I've posted this problem on the Identity and Access Add-in page and MVC forums, but no solution is yet forthcoming, so I thought I'd try you lot.
I have an issue where if I add Identity and Access to an MVC4 project, the requests to script and css files become unstable and often don't get served by iisexpress.
Steps to reproduce:
Create a new MVC4 project - Basic, with Razor engine
Add a controller called Home - just bare controller.
Create view Index for action Index on Home controller. Use built in layout defined in _viewStart , so includes bundled jquery and modernizr
Enable IISExpress for the application
Test this application - should work fine. refresh, reload etc, all works ok.
Next, configure Identity and Access on the application with Local development STS. Leave all as defaults.
Test application again. You should see it go through the localSTS authentication and then request the Home/Index action - at this point it tries to get the script files but these requests hang. The page is delivered, but can't render as the script files in the tag prevent it doing so until the script requests time out.
If you fire up another browser session in, say, chrome, then you can navigate to the script file and it will be downloaded on that session.
Zipped project with this state is here: https://www.dropbox.com/s/dy2bs5fh70kubp6/MvcApplication3.zip
I've used fiddler and wireshark to try and identify what is happening, but it just seems like the request to iisexpress hangs.
I've tried this on both my machines. One 64 bit, the other not.
Both VS2012 Professional V 11.0.50727.1 RTMREL, .NET framework 4.5.50709, logged in as me, an administrator on the machine, VS running as administrator
Any thoughts?
Edit: some more things I've tried:
- Using Azure STS has the same effect.
- Removing the tag that is in by default means that the script files are all accessible, seemingly all the time as required, but the Thread.CurrentPrincipal.Identity is then the generic Identity - i.e. the user is not authenticated. Adding [Authorize] attribute to my BaseController then forces the authentication with the STS as with the web.config directive, and then has the same issues with the script and css files. I was kinda hoping that this might work as removes any authentication from the root of the project to the controllers only, but alas, no joy.
And lo. It was AVG antivirus
For some reason the combination of AVG and Identity and Access addin causes this issue.
I have tried disabling various components of AVG but it seems that the only solution is to disable it entirely.
So given that, who can recommend an AV that won't interfere with development activities?
Related
What are the best practices (and how to go about doing it) to support offline mode when using html5 history api for url rewrites?
For example, (hypothetically) I have a PWA SPA application at https://abc.xyz which has internationalization built in. So when I visit this link, the Vue router (which ideally could be any framework - vue, react, angular etc.) redirect me to https://abc.xyz/en.
This works perfectly when I am online (ofcourse, the webserver is also handling this redirect so that app works even if you directly visit the said link).
However, its a different story when I am offline. The service worker caches all resources correctly so when I visit the URL https://abc.xyz everything loads up as expected. However, now if I manually type the URL to https://abc.xyz/en, the app fails to load up.
Any pointers on how to achieve this?
Link to same question in github: https://github.com/vuejs-templates/pwa/issues/188
Yes, this is possible quite trivially with Service Workers. All you have to do is to configure the navigateFallback property of sw-precache properly. It has to point to the cached asset you want the service worker to fetch if it encounters a cache miss.
In the template you posted, you should be good to go if you configure your SWPrecache Webpack Plugin as follows:
new SWPrecacheWebpackPlugin({
...
navigateFallback: '/index.html'
...
})
Again, it is absolutely mandatory that the thing you put inside navigateFallback is cached by the Service Worker already, otherwise this will fail silently.
You can verify if everything was configured correctly by checking two things in your webpack generated service-worker.js:
the precacheConfig Array contains ['/index.html', ...]
in the fetch interceptor of the service worker (at the bottom of the file), the variable navigateFallback is set to the value you configured
If your final App is hosted in a subdirectory, for example when hosting it on Github pages, you also have to configure the stripPrefix and replacePrefix Options correctly.
Good morning everyone,
I am developing an app for QNAP which has also a web interface. In my qpkg.conf I set QPKG_WEBUI and QPKG_USE_PROXY and I can see correctly the Web interface inside the QNAP interface once I am logged in. It seems perfectly integrated with the QNAP interface, BUT, I can see it also writing the right url in my web browser, even if I am not logged in the QNAP and I cleared all possible cache/cookies.
I want to give access to my Web interface only to valid users. Unfortunately I do not know how to do it. I tried to write a .htaccess to deploy with my application, but without any success (obviously I can not modify the apache standard configuration, and with the standard configuration I was not able to do it).
The only thing I found, inside the Apache folder, there is a pwauth executable that let me ask for username/password (even if I do not want to ask, I want only to see if the user is ALREADY logged in). Anyway with the standard apache configuration, the external module is not loaded, then I can not use the pwauth inside the .htaccess. Maybe I could create some custom cgi program that call it, but I would prefer to avoid custom solution, I really would like to follow a "standard" way to do it, it should be one.....
I would like to know if there is some QNAP variable to set in the qpkg.conf file, or some configuration to set in a .htaccess that does what I want: grant the access only if the user is ALREADY logged in.
Thanks very much to everyone, I could not find anything in google or in the official documentation.
