Serving .config files - iis

We have a legacy (classic asp) CRM that I maintain in my organization. Users may upload files through the web front, they are stored on a network share and the filename, uploader, etc is saved to a database. Everything is well and good with the exception of .config files.
For some reason certain people can download these just fine, but other people recieve this error:
The type of page you have requested is not served because it has been explicitly forbidden. The extension '.config' may be incorrect.
it would seem that on some users computers the link for the file is "file://networkshare/filename" (which works) and on other machines it is "http://networkshare/filename". (which doesn't work)
I have the mime type for .config set to text/plain in iss6. All users are running IE8.
The code on the page creates a href links based on records returned from the database.
Why then is there there the difference in the way the link is rendered differently in the same browser on different pc's? How do I allow .config files allowing people to view the sites web.config?
The code that builds the link is:
function getlink(file_nm,path)
{
thisPage.navigate.CheckDocumentAttachedToRequest(file_nm, path)
var sDocLink = path.replace(/\//g,"\\") + "\\" + file_nm;
return "<A class=\"parislink2\" TARGET=\"_BLANK\" HREF=\"\\\\" + thisPage.get_sServerName() + "\\" + sDocLink + "\">" + file_nm + "</A>";
}

Weird.
I know that IIS 6 will return error 404.3 if a client request refers to a file name extension that is not defined in the MIME types.
However you do have it defined. You can try as a test using the wildcard () in your mime types. ( for the file extension and text/plain for the mime type.) The wildcard can be a security risk but if you are serving up configs..perhaps this application and server are internal to your network and it would be ok to use the wildcard.
I would also check your ISAPI extensions (not filters, but extensions) and make sure .config
is still in there. It should be by default.
Defining a mime type at the global level in IIS should filter down through and override any mime types set at the folder level.
An IIS reset is needed everytime you change mime types.
Perhaps it is a browser issue?
(an issue on the client side for the links that do not work..an issue like "browser control".)
It is almost as if some of the browsers are interpreting your function correctly when the link is built..and others are substituting "http" instead of "file" as the protocol when they render the HTML from the function call. Perhaps you could hardcode your function to us "file:" as a string that is placed at the begining of your link code. (trying to overide any "http" string that gets place in there by the HTML sent back by the server or rendered by IE8.)
The wildcard was filtered out for security purposes in the above post. (wildcard = "an asterisk")

Related

Blazor server app cannot download .msg files

I have a Blazor Server 6.0 app where I have links to download .msg files.
I have setup IIS to serve that mime-type trying both application/octet-stream and application/vnd.ms-outlook (and restarting IIS)
I have also tried to put in web.config the staticcontent tag like suggested here:
.msg file gives download error
And obviously in my program.cs I have app.UseStaticFiles();
I try to put the .msg in a non-blazor app and they work ok, so I think is not IIS related
So why I cannot download (or open automatically in outlook) this type of file, while other (docx, pdf, zip, etc.) are Ok ?
ASP.NET Core -- on the server side -- also needs to know about the files it has to serve. You can enable serving all unknown file types (I'd rather not include the relevant code as it is a major security risk), or you can add you own additional mappings like so:
var provider = new FileExtensionContentTypeProvider();
provider.Mappings[".msg"] = "application/vnd.ms-outlook";
// app.UseStaticFiles();
app.UseStaticFiles(new StaticFileOptions()
{
ContentTypeProvider = provider
});
More info in the official docs: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/static-files?view=aspnetcore-7.0#fileextensioncontenttypeprovider
Additionally, Blazor Server registers custom options for serving static files (like .server.js, which is different from just .js). It's not directly exposed as a public API to configure, but you can look at the source here as to what the AddServerSideBlazor extension method actually does. The solution there relies on you calling UseStaticFiles without explicitly specifying the options, so that it can retrieve the StaticFilesOptions instance from DI.
Armed with this knowledge, you can override an already configured options instance as follows:
builder.Services.PostConfigure<StaticFileOptions>(o =>
{
((FileExtensionContentTypeProvider)o.ContentTypeProvider).Mappings[".msg"] = "application/vnd.ms-outlook";
});
This configures the already initialized options instance registered in the DI (after all other configurations happened on it, thus PostConfigure).
Note that if you would for whatever reason decide to use a different IContentTypeProvider, the unsafe cast above would need to be revised as well.

