How to define connection string for session state in Azure - azure

I am using the RedisSessionStateProvider using a procedimient like this https://azure.microsoft.com/en-us/documentation/articles/web-sites-dotnet-session-state-caching/
I define its connection string in web.config, in this example is XXXXXX.
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.5" />
<globalization culture="es-CO" uiCulture="es" />
<customErrors mode="Off" />
<sessionState mode="Custom" customProvider="SessionStateStore">
<providers>
<add name="SessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider" connectionString="XXXXXX" throwOnError="true" applicationName="NominappSession" />
</providers>
</sessionState>
</system.web>
I dont want to put the connection string in the source code. So how can i using the settings in Azure to define this connection string?
I deploy to azure from github, so it uses Kudu. I dont have an external CI server.
Any advice please?

I did it :)
To do that you need to define the connection string as a environment variable, not as a typical connection string. And in the sesion state provide use the environment variable name.
This way:
<appSettings>
<add key="REDIS_CONNECTION_STRING" value="redis,allowAdmin=true" />
</appSettings>
<system.web>
<sessionState mode="Custom" customProvider="SessionStateStore">
<providers>
<add name="SessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider" connectionString="REDIS_CONNECTION_STRING" applicationName="REDIS_SESSION_APPLICATION_NAME" throwOnError="true" />
</providers>
</sessionState>
</system.web>
Using that you can now define the connection string in the App Settings of Azure WebSites

If you just want to be able to provide your connection string from your source code, you can use the settingsClassName and settingsMethodName properties in the config, like so:
<sessionState mode="Custom" customProvider="RedisSessionStateStore">
<providers>
<add
name="RedisSessionStateStore"
type="Microsoft.Web.Redis.RedisSessionStateProvider"
settingsClassName="MyApp.SessionStateRedisSettings,MyApp"
settingsMethodName="ConnectionString" />
</providers>
In here, the settingsClassName is the name of a class in your app, with its fully qualified namespace. The settingsMethod name is the name of the method on this class, which must be static, take 0 parameters and return an string. For example:
namespace MyApp
{
public static class SessionStateRedisSettings
{
public static string ConnectionString()
{
return "ConnectionString goes here";
}
}
}
From here: https://github.com/Azure/aspnet-redis-providers/wiki/Configuration

Take a look at Scott Hanselman's blog on the subject:
http://www.hanselman.com/blog/HowToKeepYourASPNETDatabaseConnectionStringsSecureWhenDeployingToAzureFromSource.aspx
You can store the connection string inside of the app settings within the azure portal and then call them from within your app. This prevents the string from being contained within your source code. You'll want to do the same with your storage keys as well.
In the portal go to the settings of your app, and select "Application Settings". Scroll down on that pane to Connection Strings.
Check out the connection strings section of this page as well:
https://azure.microsoft.com/en-us/documentation/articles/web-sites-configure/

I think IPartitionResolver can come to rescue here...
You can basically create a class that implements System.Web.IPartitionResolver interface and specify it in the sessin state configuration in web.config as this
<sessionState mode="Custom" partitionResolverType="WebAppConnectionStringResolver">
And then in the class you can override the connection string
public class WebAppConnectionStringResolver : System.Web.IPartitionResolver
{
public void Initialize()
{
}
public string ResolvePartition(object key)
{
return System.Configuration.ConfigurationManager.ConnectionStrings["your_Conn_string_name_in_portal"]
}
}
I havent tested this out but I believe this should work
Read more at
https://msdn.microsoft.com/en-us/library/system.web.configuration.sessionstatesection.partitionresolvertype(v=vs.110).aspx
https://msdn.microsoft.com/en-us/library/system.web.ipartitionresolver(v=vs.110).aspx

