Develop Reference

IIS ASP.NET - URL Rewrite - FormsAuthentication module fires before RewriteModule module

I have one site and 3 applications in 3 virtual folders and 3 app pools.
I use URL rewrite (redirect or rewrite doesn't matter) to catch some wrong urls and rewrite or redirect to appropriate application.
All 3 apps are asp.net MVC and use Forms Auth.
They must use sepparate app pools.
If I use rewrite I have an error that URL can't be served from same app pool, so rewriting doesn't work across app pools, that is a known issue.
If I use redirect there is a problem that before I can issue a redirect from URL rewrite FormsAuth sends redirect for login.
This is scenario where I am already logged in in app1, but I want to redirect from app2 and app2 has no session yet and it redirects me to login of app2 instead that I get URErewrite/redirect to URL in app1.
Can this be overridden ?
So that URL Rewrite redirect is not surpassed with FormsAuth redirect.
I tried to put RewriteModule in front of FormsAuthentication module in main applicationHost.config (C:\Windows\System32\inetsrv\Config) but it doesn't work :
<modules>
<add name="IsapiModule" lockItem="true" />
<add name="IsapiFilterModule" lockItem="true" />
<add name="HttpLoggingModule" lockItem="true" />
<add name="HttpCacheModule" lockItem="true" />
<add name="StaticCompressionModule" lockItem="true" />
<add name="DefaultDocumentModule" lockItem="true" />
<add name="DirectoryListingModule" lockItem="true" />
<add name="ProtocolSupportModule" lockItem="true" />
<add name="HttpRedirectionModule" lockItem="true" />
<add name="StaticFileModule" lockItem="true" />
<add name="AnonymousAuthenticationModule" lockItem="true" />
<add name="WindowsAuthenticationModule" lockItem="true" />
<add name="RequestFilteringModule" lockItem="true" />
<add name="CustomErrorModule" lockItem="true" />
<add name="FailedRequestsTracingModule" lockItem="true" />
<add name="ConfigurationValidationModule" lockItem="true" />
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule" preCondition="managedHandler" />
<add name="RewriteModule" />
<add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition="managedHandler" />
<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" preCondition="managedHandler" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="managedHandler" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" preCondition="managedHandler" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="managedHandler" />
<add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" preCondition="managedHandler" />
<add name="AnonymousIdentification" type="System.Web.Security.AnonymousIdentificationModule" preCondition="managedHandler" />
<add name="Profile" type="System.Web.Profile.ProfileModule" preCondition="managedHandler" />
<add name="UrlMappingsModule" type="System.Web.UrlMappingsModule" preCondition="managedHandler" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="managedHandler,runtimeVersionv4.0" />
<add name="ScriptModule-4.0" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler,runtimeVersionv4.0" />
<add name="ApplicationRequestRouting" />
</modules>
</system.webServer>
UPDATE ::::::::::::::::::
I didn't find out a way to overide FormsAuth so I went the ARR route.
I have 4 sites (no more one site and 3 apps/virtualFolders) :
*_ARR site listens to real ip and virtual host, it is empty , it only has URL rewrite rules, so it is guaranteed that URL rewrites are executed before everithing, the problem of Rewriting to another APP pool is solved by ARR reverse proxy, URL Rewrice at the end causes local reconnection ala reverse proxy, there aro no server farms configured in ARR, only one checkbox (enable proxy).
Other three sites keep 3 versions of app.
There is a file that keeps a record which version is the last installed.
There is a cookie issued for affinity to site/version of app.
All that is handled in custom URL revrite provider.
Cookies with this solution :
Cookie basicaly has the port writen inside. So URL rewrite sends the user to correct version.
And new logons go to newest version, allready logged in user stays at his current version, and finnaly it works as it needs to work.
All this because as I said before , objects in our Session can't be serialized.
And for existing loggins there is no performance hit in starting up site.

neo4j Remote guide error: TypeError: NetworkError when attempting to fetch resource

Just installed the new version (community edition 3.4.9) and I have this configuration at neo4j.conf:
browser.remote_content_hostname_whitelist=*
browser.post_connect_cmd=play http://127.0.0.1:80/egov-guide/introduction.html;
The idea is to run a specific guide introducing the database. with previous versions runs well, but with this one, I get the following error:
Remote guide error: TypeError: NetworkError when attempting to fetch resource.
Just to complete: if I switch to 3.4.7 or 3.4.8 the educational guide is accessible. This last one is available through IIS and the web.config is like that:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
</customHeaders>
</httpProtocol>
<staticContent>
<mimeMap fileExtension=".grass" mimeType="neo4j/style" />
</staticContent>
</system.webServer>
</configuration>
I don't know if I'm doing something wrong

