I have a website on IIS 7. This website has a HttpModule with an AuthorizeRequest event handler. This event does not fire for CSV files and I can access the file without logging in, I guess this is because IIS7 is not configured to require form autentication for CSV files.
View 2 RepliesI'm using .net 4.0 and iis 7 and windows server 2008
my web application use form athentication and wok properly in vs 2010
but when i try to config the web site in iis 7 the form athenticate redirection doesn't work without any kinds of error.
here is my web.config code
<authentication mode="Forms">
<forms loginUrl="Pages/login.aspx" name=".ASPXFORMSAUTH"></forms>
</authentication>
<authorization>
<allow users="?" />
</authorization>
I enabled the authentication form in iis.
I have a website running on a IIS 7.5 server with ASP.NET 4.0 on a shared host, but in full trust.
The site is a basic "file browser" that allows the visitors to login and have a list of files available to them displayed, and, obviously, download the files. The static files (mostly pdf files) are located in a sub folder on the site called data, e.g. http://example.com/data/...
The site uses ASP.NET form authentication.
My question is: How do I get the ASP.NET engine to handle the requests for the static files in the data folder, so that request for files are authenticated by ASP.NET, and users are not able to deep link to a file and grab files they are not allowed to have?
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 RepliesI have an application that ran fine on a Win 2003 box using windows authentication. After installing the app on a 32-bit Windows Server 2008 box the users are now prompted for domain credentials every time they call the site. I went into IIS manager for IIS7 and disabled anonymous authentication and enabled windows authentication. What do I need to do here for the user to not be prompted for the credentials?
View 5 RepliesI'm having a tough time implementing mixed-mode authentication (windows & forms based) for my application using IIS 7. Doing it in IIS6 is easy, but the process doesn't translate to 7/7.5 - and my research has led to me to conflicting answers, none of which.
I have redirect page called WindowsLogin.aspx, and a forms-based one called Login.aspx. I'm having difficulty enabling Windows authentication for just WindowsLogin.aspx.
I have an ASP.NET web application that is using forms authentication. Everything is configured and working correctly. However, i'm dealing with the issue of creating and maintaining users and role membership.
I know that I can roll my own solution but I'm wondering if there is an alternative solution?
Does iis7 provide screens for managing forms authentication users? Is there a reliable, free solution that someone would recommend?
I've got an ASP.NET web app that uses Crystal Reports XI Release 2 (Service Pack 4 + Fix Pack 4.1), and when I use Windows Authentication, the report still passes the application pool identity to the database instead of the user's identity. Every other portionof the program sends the user's identity (checked using SQL profiler). I know I've gotten this working on a client's windows 2008 server before, but I don't have access to that machine to make a comparison with the one I'm working on. I'm pretty sure it's an IIS configuration issue, but I can't seem to find the thing that's causing the Crystal reports to behave differently from the rest of the application.
View 2 RepliesI'm writting a software in C# and .NET to manage my store, which has a site where you can go and opt in to receive a sellers person visit. This site has an behind the scenes manager, but I want the software to do this instead, effectively removing the browser manager and the first step towards this goal is to allow the software access to a PHP script that generates tha XML file required.
The problem is, the login mechanics, written in C# and using web.config, doesn't allow the software to access the said script, which is inside a protected folder for the browser manager. I already tried using HttpWebRequest object, WebClient object with lots os combinations of post, credentials, streams and even a special user-agent to try and login, without success, I can only download the login page.
Here's the code I'm using to download data at the moment (That's my latest try, using the special header):
string agent = "AGENT"; //Not real name, it's just confidential
WebClient client = new WebClient();
client.Headers["HTTP_USER_AGENT"] = agent;
client.DownloadFileCompleted += new AsyncCompletedEventHandler(DownloadFileCompletedEvtHdl);
client.DownloadProgressChanged += new DownloadProgressChangedEventHandler(DownloadProgressChangedEvtHdl);
if (!Directory.Exists(toSavePath))
{
Directory.CreateDirectory(toSavePath);
}
if (File.Exists(toSavePath + filename))
{
File.Delete(toSavePath + filename);
}
client.DownloadFileAsync(new Uri(url), toSavePath + filename);
The login page is pretty simple, it only assings a click event to the login button to check if the user and password are the same in web.config. If true, got to redirect page, else, error.