Related

ELMAH - Get SMTP credentials from Azure Application Settings

I've got an Azure Web App using ELMAH to log unhandled exceptions.
When I first deployed it, the web.config had the full SMTP setup defined in it, and ELMAH emailed exceptions:
<system.net>
<mailSettings>
<smtp from="me#mydomain.com">
<network host="smtp.mailprovider.com"
port="123"
userName="myUserName"
password="p#ssw0rd" />
</stmp>
</mailSettings>
</system.net>
The username and password have since been removed from the web.config, and they're now stored as application settings, configured through the Azure Portal.
Most of the emails I send still work fine, as the email code can access these application settings and use them when instantiating the SmtpClient, e.g.:
var userName = WebConfigurationManager.AppSettings["smtp.userName"];
var password = WebConfigurationManager.AppSettings["smtp.password"];
var credentials = new NetworkCredential(userName, password);
using (var smtpClient = new SmtpClient { Credentials = credentials })
{
await smtpClient.SendMailAsync(mailMessage);
}
What's the best way to get ELMAH to use the credentials stored in the application settings?
Options I can see:
There is a page on the wiki explaining how to use ELMAH's ErrorTweetModule to do an HTTP form post with the error details to any URL. The controller receiving the post could then use the stored credentials to email the details on.
The WebBase has a link to an article suggesting you can send emails directly to the recipient's SMTP server without authentication, but it says this may not work if you have DomainKeys set up, which I do.
This answer links to an article about intercepting the Mailing event, to customise the message.
I ended up creating a custom version of Elmah's ErrorMailModule, derived from the standard one, but overriding the SendMail method, based on some advice from Atif Aziz in a discussion on Google Groups.
The only changes required were to create the new module, and switch the Web.Config to use the custom module instead of the standard one.
Module
using System;
using System.Net.Mail;
namespace Test
{
public class ErrorMailModule : Elmah.ErrorMailModule
{
protected override void SendMail(MailMessage mail)
{
if (mail == null) throw new ArgumentNullException(nameof(mail));
// do what you want with the mail
// (in my case this fires up the email service, which
// gets the credentials from the Azure settings)
}
}
}
Web Config Changes
All that's required is to change the two occurrences of Elmah.ErrorLogModule, Elmah to your own module, in this case Test.ErrorMailModule.
So, instead of this...
<system.web>
<httpModules>
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
</httpModules>
</system.web>
<system.webServer>
<modules>
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
</modules>
</system.webServer>
...you should now have this:
<system.web>
<httpModules>
<add name="ErrorMail" type="Test.ErrorMailModule" />
</httpModules>
</system.web>
<system.webServer>
<modules>
<add name="ErrorMail" type="Test.ErrorMailModule" preCondition="managedHandler" />
</modules>
</system.webServer>
You will still need the errorMail section, as Elmah is still responsible for creating the email. Mine looks like this:
<elmah>
<errorMail from="user#domain.com" to="user#domain.com" subject="Custom Email Module"/>
</elmah>
Creating a HTTP request could work, but that should be the solution if everything else doesn't work IMO. Intercepting the Mailing event doesn't work, since you do not have access to the SmtpClient with the credentials in that event.
I've looked at different ways to update the SMTP settings from code. At first I though that I could just get a reference to the smtp section and update the properties, since they all have setter. But the code throw a configuration exception on runtime.
From what I can find, the only way to update the username and password in smtp section, is to read the web.config, update it and write the new version. Here's an example of writing updates to web.config:
var configuration = WebConfigurationManager.OpenWebConfiguration("~");
var section = configuration.GetSection("system.net/mailSettings/smtp") as SmtpSection;
section.Network.UserName = ConfigurationManager.AppSettings["myusername"];
section.Network.Password = ConfigurationManager.AppSettings["mypassword"];
configuration.Save();
The code actually updates the web.config. The code can be run at startup, but that would modify your web.config file locally as well. Another approach would be to run the code as part of a post deployment task with Azure.

Azure Websites Dropping Custom Headers

An Azure Website I am working on inspects custom headers of incoming requests to decide what to do with the request internally. The request is being sent/received by the website server with the customer headers:
X-HEADER-1: ...
X-HEADER-2: ...
among other standard and non-standard headers.
I verified this by inspecting the FREB logs and looking at GENERAL_REQUEST_HEADERS, which correctly includes my custom headers.
When the application receives the request, those custom headers are not there. I explicitly check for one of them then throw and dump all available headers in the error message.
I have read around that Application Request Routing module can drop these headers. I tried adding this to the website's web.config but still doesn't work:
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_HEADER_1" />
<add name="HTTP_X_HEADER_2" />
</allowedServerVariables>
</rewrite>
</system.webServer>
Any idea how I can whitelist my headers to let ARR/Azure let them through?
Update 1
Here is some more info.
This works locally on my dev box. I set up the site in IIS and point it to the project folder and headers are coming in and processed as expected.
It is an ASP.NET MVC website.
Here is the part of the code that reads the header. Again, this works locally.
public class BaseController : Controller
{
public AppControllerBase(...)
{
}
protected override void Initialize(RequestContext requestContext)
{
var header1Value = requestContext.HttpContext.Request.Headers["X-HEADER-1"];
if (string.IsNullOrEmpty(header1Value))
{
var stringBuilder = new StringBuilder();
// append all headers to stringBuilder
var errorMessage = string.Format("SiteId header is not set. Headers: {0}", stringBuilder);
throw new HttpRequestException(errorMessage);
}
base.Initialize(requestContext);
}
...
}
Update 2
I just deployed the same app as an azure cloud service and it worked well. The headers were received and the app read them successfully. Something with web apps is not letting those headers through.
The answer that worked for me was in the comments. Credit goes to #Tarek Ayna.
The custom headers are transmitted when you set X-LiveUpgrade to 0.
For example:
<httpProtocol>
<customHeaders>
<add name="X-LiveUpgrade" value="0" />**
<!-- Prevent iframes -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-XSS-Protection" value="1" />
</customHeaders>
</httpProtocol>
One possibility is to disable ARR if your services are stateless... to do that:
(Inside web.config)
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Arr-Disable-Session-Affinity" value="True" />
</customHeaders>
</httpProtocol>
</system.webServer>

MVC WebAPI2 attribute routing using a path ending with a route parameter of type double

