I need to restrict access to all but one view in my ASP.NET MVC4 project on our public site. We have to prevent a login screen from appears because AD is not setup on our public server as well.
From what I've read about System.Web.HttpNotFoundHandler, the way I understand it is if I include the following line in my web.config all cshtml pages in my /Views folder will be restricted from view:
<httpHandlers>
<add path="*.cshtml" verb="*" type="System.Web.HttpNotFoundHander"/>
</httpHandlers>
However, when I play around with this setting in both of my web.config files, nothing is restricted from view on my local machine when I test. I have my program setup to run on my local IIS7 (our public site is IIS6). I feel I misunderstand how this works.
For IIS 6
<httpHandlers>
<add path="*.cshtml" verb="*" type="System.Web.HttpNotFoundHandler"/>
</httpHandlers>
For IIS 7
<httpHandlers>
<add name="BlockViewHandler" path="*.cshtml" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>
</httpHandlers>
To deep dive in this topic read This Blog
Related
I have recently published my ASP.NET Core application to my host. I am hitting a HTTP Error 500.19.
IIS 8.5 says the issue is:-
"Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'aspNetCore'"
It also highlights this key add line in my system.webServer config:-
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule"
</handlers>
I'm not really sure what to do on this. It looks as though there is a duplicate instance of this, so I have tried renaming this but it still asks to add this again?
Here is my web.config:-
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!--
Configure your application settings in appsettings.json. Learn more at http://go.microsoft.com/fwlink/?LinkId=786380
-->
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false"/>
</system.webServer>
<system.net>
<defaultProxy useDefaultCredentials="true" >
</defaultProxy>
</system.net>
</configuration>
The answer above didn't work for me, however DavidG's comment did solve my problem, so going to post as an answer in case it helps someone else.
For me, I was not running it as a sub-application, and a project that had been working for me no issue for over a year suddenly stopped working with this issue. Still not sure what changed. When I commented out or removed the <add name="aspNetCore".../> the error persisted, and then that line got automatically re-added.
To solve the problem, I added <remove name="aspNetCore" /> to the config file, right above the <add name="aspNetCore"... /> entry, and things started working again.
To continue running on IIS EXPRESS, go on root folder where the .sln file stays.
go to delete file from .vs\config\applicationhost.config or save
it in a temporary place if you have something there.
Close/Re Open VS Studio, run again, will work.
If you need to add something back from save applicationhost.config, just compare those two, but I don't see what you could have there.
None of the suggested solutions worked for me unfortunately. By some miracle I learned that my applicationhost.config file had been modified in an unfortunate matter, making that "Cannot add duplicate collection entry" error appear when I navigated to a specific page in my .NET Core website application.
Under the <sites> tag in applicationhost.config, I had the following:
<site name="MyWebsite" id="2">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="C:\Users\___\solutionname\MyWebsite" />
</application>
<application path="/SomePage" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="C:\Users\___\solutionname\MyWebsite" />
</application>
<bindings>
<binding protocol="https" bindingInformation="*:12345:localhost" />
</bindings>
</site>
The 500.19 HTTP error was shown to me when I navigated to the page "/SomePage". As you can see, for some reason there was a separate <application> tag for this specific page. I have no idea why.
I removed that entire <application> tag for the "/SomePage" path, and everything started working again.
I faced this issue with vs 2017 on a project that was working fine without changing the web.config. Looking at this posts I realized that it might be an IIS express issue and I solved simply deleting .vs folder and restarting vs.
I had the same problem and in my case commenting the line
<add name="aspNetCore"...
solved the issue and brought up the question "why is it working without AspNetCoreModule".
The problem in my case was that I was adding the site as a sub-application in defaultwebsite and it was located in the wwwrootfolder. I think the config was automatically picked up by the defaultwebsite and applied for all sub-application sites.
This link helped
So the solution was to move it as a separate site on another port.
In my case, the issue was caused by putting a path in the Debug Tab of my web project so that the app would open at a particular page. This causes two silent additions to the file .vs\config\applicationhost.config, similar to the one observed by eightx2.
In :
<add name="api AppPool" managedRuntimeVersion="" />
In :
<application path="/blah" applicationPool="api AppPool">
<virtualDirectory path="/" physicalPath="your-path\src\your-proj" />
</application>
where a similar entry already exists. This is the root of the problem.
The error message, unfortunately, is completely misleading.
Solution is to rename applicationhost.config, restart VS, and let it rebuild the file. This is why Ricardo's solution of deleting the entire .vs folder also works.
That error is because there is a root file in ASP.NET Core that is called ".vs\config\applicationhost.config"
Initially it has 67 keys. You can see it for yourself here, in the Configuration Editor.
