N2CMS while uploadin or updateing any files - n2cms

Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client (ctl00$Content$ie$Text=". After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

I would say you are running N2CMS under ASP.NET 4.0. Please add following line into your web.config in order to remove some of default security obstacles that were not present in 2.0
<httpRuntime relaxedUrlToFileSystemMapping="true" requestPathInvalidCharacters="" requestValidationMode="2.0" />

Related

How to avoid hosting restart when deploying Azure Functions with deployment slot?

I configured pipeline to do zero down time deployment for Azure Functions. For that purpose I have following steps:
create slot
deploy to slot
start swap with preview
complete swap
My understanding of this is process is that all restarts should happen only on preview slot (so only JobHost should be restarted) and this should have a place before final swap. However, I noticed on Application Insight that Hosting stopped which result in on 503 code when I was hitting function. Is there away of avoiding this? I'm not sure if it matters but I use Premium plan.
You cannot avoid the restart but you could use a custom warm-up if your function needs it.
The swap operation waits for the warm-up to finish before swapping with the target swap. You configure this in a web.config file, example below:
<system.webServer>
<applicationInitialization>
<add initializationPage="/" hostName="[app hostname]" />
<add initializationPage="/Home/About" hostName="[app hostname]" />
</applicationInitialization>
</system.webServer>
You can also customize the warm-up behavior with one or both of the following app settings:
WEBSITE_SWAP_WARMUP_PING_PATH: The path to ping to warm up your site. Add this app setting by specifying a custom path that begins with a slash as the value. An example is /statuscheck. The default value is /.
WEBSITE_SWAP_WARMUP_PING_STATUSES: Valid HTTP response codes for the warm-up operation. Add this app setting with a comma-separated list of HTTP codes. An example is 200,202 . If the returned status code isn't in the list, the warmup and swap operations are stopped. By default, all response codes are valid.
I was able to achieve zero downtime deployment setting variable WEBSITE_ADD_SITENAME_BINDINGS_IN_APPHOST_CONFIG to 1. For more info you can take a look here. One drwaback of this is slowness on processing requests during deployment.
I also recommend to follow this github issue where is discussion about zer/miniam downtime deployment.

WebMatrix how can you enable the POST method

I have a form action that I am trying to use, but, when I submit the form, I get the HTTP Error 405.0 - Method Not Allowed.
<form action="" method="post">
I am using WebMatrix on my local machine. I have been told that I need to enable the POST method within WebMatrix through a configuration file or something, but can't find anything that tells me how to do that.
If you're having ASP.NET Running on WebMatrix, then you must have IIS server in your computer too. So, for that you need to be looking for methods and codes to make the web.config work with IIS.
On the following page it has been told how you can allow or deny types of Requests.
http://www.petefreitag.com/item/741.cfm
security --> requestFiltering -->
<verbs allowUnlisted="false" applyToWebDAV="true">
<add verb="GET" allowed="true" />
<add verb="POST" allowed="true" />
</verbs>
Furthermore, you can see that IIS is disabled to accept HttpGet and HttpPost requests by Default. http://support.microsoft.com/kb/819267/en-us Go to the link and learn how to enable them.
I hope it allows that.
Secondly, also try using POST instead of post. Maybe that would be an issue in IIS. Do try this second method.

Configure IIS7 HTTP redirect at a site level

When configuring IIS 7 HTTP redirect it appears that there is an option to set this at the server level and also an option to set this for individual sites.
However, when using IIS Manager, if I alter the settings for one site it overwrites the settings for other sites.
for example: if I set up:
gubbin.com >> www.gubbin.com
that works fine
if I then go into monkey.com and add a redirection
monkey.com >> www.monkey.com
when I go back to gubbin.com I find it has been overwritten:
gubbin.com >> www.monkey.com
Is this a limitation of IIS (i.e. can only handle one redirect at a time) or a bug in the Manager application?
Can I get the desired results by editing a config someplace - or do I need to get a URL re-writer or something?
D'oh.
The IIS Manager is just editing the web.config for the site - and hence putting a redirect section into the config:
<configuration>
<system.webServer>
<httpRedirect enabled="true" exactDestination="true" httpResponseStatus="Found">
<add wildcard="*.php" destination="/default.htm" />
</httpRedirect>
</system.webServer>
</configuration>
The issue I had was that I set up the redirect sites to point that the same folder (since there's no content it didn't seem worth having a whole folder structure for each one)
The solution is to have a folder for each site, just to store the web.config for the redirect.

Relative connection string to AzMan XML store when using security application block

Is it possible to specify a relative connection string for an AzMan XML store?
My current connection string is connectionString="msxml://c:/azman.xml" but I really need to make that relative so other developers and automated builds can get the latest authorization store.
MS documentation seems to suggest that connectionString="msxml://azman.xml" should work but that throws a The request is not supported error.
EDIT: I realised that the fact I'm using AzMan through the Enterprise Library Security Application Block was important to the question.
It is possible to enter the token {currentPath} into the connection string used by the security application block.
This gave me the behavior I was after, allowing the AzMan.xml file to be accessed from with the application folder.
The connection string I am using is:
<authorizationProviders>
<add storeLocation="msxml://{currentPath}/azman.xml"
application="My_Application" scope="" auditIdentifierPrefix="AzMan Authorization Provider"
type="Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider, Microsoft.Practices.EnterpriseLibrary.Security.AzMan, Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
name="AzMan Provider" />
</authorizationProviders>
Adding the ~ will make it relative to the application
<add name="AuthorizationServices" connectionString="msxml://~/App_Data/AzMan.xml"/>
If you use {currentPath}, be sure your current directory is properly set before you make the "AuthorizationFactory.GetAuthorizationProvider" call. I am also using the Enterprise Library Security Application Block.
Ex.
My.Computer.FileSystem.CurrentDirectory = HttpContext.Current.Request.PhysicalApplicationPath

httphandler shared hosting deployment

I have the httphandler on shared webhosting.
It works.
The httphandler webapp (virtual) dir of this httphandler does not have web.config
and the whole shared user's website has web.config with only one uncommented statement:
<compilation defaultLanguage="c#" debug="false"/>
Now, I change it to:
<system.web>
<urlMappings enabled="true">
<add url="~/CheckLoad" mappedUrl="~/BackupLicense.ashx?key=CheckLoad"/>
<compilation defaultLanguage="c#" debug="false">
</compilation>
</system.web>
This(*) works locally (on VS2008 internal webserver)
but not on shared hosting.
What do I miss?
(*) means calling [1a], which works only locally but on shared hosting it gives
"The page not found" "HTTP Error 404"
[1a] Calling as:
http://www.MySharedSite.com/CheckLoad
(additionally to always and evertwhere working
[1b] http://www.MySharedSite.com/BackupLicense.ashx?key=CheckLoad
There are some subtle differences in how URL's are handled on the built-in webserver and on IIS6 and 7. You need to know the version of IIS running on your shared host.
Specifically, IIS6 does not support URL's without the extension being mapped to aspnet_isapi.dll - and since you are not using an extension for the URL, this could be the case.
If your host is using IIS7 with integrated pipeline mode, you propably need to configure the system.webServer section with your url mapping, instead of system.web. (Also, see this question for an explanation of the difference).
Edit
I see in the comments your webhost is using IIS6. Then you need to ask your webhost to allow the /Checkload URL to be processed by ASP .NET. Another easy way to make it work would be to just use .ashx on the end of the url; since the .ashx extension is already mapped to ASP .NET in the standard configuration.