I have two applications "http:/localhost/applicationA" and "http:/localhost/applicationB". I have configured applicationA for claim based authentication settings. applicationA is working perfectly. But I am refering some javascrips of applicationB from applicationA. But applicationB has no the authentication cookies(FedAuth).
Is it possible for me to add claim authentication in both applicationA, applicationB using the below code?
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost/applicationB/" />
<add value="http://localhost/applicationA/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="PassiveSigninSTS">
<keys>
<add thumbprint="DE161DD37B2FEC37BDB17CAFF33D982DCE47E740" />
</keys>
<validIssuers>
<add name="PassiveSigninSTS" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
You would need to enable claims authentication in applicationB for this to work. In other words, you would need to setup the same system.identityModel web.config settings in applicationB as in applicationA (as you've shown in your example).
Is there a reason that the JavaScript needs to be secured? If the scripts aren't secured, why not just make them accessible to everyone so you won't need to worry about the single sign-on across sites?
Related
I'm using Visual Studio Enterprise 2019 version 16.3.10. Whenever I run/debug my web project using IIS Express, it adds COMPLUS_ForceENC environment variable as shown below:
<environmentVariable name="COMPLUS_ForceENC" value="1" />
Here is the screen print,
Every time I need to undo this change before committing my changes to source control. Please can anyone assist me on how to avoid this change?
After a long time, I got response from Visual Studio developer community.
The web.config only gets updated if you have the following section present in the web.config. You can remove the following from the web.config and running the application will not update the existing web.config. if you are using IISExpress, You can alternatively remove the full web.config from the project. web.config is not required in the project for running in IISExpress.
<handlers>
<remove name="aspNetCore" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess">
<environmentVariables>
<environmentVariable name="ASPNETCORE_HTTPS_PORT" value="44370" />
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
<environmentVariable name="COMPLUS_ForceENC" value="1" />
</environmentVariables>
</aspNetCore>
Here is the link for the same.
Adding this Enivronment Variable seems to be a workaround for enabling the "Edit and Continue" debugger feature.
Source
I am trying to update the configuration which effects the browser caching settings for static resources (js, css, images).
I have Sitecore CMS site and images uploaded in CMS, these images are cached in browser (status code = 200 (from cache), when i observed the network in Chrome browser), but my other resources like js and css which served from Website folder are not cached in browser, and the status code is 304 (which is server cache and there is a round trip required to check for any update.)
I have below config settings in web.config file:
<caching>
<profiles>
<add extension=".jpeg" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".js" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".png" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".jpg" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".css" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".json" policy="CacheUntilChange" kernelCachePolicy="CacheUntilChange" duration="00:00:30" />
</profiles>
</caching>
<staticContent>
<remove fileExtension=".woff2" />
<mimeMap fileExtension=".json" mimeType="application/json" />
<mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
</staticContent>
Now if i remove the caching-profiles entry, then the resources are cached in browser, i can see all the css, js status code as 200 (from cache) for the subsequent request.
My question here is, what is the difference here, why browser cache didn't worked even there is a staticContent settings are added. What is the impact if I remove the existing caching-profiles settings (will it impacts server cache?).
I saw some other links, which explains static cache settings, but i want to know the impact with the changes i did (removed caching-profiles)
Please let me know your inputs.
Below are the Response header details:
With caching-profiles:
Without caching-profiles:
Thanks,
Sharath
So, it appears you are configuring IIS output cache for .jpeg, .js, ..., within the web.config system.webServer/caching node (beware, .webServer, not .web).
Unfortunately, IIS output cache (and Asp.Net output cache too by the way) does also handle client caching, and so it interferes (badly) with your client caching settings. (It should be two separate matters in my opinion, but that is not the way IIS/Asp.Net output caches handle it.)
Your profiles do not set the location attribute, so they default to Server. With output cache semantic, this means "no client cache", thus the no-cache it adds in Cache-Control response header.
To avoid this, you may change your profile location to Any.
<profiles>
<add extension=".jpeg" location="Any" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".js" location="Any" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".png" location="Any" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".jpg" location="Any" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".css" location="Any" policy="CacheUntilChange" kernelCachePolicy="DontCache" />
<add extension=".json" location="Any" policy="CacheUntilChange" kernelCachePolicy="CacheUntilChange" duration="00:00:30" />
</profiles>
But maybe should you simply not use IIS output-cache for .jpeg, .js, ...