Programatically determine path to Chrome Extensions folder

Is there a way to programmatically determine the path to the Chrome Extensions folder? I want to make a call like the following:
xhr.open( 'GET', chrome.extension.getURL( '/' + msg.file ), true );
to consume the contents of a file I create with a native messaging host (so as to get past the 1MB pipe limitation for certain responses). I can see what my 'profiles' path is in chrome://version, but I cannot find anywhere where this might be exposed (was hoping, at the least, it could be exposed to extensions). Furthermore, there's a version subfolder that I do not know how it is constructed, e.g. I have the following subfolders for the Chrome Media Router extension:
5216.530.0.13_0
5216.530.0.14_0
5216.530.0.14_1
everything up to _ is the version from the manifest.json, but I don't know how/when the part after the _ comes into play (my guess is it is used to distinguish updates to the webstore when the version number is not changed).
so I really would most prefer an API function that would get me the full path for my extension from the extension.

Spring MVC - Change in .Exe file to .txt makes browser change content type

In my Spring MVC 3.0 based application I am trying to test the file upload functionality with some validations.
In one validation I changed .exe(executable) file to .txt , and expecting that exe file shouldn't be uploaded in the system.But it gets uploaded.
I am checking content type of file but in this case once file extension is changed it's content types also gets changed from "application/octet-stream" to "text/plain".
I am testing on Firefox and Google Chrome. And At Controller level Uploaded file is being read using MultipartFile.
Is there any way by which I get the original content type of file in this case "application/octet-stream" ?
When we change the extension of the file before uploading it ..It depends on Operating System weather the MIME type will change or not. Moreover, it is the responsibility of the browser to find out the Mime Type and set into the request header which is being read in the controller.

ASP.NET MVC routes with "." not working in Azure

I have simple route map like:
routes.MapRoute("Test", "test/{action}/{id}", new {controller = "Test", action = "Index", id = ""});
My route paths are like:
"/test/do-something/1.0.1"
Which works completely fine in local testing and self hosted .NET 4.5 on IIS7+
However, when I host it in Azure, it seems to have issues with the ID containing two ".", telling me that "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.".
When I change the path to "/test/do-something/1" it works on Azure as well.
Why does Azure seem to prohibit ID's with "." and what can I do about it?
I would recommend using '-' in your id as opposed to '.' (periods), it's more friendly in terms of SEO.
If you really want to get it working with periods, you could use a tool called URLScan.
What is URLScan?
There is an option to configure:
AllowDotInPath=0
By default, this option is set to 0. If this option is set to 0,
URLScan rejects any request that contains multiple periods (.). This
prevents attempts to disguise requests for dangerous file name
extensions by putting a safe file name extension in the path
information or query string portion of the URL. For example, if this
option...
Here is a link to the configuration.

Where would I get the base URI In my ServiceStack markdown page?

I am looking to serve an image from my root path test.com/some.png but this markdown page may be displayed on [Post]test.com/Item or [Put]test.com/Item/123 So I am looking for a way to get the base URI to form the image link.
You can use the literal text ~/ inside a Markdown page gets converted to a virtual path.
This literal is registered on start-up from the global EndpointHostConfig.MarkdownReplaceTokens property which is assigned the appHost.Config.WebHostUrl property:
this.MarkdownReplaceTokens["~/"] = appHost.Config.WebHostUrl.WithTrailingSlash();
Since it's difficult for an ASP.NET framework to determine the url its hosted at (i.e. without a request) you need to specify the preferred url you wan to use in your config. Here's an example from the servicestack.net/docs/ - ServiceStack's markdown Docs project:
SetConfig(new EndpointHostConfig {
WebHostUrl = baseUrl, //replaces ~/ with Url
MarkdownBaseType = typeof(CustomMarkdownPage),
});
Otherwise inside your service you can use base.Request or base.RequestContext.Get<IHttpRequest>() to get information about the incoming Request as well as (HttpRequest)base.Request.OriginalRequest to get the underlying ASP.NET Request object.

Resources