I'm using SEO-friendly URLs, and I can process most of them with ASP.NET, by mapping aspnet_isapi.dll to all URLs. (I set up an Handler Mapping in IIS that uses the dll for all paths. (path = *))
However, that doesn't seem to work when the last character of a "subfolder" is a period. E.g., I have a URL of /brakes/A.B.S./, and that won't trigger the mapping. So I end up with 404s for such URLs. Does anybody know how I should setup the mapping to trigger this? (I've tried *. and that doesn't work either.)
Try changing this setting in your web.config:
<httpRuntime relaxedUrlToFileSystemMapping="true" />
http://haacked.com/archive/2010/04/29/allowing-reserved-filenames-in-URLs.aspx
As Matthew already pointed out, this is resolvable in .NET 4.0, but not in .NET 2.0. The problem lies in the underlying system: Microsoft forbids names to end with a dot (or a space, for that matter), because Windows Explorer cannot handle them (the underlying NTFS system can handle them, however).
What's the cause
Internally, and this is true for .NET 2.0 and .NET 4.0, a web request is passed, at some point, to the method IsSuspiciousPhysicalPath. Among other things, this method calls a standard API to create an "official" path based on the path given. It doesn't create this path. Then it compares this correct path with the given path. If they are different (i.e., if the given path does not exist in the corrected path) it is considered suspicious.
You can try this yourself: use File.CreateFile to create the file "test.txt....". This will succeed, but the resulting file is "test.txt". In the scenario above, the given file "text.txt...." does not fit the created file, hence it is suspicious and never even reaches the web request handler.
Even a 404-handler in the base IIS settings won't work here!
A far-fetched workaround
A workaround which I've used for years in many setups (for reasons not related to this issue): install Apache in front of IIS and configure it for proxying. That's relatively easy to setup (lost of examples on the internet) and this can act as a buffer for handling these kind of "illegal requests", rewriting them to something IIS can handle.
But it is probably easier to simply move from .NET 2.0 to .NET 4.0
I'm using Web API attribute routing
The selected answer did not work for me, it is only a partial solution.
to make sure the Web API gets the first crack at it, not only will you need to have
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
</system.web>
</configuration>
you also need to have
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"></modules>
</system.webServer>
I found the answer here at this blog:
ALLOW A DOT IN ASP.NET MVC APPLICATION (SPECIFICALLY IIS 7+)
In my case, I couldn't do it using the URL Rewrite while there was another reason which is the URL Scan.
I opened windows\system32\inetsrv\urlscan\urlscan.ini in a text editor and enabled AllowDotInPath by changing its value to 1
Related
Good Day,
I am running into an error that I have never run into before. I have a brand new server (Windows 2016) and I have added IIS 10 to it. I have also installed .net Core 2.1 and 2.2 runtime and SDKs onto the server. When I set up a .net Core 2.1 website, it appears to set up fine, but when I try to click on any of the features in the features view, I get a really generic error message (it happens for any .net Core website I set up). The error is an alert that states: There was an error while performing this operation. Details: [empty] Filename: \\?\D:\Apps\Test\web.config Error: [empty]
I found one place where this question was asked before, but I have IIS Rewrite 2.1, .net Core 2.1 and 2.2 and I have this site set up on another server (test env) and it works perfectly fine there! I have also made sure that IUSR and IIS_User both have read/write capabilities to the folder and every file in it.
Does anyone have any suggestions?
Thank you,
Tim
In my experience, this sort of error normally means there is either something it doesn't like in the web.config (XML element it doesn't recognize) or the web.config is missing.
Normally (for me anyway) this is because I've forgotten to install URL Rewrite as that's pretty much the only "extra" thing I use - but you've got that covered already.
It might be worth checking that the App Pool for the site is configured correctly and running (should be same as your other machine, check the basic settings and the advanced).
The only other thing I can think of, is that you've installed some of the features for IIS through the Windows Features, but not all of them. I sometimes have to go back through the lists and make sure all the right things are definitely checked.
Last step would be to create a real simple little mini site, with just a default page, use the IIS GUI to change some site level settings so it creates its own web.config, make sure it runs, then have a look at the differences between the files.
