I created a new page, and set permissions to all users. On site settings set it as 404 page, but still get the system page for 404 errors.
Only works if Friendly Url Provider mode is set 'advanced' on web.config:
<friendlyUrl defaultProvider="DNNFriendlyUrl">
<providers>
<clear />
<add name="DNNFriendlyUrl" type="DotNetNuke.Services.Url.FriendlyUrl.DNNFriendlyUrlProvider, DotNetNuke.HttpModules" includePageName="true" regexMatch="[^a-zA-Z0-9 _-]" urlFormat="advanced" />
</providers>
</friendlyUrl>
Urls will be changed. Spaces will be replaced by "-" and aspx extension is removed.
Related
I have a .NET core 3.1 razor pages website. I'm using windows credentials (with Active directory) for authentication and I'm managing authorization using policies.
Using IIS express (the one you use when developing is working ok. My username is displayed)
Now I'm using the IIS manager to host this site using my machine IP, for example 'xxx.xxx.xxx.xxx:portNumber'. This is loading if anonymous authentication is on, but if I include windows credentials it is failing.
I followed the guide from here --> https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio
Basically I did what it is showed in the previous link. (Created the web.config file and followed the steps listed there)
web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
The following error is showing up when I try to enter authentication option in IIS manager in my site.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
After hitting accept button the following table loads.
And when I try to access the website, it is throwing
Error HTTP 500.19 - Internal Server Error
Module: WindowsAuthenticationModule
Notification: AuthenticateRequest
source of config
<anonymousAuthentication enabled="false" />
**<windowsAuthentication enabled="true" />** --> *this line is in red*
</authentication>
Here I changed a couple of lines in applicationhost.config file.
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
I changed both lines from Deny to Allow. Restart, but it doesn't work.
I've activated some windows features too like the following
I finally solved it. I referred to this post This configuration section cannot be used at this path - Windows 2016
I setted the following entries in the file located in
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="ipSecurity" overrideModeDefault="Allow" />
I mistakenly edited the applicationHost.config located in IISExpress in my documents folder. That's why this wasn't working.
I've inherited a IIS 8.5 installation with a lengthy applicationHost.config file; I'm not familiar with all the options and am trying not to mess with it as it is working.
When I set up a new web application, to get it work, I'm having to go into C:\Windows\System32\inetsrv\config\applicationHost.config
and manually add the following for each application:
<location path="Default Web Site/MyNewAppPath">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
Or I get an error - "Access is denied Error message 401.2.: Unauthorized: Logon failed due to server configuration..."
Lots of posts/comments saying to fix it this way by manually adding the location and other tags, but this seems hacky.
Isn't there an option/function inside IIS Manager somewhere that handles these tags?
FYI IIS Manager is adding below tags to the config file (on its own) for each app. Hoping somehow it can do similar for the location etc tags.
<application path="/MyNewAppPath" applicationPool=".NET 4.5">
<virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\MyNewAppPath" />
</application>
Thanks for any help!
Sub-application's authentication are only allowed in applicationhost.config by default. If you go to config manager, you will see this
If you try to set it in other place like root web.config or <location path='webapp'>, IIS will report the application has already been locked and everything grayed out.
You can set authentication via IIS manager or command line and it will add these configuration to applicationhost.config automatically. I think this is just common operation instead of hacky.
I'm writing a suite of ASP.NET Core web applications that occasionally have to redirect to one another. When testing locally, everything works fine. However, when I publish them on our staging server, the redirects always "stay" in the same host. For example, if I am on http://app1.test/ and redirect to http://app2.test/somepath, what I actually get in the Location HTTP header i http://app1.test/somepath: any URL I specify is transformed so that it "stays" in the current host name.
This doesn't happen locally, however. I've deployed the apps as Kestrel processes, and they are exposed via IIS working as a reverse proxy. May this be the cause? What should I do to fix the issue?
UPDATE
Here is the full web.config for the reverse proxy of app1.test:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:5000/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
<system.web>
<sessionState mode="InProc" />
<customErrors mode="RemoteOnly" />
</system.web>
</configuration>
app2.test's web.config is virtually the same (apart, of course, for the port numbers).
UPDATE 2
I'll try to explain better. I noticed that the target site doesn't really matter, so I'll keep things simpler: I have an action in my application that I want to redirect the user to Google. This is the action, in the Home controller:
public IActionResult ToGoogle()
{
return Redirect("https://www.google.com?q=Hi");
}
If I launch the web app locally and request http://localhost:1234/Home/ToGoogle, everything is fine: the response is a 302 Found, with the correct URL (www.google.com etc.) in the Location header.
Once I publish the app to the staging server (Kestrel app on port 5000, behind an IIS reverse proxy with the rewrite rule posted above), this is what happens instead:
What is the cause of that?
I found the solution myself. It was indeed a problem with reverse proxy.
IIS has an option to rewrite the host in response headers. The solution is described in this answer (there are addenda in other answers to that same question if your version of IIS or Windows Server is not the one specified).