So, what's the best method for this? Is there any way to configure IIS7 to skip the authentication on that special user agent or some other custom header? Or I'm going the wrong way?
I am trying to implement single sign on for users within our domain and if the are not then they get re-directed to the login screen to use forms authentication.
I have followed this tutorial below
however I get two issues firstly if I go to my forms authentication page no css or images now display and if i try to login i get an error.
If I go to the login page which should recognise me from the AD I get 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.
[URL].....
I have a database which has form authentication tables for an website [let say website A], now I have attached a new website [Website B] to the same database, in this website [Website B] also I have to provide login/authentication which would be separate from the website A authentication system. So I want to have separate table for the users of new website. Specification:
[code]....
will there be any open source membership provider like we have .NET membership provider [form authentication].
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 RepliesI needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I have a website deployed on IIS 7 . And want one of my pages authenticated by windows authentication. But While trying this I am getting error "This feature has been locked or Read Only".
View 1 RepliesBefore I get started it's important to note that this issue only happens in IIS7 and IE7, which means it works fine in all our IIS6 environments and Chrome and Firefox hitting IIS7.
We have an ASP.NET 3.5 application that is doing a very basic window.open to open our report server.
ex.
window.open('http://555.55.5.55/ReportServer', 'Reports');
Once launched the user is prompted for their username and password. If the user selects cancel and goes back to the parent window they can use all the Ajax functionality just fine; however, if the user logs into report server then all the Ajax functionality on the parent window ceases to work (example error below). We changed the javascript line above to popup a window to google and everything worked fine. We even tried changing it to '_self' to act like a redirect and we had the same results, everything failed. The issue appears to be related to something in IE7 and the authentication popup.
We've already set the application pool hosting the site in IIS7 to classic mode and this did not resolve our problem.
Error:
Error: Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server could not be parsed. Common causes for this error are when the response is modified by call to Reponse.Write(), response filters, HttpModules, or server trace is enabled.
Details: Error Parsing near ' <!DOCTYPE html PUB'.
I have a working solution on an IIS6, which I made using this guide: FLV Flash video streaming with ASP.NET 2.0, IIS and HTTP handler
The app is basically a FLV Player, but streaming is essential to it.
Now, one of our customers is running IIS7 and the streaming doesn't work.
We are working on a web application that creates more web applications.Each web application will have to get a Url Rewrite rule (URL REWRITE MODULE 2.0).As far as I know, there's no way to add such rules without modifying the web.config file (am I right??).So my plan was to work with multiple web.config partial files. One main .config file, and lots of .config files per application (every file will contain it's web application url rewrite rules).This way sounds a little bit messy, but I can't think of anything else, and suggestions will be welcomed.
View 1 RepliesI have an ASP.NET master page which references a #include file as follows:
<!--#include virtual="/includes/scripts.inc"-->
I have modified the file /includes/scripts.inc but the changes do not show up in pages. What needs to be done so modifications will be reflected? I need to avoid the following: restarting the server restarting IIS modifying web.config (doesn't appear to have any effect)
pretty much anything that causes the app domain to restart Any other options? Is there a setting which affects how long IIS caches #include files?
We'd like to restrict the maximum upload file size in our web site. We've already set the appropriate limits in our web.config. The problem we're encountering is if a really large file (1 GB, for example) is uploaded, the entire file is uploaded before a server-side error is generated, and the type of the error is different whether the file is huge or not. Is there a way to detect the size of a pending file upload before the actual upload takes place?
Here's my relevant web.config settings that restrict requests to 16 MB:
[Code]....
Update:
I know that client-side technologies like Flash can detect file sizes before upload, but we need a server-side workaround because we're wanting to target platforms that have no Flash/Java/ActiveX/Silverlight support. I believe that IIS or ASP.NET has a bug that's allowing large files to be uploaded despite the limits, so I've filed a bug here.
Would an ISAPI extension give me more control over request processing than HTTP modules and handlers, such as allowing me to abort an upload if the Content-Length header is seen to be larger than the allowed limit?
Update 2:
Sigh. Microsoft has closed the bug I filed as a duplicate but has provided no additional information. Hopefully they didn't just drop the ball on this.