From official IIS documentation:
Output caching is unnecessary for static files, such as HTML, JPG, or GIF files, ...
It has no benefit using IIS output cache for static files. (It may have benefits using an actual cache server such as varnish in front of your IIS, but emulating a cache server with IIS output cache has no benefit for static files.)
If you have some special cases URIs endings with static file extension but actually served dynamically by your application instead of directly corresponding to a file on disk (special case usually involving using rammfar which is a bad thing for application scalability; linked page gives some alternates by the way), better try enabling output-cache only for those URIs, by configuring it under
<configuration>
...
<system.webServer>
... <!-- not here! -->
</system.webServer>
...
<location path="yourDynamicImagesUriBasePath">
<system.webServer>
<caching>
... <!-- move it here -->
(I am not sure it works though, better test it of course.)
I have set up a website on Azure to deploy through a Bitbucket repository. The process fails when it tries to install nuget packages which are stored on a private nuget server, not nuget.org. Is there a way to specify where to restore the nuget packages from so that Azure can restore these packages?
You can add a custom NuGet.config file at the same level as your .SLN file.
You can then make the following modifications (assuming that your private feed requires authentication, create a set of credentials which only are used for this site):
<activePackageSource>
<add key="All" value="(Aggregate source)" />
</activePackageSource>
<packageSources>
<add key="nuget.org" value="https://www.nuget.org/api/v2/" />
<add key="custom_package_source" value="https://custom_package_source/nuget/v1/FeedService.svc/" />
</packageSources>
<disabledPackageSources />
<packageSourceCredentials>
<custom_package_source>
<add key="Username" value="CustomUsername" />
<add key="ClearTextPassword" value="CustomPassword" />
</custom_package_source>
</packageSourceCredentials>
When you deploy via Kudu, this should allow the build process to discover your private feed, authenticate & restore your packages.
If you do not require authentication against your private feed, remove the <packageSourceCredentials> element.
What are the correct Default Handler Mappings for ASP.Net, ASP.Net MVC and WCF Services hosted on IIS 7.5 .Net Framework 4.0 on Windows 7 (PRO)?
Out of a team of 8 developers who installed ASP.Net MVC 3/4 only 1 developer could get a basic ASP.Net MVC 3 Internet application to work under the Default Web Site in IIS 7.5 without changing the Handler Mappings, none of the team could get a second Website with the same site to work with the site sirectory located in a sub directory of the root website. inetpub/wwwroot/site
Below are three of the Handler Mappings set in IIS 7.5 all are different and have not been changed by the developers.
What is the best way to define the required settings as Defaults and ensure all workstations have the same configurations applied without setting them in the Website Web.Config file?
I successfully deployed MVC 4 to my local IIS 7.5 (windows 7). This fix my problem (as mentioned here)
(For x64 system)
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
(or if you in 32-bit system)
%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
Also, I changed the DefaultAppPool to use v4-Integrated (from v2-Classic), converted the website to application, and have the application to use DefaultAppPool.
Here is my complete Web.config. It has Handler included.
<?xml version="1.0" encoding="utf-8"?>
<compilation targetFramework="4.0" />
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
</namespaces>
</pages>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
Assuming that your default website has been configured as an application in IIS, the most likely cause of this issue is having the application pool running the Classic pipeline as opposed to the Integrated pipeline. In all of the MVC applications that we have deployed to Azure, local IIS servers and development machines, we have not had to touch the handler mappings unless having to trick IIS 6 into hosting an MVC site.
To check for the application pool pipeline:
Open the IIS manager
Right click on the Default Web Site, and choose Advanced Settings. This will open up a window
Note the name of the Application Pool. Now, close this window and click on Application Pools on the left hand menu in IIS manager
If the Managed Pipeline Mode is not set to Integrated (eg is reading classic), then right click the Application Pool and select basic settings. From here, you can change the Pipeline type. Choose integrated.
5.The application pool should immediately restart, but you can choose to restart it or IIS manually to ensure that your changes have taken affect.
Note - If you are running IIS 6, here is a link that describes how to adjust the handler mappings so that IIS 6 can run an MVC site.
Addendum - If you have been mucking with the handler mappings, depending on what has been changed, you may want to try this on a clean IIS install. It is not clear what handlers have been misconfigured as your team attempted to make an MVC deployment work.