I know that I can extend Sitecore.Pipelines.HttpRequest.ExecuteRequest and override methods like RedirectOnItemNotFound to redirect to my custom 404 page etc. I was wondering if there is way to redirect to a custom page (that would sit in sitecore) for all errors except 404 and 500?
There is a RedirectOnNoAccess method for 403 error I guess, but I am looking for way to redirect on all errors like 400, 401, 403, 405 etc.
Sitecore v7.2
Cheers
You don't need to extend the ExecuteRequest processor, there are settings in the Sitecore section of config to handle these:
<!-- ITEM NOT FOUND HANDLER
Url of page handling 'Item not found' errors
-->
<setting name="ItemNotFoundUrl" value="/sitecore/service/notfound.aspx"/>
<!-- LINK ITEM NOT FOUND HANDLER
Url of page handling 'Link item not found' errors
-->
<setting name="LinkItemNotFoundUrl" value="/sitecore/service/notfound.aspx"/>
<!-- LAYOUT NOT FOUND HANDLER
Url of page handling 'Layout not found' errors
-->
<setting name="LayoutNotFoundUrl" value="/sitecore/service/nolayout.aspx"/>
<!-- ACCESS DENIED HANDLER
Url of page handling 'Acess denied' errors
-->
<setting name="NoAccessUrl" value="/sitecore/service/noaccess.aspx"/>
Update these values to point to the correct path. This can be a Sitecore item path, e.g. /errors/404 as long as that item exists in Sitecore. It's slightly annoying that a url parameter is added to the path, you will need to extend the processor if you want to get rid of this though. If you have a multi-site implementation then this will still work but you need to make sure that the structure is the same for all sites, since you are using a relative path. The error manager module is essentially a wrapper around these same settings, but it is better in that it is able to handle multi-site and shows the error page without making a 302 redirect first.
If you need to handle other errors then fallback to using the errors section in config to define those. The values can also be set through IIS (although it just updates the web.config anyway)
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly" defaultResponseMode="ExecuteURL" defaultPath="/errors/404">
<remove statusCode="404" subStatusCode="-1" />
<remove statusCode="405" subStatusCode="-1" />
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/errors/404" responseMode="ExecuteURL" />
<error statusCode="405" prefixLanguageFilePath="" path="/errors/405" responseMode="ExecuteURL" />
<error statusCode="500" prefixLanguageFilePath="" path="/errors/static/500.html" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
http://www.iis.net/configreference/system.webserver/httperrors
https://msdn.microsoft.com/en-us/library/ms690497(v=vs.90).aspx
These can be in Sitecore by setting the URL path of an Item or static HTML files on disk, and again it works in multi-site as long as the structure is the same for all sites since the path can be relative. It is generally recommended that the 500 page is a static HTML page otherwise there is the possibility of an infinite loop (e.g. database goes down, show 500, fetch content from Sitecore, but database is down...).
Even if you use the Error Manager module, or use the Sitecore settings, I recommend that you have a 404 and 500 page defined in config. By default Sitecore will only handle dynamic and extentionless URL requests, so if a request is made for /file.txt, /style.css, /script.js or /document.pdf then you will get a standard IIS error page.
<preprocessRequest>
<processor type="Sitecore.Pipelines.PreprocessRequest.FilterUrlExtensions, Sitecore.Kernel">
<param desc="Allowed extensions (comma separated)">aspx, ashx, asmx</param>
<param desc="Blocked extensions (comma separated)">*</param>
<param desc="Blocked extensions that stream files (comma separated)">*</param>
<param desc="Blocked extensions that do not stream files (comma separated)"></param>
</processor>
</preprocessRequest>
You could allow all requests to go through Sitecore but this seems a bit heavy handed and you're making it run through additional pipelines. Setting the above will mean your static content is also gracefully handled.
You can definitely use the execute request pipeline to handle 403 and 401 errors as this pipeline is called early enough.
There is a great module that already does this on the marketplace, which you may be able to adapt to your needs.
https://marketplace.sitecore.net/en/Modules/Sitecore_Error_Manager.aspx
http://ctor.io/handling-404-and-other-errors-with-sitecore-items/
I have a single IIS server that runs many web sites all with their own IP addresses. These sites are all ASP sites. I have a new site I need to add that was done in straight HTML and is not an ASP site. The request is to only allow people into the site who have been authenticated to one of the other sites. I am using IIS 7 on Windows 2008 Server R2.
Not sure if that's possible, but here's what I did so far:
Added the following to system.webServer:
<modules>
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
Added the following to system.web:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<authentication mode="Forms" />
Tried adding the following to system.web as well:
<identity impersonate="true" />
Is this possible to do?
Besides setting the authentication mode to Windows which I missed at first, other steps to do this are:
Open IIS, and make sure an application pool exists for the site.
Set it's mode to integrated.
Open the site itself in IIS
In the IIS section open Authentication.
Enable Windows Authentication.
Modify the web.config adding users/groups as needed to the authorization
section.
Here's one thing I didn't realize - it doesn't process all rules and overwrite previous rules with new rules. It stops once it finds a rule that works. So you don't deny all users, then add one. You add the one you want, then deny all after.
The system.webServer section from the OP is correct.