cache. It's a bit of a hack, but you can directly modify the resource tag portion of the URL by adjusting the database migration_model.id value.
references:
https://github.com/keycloak/keycloak/blob/main/model/jpa/src/main/java/org/keycloak/models/jpa/MigrationModelAdapter.java
https://medium.com/#hokumski/how-to-drop-keycloak-theme-cache-without-clearing-browser-data-aebb499ae83b
You must delete the path keycloak-server\standalone\tmp\kc-gzip-cache\sbgwq or otherelse folder... and test in a browser in incognit mode.

AutoOpen taskpanes only open on computer where the document is created

Context
Currently I am developing a Word add-in that uses the new Javascript API's for Office. The add-in consists of some basic functionalities and a number templates. The templates (plain documents) automatically opens a taskpane when the document is opened. I have followed the following guide to achieve this. Manually adjusting the OOXML (webextensions) did not result in the desired effect. Fortunately, I was successful with implementing the automatically opening taskpanes via the API functions offered in Office.js
The Problem
The add-in manifests are hosted on the local filesystem (C:\AddInManifests). When a document is created and is adjusted to automatically open a taskpane on opening, it works only on the computer where it is created. More specifically it only works on the computer where the client side API methods are called to specify that the document has an automatically opening taskpane.
My suspicion is that it sees the add-ins of the two different computers as two different add-ins entirely. I am looking for way to overcome this, if it is possible to overcome.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<we:webextension xmlns:we="http://schemas.microsoft.com/office/webextensions/webextension/2010/11" id="{C3B1DD62-B056-4FA5-BF7F-5F3800D7C339}">
<we:reference id="4a53b5db-f60a-4c32-82ee-2cf3f4954538" version="1.0.0.1" store="\\.\C:\AddInManifests\" storeType="Filesystem"/>
<we:alternateReferences/>
<we:properties>
<we:property name="Office.AutoShowTaskpaneWithDocument" value="true"/>
</we:properties>
<we:bindings/>
<we:snapshot xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships"/>
</we:webextension>
EDIT
My suspicions seems validated. These problems do not arise when centralized deployment is used. So my presumption is that the manifests on a local harddisk will be seen as a different add-in on a different computer even though the manifest is located on the same location.
Settings like AutoOpen are specific to the manifest ID. For example, settings applied to a document via side-loaded add-in will not be seen when that add-in is published via Office Store (different manifest ID).

Setting the Expiry Headers for JS/Images

Please help to set the Expiry Header for files like JS/Images/CSS
Server : Linux
App Server : Jboss
I was getting some examples in internet to achieve similar thing using .htaccess files, but it not clear.
You can do that within an application by using a custom filter, like this.
But you did not explain the actual problem you are trying to solve. Your question sounds pretty unusual, so chances are high that what you really need is something completely different. You mention .htaccess file, and this means you have a web server, likely Apache, along with JBoss. Static contents (files like .css, .js, etc.) should normally be served by that server, not JBoss. Then, it's not JBoss that should set HTTP headers for them. Here you can find an explanation how it should be done in Apache.

Web.config overwritten

I have a web.config for my website. I just made a web service which likes to overwrite the previous one. From what I can understand I need an xml transform here. I have read several sites and I am confused as how to complete this. One reference. Would love some insight, thanks in advance.
If you want to add or change something in web.config you don't need any XSL(T) because your output format is still XML.
Transformation (XSLT) is mainly for presenting XML data in different format.
What yo need is basic XML editing functionality. Parse to DOM, add/change nodes, save.

Is it possible to redirect a link that ends with .aspx to a .ashx?

We have a website that we recently released based mostly on SharePoint. Some of the site needed to return just straight XML. The consultants on the project implemented the xml returns as .aspx pages that write the response object in the page_load method.
After a short time researching this, I relize that this is probably the wrong way to do this because it calls all the extra events for a ASPX page that we don't need.
Here's my question, I want to recreate these functions as .ashx links with the httphandler. However, I want to be able to retain the orginal links that ended in .aspx and the get parameters that accompany them to decide which type of XML to return.
Is is possible to rewrite/redirect the .aspx ending links to a .ashx link. Or would that cause the IIS server to interpret every .aspx incorrectly?
I think you're probably in luck...
We did a similar thing. Our eCommerce web app only accepts JPG, PNG and GIF files as the images for products, but we wanted every image to be dynamically created for every product.
So, we remapped JPG, PNG and GIF files to become a handler.
However, we didn't want ALL JPG, PNG and GIF files to be mapped since it would be hugely inefficient for static files, so we only did certain ones.
Here is how to do it.
If all of your ASPX files follow a similar file-spec that NO other files share, add this to your web.config under <httpHandlers>.
<add path="filespec*.aspx" verb="*" type="MyAssembly.MyHandlerName, MyAssembly"/>
If they don't all share a file-spec, you'll have to add them one-by-one to web.config:
<add path="oldaspx1.aspx" verb="*" type="MyAssembly.MyHandlerName, MyAssembly"/>
<add path="oldaspx2*.aspx" verb="*" type="MyAssembly.MyHandlerName, MyAssembly"/>
<add path="oldaspx3*.aspx" verb="*" type="MyAssembly.MyHandlerName, MyAssembly"/>
To make this usuable whether or not you are running in the IIS7 integrated pipeline, you could also add similar lines to the <handlers> element
Then when a request comes in for 'oldaspx1.aspx', it will get handled (very efficiently, without the page lifecycle being started) by your custom handler.
If this solves your problem, please mark it as the accepted answer with the check mark to the left.