When I update a Service Reference I end up with :
An endpoint configuration section for contract 'MyService.MainServiceSoap' could not be loaded because more than one endpoint configuration for that contract was found. Please indicate the preferred endpoint configuration section by name.
my web.config ends up like this:
endpoints:
<endpoint address="http://localhost/main/MainService.asmx"
binding="basicHttpBinding" bindingConfiguration="MainServiceSoap"
contract="MyService.MainServiceSoap" name="MainServiceSoap" />
<endpoint address="http://localhost/main/MainService.asmx"
binding="customBinding" bindingConfiguration="MainServiceSoap12"
contract="MyService.MainServiceSoap" name="MainServiceSoap12" />
bindings:
<basicHttpBinding>
<binding name="MainServiceSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="655360" maxBufferPoolSize="5242880" maxReceivedMessageSize="655360"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920" maxArrayLength="163840"
maxBytesPerRead="40960" maxNameTableCharCount="163840" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="MainServiceSoap12">
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
I manually delete customBinding and Soap12 endpoint and everything works fine. But if I update the service again (right click Update Service Reference) the added custom binding is added again causing error and the need to manually remove from config file.
Does someone knows how to fix this ? I don't want/need a custom soap12 binding.
This is the service config file:
<?xml version="1.0"?>
<configuration>
<system.web>
<globalization culture="es-PY" uiCulture="es-PY"/>
<customErrors mode="Off"/>
<webServices>
<!-- Tried adding and/or removing protocols and conformanceWarnings -->
<protocols>
<add name="HttpGet"/>
<add name="HttpPost"/>
</protocols>
<!-- -->
<conformanceWarnings>
<remove name="BasicProfile1_1"/>
</conformanceWarnings>
</webServices>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
<standardEndpoints>
<webHttpEndpoint>
<standardEndpoint name="standard" maxReceivedMessageSize="6553600" maxBufferSize="6553600" transferMode="Streamed" helpEnabled="true" automaticFormatSelectionEnabled="true">
<readerQuotas maxStringContentLength="65536000" maxArrayLength="163840" />
</standardEndpoint>
</webHttpEndpoint>
</standardEndpoints>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<!--<serviceMetadata httpGetEnabled="true"/>-->
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Tried setting multipleSiteBindingEnalbed true and false -->
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>
<!-- -->
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<connectionStrings>
<clear/>
<add name="GamblingEntities" connectionString="..." providerName="System.Data.EntityClient" />
<add name="GamblingSiteEntities" connectionString="..." providerName="System.Data.EntityClient" />
</connectionStrings>
<system.data>
<DbProviderFactories>
<clear/>
<add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data,
Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"/>
</DbProviderFactories>
</system.data>
</configuration>
The new ASMX runtime in .NET 2.0 supports SOAP 1.2. At this moment SOAP 1.1 is most widely being used in the industry. In the .NET Framework both SOAP 1.1 and SOAP 1.2 are supported. This means that the Web Services created in .NET Framework 2.0 will be configured to support both SOAP 1.1 and SOAP 1.2 messages. This indirectly means that the WSDLs thus created for the Web Service will have two types of bindings, i.e., SOAP 1.1 and SOAP 1.2.
Taken from here
This is why two bindings are being generated.
<remove name="HttpSoap12"/>
I guess this i how you disable this now i can understand why you see this as a workaround.
Something may have caused this when you moved your web service to the new framework and this is why some of your older web services on 1.1 possibly don't respond in the same way.
Try targeting 2.0 framework maybe to see what happens.
There is no solid workaround. I voted up your question. I am a victim of same problem, Although now I switched to generating dll using svcutil but this issue has been reported to Microsoft here update-or-configure-an-existing-service-reference-in-sl-application-you-get-duplicate-binding-and-endpoint-information
They said, it's fixed in VS2010 but I confirm it's not, I have VS2010 SP1 installed too but this is not fixed in SP1 also. So there this no fix given and bug is closed as 'External'. strange.
On the bug report page, you can also find a workaround but I find that messy.
Another workaround is creating service client object with binding name hard-coded to avoid double endpoint
MyService.MainServiceSoap mainServiceSoap = new MyService.MainServiceSoap("MainServiceSoap");
or at last we can open another bug report at Microsoft and vote up to fix it.
I just call svcutil.exe manually to rebuild my proxy class. Much simpler.