I faced these questions in one of my interview question which i was not able to answer..
How can we set routing in Mvc with out using routconfig file ?
Mvc does not have statemanagement technique like viewstate as Asp.net , then how is the state managed in Mvc?...
How to pass data from controller to view and view to controller??
from controller to view we can pass using viewbag,viewdata, model binding...from view to controller also we can pass data with model binding,
are there any other options other than this?
There is an option: You can use
In ASP.NET, you can add the following configuration setting to applications in order to support routing:
In you web.config file
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<!-- more -->
</modules>
</system.webServer>
</configuration>
When runAllManagedModulesForAllRequests is true, a URL like http://mysite/myapp/home goes to ASP.NET, even though there is no .aspx, .mvc, or similar extension on the URL.
For more information Go to MSDN ASP.NET Routing
Related
I am trying to prevent unauthorized access to all files within some of my media libraries in Kentico v9.0. I intend to only provide access to certain libraries via Kentico Role membership and global admins only.
I have followed the guide published here: Securing media libraries and it seems to work fine: Direct URL path access results in a 401.2 - Unauthorized message, regardless of user authentication state and role membership. And I have a media gallery web part set up correctly to provide the permanent URLs, which also work as I expect them to.
However, I have another requirement; which is to serve up a ~/googlesitemap.xml file. I followed the guide published here: Google Sitemaps, which instructs me to provide an attribute to the system.webServer/modules node in the web.config:
<modules runAllManagedModulesForAllRequests="true">
...
</modules>
However, when I add the above, then any authenticated user can gain access to my media library files if they enter in the full URL. This violates my attempts at media library access based on role membership; since I dont want users in other roles to be able to get at the files.
I have tried to exclude all media library files from the re-writing engine by adding my media folder root as an Excluded URL in Settings > URLs and SEO > URL Format > Excluded URLs... but this doesn't appear to help.
Any suggestions would be highly welcome!
As far as I know runAllManagedModulesForAllRequests attribute is mandatory only for different extensions (different from .aspx). If you are using IIS 7 or above you can omit this attribute in your web.config (see source).
Note: In ASP.NET websites, the value of runAllManagedModulesForAllRequests previously had to be set to true to support routing. However, once IIS 7 has been updated with a Service Pack, the value of runAllManagedModulesForAllRequests can be set to false or omitted when working with ASP.NET routing. For more information, see ASP.NET Routing on the MSDN website.
So quick fix: Do not add this attribute to web.config and your media gallery (permissions) should work as you wish.
EDIT: So I think I have got solution for you. It seems that runAllmanagedModulesForAllRequests attribute kills Anonymous Authentication setting so Kentico serves data after successful authentication. I`ve found workaround so you can forbid access to media library. Try to add something like:
<location path="MySite/media/MyMediaLibrary">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
into your web.config inside configuration section.
We have an application running MVC4 front end an consuming a web api2 rest PUT. It is running in IIS 8.5 and windows server 2012
I am using PutAsync to update some data but getting a 405 - Method Not Allowed back. i looked around and found out that some people had this issue and it was resolved by using some or other technique in the web.config of the API.
I tried this in the web API config and it worked for me.
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
BUT I am not sure why. i don't have any webdav authoring rules defined for my web site. Can someone please help me understand why this might be working for me??
Also, is there a downside of setting runAllManagedModulesForAllRequests=true for the API??
The configuration can be inhertied from machine.config. For more info,Configuration Inheritance in this page. It can also be inherited from any other web.config in a containing folder.
runAllManagedModulesForAllRequests implies that any request done to the folder (and subfolders) where you include this web.config will be handled to the registered modules. For example it will try to handle the request to something that doesn't look like a Web API action. Please, see this: <modules runAllManagedModulesForAllRequests="true" /> Meaning
I have an MVC4 project with the template Intranet Application. Glimpse is working on the MVC4 Routes but not on web api routes (the footer vanishes).
I'm thinking of creating an action in a MVCController which takes a request as parameters to instanciate the right WebApiController and calls the right action with the parameters.
Is there a better alternative ?
I tried to use this (found here) but it doesn't work :
<inspectors>
<ignoredTypes>
<add type="Glimpse.AspNet.Inspector.RoutesInspector, Glimpse.AspNet"/>
</ignoredTypes>
</inspectors>
</glimpse>
The issue you mention is related to Glimpse making changes to the Routes configuration which broke the WebApi Help Pages, fortunately that issue has been solved in the meanwhile.
Based on your question, I assume that you want to see Glimpse diagnostics for WebApi related calls? Unfortunately Glimpse v1.8.4 does not support WebApi requests.
The good news is that support for WebApi is being added as we speak. You can check the pull request to see how it's going and when it's expected to be released.
I've been folowing the advice from this article for setting up a robots.txt file in asp.net mvc3 for using a controller to handle the server response, and IIS 8.0 express is returning a file not found error, rather than an asp.net error.
How do I get IIS to not look for a file in these cases? Is there something I need in the web.config?
IIS tries to be intelligent here. He intercepts the dot in the url and thinks that this is a static file and attempts to serve it with the default StaticFile handler. it dopesn't event get to the managed ASP.NET application.
The first possibility is to add the following in your web.config
<system.webserver>
<modules runAllManagedModulesForAllRequests="true" />
but actually that's not something I would recommend you doing because this might have a negative effect on the performance of your application because now all requests to static files (such as .js, .css, images, ...) will go through the managed pipeline.
The recommended approach is to add the following handler to your web.config (<handlers> tag of <system.webServer>):
<system.webServer>
<handlers>
<add name="Robots-ISAPI-Integrated-4.0" path="/robots.txt" verb="GET" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
...
</handlers>
</system.webServer>
Notice how we have specified that this handler will only apply to a particular URL and HTTP verb.
Now when you GET /robots.txt, IIS will no longer handle it with the StaticFile handler but will instead pass it to the managed pipeline ASP.NET. And then it will be intercepted by the routing engine and routed to the corresponding controller action.
Unless you need a dynamically generated robots.txt file, which is very rarely necessary, just do the following:
Ignore the route to robots.txt
routes.IgnoreRoute("robots.txt");
Add the robots.txt file to your root dir
I have been working on a classic .Net web forms (4.0 framework) solution for my current project. Since the project is too big to upgrade to MVC, I simply added a MVC project to the solution and created all my REST services in the MVC controllers.
It was working fine for several days and randomly I started getting redirected to Accounts.Login?{ReturnUrl}. My web forms app doesn't have an Account folder the logical conclusion was that the MVC project was interfering somehow.
After checking all the configs, IIS settings, and debugging from the Global.asax to find out that I had no clue what was redirecting; I started doing a source control compare to see what changed where.
I found the below line had been added to the appSettings tag in my web config. After removing it everything started working correctly.
<add key="webpages:Enabled" value="true" />
After a bit of searching I found this article...
what is the function of webpages:Enabled in MVC 3 web.config
...which explains a little, but not why this setting would cause the site to redirect away from my default document to a URL that doesn't exist in either project or why my MVC project is being called at all.
Can anyone point me in the right direction?