I am trying to embed an iFrame into a Orchard CMS section (same domain - controls live in a subdirectory off the main Orchard installation). I found two threads on here that talk about the issue I'm having (see here and here), but I'm still running into issues. The pages I am trying to load in the iFrame are standard WebForms and require both WebResource.axd and ScriptResource.axd. I managed to get WebResource.axd working, but ScriptResource is returning a 500 Internal Server Error (according to Chrome), but I can't figure out what's causing the 500 or what the real error is. The relevant entry from my web.config is below - any suggestions?
<handlers accessPolicy="Script">
<!-- clear all handlers, prevents executing code file extensions, prevents returning any file contents -->
<clear />
<!-- Custom Controls -->
<add name="ASPX" path="*.aspx" verb="*" type="System.Web.UI.PageHandlerFactory" preCondition="integratedMode" requireAccess="Script"/>
<add name="WebResource" path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" preCondition="integratedMode" />
<add name="ScriptResource" path="ScriptResource.axd" verb="GET" type="System.Web.Handlers.ScriptResourceHandler" preCondition="integratedMode" />
<!-- Everything below added from Orchard -->
<!-- Return 404 for all requests via managed handler. The url routing handler will substitute the mvc request handler when routes match. -->
<!--<add name="NotFound" path="*" verb="*" type="System.Web.HttpNotFoundHandler" preCondition="integratedMode" requireAccess="Script" />-->
<!-- WebApi -->
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
Combining Bertrand's suggestion and a lot of playing around, I ended up finding a solution to this.
First, the custom stuff will need to be in a subfolder and inside IIS you can switch that subfolder over to an application (not a virtual directory). For a little extra peace of mind, I also gave it a dedicated app pool so if something did get weird with it the main site wouldn't go down.
The next parts involve a couple of steps - mostly because of that <clear /> entry in system.webServer/handlers. Removing this in the parent app breaks Orchard, but having it in broke my child app since it inherits all the settings from the parent. To get around this, my child app had to have the following system.webServer configuration:
<system.webServer>
<handlers>
<remove name="NotFound" />
<add name="ASPX" path="*.aspx" verb="*" type="System.Web.UI.PageHandlerFactory" preCondition="integratedMode" requireAccess="Script"/>
<add name="WebResource" path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" preCondition="integratedMode" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</handlers>
<modules>
<remove name="WarmupHttpModule" />
</modules>
</system.webServer>
I used the SO link referenced here to find the "real" ScriptResource.axd reference that was needed and it looks like everything is working.
Related
We have a folder which contains only static html and images etc. No scripts should be allowed to execute from within this folder. However we would still like to be able to use html default documents.
What is the correct way to configure this?
This is the web.config file...
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read"/>
<defaultDocument enabled="true">
<files>
<clear />
<add value="default.html" />
<add value="default.htm" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
If I attempt to access http://mysite/mystaticfolder/ it fails with the error...
HTTP Error 403.1 - Forbidden
However the URL http://mysite/mystaticfolder/default.html works fine.
Surely it shouldn't be nescessary to allow dynamic scripts, just to be able to serve static html default documents?
In case it helps anyone, I've been able to solve it with the following...
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read">
<clear/>
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule" resourceType="Either" requireAccess="Read" />
</handlers>
<defaultDocument enabled="true">
<files>
<clear />
<add value="default.html" />
<add value="default.htm" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
I'm not entirely sure though why this doesn't work by default though.
Blazor WASM supports gzip/brotli compression. Official documentation shows example web.config
however this web.config is not using hosted model.
If I merge example web.config with root web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\app.Server.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
Javascript files, css, images becomes unreachable. I also tried put example web.config into wwwroot/_framework folder, however no change at all.
I have an Azure-hosted website that is working great. The thing I'm stuck on is a desire to ignore anything after the base URL, and always have the user see the single page that is the whole site. (If they type the http://example.com site, anything after that will be ignored, and my map.html page will be shown.
I have made the following changes to the Web.config file, which help this along:
<system.webServer>
<defaultDocument enabled="true">
<files>
<clear />
<add value="map.html" />
</files>
</defaultDocument>
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404 path="/map.html" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
If I enter a url of example.com/xxxx.yyyy the site displays fine (it ignores the "/xxxx.yyyy" and shows the map.html page - just what I want. But if I enter example.com/xxxx without the trailing ".yyyy") the following IIS or Azure message shows:
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404 The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporally unavailable...
Requested URL: /xxxx
How can I get the same redirect to happen no matter what follows the site name in the url?
