I have a Silverlight app hosted on server A, and a WCF service hosted on server B on IIS 6. Server B disallows any non-https connections (not that it doesn't rewrite them.. they just fail).
in wwwroot for server B I have a clientaccesspolicy.xml file
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
Looking at proxy traffic, I can now see the silverlight app requesting mydomain/clientaccesspolicy.xml and returning an HTTP 200 with the contents, however, silverlight then gives a security exception.
I have tried many variations of the clientaccesspolicy.xml files and even crossdomain.xml examples floating around the internet to no avail.
Additionally, the SL app works if I install it instead of run it through the browser.
I am wondering if this is a SL 5 bug?
Note that this is a follow-up to my original question I asked earlier, where I was unable to see the clientaccesspolicy.xml request go out (but I can now and it still doesn't work).
Related
I'm writing a suite of ASP.NET Core web applications that occasionally have to redirect to one another. When testing locally, everything works fine. However, when I publish them on our staging server, the redirects always "stay" in the same host. For example, if I am on http://app1.test/ and redirect to http://app2.test/somepath, what I actually get in the Location HTTP header i http://app1.test/somepath: any URL I specify is transformed so that it "stays" in the current host name.
This doesn't happen locally, however. I've deployed the apps as Kestrel processes, and they are exposed via IIS working as a reverse proxy. May this be the cause? What should I do to fix the issue?
UPDATE
Here is the full web.config for the reverse proxy of app1.test:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:5000/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
<system.web>
<sessionState mode="InProc" />
<customErrors mode="RemoteOnly" />
</system.web>
</configuration>
app2.test's web.config is virtually the same (apart, of course, for the port numbers).
UPDATE 2
I'll try to explain better. I noticed that the target site doesn't really matter, so I'll keep things simpler: I have an action in my application that I want to redirect the user to Google. This is the action, in the Home controller:
public IActionResult ToGoogle()
{
return Redirect("https://www.google.com?q=Hi");
}
If I launch the web app locally and request http://localhost:1234/Home/ToGoogle, everything is fine: the response is a 302 Found, with the correct URL (www.google.com etc.) in the Location header.
Once I publish the app to the staging server (Kestrel app on port 5000, behind an IIS reverse proxy with the rewrite rule posted above), this is what happens instead:
What is the cause of that?
I found the solution myself. It was indeed a problem with reverse proxy.
IIS has an option to rewrite the host in response headers. The solution is described in this answer (there are addenda in other answers to that same question if your version of IIS or Windows Server is not the one specified).
I am a stackoverflow fan. This website has solved most of technical questions without even asking them but by only reading previous similar questions. Indeed I have searched the web and stackoverflow but I could not find any answer and I could not solve this problem by myself. My only resort is to ask for your help. I have worked on a small JSF 2.0 application and everything is working fine on my local tomcat 6.0.35. I have all the JSF lib on my WEB-INF. I am using mojarra version 2.1.14. The url is accessed like this
on my local
http://localhost/application/page.jsf
and this application is deployed to an external hosted tomcat which has apache and Tomcat 6.0.36. The application is deployed under /home/username/public_html. the same url should be accessed by typing
http://website.com/application/page.jsf
but I am getting the error:
Not Found
The requested URL /application/page.jsf was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Additionally, html and JSP pages are working fine. I have a test application which has jsp page and it is loading just fine. xhtml pages on the other hand are not working on this apache box. For the JSP pages to work I added JSP and servlet support
/usr/local/cpanel/scripts/addservlets2 --domain=domain.com
This is the web.xml file.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<servlet>
<servlet-name>FacesServlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FacesServlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<context-param>
<param-name>com.sun.faces.expressionFactory</param-name>
<param-value>com.sun.el.ExpressionFactoryImpl</param-value>
</context-param>
</web-app>
I strongly believe this web.xml has nothing to do with jsf not working and furthermore these settings are working well on my local. The tomcat log file is showing no error of page not found on the external host.
Here is the faces config file
<?xml version="1.0"?>
<faces-config xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
version="2.0">
</faces-config>
What is happening? Please help me. I am getting desperate. Why JSF request are returning not found on this apache server?
additional the el-impl-2.2.jar and el-api-2.2.jar are in the tomcat libs.
and javax.faces-2.1.14.jar, jstl-api-2.1.jar, jstl-impl-2.1.jar and all the required commons jars are all in the WEB-INF.
I have just fixed this problem. I have spent 6 days doing investigations how to fix this. What a waste of time. Today at work, I talked to my colleague and he suggested I direct my investigations toward apache connector to tomcat since I was claiming that everything is working fine on my local tomcat server. I made some research and I discovered that I needed to edit cp_jkmount.conf connector. JkMount is used to map a context path to a Tomcat worker. I added the following
<IfModule mod_jk.c>
JkMount /*.xhtml ajp13
JkMount /*.jsf ajp13
</IfModule>
at the end of these connectors
/usr/local/apache/conf/userdata/std/2/username/website.com/cp_jkmount.conf
/usr/local/apache/conf/userdata/ssl/2/username/website.com/cp_jkmount.conf
I hope this will help someone else.
I'm having a really strange problem (at least it is strange because it has worked for me in the past) with a Silverlight Application consuming WCF services.
When I debug both Silverlight Application and WCF in localhost it works perfect. When I publish both projects, they work perfect. The problem is when I try to debug the Silverlight Application against published WCF... it throws the typical crossdomain exception.
I promise I've both clientaccesspolicy.xml and crossdomain.xml uploaded into the root path in server.
Looking in fiddler, it doesn't even try to read the clientaccesspolicy file before crashing.
Do you have any idea??? Thanks in advance.
Put these files inside your service folder
clientaccesspolicy.xml
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
my silverlight site is running in https port, when i try to access some handler in my site it searches for crossdomain.xml and clientaccesspoliy.xaml
the problem is it always searches crossdomain in https://ipaddress//crossdomaim.xml
so when i debug with fiddler it shows HTTP Error 404.0 - Not Found.
client accesspolicy.xml
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/>
</cross-domain-policy>
First, get rid of the crossdomain.xml file as you only need clientaccesspolicy.xml for Silverlight (and it has more features).
Second, the file must be in the root of the https site, as that is not the same as the http site (I assume you have placed the file on your http site only). You need in on both sites if both the http and https sites are accessed by your app.
Thirdly, if you are still having problems, add https explicitly to the config. e.g. with
<allow-from>
<domain uri="http://*">
<domain uri="https://*">
</allow-from>)
This page on Network Security Access Restrictions in Silverlight has more detail of the options
Try This crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!--<allow-http-request-headers-from domain="*" headers="SOAPAction,Content- Type"/>-->
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I have created a wcf service that i have uploaded to my host (using IIS). Everything works fine.
So, if i go to http://www.mydomain.com/path/Service.svc it works fine.
If i go to http://mydomain.com/path/Service.svc i get a resource not found error.
I have created a clientaccesspolicy.xml under the path folder which contains the following:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://*"/>
<domain uri="http://www.mydomain.com/path/*" />
<domain uri="http://mydomain.com/path/*" />
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
but it doesnt seem to have any effect. Have looked on the web but didnt find a decent explanation on how this is solved. Any ideas?
Thank you.
You should to add more host headers on IIS. Take a look here: How to Create Multiple Websites with one IP address