We are having an issue with WebApi2 attribute routing. We recently upgraded to MVC5 and Web Api 2. As part of the upgrade we shifted our Web Api to use Attribute routing.
One of our API calls allows for data to be requested using a latitude and longitude bounding box.
https://myapi.com/v1/things/area/{toplat}/{leftlon}/{botlat}/{rightlon}
This worked in the previous api, but not in the new one. We can't find a configuration that allows this to work. The final argument {rightlon} is a double and the xx.XXX is interpreted as a file extension.
Specifying the parameters as a double {toplat:double} had no impact. We can't easily force the legacy clients to update to include a trailing slash as some posts suggest. This config change also didn't work for us.
Why is my Web API method with double args not getting called?
Has anyone found a way to use attribute routing in WebApi2 to allow for a route that has a double/decimal/float as the last route parameter?
Solved.
The linked article did include the solution but also needed the correct format on the Attribute Routing.
[HttpGet] [Route("~/v1/things/area/{toplat:double}/{leftlon:double}/{botlat:double}/{rightlon:double}")]
in the web.config
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules>
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules>
</system.webServer>

Why is CloudConfigurationManager using my Cloud.cscfg instead of Local.cscfg too?

I do realise that his question was asked and answered, but unfortunately the solution of complete clean, rebuild, restart.. doesn't work in my case and my lowly reputation doesn't allow me to comment. So I am I think compelled to ask it again with my info.
Sample code:
CloudStorageAccount storageAccount;
string settings = CloudConfigurationManager.GetSetting("StorageConnectionString");
storageAccount = CloudStorageAccount.Parse(settings);
I have my web.config section like this:
<appSettings>
<add key="owin:AppStartup" value="zzzz" />
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="StorageConnectionString" value="DefaultEndpointsProtocol=https;AccountName=xxxx;AccountKey=yyyy"/>
</appSettings>
In the ServiceConfiguration.Cloud.cscfg I have:
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=nnnn" />
<Setting name="StorageConnectionString" value="DefaultEndpointsProtocol=https;AccountName=xxxx;AccountKey=yyyy"/>
</ConfigurationSettings>
and in the ServiceConfiguration.Local.cscfg I have:
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
<Setting name="StorageConnectionString" value="UseDevelopmentStorage=true" />
</ConfigurationSettings>
I converted this to an Azure project from a standard MVC web project in order to use the Azure storage blobs etc. I am finding that no matter what I seem to do it always uses the Azure storage.
As I step through the code snippet above.. I can clearly see the returned connection string as the one coming from the web.config app setting... I feel I must be doing something fundamentally wrong or missing something..?
A small point (maybe?) as I converted the project over, there was an error message (on a pop up and not saveable) about a connection string error and it not working. I hadn't even created this particular connection string at that time and the only other one (for localDB does work). That however is in the web.config section and as it ain't broke I didn't fix it to go into the ..
Any help would be appreciated.
Further Addition, from the comments by Igorek below, I did check the Role settings and they appear to be correct.
Then .. after a lot of messing around, some experiments which still didn't work, I've taken a step back. I actually don't want a cloud service, I ended up with one because I thought I needed one to access Blobs and Queues, I had already decided that WebJobs seems like the way to go first to keep as abstracted as possible.
So I have rolled back to prior to the Web SITE that I had before and found but I still CAN'T seem to get it to use development storage.. although I imagine that CLoudConfigurationManager probably doesn't handle Web Sites? Any tips?
Check into settings of your Role within the cloud project. It will have a default for which configuration it starts with. Simply swap from Cloud to Local.

SubSonic deployment and changing connectionstrings

I used Subsonic to build the DAL for one of my web applications. When I move it from my test server to the production server I change the connectionstring to point to the production datasource but the app still runs against the test DB. Is the connection information stored someplace else in addition to the Web.config?
What are the best practices for deploying web apps built using Subsonic?
TIA
John
In your SubSonicService configuration section, does the connectionStringName attribute point to the correct connection string?
Here is an example of my config.
<!--########################## Connection Strings ###############################-->
<connectionStrings>
<clear/>
<add name="Ajax"
connectionString="Data Source=Ajax1;Initial Catalog=AjaxExample_test;User ID=Webuser;Password=Pinecone!"
providerName="System.Data.SqlClient"/>
</connectionStrings>
<!--########################## SubSonic ###############################-->
<SubSonicService defaultProvider="AjaxProv">
<providers>
<clear/>
<add name="AjaxProv" type="SubSonic.SqlDataProvider, SubSonic"
connectionStringName="Ajax"
generatedNamespace="ICBA.Web.SalesForce.StagingDAL"
appendWith=""
stripColumnText=""
relatedTableLoadPrefix=""
enableTrace="false"
extractClassNameFromSPName="false"
fixDatabaseObjectCasing="true"
fixPluralClassNames="true"
generateLazyLoads="false"
generateNullableProperties="true"
generateODSControllers="true"
generateRelatedTablesAsProperties="false"
includeProcedureList="*"
excludeTableList=""
includeTableList="*"
regexDictionaryReplace="TypeCode,typecode"
regexIgnoreCase="true"
removeUnderscores="true"
setPropertyDefaultsFromDatabase="false"
useExtendedProperties="false"
useSPs="true"/>
</providers>
</SubSonicService>

Resources