I've tried Windows Edge, Chrome, and Safari, and they all give the same results.
To achieve your requirement, you can add a rewrite rule instead:
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite to map">
<action type="Rewrite" url="/map.html"/>
</rule>
</rules>
</rewrite>
Update:
If you work in ASP.NET, you may also need to specify <customErrors> Element in Web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="On">
<error statusCode="404" redirect="~/map.html" />
</customErrors>
</system.web>
<system.webServer>
<defaultDocument enabled="true">
<files>
<clear />
<add value="map.html" />
</files>
</defaultDocument>
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="/map.html" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
I have written a custom forms authentication module and when I add it to the web.config of my MVC2 application and run under IIS7.5 I get the HTTP 403.14 error. If I try to navigate to any of the routed Urls then I simply get a 404 error. The annoying thing is that I did all the testing using Cassini with no problems at all. I have applied all of the fixes from all similar issues to no avail. The problem seems to be that with my module registered Mvc Routing stops working. Clearly it would seem to implicate my module but why has it worked all this time using the built-in webserver? Here is the System.x parts of my web.config:
<system.web>
<compilation debug="true" defaultLanguage="c#" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="Ewdev.Gatekeeper.Security, Version=1.0.0.0, Culture=neutral, PublicKeyToken=02ca582b160d0e09" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms defaultUrl="/" loginUrl="/Authentication/Login" enableCrossAppRedirects="true" name=".GKAUTH" path="/" requireSSL="false" timeout="1440" />
</authentication>
<membership defaultProvider="GatekeeperMembershipProvider" userIsOnlineTimeWindow="120">
<providers>
<clear />
<add name="GatekeeperMembershipProvider" type="Ewdev.Security.MembershipProviders.GatekeeperMembershipProvider, Ewdev.Gatekeeper.Security, Version=1.0.0.0, Culture=neutral, PublicKeyToken=02ca582b160d0e09" connectionStringName="Ewdev Database" minRequiredPasswordLength="7" minRequiredAlphabeticCharacters="3" minRequiredAlphabeticCaseChanges="1" minRequiredNumericCharacters="1" minRequiredNonAlphanumericCharacters="0" passwordWordsPolicy="true" passwordHistoryPolicy="13" enablePasswordRetrieval="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" minRequiredUserNameLength="6" minRequiredUserNameAlphabeticCharacters="1" minRequiredUserNameNumericCharacters="0" userNameEnableNonAlphanumeric="true" userNameWordsPolicy="true" />
</providers>
</membership>
<customErrors mode="On" />
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Linq" />
<add namespace="System.Collections.Generic" />
</namespaces>
</pages>
<trace enabled="false" mostRecent="true" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="true" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="Ewdev.Security.GatekeeperFormsAuthenticationModule" preCondition="" />
</modules>
<handlers>
<remove name="MvcHttpHandler" />
<add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler" />
<add name="UrlRoutingHandler" preCondition="integratedMode" verb="*" path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
This is all running on my Windows 7 x64 desktop with VS2010, .NET 4 and Mvc2. I have ASP.NET4 installed/registered in IIS. I suspect you will probably want to know what is in the module but the source is rather long so I do not know which bit would be relevant. It is built to the same API specification as the built-in one but apart from redirecting to the Login page when needed there are no other alterations to the request Url and the error appears when trying to display the home page which is open to everyone. I have read that it might be something to do with non-aspx resources such as script, css, image files as modules are set to be applied to all resource types? Other ideas have been along the lines of my module being called after the Url routing module, but I am not convinced about that one, and thirdly that the Global.asax might not be being called? I am in my 3rd day tearing my hair out on this one, mainly because I estimated 1hr to install the website onto IIS... Doh!
Would appreciate any help I can get and quite happy to rewrite my module if only I could work out what bit IIS does not like. Cassini loves it :-(
I have a solution at last! But it was obscure to the extreme and has taken me best part of a week to guess.
I was convinced the problem had something to do with routing and many people were saying that you needed to add the HTTP Redirection special role. I had already added that as well as HTTP Error and Static Content Compression. The solution in the end was to re-install these 3 roles! It would suggest that the order of installing things in the IIS world is very important because I had already set up IIS7.5 before installing MVC2 (via VS2010 install) and even though I had done the other fix many many times (aspnet_regiis -i for ASP.NET 4.0 x86 and x64) this had not fixed the routing issue. Had I installed VS2010 first (with MVC2 included) and then installed IIS7.5 I suspect I would not have had the problem. Except that, believe it or not, a full re-install of IIS7.5 did NOT fix the problem as I had already tried that several days ago. So to recap and include any other necessary configuration the following are the important fixes:
Ensure you have run aspnet_regiis -i
for both Framework/v4... and
Framework64/v4...