This file called ".vs\config\applicationhost.config" has the default settings carried by the Web.config to be able to work, and one of them is that handler.
You can also see it here.
The problem is that that file has that handler and what you publish is going to inherit that handler.
You have two solutions, comment on the line of your published web.config or delete that handler from the ".vs\config\applicationhost.config"
I just had this one, it turns out I had changed the App Url in Debug settings for the website Properties, in order to load a specific page (wrong but happened).
In IIS it automatically created a new application under the test domain called About (in this case).
Removing the rogue IIS application under the domain solves the issue as it doesn't attempt to reload the same web.config when navigating to the page.
I commented the below statement
<verbs allowUnlisted="true">
And its works
If you're running your site in IIS, check if your Application Pool has a "duplicate" Application attached.
I had this same problem debugging my site in IIS. While troubleshooting I found that the Application Pool for my site showed 2 applications connected to it. I checked each of my sites to make sure I hadn't accidentally assigned one of them to the same app pool but they were all correct. So I deleted my site in IIS and checked the app pool which then showed 0 applications. I recreated the site in IIS, attached it to the application pool which then showed only the 1 application. Restarted the site and it worked correctly.
Not sure how that phantom application got attached to my app pool but that's what was causing the duplicate aspNetCore key in my case.
I have a parent web application with multiple child applications.
This is what worked for me:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments="<pathToDll>" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
</system.webServer>
</location>
</configuration>
Basically, wrap the system.webServer element of the parent website with the location element and set inheritInChildApplications: <location path="." inheritInChildApplications="false">.
Then the child websites can stay the same and you do not need to add <remove name="aspNetCore" /> to each child website's web.config.
Note that this is in the project file:
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
And it gets changed to this during publish:
<aspNetCore processPath="dotnet" arguments="<pathToDll>" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
I'm trying to add Azure Authentication to an existing website with Visual Studio 2013. It looks like this used to be a bit easier in 2012 but seems the recommended path for 2013 is to set this up when creating the project.
I created a new project with AAD (which works) to compare to the changes being made to the project I need to add authentication to. I copied the authentication classes and config settings but it still seems like there is something wrong in web.config:
For AppSettings I have:
<add key="ida:FederationMetadataLocation" value="https://login.windows.net/_____/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://AADPath/Application" />
<add key="ida:AudienceUri" value="https://AADPath/Application" />
For System.identityModel I have:
<system.identityModel>
<identityConfiguration>
<issuerNameRegistry type="RegistryClassPath, ProjectName" />
<audienceUris>
<add value="https://AADPath/Application"/>
</audienceUris>
<securityTokenHandlers>
For system.identityModel.services I have:
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://login.windows.net/AADPath/wsfed"
realm="https://AADPath/Application"
requireHttps="true" />
When I run the site, I'm redirected to the login page as I expect but after logging in I'm presented with the WIF10201: No valid key mapping found for securityToken error.
It was not the configuration but rather I didn't copy the data from the embedded database to the existing project. All seems to be working now.
I have a .NET application written in VS 2010, target .NET version is 4.0, using the ReportingServices version 10 control. My SSRS server is SQL Server 2008 Enterprise. Web Server is IIS 7.5 on Windows Server 2008 R2 64-bit. I did review this question and answer but it did not resolve my problem.
The application has been working fine since August of last year until about a week ago. Of the five reports included in the application, three still work but two have stopped working. When the RS control appears on the screen, I get the message it is Loading with the twirly green circle. Eventually, that stops and all I have left is the control header without a report. I can see the parameters are properly populated and I can click on View Report but I never get the actual report on the screen.
I did go to the Report Manager (SSRS) site and verified the report works as expected. It does take about five minutes to generate, which the users are fine with. They understand it is chewing on a massive amount of data to generate the report. I can't do snapshots since they want the data real-time every time they run it.
I assume there is some sort of timeout, somewhere, but can't find it. One thing I did find is that the Loading message goes away before SQL Server has completed generating the result set for the report, which leads me to believe the timeout is in the application itself. Since other reporting applications on the same web server are working fine (different applications all part of the same web site), I'm not convinced the timeout is there. I did find a Timeout tag for the ServerReport section and set it to a ridiculously high value with no success. I have also re-published both report and application with no success. Code is included below. Thanks for your help in advance!