We've got a process currently which causes ASP.NET websites to be redeployed. The code is itself an ASP.NET application. The current method, which has worked for quite a while, is simply to loop over all the files in one folder and copy them over the top of the files in the webroot.
The problem that's arisen is that occasionally files end up being in use and hence can't be copied over. This has in the past been intermittent to the point it didn't matter but on some of our higher traffic sites it happens the majority of the time now. I'm wondering if anyone has a workaround or alternative approach to this that I haven't thought of. Currently my ideas are:
Simply retry each file until it works. That's going to cause errors for a short time though which isn't really that good. Deploy to a new folder and update IIS's webroot to the new folder. I'm not sure how to do this short of running the application as an administrator and running batch files, which is very untidy.
Does anyone know what the best way to do this is, or if it's possible to do #2 without running the publishing application as a user who has admin access (Willing to grant it special privileges, but I'd prefer to stop short of administrator)? Edit Clarification of infrastructure... We have 2 IIS 7 webservers in an NLB running their webroots off a shared NAS (To be more clear, they're using the exact same webroot on the NAS). We do a lot of deploys, to the point where any approach we can't automate really won't be viable.
I'm using ASP.net 3.5 to run a .exe with Process.Start(). It works fine if I use the host that's built-in to VS2008, WinServer 2003 but if I use IIS7 it no longer runs. I am using the following code.
Process proc =
new
Process();
proc.StartInfo = psi;
proc.StartInfo.FileName = "cmd.exe";
proc.StartInfo.Arguments = args;
proc.Start();
I've been building an MVC 2 site on my local machine which I then hoped to FTP to my companies IIS7 server.
When I first started using the MVC in VS2010 I published in VS via FTP and everything was fine, asp.net was properly installed and the mvc library was there.
Now I'm faced with a problem that I can hardly define, let alone get around:
When I attempted to publish, the controller folder wasn't being transferred, so I manually copied it across thinking it was just an FTP problem, but then I got errors complaining about an assembly reference in my web.config file:
Parser Error Message: Could not load file or assembly 'System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
So I'm guessing that whatever it is that is preventing VS transferring the controllers folder is doing the same with some of the MVC configuration stuff.
Another oddity is that thought the initial settings worked, I've since scrapped the orignal project and started again, I've had a look back at it and tried to use the original settings to FTP across but they now don't work and have the same problem, as does my bosses machine(previously unused version of VS) when I tried to FTP across the default MVC2 project.
VS reports that the FTP publish has succeeded and the controller files aren't listed in the Publish.XML file on either machine.
I have a form with 10 file inputs. They can contain 10 random files with random sizes. If I send these files to ASP.NET server with this code:
var count = HttpContext.Current.Request.Files.Count;
var TotalSize = 0;
for (int i = 0; i < count; i++ )
{
HttpPostedFile postedFile = HttpContext.Current.Request.Files.Get(i);
TotalSize += postedFile.ContentLength;
}
And as you can see I didn't save the files on the server, will this code just calculate the summary of files without need to receive the whole file from the client (And therefore it would be very fast)?
I have some code that I tweaked for a contact form that I have been using for years with no trouble. I recently upgraded my hosting account to IIS7 and upgraded the Framework and now my code isn't working. I don't know how to fix my code so that it works. Could someone look at it and tell me what I need to fix? I know it's a lot of code and the person that originally wrote it for me many years ago was kind enough to comment everything so I knew what was going on but with the upgrade I have no idea what is incorrect. The error that I am getting when the form is filed out and submitted is...
A Problem prevented your request from being accepted: The "SendUsing" configuration value is invalid.
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<%@ Page Language="VB" ContentType="text/html" ResponseEncoding="utf-8" %>
[code]...
'The first thing we must do is declare or "Dimension" the variables we will use. We will declare variables for each form field,and we will insert those variables into the text of the email message.
Dim strName as String = txtName.Text 'This will assign the text of the "Name" textbox to this variable
Dim strEmail as String = txtEmail.Text 'This will assign the text of the "Email" textbox to this variable
Dim strCity as String = txtCity.Text 'This will assign the text of the "City" textbox to this variable
[code]...