I am trying to configure a simple web site to require client certificates on IISExpress.
My configuration is according to this archived jasonrshaver.com post.
<site name="XXXX" id="3">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="XXXX" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:65360:localhost" />
<binding protocol="https" bindingInformation="*:44300:localhost" />
</bindings>
</site>
...
<access sslFlags="Ssl, SslNegotiateCert" />
...
<iisClientCertificateMappingAuthentication enabled="true">
</iisClientCertificateMappingAuthentication>
It is a simple MVC4 Web App that outputs the ClientCertificate data.
The problem is that when I browse to https I am not prompted for a certificate in browser. I do have 4 certificates that can be used; they are configured in Chrome
Any help appreciated.
Thank you.
There was a certificate problem, not a IISExpress configuration problem.
I had no certificates that could be used for client authentication.
After installing a certificate with Intended Purposes everything worked fine.
So the above configuration works just fine.
Related
I have created a Server hosted Blazor web application with .NET6. Now I want to publish to my web hotel that runs Windows Servers. I interact with them through a Plesk platform. They implicitly use IIS under the hood. I have an FTP area to deploy to which works fine for the other webs I have created before.
I use Rider so I don't have any fancy publishing wizards like Visual Studio, but I assume it should work fine using plain dotnet commands as well.
I ran the dotnet publish command and get the publish folder that I read should be enough for deployment. Then i copied all content to the FTP area and hoped everything would just work. It did not.
I have some specific questions:
Does Blazor .NET6 demands a special version of underlying IIS?
The server has Framework 4.7.2 installed but if I use a self contained deployment I guess the server installed version doesn't matter? I assumed the necessary .NET version will be included in the publish?
I notice to my surprise that all my appsettings files are included in the publish content. I assumed the relevant appsettings would be merged into one that should be used for production. How should that be handled?
It seems all Microsoft deployment guides assume Azure. In my company I can not use that. We are left with the traditional hosting.
Now I have solved my problems! The most crucial part was to enable full error printouts on server web by setting an environment flag. It was NOT documented on the publish page with command switches but was very helpful in finding the cause of my problems.
By adding a switch to the publish command a new section is added to the resulting web.config file:
dotnet publish --framework net6.0 --configuration Release /p:EnvironmentName=Development
This will add the environmentVariables section under aspNetCore:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\SqueedEmployee.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
</environmentVariables>
</aspNetCore>
</system.webServer>
</location>
</configuration>
You can indeed deploy self-contained which means all assemblies you need are included. Everything is included in the \bin\Release\net6.0\publish folder. Just copy to FTP area.
See above.
I am still a bit confused how the appsettings should be handled.
Conclusion is that traditional hosting works fine :)
With the release of cordova-ios 6.0.0, WKWebview is the default web view now. It works well for API calls with a single host. However, it doesn't seem to support multiple hosts at the same time. I needed to configure it such that it supports my company domain xxx.com as well as localhost.
The following preferences works well if applied separately for the respective domains. But not both at the same time. The issue I'm noticing in this case is, the API calls are not attaching the SESSION cookie in the request header.
<preference name="hostname" value="localhost" />
<preference name="hostname" value="xxx.com" />
I've following property enabled as well.
$httpProvider.defaults.withCredentials = true;
I used this same code on config.xml:
<preference name="scheme" value="app" />
<preference name="hostname" value="localhost" />
Another thing, but I need to enable CORS on server side to works well, but if you can't change anything in the server (my case) you can enable this plugin from oracle and I can do any call:
cordova plugin add cordova-plugin-wkwebview-file-xhr
Say me if this help you?
To give some context:
I'm trying to deploy a webservice I built, within visual studio you have the option to use 'Folder Deployment', I am using this option and that deployment allows me to make a build within a folder that has an executable which works like a charm when I'm using it on localhost but because my webservice needs to be used through a network, I need to deploy it to IIS which gives me some challenges.
I'm trying to host my RESTful API web service on the IIS server as explained in this article: https://www.c-sharpcorner.com/article/publishing-asp-net-web-api-rest-service-using-file-system-method/ but every time I add it to the server, and try surfing to the site I get the following error page: HTTP Error 500.19 - Internal Server Error --> 0x8007000d which apparantly tells me that something is wrong with my web.config file but I never touched that during my development..... perhaps you guys see something odd as here is my web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Flame_webservice.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
<!--ProjectGuid: 21d59c04-6877-4549-9ff7-c37f07155f97-->
After searching for solutions I already found several articles that suggested installing things but it doesn't seem to do the trick for me, the following article I have tried:
Web Application Problems (web.config errors) HTTP 500.19 with IIS7.5 and ASP.NET v2
I don't think I'm using AJAX but maybe I am so I haven't tried that yet.
My webservice contains 3 controllers which are essentially websites but I don't see an explicit route to the websites in the web.config file, I'm not sure if that can cause issues?
I will continue searching but it's becoming a pretty rough ride at the moment due to my limited experience with hosting web services. Or am I perhaps using IIS while I shouldn't? I mean I've tried turning off my firewall and reaching the executable running on localhost through my IP address but it doesn't seem to work which led me to believe I needed a server to reach the running web service on my local machine.
I had the same exact issue and what helped was:
installing .net core windows hosting on the server.
Install-Package Microsoft.Extensions.Hosting -Version 3.1.10
In ASP .NET 5, Configuration is changing drastically. We no longer have a web.config file. Instead, we can use JSON and other options, depending on how we set things up in our Startup class. Unlike web.config, such configuration typically doesn't go in wwwroot, and there is no danger that clients can gain access to it.
And yet, in the ASP .NET 5 project templates there's a web.config file in wwwroot with the following contents:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
</handlers>
<httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" stdoutLogEnabled="false" startupTimeLimit="3600"/>
</system.webServer>
</configuration>
It seems to me that this could be something that the hosting server is looking for at runtime, independently of the application configuration.
Can anyone shed some light on why this is needed, and how it works?
Web.config is strictly for IIS Configuration. It is not needed unless hosting in IIS. It is not used when you run the app from the command line.
In the past Web.config was used for both IIS configuration and application configuration and settings. But in asp.net 5 it is not used by the application at all, it is only used for IIS configuration.
This decoupling of the application from IIS is part of what makes cross platform possible.
I am hosting WCF Service in IIS 7. They are running under .net version 2.0. Everything is working fine. But lately, i am getting error list "Potentially Dangerous request ...". I searched on the internet and found out have i have to set my web.config like this.
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
I updated my web.config but then I am not able to browse to the services. It is giving me this error.
Parser Error Message: Unrecognized attribute 'requestValidationMode'. Note that attribute names are case-sensitive.
Please help me to resolve this error.
Thanks,
Vivek
The requestValidationMode attribute was introduced in .NET 4.0.
Under .NET 2.0 you should only have to add <pages validateRequest="false" /> to your Web.config to avoid Potentially Dangerous request errors.
You can also turn request validation off for an individual page using <%# Page ValidateRequest="false" %>.
If you find requestValidationMode="2.0" in your web.config, it is very likely that the developer has been targeting against framework 4.0 or higher and you should probably set the application pool to the corresponding version, rather than change the settings.