Relevant code in the .ASPX page:
<%# Register Assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="Microsoft.Reporting.WebForms" TagPrefix="rsweb" %>
<asp:ScriptManager ID="ScriptManager1" runat="server">
</asp:ScriptManager>
<rsweb:ReportViewer ID="ReportViewer" runat="server" Width="100%"
ProcessingMode="Remote" Font-Names="Arial" Font-Size="8pt"
ShowCredentialPrompts="False" SizeToReportContent="True" ShowParameterPrompts="true"
ShowRefreshButton="True" ShowFindControls="True" ShowPageNavigationControls="true" Height="500px">
<ServerReport DisplayName="Cluster Net Change" ReportPath="/Enrollment Reports/Cluster Net Change"
ReportServerUrl="http://reports.pinnacle.inside.pisd/reportserver" Timeout="6000000" />
</rsweb:ReportViewer>
Relevant sections in web.config:
<assemblies>
<add assembly="System.DirectoryServices.Protocols, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</buildProviders>
<httpHandlers>
<add verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</httpHandlers>
<handlers>
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
I am developing asp.net mvc2 application and I use asp.net membership provider which uses ASPNETDB.mdf database. I have also my own database and now I wonder how to upload these 2 databases to server? Should I upload them as .mdf file or should I use SQL server? I prefer using SQL server and if someone knows the shortest way to convert and upload these 2 databases it would help me a lot.
Thanks in advance,
Ilija
Funny I just finished doing the same thing. The basic steps are as follows:
From Visual Studio, load your .mdf and choose "publish to provider" to make a .sql file.
Open SQL Management Studio, open a connection to your database and load the sql file. Add a "use yourdbname;" on top to have it output the tables to your database, then run it.
Now you should have the full table structure. What's left is to modify web.config to read the new tables:
First the membership provider:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ConnectionStringLoginInfo"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
Now the role provider:
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ConnectionStringLoginInfo"
applicationName="/"
/>
</providers>
</roleManager>
And lastly the WebPart provider, if you use it:
<webParts>
<personalization defaultProvider="SqlDatabaseProviderDRDBLoginInfo">
<providers>
<clear/>
<add connectionStringName="ConnectionStringLoginInfo"
type="System.Web.UI.WebControls.WebParts.SqlPersonalizationProvider"
name="SqlDatabaseProviderDRDBLoginInfo"/>
</providers>
</personalization>
</webParts>
In this example I called the connection string ConnectionStringLoginInfo, but whatever you name it, make sure you set it in the connection strings part. Not gonna paste that too :)
This all took me way more than I care to say, but when I saw my app working flawlessly with the App_Data folder deleted, that was quite the moment!
Your simplest option for a hosted solution (i.e. your hosting plan is not a Virtual Private Server) is to generate SQL scripts of your database, exporting these to *.sql files and then run them in your hosted SQL connection.
I would normally connect to my web host's SQL instance using SQL Server Management Studio and either open or paste in the scripts generated by my local copy.
Depending on whether or not your web host provides the service, you might also be able to use the "Publish to provider..." option in Visual Studio.
As a supplement to Blindy's answer I wanted to mention that another way to configure the providers is to change the connection string settings of the default ConnectionString used by most of the providers, which is LocalSqlServer. To do this you just override that particular ConnectionString in your web.config like so:
<connectionStrings>
<clear />
<add name="LocalSqlServer" connectionString="change this to be the details of your host database" providerName="System.Data.SqlClient" />
</connectionStrings>
Also, if you don't want to clear the entire connectionStrings section you can just remove the particular connection string like this:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="change this to be the details of your host database" providerName="System.Data.SqlClient" />
</connectionStrings>
This works, because all providers that default to using Sql Server for their Data Store - such as the membership provider - use the "LocalSqlServer" connection string by default. Thus, if you override it, you don't have to change each provider to point to a different Connection String.
Also, for security reasons, you might want to look into encrypting the connectionString section of your web.config file. The following two articles provide more info.
Encrypting and Decrypting Configuration Sections
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
i m using a dll file MSCaptcha.dll for my web application its works fine on localhost but not with iis server..what should i do to make it work
Solution :
Select your application in IIS7. Open Handler Mappings under IIS either by double click the Handler Mappings or click "open feature" under Action.
Click "Add Managed Handler" under action.
Enter "CaptchaImage.axd" without quotes in Request Path
Under Type select MSCaptcha.CaptchaImageHandler
Enter "MSCaptcha" without quotes in Name and click OK
I had this problem and this worked for me.
In your web.config, instead of having the path as "CaptchaImage.axd":
<system.webServer>
<handlers>
<add name="MSCaptcha.captchaImageHandler" verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" resourceType="Unspecified"/>
</handlers>
</system.webServer>
Try changing the path to "~/CaptchaImage.axd":
<system.webServer>
<handlers>
<add name="MSCaptcha.captchaImageHandler" verb="GET" path="~/CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" resourceType="Unspecified"/>
</handlers>
</system.webServer>