Hope any of that helps
I'm trying to add a .plan extension to our IIS 6.0 website through WiX. I'm using
<iis:WebApplicationExtension CheckPath="no" Script="yes" Executable="[FRAMEWORKROOT]v4.0.30319\aspnet_isapi.dll" Verbs="GET,HEAD,POST,DEBUG" Extension="plan"/>
Although this is replacing all of the existing application extensions, which is not the behaviour that we want. Is there a way to simply add .plan? We would like to avoid using the Wildcard if possible as we're not sure how it will affect the rest of the site. I don't think that APPCMD is available on our 2003 server either.
Any suggestions would be greatly appreciated :)
Unfortunately we didn't find a way to do this cleanly using the iis:WebApplicationExtension in WiX.
We found this post http://blogs.msdn.com/b/david.wang/archive/2004/12/02/273681.aspx that provides a VBScript for adding ScriptMaps. We edited the script to only execute the HandleListOps function (with the relevant params) so that we didn't get any issues with WScript. We then call this from a CustomAction in WiX, with the vbs file added as a Binary file.
We're aware that running vbscript custom actions from within an installer isn't ideal, but luckily we're not distributing the application externally and is only going to be used on an internal website, so the target server environment is reasonably well known.
I have a strange problem when trying to get the application pools on the current machine. It seems that when IISExpress is installed, the Microsoft code wants to check IISExpress in addition to the full IIS. IISExpress uses separate applicationHost files per user. I'm not sure whether this call will require it to check all of those, or just those for the current user. Regardless, it's not finding the one it's looking for in the 'C:\Windows\system32\config\systemprofile\' directory. It should be going to %userprofile% or 'C:\Users\Administrator\' for the user that the application pool that this code is executing under is running as.
Does anyone perhaps know how this systemprofile directory might be coming from?
Exception:-
System.IO.DirectoryNotFoundException: Filename: \\?\C:\Windows\system32\config\systemprofile\Documents\IISExpress\config\applicationHost.config
Error: Cannot read configuration file
at Microsoft.Web.Administration.Interop.AppHostWritableAdminManager.GetAdminSection(String bstrSectionName, String bstrSectionPath)
at Microsoft.Web.Administration.Configuration.GetSectionInternal(ConfigurationSection section, String sectionPath, String locationPath)
at Microsoft.Web.Administration.ServerManager.get_ApplicationPoolsSection()
at Microsoft.Web.Administration.ServerManager.get_ApplicationPools()
at CustomCode.Classes.IIsApplicationPool.GetApplicationPool(String iisWebSitePath, String poolName)
I highly recommend to stop using the local reference to Microsoft.Web.Administration that gets shipped with IIS (even if it's in the GAC). This is because it has a very specific version number (i.e. 7.0.0.0) and this version might change in a future version of Windows and it will hurt.
Instead, checkout the nuget package: Microsoft.Web.Administration (https://www.nuget.org/packages/Microsoft.Web.Administration). This basically makes it so you can have a private deployment of your IIS dependencies.
If the application, in which you are using Microsoft.Web.Administration to check for app-pools, is running on IISExpress, it will always fallback to Microsoft.Web.Administration version 7.9.0.0 due to an assemblyredirect in the aspnet.config in the IIS express.
See C:\Program Files (x86)\IIS Express\config\templates\PersonalWebServer\aspnet.config
Here is the problem in the config:
<dependentAssembly>
<assemblyIdentity name="Microsoft.Web.Administration"
publicKeyToken="31bf3856ad364e35"
culture="neutral" />
<bindingRedirect oldVersion="7.0.0.0"
newVersion="7.9.0.0" />
<codeBase version="7.9.0.0"
href="FILE://%FalconBin%/Microsoft.Web.Administration.dll" />
</dependentAssembly>
Make sure you are running the application in either the full IIS or on the Visual Studio Development Server.
Alternativly you could try and remove the assembly redirect, but i have not tried this, and this might cause problems in other places. We must assume that the IIS Express team made the redirect for some reason (other than convenience) :-)
I already know the answer is old but
have you tried specifying a different version of the dll?
A picture is worth in thousand words:
How are you trying to get the application pools? Are you using MWH (Microsoft.Web.Administration) APIs?