I'm using mvc4 and .Net 4.5 in my project with SSL. Now, on localhost and even on server, the login page gets redirect a bunch of times and then loads without and css on page. In browser debugger I get error as:
Uncaught SyntaxError: Unexpected token <http://localhost:55248/Account/Login? ReturnUrl=%2fbundles%2fjqueryval%3fv%3dWrBNyT_GYLXAZ7iWD7vDdFccq24m7v_9MPi3rcQ8FO01&v=WrBNyT_GYLXAZ7iWD7vDdFccq24m7v_9MPi3rcQ8FO01...
I'm using bundling and code snippet as below.
bundles.Add(new ScriptBundle("~/bundles/BaseJs")
.Include("~/Scripts/jquery-{version}.js")
.Include("~/Scripts/jqueryui/jquery-ui.js")
.Include("~/Scripts/bootstrap.js"));
The syntax error is from the error page being loaded as JavaScript (when it's obviously not JavaScript). It's a red herring. The true problem is that your JavaScript file is needing authorization in the first place.
Typically, this wouldn't be an issue. By default, anything with an extension (.js, for example) is ignored by MVC and handled directly by IIS. Worst case scenario, there, IIS doesn't have permission to read the file, and you end up with a 403 Forbidden. It would end there, as an IIS-level 403 would not trigger a login page redirect, mostly because, again, MVC is not involved.
However, if you've bungled around the with default setup, such that MVC is now handling all requests, even for static files. Then, the action that's being triggered to handle the request to your JavaScript file is requiring authorization, and therefore is redirecting to the login page. So find out what action is being hit and either remove the requirement for it to be authorized or have the right action serve the file. Or, ideally, leave things as they should be and let IIS do what IIS does best and serve the static files.
EDIT
I wasn't paying attention to the fact that bundles are rendered without a file extension. However, the steps to correct the issue are largely the same. Something is mostly likely off with your routing, and the request for the bundle is actually being caught by one of your actions, particularly one that requires authorization. Look out for catch-all routes and make sure that you're not using a route like "bundles" anywhere in your RouteConfig.cs or any of your Route attributes, if you're using attribute routing.
First try to include your bundles like that :
.Include( "~/Scripts/jquery-{version}.js",
"~/Scripts/jqueryui/jquery-ui.js",
"~/Scripts/bootstrap.js"
);
Include takes string[] as parameter and you don't need to call include for each row. Then you should debug your bundles to see which js is giving the error.
Try to comment out rows 1 by 1 to see what would be the result. The problem is definatelly in your bundles, I also had these kind of errors. If you can provide more code - > snippet from the view, of the css loading and bundles and stuff like that I would be able to help you more.
I'm building an MVC4 application that is starting to take shape and I want to deploy it privately for staging and preview purposes. I would like only a select few people to be able to access the full application. Most of the application is public, but there is a private area as well that requires the user to login.
I'm looking for the most unintrusive way to privately deploy this application to staging/preview. By unintrusive I mean that I don't want to toggle more than a few lines of code, preferably just a flag in the web.config, to deploy it normally vs privately.
I also want this authorization to overlap the site's existing authorization functionality. In other words, when the person goes to the preview URL I give them, they are brought to a landing page where they must log in using the username/password I also gave them. Once they login, they should be brought to what will be the actual landing page if the application was in production. However, they should NOT be logged in to the application itself (this is what I mean by overlap). This way, they can use the application as normal (registering, then logging in a second time to get to the application's private areas.)
I'd like to have something along the lines of this in my web.config:
<StagingAccess deployPrivately ="true">
<StagingUsers>
<StagingUser>
<UserName>JoeShmoe</UserName>
<Password>Staging123</Password>
</StagingUser>
</StagingUsers>
</StagingAccess>
Such that I can simply toggle deployPrivately, add a StagingUser node for a select user, then deploy to my host using Web Deploy.
Some steps would be perfect as I've never actually deployed an MVC app before, let alone like this. But I really need to start being able to show the application to people without exposing any of my code and without a remote desktop to my machine, which makes the app seems laggy.
How about a combination of Authorization Rules: http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx
and Web.Config Transformations? http://msdn.microsoft.com/en-us/library/dd465326.aspx
Then you would Publish the application using VS with a specific configuration chosen - I believe this could help you accomplish your goals.
I think I'm missing a very obvious solution here, but I'll ask anyway. I've got a grails application that uses the Spring Security Plugin for my AAS. I want to start doing daily build and deploys of the application using Hudson onto a test server (running Apache2/Tomcat6) as the ROOT application. When the application goes live, anonymous users will be able to access the site, along with registered users. However, during the testing/development phase I want to restrict users to those who have been invited.
I've created logic to generate an invitation code, and a temporary "login / registration on invite" view to be used during this dev/test phase. Currently I'm using a filter to redirect any non-logged in users to that view. The problem is the filter is catching any request, so any additional applications (IE Bugzilla), URL's that would normally invoke a 404, etc are also being filtered, and the user is redirected to that same login page, even if they are already authenticated.
I had opted to go the filter route, instead of modifications to Spring Security settings, since this process is only a temporary solution, and I feel it will be much easier to remove at a later date. Is this a good Idea or is really not worth the hassle? What is the proper way to force only users of the application to log-in, but ignore requests to other URLs?
The problem doesn't seem to be in your web-app, hence not in Spring Security. It is probably in the Tomcat or Apache settings. If set up correctly, the request to other context path should never have hit your ROOT web-app in the first place.