Ensure you have allowed ASP.NET v4
for both 32-bit and 64-bit in IIS
(via the IIS Manager, click on the
Server entry in the tree and go to
ISAPI and CGI Restrictions)
Ensure you have HTTP Error and HTTP
Redirection common HTTP IIS special
roles and Static Content Compression
performance IIS special role
installed. And if you have then
un-install and re-install, this is
what eventually fixed the issue for
me.
Please note: This is also the case for IIS7 as I had to do exactly the same procedure on the production Windows 2008 server. I hope that this helps others to a speedy solution. I will probably now lose my contract as I am so far behind because of this problem.
My original web.config turned out to have several uneccessary entries in it, because I was trying any and every solution that people were coming up with, so the following is the System.x parts of my current and working web.config:
<system.web>
<compilation debug="true" defaultLanguage="c#" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="Ewdev.Gatekeeper.Security, Version=1.0.0.0, Culture=neutral, PublicKeyToken=02ca582b160d0e09" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms defaultUrl="/" loginUrl="/Authentication/Login" enableCrossAppRedirects="true" name=".GKAUTH" path="/" requireSSL="false" timeout="1440" />
</authentication>
<membership defaultProvider="GatekeeperMembershipProvider" userIsOnlineTimeWindow="120">
<providers>
<clear />
<add name="GatekeeperMembershipProvider" type="Ewdev.Security.MembershipProviders.GatekeeperMembershipProvider, Ewdev.Gatekeeper.Security, Version=1.0.0.0, Culture=neutral, PublicKeyToken=02ca582b160d0e09" connectionStringName="Ewdev Database" minRequiredPasswordLength="7" minRequiredAlphabeticCharacters="3" minRequiredAlphabeticCaseChanges="1" minRequiredNumericCharacters="1" minRequiredNonAlphanumericCharacters="0" passwordWordsPolicy="true" passwordHistoryPolicy="13" enablePasswordRetrieval="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" minRequiredUserNameLength="6" minRequiredUserNameAlphabeticCharacters="1" minRequiredUserNameNumericCharacters="0" userNameEnableNonAlphanumeric="true" userNameWordsPolicy="true" />
</providers>
</membership>
<customErrors mode="On" />
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Linq" />
<add namespace="System.Collections.Generic" />
</namespaces>
</pages>
<trace enabled="false" mostRecent="true" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="true" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="Ewdev.Security.GatekeeperFormsAuthenticationModule" />
</modules>
</system.webServer>
I can't add a comment to the users own answer (rating too low?). Anyway, after fighting with my server for a long time trying to resolve the 403.14 messages I stumbled across this question. The steps in the answer fixed the issue for me finally.
I'm guessing the part that worked was the installation of the roles as I had tried everything else suggested here and elsewhere.
Much thanks to the user and stackoverflow :)
My guess is that you set your MvcHttpHandler wrong. The path attribute should be * instead of *.mvc
When beginning a new web project, i'm always a bit worried about removing pieces of the web.config. It seems there are more entries than ever with Net 3.5 SP1.
Which bits of the .config do you delete for the following scenarios:
WCF Web Service, no Javascript support
Simple MVC Website
EDIT
Can someone document a basic list of things left in and taken out of the web.config for a simple website?
I usually just delete items from the web.config until things break -- a process of trial and error.
It's astonishing how much of web.config you can remove without affecting anything. It's gotten quite crufty in .NET 3.5.
Largely agree with Jeff that it is a process of trial and error as to what you can remove from the file.
In terms of tweaking the runtime and the http pipeline, it can often be a process of adding things to the web.config, in order to turn things off.
The out of the box configuration adds a lot of modules to the pipeline, depending on what you are doing, you may not need half of them.
Have come across a few articles on this on MSDN, and also this one http://www.codeproject.com/KB/aspnet/10ASPNetPerformance.aspx, by Omar from PageFlakes, which was the only one I could find in my (poorly organised) bookmarks, which is a good starting point on optimising the runtime.
Here is a stripped down Web.config i use for a simple WCF service
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Windows" />
<customErrors mode="RemoteOnly" defaultRedirect="error.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4"
type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<system.serviceModel>
<services>
<service behaviorConfiguration="Service.ServiceBehavior" name="Service.Service">
<endpoint address="" binding="basicHttpBinding" contract="Service.IService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Service.ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I removed a lot of extras especially the script modules which i won't require