Full IIS ships with Microsoft.Web.Administration.dll (version 7.0.0.0).
IIS Express ships with a different version of Microsoft.Web.Administration.dll (version 7.9.0.0).
It seems full IIS is trying to use IIS Express specific assembly. I am not sure how you ended up in this state, but you can un-install IIS Express and see if this problem still occurs.
Edit:
Why do you want to use Microsoft.Web.Administration (MWA) version 7.9.0.0 in your web application? It is shipped with IIS Express 7.5 to work with per user applicationhost.config file ONLY and this does not use/work with inbox/full IIS configuration file that is located at \windows\system32\inetsrv\config\appliationhost.config.
In your case, web application running under full IIS is running with system identity and therefore MWA 7.9.0.0 is trying to load config file from 'C:\Windows\system32\config\systemprofile' directory.
I've just recently ran into this issue. After reading quite a few posts, this was the closest one at giving me any idea as to what was going on. While I don't necessarily have a solution to the conflict between the two versions (7.0.0.0 and 7.9.0.0) when running within the VS IDE, after a few hours struggling with it, I did find a of quirky trick you can do to work around the IDE's auto-redirection.
In the example of:
Developing an application that's referencing Microsoft.Web.Administration.dll (7.0.0.0) from the inetsrv directory and attempting to do any of the following and trying to connect properly access the application pool definitions of the real IIS, not IIS Express, with not installed. When running the compiled code outside the IDE, it always works correctly regardless of how it's specified.
ServerManager sm = new ServerManager();
sm.OpenRemote("localhost");
sm.OpenRemote("MYPC"); // Presuming you local machine's name is MYPC
These all trigger VS to redirect the reference from the 7.0.0.0 DLL to the 7.9.0.0, which causes the retrieval of incorrect sites or COM exceptions to occurs.
The quirk I found was to always use the OpenRemote(), even though trying to open the local IIS and specify "localhost" or "MYPC" as either "LocalHost" or "MyPc" (i.e. any combination of mixed case so that it is not an exact case-sensitive match to "localhost" (all lower case) or the local machine name.
This quirk may not be specific to all VS versions. I'm currently using VS Professional 2017 (15.9.11).
As I stated, it does fix the redirect, but it definitely help while debugging.
I found mapping the "TeamConfig folder" locally to my development machine helped resolved this issue for me.
I'm trying to write an HttpModule to run on our SharePoint farm - essentially it will check whether the user is authenticated and if they are it will validate some info against another database and potentially redirect the user to sign a variety of usage agreements.
Whenever I enable the module in the web.config I'm finding that SharePoint has issues rendering the page - it's almost like the CSS is not getting loaded as the page is devoid of any styling.
As a test I've even tried an empty module - i.e. an empty init block so it's not even hooking up any code to any events and the same issue arises. At this point it's an empty class that just implements IHttpModule so it's not even my dodgy coding causing the issue!
The module is in a class library that I've dropped in to the bin folder of the application it needs to run against. In the web.config of the app I've simply added an entry as below:
<modules runAllManagedModulesForAllRequests="true">
... (default stuff ommitted)
<add name="SharePointAUP" type="SPModules.SharePointAUP" />
</modules>
I must be missing something really obvious here as I've done exactly the same as every sample I've found and yet I'm getting this strange behaviour. Is there something extra I need to do to get SharePoint to play nice with a custom module?
UPDATE:
In case it helps - this is SP 2010 beta running on Windows 2008 R2.
UPDATE:
The set-up I'm running against is a farm - 2 front end servers with NLB & 2 app servers with services split across them.
After listening to a nagging feeling this morning I've tested my handler on another installation we have which is a standalone set-up... and everything worked perfectly. The issue only exists when deploying to a farm.
make sure to include a precondition attribute
I came back to this after reinstalling the farm with the RTM - everything worked fine. I've written it off as beta issue (along with many others that I had with SharePoint if you've seen my other questions!).
I notice that there's frequently an aspnet_client folder under the standard IIS web folder structure. What is this used for? Is it needed?
In the .NET 1.1 days and before, this folder provided ASP.NET with its JavaScript support for the validation controls and other functionality. If you don't have a .NET 1.1 site or older running it should be safe to delete it. I would rename it first to ensure it doesn't cause any problems.
