Is there a way to add a authentication in wildfly file handler - web

I am using a WildFly(version - 19) to do file directory listing using below configuration.
<subsystem xmlns="urn:jboss:domain:undertow:10.0">
...
<host name="default-host" alias="localhost">
<location name="/SoftwareRepository" handler="SoftwareRepo"/>
</host>
...
<handlers>
<file name="SoftwareRepo" path = "<Path to Directory>" case-sensitive="false" directory-listing="true"/>
</handlers>
</subsystem>
This works fine for me and listing the file list for the respective configured path. B
Now, my worry is about authentication. The file directory listing is happening when I access the URL but without any authentication.
How to add any authentication mechanism to do this file handler?

Related

URLs breaking in WildFly on static served web content

I was given a weird requirement of hosting small campaign websites with 5-6 pages written in Angular and some APIs these websites can interact with. Everything coming from a WildFly instance.
I configured the paths and handlers using WildFly/Jboss' Undertow subsystem for each of these campaign portals. Their home page shows up when tried to access the the server with the path. Here's the example:
<subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/app1" handler="app1"/>
<location name="/app2" handler="app2"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="app1" path="${jboss.home.dir}/app1" directory-listing="true"/>
<file name="app2" path="${jboss.home.dir}/app2" directory-listing="true"/>
</handlers>
</subsystem>
However if I click any of the links inside the landing/index page within these apps, I get 404 - Not Found.
Ex: https://myhost.mydomain.com/app1 -> Gives the landing/index page.
Any link I click within that page, for instance, if there is 'faqs' and the URL is https://myhost.mydomain.com/app1/faqs, it resolves fine to that path but I am getting 404 - Not found.
Looking for a way to make this work.

IIS directoryBrowse only for a single directory

My app has some directories like root/foo/bar1 & root/foo/bar2. I want to enable directoryBrowse for the directory "foo". I put a web.config in the directory with the following code:
<configuration>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date" />
</system.webServer>
</configuration>
But now it is active for all sub directories (bar1 & bar2). I can put a new web.config files in each sub directory to disable it but it will be nice if theres another solution without an extra file for each sub directory. Is it possible?

How to allow web.config files as normal files and allow download IIS inside a virtual directory

I am working on a Unity 3D game which upon build for Windows generates game.exe and game_Data file and folder. The Game_Data folder contains a directory called **Game_Data\Mono\etc\mono\2.0**.
The directory files are shown in image.
The Browsers directory contains one file called Compact.browser.
The Current Scenario.
1. These game files are hosted on a server where IIS 7.5 is running.
The game resource files are served in virtual directory of the game website.
I've made few changes to the website's root web.config file so that all filetypes are allowed to download only in the game resources folder on server.
Yes, all file types including .html, .aspx, .xml, .config, .browser, .map etc are all downloading as normal files.
The problem
As you see the directory structure there is a web.config file inside the game resources folder. The file has nothing to do with website configuration but with the game (which is on client side after downloading).
As the files are served as individual files each file is downloaded separately. So when the client tries to download all files including the contents of the above folder.
Due to this web.config file, contents of the directory is not downloading. If I delete this web.config file all of the .aspx, .config, .map files are downloading. Also there are some other folders where many different files are downloading properly.
But this web.config file is also required for the game, and it is not allowing it be downloaded with other files too in the directory shown above.
I've tried to look into the solution. Found some hints to avoid inheritance in nested config files. But actually I want to completely treat this file as a normal file, not as a site configuration file.
I think you got my problem. Please let me know your suggestions. You can say adding Mime types. But actuall all of the file types are downloading including .config files. Except the file named web.config.
I'm having the same problem, and I think I found the solution: there is a way to tell IIS not to interpret web.config files.
To do this, modify the C:\Windows\System32\inetsrv\config\applicationHost.config file (I haven't found a way to do this in the IIS user interface), by specifying allowSubDirConfig="false" for the relevant <virtualDirectory> element:
<configuration>
<system.applicationHost>
<!-- ... -->
<sites>
<site name="Default Web Site" id="1">
<application path="/">
<virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />
<virtualDirectory path="/Staging" physicalPath="C:\inetpub\wwwroot\Staging" allowSubDirConfig="false" />
</application>
<bindings> <!-- ... --> </bindings>
</site>
See http://www.iis.net/configreference/system.applicationhost/sites/site/application/virtualdirectory for the details.
The problem is, it still won't let you download the web.config file, it keeps returning a 404 - Not found, even after removing all handlers.
Edit - found the solution. The short answer is that in your web.config, you should clear the fileExtensions and hiddenSegments lists:
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<clear />
</hiddenSegments>
<fileExtensions>
<clear />
</fileExtensions>
</requestFiltering>
</security>
I've written a blog article about it that explains all the details.

