Optimizely CMS12 in IIS - asp.net-core

We've built and deployed many Optimizely sites but recently started exploring CMS 12 running on .net Core.
The issue at the moment is that we're not able to view the site when "hosted" by IIS.
We've followed the Optimizely instructions, cross referenced it with Jon D Jones' guide/video, and it seems that once you have installed the .net core hosting package and updated the app pool it should "just work". That is not what we're seeing.
eg
https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/installing-optimizely-net-5
https://www.jondjones.com/learn-optimizely/cms/how-to-install-optimizely-cms-12-and-configure-a-development-environment/
The Optimizely project is setup in VS2022 and runs fine using IIS Express (ie clicking "Start" in VS).
However, if pointing the IIS site at the obj/Debug/net6.0/ folder (or net5.0) the site returns a 404.
/util/login and /episerver/cms/ both work in IIS Express, but not via the host name set in IIS.
"Everyone" has all permissions to everything to ensure that is not an issue.
SDK and hosting bundle for .net 5, 6 and 7 have been installed.
In all examples we've seen, we've copied the steps and still end up with 404s returned no matter the path requested.
I've tried various publish options (target runtime, deployment mode etc). Nothing seems to help.
I suspect there is something we're missing but nobody here is very au fait with .net Core as most of our clients are still running .net framework apps.
Are there any pointers, links anyone has used that has helped them?
Current setup:
Windows 11
IIS 10
VS2022 Pro w/Resharper
Optimizely CMS 12

If you are to run the project using IIS directly from the debug folder use bin\Debug\net6.0 and not the obj\ folder. Also you must add a web.config to that folder with instructions for IIS how to start the project.
Some basics
The apppool must be setup using "No Managed Code"
The web.config if missing must be added manually and it should look like this
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\REPLACEWITHYOURPROJECTDLL.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
Note the REPLACEWITHYOURPROJECTDLL

Related

Problems with windows credentials IIS 10.0

I have a .NET core 3.1 razor pages website. I'm using windows credentials (with Active directory) for authentication and I'm managing authorization using policies.
Using IIS express (the one you use when developing is working ok. My username is displayed)
Now I'm using the IIS manager to host this site using my machine IP, for example 'xxx.xxx.xxx.xxx:portNumber'. This is loading if anonymous authentication is on, but if I include windows credentials it is failing.
I followed the guide from here --> https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio
Basically I did what it is showed in the previous link. (Created the web.config file and followed the steps listed there)
web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
The following error is showing up when I try to enter authentication option in IIS manager in my site.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
After hitting accept button the following table loads.
And when I try to access the website, it is throwing
Error HTTP 500.19 - Internal Server Error
Module: WindowsAuthenticationModule
Notification: AuthenticateRequest
source of config
<anonymousAuthentication enabled="false" />
**<windowsAuthentication enabled="true" />** --> *this line is in red*
</authentication>
Here I changed a couple of lines in applicationhost.config file.
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
I changed both lines from Deny to Allow. Restart, but it doesn't work.
I've activated some windows features too like the following
I finally solved it. I referred to this post This configuration section cannot be used at this path - Windows 2016
I setted the following entries in the file located in
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="ipSecurity" overrideModeDefault="Allow" />
I mistakenly edited the applicationHost.config located in IISExpress in my documents folder. That's why this wasn't working.

In IIS 8.5, is there a setting in the Manager GUI that adds the Location and Authentication tags to the applicationHost.config file?

I've inherited a IIS 8.5 installation with a lengthy applicationHost.config file; I'm not familiar with all the options and am trying not to mess with it as it is working.
When I set up a new web application, to get it work, I'm having to go into C:\Windows\System32\inetsrv\config\applicationHost.config
and manually add the following for each application:
<location path="Default Web Site/MyNewAppPath">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
Or I get an error - "Access is denied Error message 401.2.: Unauthorized: Logon failed due to server configuration..."
Lots of posts/comments saying to fix it this way by manually adding the location and other tags, but this seems hacky.
Isn't there an option/function inside IIS Manager somewhere that handles these tags?
FYI IIS Manager is adding below tags to the config file (on its own) for each app. Hoping somehow it can do similar for the location etc tags.
<application path="/MyNewAppPath" applicationPool=".NET 4.5">
<virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\MyNewAppPath" />
</application>
Thanks for any help!
Sub-application's authentication are only allowed in applicationhost.config by default. If you go to config manager, you will see this
If you try to set it in other place like root web.config or <location path='webapp'>, IIS will report the application has already been locked and everything grayed out.
You can set authentication via IIS manager or command line and it will add these configuration to applicationhost.config automatically. I think this is just common operation instead of hacky.

IIS authorization for use in a non asp site

I have a single IIS server that runs many web sites all with their own IP addresses. These sites are all ASP sites. I have a new site I need to add that was done in straight HTML and is not an ASP site. The request is to only allow people into the site who have been authenticated to one of the other sites. I am using IIS 7 on Windows 2008 Server R2.
Not sure if that's possible, but here's what I did so far:
Added the following to system.webServer:
<modules>
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
Added the following to system.web:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<authentication mode="Forms" />
Tried adding the following to system.web as well:
<identity impersonate="true" />
Is this possible to do?
Besides setting the authentication mode to Windows which I missed at first, other steps to do this are:
Open IIS, and make sure an application pool exists for the site.
Set it's mode to integrated.
Open the site itself in IIS
In the IIS section open Authentication.
Enable Windows Authentication.
Modify the web.config adding users/groups as needed to the authorization
section.
Here's one thing I didn't realize - it doesn't process all rules and overwrite previous rules with new rules. It stops once it finds a rule that works. So you don't deny all users, then add one. You add the one you want, then deny all after.
The system.webServer section from the OP is correct.

ASP.Net using wrong web.config for virtual directory

We're running IIS 6 on Windows Server 2003 R2.
We want to add a virtual directory that runs under .NET 4.0 to a site that runs under .NET 2.0. We've given the virtual directory its own app pool, and we've configured the virtual directory to run under 4.0.
The parent site works fine, but the virtual directory throws errors that reference the parent site's web.config file. We need the virtual directory to use its own web.config file.
The GUI in the IIS Manager says that the virtual directory is using its own web.config file, but the error messages we get refer to items in the parent's web.config file.
I'm not sure how to solve the problem. My best lead so far is from a post on another site said that the problem could be solved with something like this:
<location path="." inheritInChildApplications="false">
</location>
Again, I'm not sure this will fix things, and I'm not sure how to figure out where to put it or what it ought to contain. The parent site is built on top of a CMS system, and its web.config file is reasonably complex.
I got this to work, so I want to leave the answer for the next person.
The location tags I mentioned in my question did the job. I got them to work by using them to enclose a system.web section:
<location path="." inheritInChildApplications="false">
<system.web>
.
.
(the stuff that made the site in the virtual directory break)
.
.
</system.web>
</location>

How to separate static content on ASP.NET MVC in Apache mod-mono

I have already a project that built top of the ASP.NET MVC 2.0 and it's working.
I tried to run it on Ubutuntu 10.4 Server on Apache2 and Mod mono.
As you know, when you created a new project on VS.NET it creates a Content folder for holds static content such as css, js, images etc.
Also my project has working with Forms authentication, and i separated some path of my project with below location element in web.config.
<location path="Content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
But above configuration hasn't worked on Apache.
The question is; how can i pass authentication for static contents on apache - mod mono ?
Thank you