In addition to what others have said, it's usually created by the aspnet_regiis tool, which can be (re-)run by things like Windows Update/AddRemove Windows components/IIS. So sometimes even if you do delete it, it can come back randomly. There may be a way to stop this behavior, but I haven't found it (maybe changing the application version to .NET 2 would do it actually).
So unless you're using certain features of .NET 1.0/1.1 (validation, Smart Navigation etc) you can delete it without any problems, just don't be too surprised if it comes back!
aspnet_client is a folder for "resources which must be served via HTTP, but are installed on a per-server basis, rather than a per-application basis".
Some of the uses of aspnet_client include storing resources (eg. JavaScript, images) for:
JavaScript for ASP.NET Web Forms controls when using client-side validation (mainly to manhandle older browsers like IE5, it seems)
ASP.NET 2.0 (until at framework 4.0) for 'Global Themes' (global to all sites on a server, that is)
some versions of Crystal Reports
There probably are/will-be further (ab)uses of this folder in the future. Needless to say, since it contains things which are "necessary for the application to run correctly" but which "are not supposed to be deployed by the application", it will remain something of a nightmare for both developers and system administrators.
It seems that the 'prototype' for the contents of the folder is in C:\inetpub\wwwroot, and it seems reasonable to suppose that if any given IIS website lacks a /aspnet_client resource, then IIS will try to do the right thing and ... as a last resort ... make a physical folder in the web site root folder, and copy the files there. It seems that IIS will do this at least when "ASPNET_regiis /c" is invoked a given server - which probably occurs automatically at some critical junctures ... like when .NET framework updates are applied to a server which has the IIS role.
Strategies for handling the aspnet_client directory include:
specifying a virtual directory mapped to C:\inetpub\wwwroot in the hope that IIS will forgo creating a physical directory
deleting the physical directory from time to time if you're sure your site doesn't need it and it really bothers you
ignoring aspnet_client
running "ASPNET_regiis /c" yourself if you're missing the folder, and need it
Probably most importantly, as a developer, you should clearly understand and document your applications' dependencies on the aspnet_client directory, and make sure that your installation procedure has relevant instructions for making sure that the directory exists. However, you should probably not bother to actually supply the directory as part of your packaged web application or web site - how could you possibly do this for each version of the .NET framework which the server will see over the lifetime of your application?!
Some links I will come back to later:
http://my.safaribooksonline.com/book/certification/mcts/9780735657489/2dot-using-master-pages-themes-and-caching/ch02s03_html?query=((aspnet_client))&reader=html&imagepage=#snippet
What is the aspnet_client folder in my ASP.NET website?
iis express path for global theme directory
http://my.safaribooksonline.com/book/web-development/microsoft-aspdotnet/0735621772/aspdotnet-configuration/111?query=((aspnet_client))#X2ludGVybmFsX0J2ZGVwRmxhc2hSZWFkZXI/eG1saWQ9MDczNTYyMTc3Mi8xMTE=
http://my.safaribooksonline.com/book/web-development/microsoft-aspdotnet/9780471785989/working-with-themes/ch41lev1sec8?query=((aspnet_client))&reader=html&imagepage=#X2ludGVybmFsX0h0bWxWaWV3P3htbGlkPTk3ODA0NzE3ODU5ODklMkZjaDQxbGV2MnNlYzEwJnF1ZXJ5PSgoYXNwbmV0X2NsaWVudCkp
http://my.safaribooksonline.com/book/web-development/microsoft-aspdotnet/067232542x/performing-form-validation-with-validation-controls/ch03lev1sec1?query=((aspnet_client))&reader=html&imagepage=#snippet
http://scn.sap.com/thread/3157366
It also has certain icons and scripts that are required for crystal reports to run properly even in versions later than 1.1
The folder is usually for storing client side Javascript, which ASP.NET uses for things like validation.
It should be safe to delete.
Figured I'd add this here as this is the link I kept being directed to when I googled this question. Apparently with .NET 4.0 and newer this folder is no longer needed and can be removed without issue.
If you are using Installshield to configure ASP.net website, be aware that this feature was present in Installshield 2010 and is missing in Installshield 2012.