Allow loading of JSON files in Visual Studio Express 2013 for Web

I have the problem, that the IIS from Visual Studio Express 2013 for Web doesn't allow the loading of *.json files. When trying to load a *.json file I get a 403 Forbidden and a help page how to configure the IIS allow the loading of JSON files, but don't know what to do with this information / where the IIS is even located.
This is the error page:
HTTP Error 404.3 - Not Found The page you are requesting cannot be
served because of the extension configuration. If the page is a
script, add a handler. If the file should be downloaded, add a MIME
map.
Most likely causes: It is possible that a handler mapping is missing.
By default, the static file handler processes all content. The feature
you are trying to use may not be installed. The appropriate MIME map
is not enabled for the Web site or application. (Warning: Do not
create a MIME map for content that users should not download, such as
.ASPX pages or .config files.) If ASP.NET is not installed.
Things you can try: In system.webServer/handlers: Ensure that the
expected handler for the current page is mapped. Pay extra attention
to preconditions (for example, runtimeVersion, pipelineMode, bitness)
and compare them to the settings for your application pool. Pay extra
attention to typographical errors in the expected handler line. Please
verify that the feature you are trying to use is installed. Verify
that the MIME map is enabled or add the MIME map for the Web site
using the command-line tool appcmd.exe. To set a MIME type, run the
following command in the IIS Express install directory: appcmd set
config /section:staticContent
/+[fileExtension='string',mimeType='string'] The variable
fileExtension string is the file name extension and the variable
mimeType string is the file type description. For example, to add a
MIME map for a file which has the extension ".xyz": appcmd set config
/section:staticContent /+[fileExtension='.xyz',mimeType='text/plain']
Warning: Ensure that this MIME mapping is needed for your Web server
before adding it to the list. Configuration files such as .CONFIG or
dynamic scripting pages such as .ASP or .ASPX, should not be
downloaded directly and should always be processed through a handler.
Other files such as database files or those used to store
configuration, like .XML or .MDF, are sometimes used to store
configuration information. Determine if clients can download these
file types before enabling them. Install ASP.NET. Check the failed
request tracing logs for additional information about this error. For
more information, click here.
Detailed Error Information: Module StaticFileModule Notification
ExecuteRequestHandler Handler StaticFile Error Code 0x80070032
Requested URL http: //localhost:64107/Settings/Settings.json
Physical Path D:\GIT\RepoP_Paneon\Settings\Settings.json Logon
Method Anonymous Logon User Anonymous Request Tracing Directory
C:\Users\stefank\Documents\IISExpress\TraceLogFiles\REPOP_PANEON
More Information: This error occurs when the file extension of the
requested URL is for a MIME type that is not configured on the server.
You can add a MIME type for the file extension for files that are not
dynamic scripting pages, database, or configuration files. Process
those file types using a handler. You should not allows direct
downloads of dynamic scripting pages, database or configuration files.
View more information ยป
After some more googling, and experimenting I found out, that you have to define IIS settings in the Web.config.
After adding the following configuration:
<system.webServer>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
</system.webServer>
it works like a charm.
Full setup file example:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.webServer>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
</system.webServer>
</configuration>
Better add remove tag in case future IIS has build in json support. This is my web.config section of mimeMap.
<system.webServer>
<staticContent>
<remove fileExtension=".woff" />
<remove fileExtension=".woff2" />
<remove fileExtension=".json" />
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
<mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
<system.webServer>
Open CMD with administrator privilages.
Go to:
cd C:\Program Files\IIS Express
or
cd C:\Program Files (x86)\IIS Express
Run command:
appcmd set config /section:staticContent /+[fileExtension='JSON',mimeType='application/x-javascript']
We may need to distinguish the Visual Studio development environment (with IIS Express) from local IIS and a remote server (like Azure WebSites). To specifically target IIS Express, for example, we edit %USERPROFILE%\Documents\IISExpress\config\applicationhost.config under system.webServer/staticContent:
<mimeMap fileExtension=".json" mimeType="application/javascript" />
I need to make this distinction because my local (intranet) IIS already has the JSON mime type defined. So when I deploy to Azure websites I use this transformation in Web.Release.config:
<system.webServer>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/javascript" xdt:Transform="Insert" />
</staticContent>
</system.webServer>

IISExpress Log File Location

IISExpress writes log and configuration data to pre-determined location out of the box.
The directory is an "IISExpress" directory stored in a user's Documents directory.
In the directory is stored the following folders files underneath.
Config
Logs
TraceLogFiles
The location of my home directory is on a network share, determined by group policy
Currently we are encountering scenarios where visual studio locks up when stopping debugging Silverlight applications using IIS Express.
I was looking to change the location for the log & configuration data for IISExpress to see if this fixes the problem of visual studio locking up. Is it possible to change the default location of log & config files ?
1 . By default applicationhost.config file defines following two log file locations. Here IIS_USER_HOME would be expanded as %userprofile%\documents\IISExpress\.
<siteDefaults>
<logFile logFormat="W3C" directory="%IIS_USER_HOME%\Logs" />
<traceFailedRequestsLogging directory="%IIS_USER_HOME%\TraceLogFiles" enabled="true" />
</siteDefaults>
You can update above directory paths to change the log file locations.
2 . If you are running IIS Express from command line, you can use '/config' switch to provide configuration file of your choice. Following link may help you http://learn.iis.net/page.aspx/870/running-iis-express-from-the-command-line/
http://www.iis.net/configreference/system.applicationhost/sites/sitedefaults
<configuration>
<system.applicationHost>
<sites>
<siteDefaults>
<logFile
logFormat="W3C"
directory="%SystemDrive%\inetpub\logs\LogFiles"
enabled="true"
/>
<traceFailedRequestsLogging
enabled="true"
directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles"
maxLogFiles="20"
/>
<limits connectionTimeout="00:01:00" />
<ftpServer serverAutoStart="true" />
<bindings>
<binding
protocol="http"
bindingInformation="127.0.0.1:8080:"
/>
</bindings>
</siteDefaults>
</sites>
</system.applicationHost>
</configuration>
I find web.config documentation is a messy. It is therefore better to provide a complete parent history than a floating snippet with the expectation that the reader naturally knows where it goes.
By default it will be in:
C:\Users\ user_name \Documents\IISExpress\Logs\

Resources