I added the line .UseUrls("http://*:5000") to enable clients from other hosts accessing the web api.
public static void Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.UseUrls("http://*:5000") // Added
.Build();
host.Run();
}
However, using browser to access localhost:5000/api/Test got the error of HTTP/1.1 400 Bad Request? Should the .UseUrls() be only compiled for production?
HTTP/1.1 400 Bad Request
Date: Mon, 08 Aug 2016 21:42:30 GMT
Content-Length: 0
Server: Kestrel
The following messages are copied from Visual studio Output window when testing.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5000/api/Test
Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware:Error: 'MS-ASPNETCORE-TOKEN' does not match the expected pairing token '9bca37f2-7eda-4517-9f8f-60b6cc05cf01', request rejected.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 8.5976ms 400
You should call first .UseUrls() and/or .UseConfig() and then .UseIISIntegration().
When running ok under IIS/IISExpress, you end up with 2 processes. IIS listening on the desired port and Kestrel on another one. Your requests should go to IIS and then it is forwarded to Kestrel (with the MS-ASPNETCORE-TOKEN).
The call to .UseIISIntegration() hides this mapping. It actually changes the port in your app and sets IIS on the desired port. But it breaks if you call both methods in incorrect order.
You are getting this error message because Kestrel expected to run behind IIS, and received a direct request. And it noticed that because IIS was not there to inject the MS-ASPNETCORE-TOKEN header.
This issue documents the issue and may solve it in future releases.
Another way to solve it.
Since the error because UseKestrel() and UseIISIntegration(), you can try running debug not using IIS/IIS Express, but choose Kestrel server, it will avoid the error happen.
You can check Properties\launchSettings.json to find out another debug option.
Related
I actually a migrate an old asp .net framework 4 web app to asp .net core 6.
This webapp was serving docx et xlsx files through IIS and webdav to allow end users edit directly files on the server
On the old app, the config was like that
a virtual directory on IIS to associate a virtual Path Webdav to a physical path
an IHttpModule which allow me to intercept all request on the server and add some authentication when the request point out /webdav (webdav don't support anonymous authentication)
HttpContext.Request.Headers.Remove("Authorization");
HttpContext.Request.Headers.Add("Authorization", "Basic " + base64string);
On the new app
the virtual directory is manage directly on the code (Startup)
var lOptions = new FileServerOptions
{
FileProvider = new PhysicalFileProvider(Sys.Web.AppliIs.Path_Webdav),
RequestPath = new PathString("/" + Sys.Web.AppliIs.WEBDAV_FOLDER),
EnableDirectoryBrowsing = false,
};
app.UseFileServer(lOptions);
i intercept the request to add my authentication in a custom middleware (called before the code above)
app.Use(async (context, next) =>
{
AppliGeckosSL.WriteLogDebug($"intercept {context.Request.Path}, Method : {context.Request.Method}", null);//just to log everything which arrived
var lFileInfo = lHostEnv.ContentRootFileProvider.GetFileInfo(context.Request.Path);
if (lFileInfo != null)
{
WebdavFileManager.HandleRequest(context, lFileInfo.PhysicalPath);
}
// Call the next delegate/middleware in the pipeline.
await next(context);
});
Whe i test the new code (opening a file stored in the server with word), it failed.
Whe i inspect the logs, i notice thow things :
On the IIS logs, i see my different request called by word
2022-03-23 11:20:31 ::1 OPTIONS /Webdav/ - 7520 - ::1 Microsoft+Office+Protocol+Discovery 200 0 0 47
2022-03-23 11:20:31 ::1 HEAD /Webdav/BeWise.docx - 7520 - ::1 Microsoft+Office+Existence+Discovery 200 0 0 4
2022-03-23 11:20:31 ::1 OPTIONS /Webdav/ - 7520 - ::1 Microsoft+Office+Existence+Discovery 200 0 0 5
2022-03-23 11:20:31 ::1 LOCK /Webdav/BeWise.docx - 7520 - ::1 Microsoft+Office+Core+Storage+Infrastructure/1.0 405 0 0 4
2022-03-23 11:20:31 ::1 GET /Webdav/BeWise.docx - 7520 - ::1 Microsoft+Office+Core+Storage+Infrastructure/1.0 404 0 3 2
we can see the Lock method finished in 405
We can also see the get finishing in 404 which i can't understand because the HEAD finished on 200 on the same file
The log of my middleware give me only this
23/03 12:20:32:023 [FW] intercept /Webdav/BeWise.docx, Method : HEAD
23/03 12:20:32:055 [FW] intercept /Webdav/, Method : OPTIONS
so we see the LOCK and the GET are not handle by my server
I see many solutions on this problem on this forum and others which recommand to disable webdav, solution which dont fit me because i want to use webdav
There is not a lot of documentations about .net core and webdav, im not even sure its supported.