The neo4j guys solved the problem. They told that we must send Pragma and Cache-Control headers with the requests since neo4j-browser 3.4.9.
So the web.config should be completed, like this:
<add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept, Pragma, Cache-Control" />

cache static images by keeping Cache-Control set to no cache in asp.net mvc

I have images in my ~/Content/Images folder. And these images are used in Layout and other pages. When i request a page "Contact", it loads images referenced on that page and i can see requests in IIS log for each image load. This is ok for the first request. and for 2nd and further requests to contact page, i do not want these images to be requested from server again, want them to be load from cache.
I don’t want to change security settings in my web.config
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Cache-Control" value="no-cache, no-store" />
<add name="Pragma" value="no-cache" />
<add name="Expires" value="-1" />
</customHeaders>
</httpProtocol>
</system.webServer>
I am trying to add output cache setting for images as
<system.webServer>
<caching>
<profiles>
<add extension=".gif" policy="CacheUntilChange" kernelCachePolicy="DontCache" location="Client" />
<add extension=".jpg" policy="CacheUntilChange" kernelCachePolicy="DontCache" location="Client" />
<add extension=".jpeg" policy="CacheUntilChange" kernelCachePolicy="DontCache" location="Client" />
<add extension=".png" policy="CacheUntilChange" kernelCachePolicy="DontCache" location="Client" />
</profiles>
</caching>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="1.00:00:00" />
</staticContent>
</system.webServer>
But above setting still sending a requests for images each time I am refreshing the page.
do not want session values to be cached so I set cache-control to no-cache.
I want to stop these requests for static images until I change it.
What i am missing here?

Issue: creating AD FS claims aware application in Visual Studio 2013

I am new to trying to use AD FS and I have been running in circles.
Trying to make a claims aware application
The organization handles its own authentication
I have gotten my test application to verify authentication but it seems wrong.
Create new application in Visual Studio
Choose Web -> Visual Studio
Choose .Net Framework 4.5
Select ASP.Net MVC 4 Web Application
Add Reference to System.Identity
Add Reference to System.Identity.Services
Edit my web.Config file
in the configsection -- add the following
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
then add
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="https://fedtest.xxxxxxxx.com/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://myappNameHere.xxxxxx.com" />
<add key="ida:AudienceUri" value="http://myappNameHere.xxxxxxx.com" />
<add key="loginUrl" value="~/Home" />
</appSettings>
Then add
<location path="Home">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Logout.html">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Then add
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
</system.web>
Then add
<identityConfiguration>
<audienceUris>
<add value="http://myappName.xxxxxx.com/" />
</audienceUris>`
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://fedtest.xxxxxxx.com/adfs/services/trust">
<keys>
<add thumbprint="12345567890asdasfsdgdfhdfgjdf123124" />
</keys>
<validIssuers>
<add name="http://fedtest.xxxxxxxx.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://fedtest.xxxxxxxxx.com/adfs/ls/"
realm="https://myappName.xxxxxxxx.com/"
reply="https://myappName.xxxxxxxxx.com/"
requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
Why do I think all this is wrong?? Well I got all those lines of web.config from the following steps...
go back to step 5 and do the following
Under Tempalte click web
chose the only option --- ASP.NET Web Application
Wizard comes up and click the 'change Authentication'
Choose Organizational accounts
change drop down to 'On Premises'
fill out 'On-Premises Authority'
Fill out 'App ID URI'
Look at web.config
But using the application that those steps produce will create a redirect loop that I have never been able to trouble shoot.
So -- suggestions on what I am doing wrong. It can't be considered right to generate the web.config in a standard way and paste it into a previous version to get it to work.

Refer: Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.
In terms of the redirect loop. the usual reason is that for your ADFS RP, you configured the endpoint without a trailing slash.
Add the missing "/" and ensure it matches the string in your web.config.

Enable SSL in your application and set the SSL URL as the default in your web properties.

Okay -- what the answer ended up being...
1) I started down this route because i kept getting a redirect loop that I thought was caused by the web.config.
It wasn't the web.config.
2) So create the the application as you are supposed to in VS 13 -- namely go to c# -> web -> and then click the ASP.NET Web Application and set up the on premise authentication
3) My redirect loop was caused by multiple LDAP claims bundled together coming from AD FS
4) Sent my claims one rule at a time and worked like magic.
If anyone can shed light as to why this should be true I am curious.

Sitecore MVC - gzip compression error

I'm experiencing a problem when using Sitecore MVC 3 rendering with GZip content compression.
I followed the blog post of John West, how to enable MVC in Sitecore.
Until now it works perfectly, the pages are rendered. But if I run the page on IIS and enable content compression (gzip), the page doesn't load. I get a "Content Encoding Error" in Firefox. Other browser display various error messages.
Has somebody experienced similar issues? Do you have any idea what the problem may be? Where should I start checking? I have to use compression on the pages.
We are using Sitecore 6, Update 5: "Sitecore 6.6.0 rev. 130404"
Could this be a Sitecore bug?
EDIT 1: I am also running ASP.NET WebForms on the Sitecore instance and it works fine also with gzip compression.
EDIT 2: I have 'dynamicCompressionBeforeCache' enabled. My web.config related to gzip config:
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true" dynamicCompressionBeforeCache="true" />

Sitecore confirmed that they can reproduce the issue. When setting dynamicCompressionBeforeCache="true", the encoding does not work correctly for some reason.
One solution is to remove this setting. After applying dynamicCompressionBeforeCache="false" it works fine.

You should probably enable gzip in your web.config
<system.webServer>
<httpCompression directory="%SystemDrive%\inetpub\
temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll"/>
<dynamicTypes>
<add mimeType="text/*" enabled="true"/>
<add mimeType="message/*" enabled="true"/>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="*/*" enabled="false"/>
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true"/>
<add mimeType="message/*" enabled="true"/>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="*/*" enabled="false"/>
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>
There are a few more tricks here
Setting the gzip compression in asp.net