I try to remove the virtual directory by code and set a virtual directory through IIS like the old app but still not working, in this case the lock not finish in 405 but in 401. I notice my middleware in not called, so i cant add my authentication. I suppose with this option we don't go through the asp .net core pipeline.
What do you think ? any suggestion on that ?
Thanks for your help !
I had some answers from microsoft, the IIS webdav module is no longer supported with .net core (they will update the docs for that because it was not clearly said). So there is no way i will be able to achieve what i want.
My solutions now :
implement myself the webdav protocol
buy a licence to IT HIT WEBDAV Server Engine
thanks anyway for your answers, the subject is closed
I have a localhost setup using MAMP PRO and XIP.IO for sharing on my local network.
I'm also trying to test API requests from with the same application but I keep getting the following error in the log file even though I am using the correct API credentials which work on a remote server.
2015-12-20T12:52:52+00:00 DEBUG (7): HTTP/1.1 401 Unauthorized
Content-type: text/html
Date: Sun, 20 Dec 2015 12:52:52 GMT
Server: nginx
Www-authenticate: Basic realm="very closed site"
Content-length: 188
Connection: keep-alive
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx</center>
</body>
</html>
If this is indeed due to being on a localhost is there a way to recieve API callbacks using MAMP PRO?
If you want the third party API to be able to send you a post back, your local website/app must be accessible when entering your public IP.
So if I understand your problem you just have to configure your router (or internet provider box) and open a port that you redirect to your local MAMP Pro. You can find a lot of tutorial for "Access MAMP Pro remotely"
WARNING : Do this for tests and then close the port you openned not to leave a security breach
I configured my WCF service to https. I can browse WSDL using my https:// url address. However, when I test the service using SOAP UI, the URL deafults to http. I do receive expected response when I test it. If I change the URL in SOAP UI to https, I get the following.
HTTP/1.1 404 Not Found
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 04 Dec 2012 16:46:32 GMT
Content-Length: 0
This question is related to my other question:
Why my WSDL still shows basic http binding with the location value of http?
Any ideas?? Is this a problem with IIS configuration?
I'm not sure if this is your (only) problem since you haven't posted your configuration, but you need HttpsGetEnabled set to true and also need to use an https base address.
http://msdn.microsoft.com/en-us/library/ms751498.aspx
Finally, I was able to fix it by changing wsHttpBinding to basicHttpBinding. Everything works now.
I have an IIS 6 server running .net 4.0, that is returning 304 (Not Modified) for IE, but not for Firefox or Chrome. I never want this and other calls in the save .svc file to cache, but always to be 200 and new data. I'm not seeing this on localhost on Win7 that has IIS7.5 running.
The response header has a Cache-Content: private and when running under IIS 6, Fiddler doesn't even show the request.
[OperationContract]
[WebGet(UriTemplate = "usertoken/populate")]
public ClientUserToken PopulateUserToken()
{
return HttpContext.Current.Session["userToken"] as UserToken;
}
I can add a [AspNetCacheProfile("NoCachingProfile")] to each method and
<outputCacheSettings>
<outputCacheProfiles>
<add name="NoCachingProfile" noStore="true" duration="0" varyByParam="none" enabled="false"/>
</outputCacheProfiles>
</outputCacheSettings>
to the web.config, but I'd like to avoid having to add this to every operation.
Is there an IIS setting to do this or should it be code driven? Why does it happen only in IE?
This is not the service's problem, it is IE. Fiddler shows nothing because the browser didn't send anything, it's using the last cached response. Use Post if you can, otherwise make each Get request look different like:
url: "usertoken/populate?" + new Date().getTime()
Older IE is bad with ignoring no-cache with Gets
We have an Tomcat server where we're trying to log the HTTP version which the response is sent with. We've seen a few times that it seems to be HTTP/0.9, which kills the content (not supported I guess?). We would like to get some stats on this by using the access log in apache. However, since the header line for this isn't prefixed by anything, we cannot use the %{xxx}o logging.
Is there a way to get this?
An example:
Response is:
HTTP/1.1 503 This application is not currently available
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1090
Date: Wed, 12 May 2010 12:53:16 GMT
Connection: close
And we'd like the catch HTTP/1.1 (alternatively, HTTP/1.1 503 This application is not currently available.
Is this possible? We do not have access to the application being served, so we need to do this either as a Java filter, or in the tomcat access log - Preferably in the access log.
Enabling the <Valve className="org.apache.catalina.valves.RequestDumperValve"/> in server.xml writes out the request and response headers for each request.
Example:
19-May-2010 12:26:18 org.apache.catalina.valves.RequestDumperValve invoke
INFO: protocol=HTTP/1.1