IIS7 cacheControlMaxAge attribute not working - asp.net-mvc

In IIS 7.5 I have set the cacheControlMaxAge to be one year like so
<location path="Content/Images">
<system.webServer>
<staticContent>
<clientCache cacheControlCustom="public" cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
</system.webServer>
</location>
As per this guide: Setting Expires and Cache-Control: max-age headers for static resources in ASP.NET
However, the Google PageSpeed tool is still saying that the files are not cached:
The following cacheable resources have a short freshness lifetime. Specify an expiration at least one week in the future for the following resources:
* https://local.example.com/Content/Images/image1.png (expiration not specified)
(etc)
Why does it say "expiration not specified"?
The entire webapp is served over https, is that a factor?

I solved this by changing the path specified from Content/Images to just Content
<location path="Content">
<system.webServer>
<staticContent>
<clientCache cacheControlCustom="public"
cacheControlMode="UseMaxAge"
cacheControlMaxAge="365.00:00:00" />
</staticContent>
</system.webServer>
</location>
So it is fixed, but the changing of the path does not make it clear what the problem actually was.

I've found Google PageSpeed in some instances takes a bit of time to 'catch up' with recent changes you've made. Make sure you've done a full page refresh and hit the refresh button in PageSpeed itself. Failing that, using Firebug on Firefox always seems to give accurate results in the net tab. Click the plus icon next to the file and examine the response headers.

Related

Remove 'fileExtension' and add 'mimeMap' to my config file for the Azure server

I have this snippet below and in order for my fonts to work when I publish to Azure, I have to include it. Why?
Is there a way to publish to Azure without have to include these lines and still have my fonts work?
<staticContent>
<remove fileExtension=".svg" />
<remove fileExtension=".eot" />
<remove fileExtension=".woff" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
<mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
<mimeMap fileExtension=".woff" mimeType="application/x-woff" />
</staticContent>
Actually, these lines are for improving performance!
Even with the missing .WOFF2 entry, Chrome will eventually find a font that it knows about and can find on the server. After all it works without all the fuss.
A 404 request is still a server request and there's latency and some bandwidth (headers and response) involved with every 404 request. Additionally, 404's on a server are nasty because they don't cache. So unlike a successful resource request which eventually ends up in the cache and won't get requested again by a browser, a 404 will always be re-requested adding extra overhead to any request that has to load your font so you take that extra server round trip on every page load that loads this 404 resource even if it was previously requested.
So, it's always a good idea to hunt down 404 errors in applications especially for things that get fired on every page.
For more details, you could refer to this article.

Umbraco - http 500 Server Errors for .css and .js files

What happened to our Umbraco instance? It looks like this when I'm logged in, and when I check the browser console I see lots of 500 Internal Server Errors for both the backoffice and the front-end website, with failures for .css and .js files.
I've tried recycling, stopping and starting the app pool, and restarting IIS. I've tried updating the clientDependency version number in clientDependency.config, that didn't work.
I double-checked and I'd added a mime-type via the web.config (in the section), and I'd also added it as a mime type via IIS. This breaks loading of static content, so I defined the mime-type in the web.config only and removed it from IIS, and this fixed the issue.
I tries to load a gif-file and just like ProNotion says:
I found this line in web.config without any remove element:
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
Add change to
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
That fixed the issue for me.
It's likely a permissions problem. I'd suggest that you first need to try and find some detail on the 500 error. Can you inspect it for further detail?
If that doesn't help disable the ClientDependency framework by setting debug="true" on the compilation node of youur web.config file. It's located under the system.web node and looks like this:
<compilation defaultLanguage="c#" debug="true" batch="false" targetFramework="4.0">
If you still have issues after that you can at least browse directly to those resources to view details of the error.
Simon

MVC site deployed on Azure returns error when accessing elmah

I have an MVC WebAPI site that has the latest ELMAH.MVC NuGet package installed. Under Visual Studio, I can access
http://localhost:1234/elmah
and get the error log, just like I'm supposed to be able to.
When I deploy it to Azure, it throws an error when I do that. Fortunately, Elmah is logging the error to the XmlError log in App_Data, and I found this:
<error errorId="92ad3ee1-3fd5-449a-8cb4-0474aa771aab"
application="/LM/W3SVC/417796901/ROOT"
host="RD00155D430783" type="System.Web.HttpException"
message="Server cannot set status after HTTP headers have been sent."
source="System.Web"
detail="System.Web.HttpException (0x80004005): Server cannot set status after HTTP headers have been sent.
And then goes on for many lines of stack trace, NONE of which comes anywhere near my code.
What's going on? I've just added the Elmah.MVC nuget package, and made the following changes to the Web.Config
<elmah>
<security allowRemoteAccess="yes"/>
<errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data" />
</elmah>
<location path="elmah.axd">
<system.web>
<allow roles="*" />
</system.web>
</location>
It's not coming anywhere near any of my controllers, so I don't have any control over when Http status headers are set or sent.
Thanks for any help.
itanex is right! Put an empty text file (i.e. placeholder.txt) in the App_Data folder and mark it as "Content" and "Always Copy" - This will ensure that the App_Data folder is getting created. Also, as Simon point out, the correct path (based on your config) is /elmah.axd
via https://stackoverflow.com/a/11680786/1037948:
Allow remote access:
<elmah>
<security allowRemoteAccess="true"/>
</elmah>

ASP.Net MVC 3 what folders are web visible

I have some sensitive files that I want the web server to be able to use, but I do not want them to be accessible from a web browser.
I am having a really hard time finding any documentation that describes which folders in ASP.Net are hosted publicity and which are private. For instance I know the Content and Scripts directory are public, but I see no configuration or options that show granting access to those paths.
What folders are web accessible? And where would it be safe to put these sensitive files?
Thanks for the help!
have some sensitive files that I want the web server to be able to
use, but I do not want them to be accessible from a web browser.
~/App_Data is for you. Here's a list of the different ASP.NET special folders.
I'm not sure about which special folders are locked down (other than App_Data & bin), but you can block any folder from being web accessible by adding an <authorization/> section to a <location/> section to your web.config:
<!-- Block access to Admin directory -->
<location path="Admin">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
Alternatively, you can add a web.config directly to the directory you want to block, containing the following:
<?xml version="1.0"?>
<!-- This web.config blocks access to any directory it is put in,
and its subdirectories -->
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>
These approaches are functionally identical, it just depends on your preference. Personally, I think having the web.config file in the directory you're blocking access to is a little less confusing.

ASP.NET MVC Web.config error with built in authentication when trying to browse a created REST service

It is not liking my web config at all. I need to make this change for my REST service so I do not get
IIS specified authentication schemes 'Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.
So the change I made is
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<basicAuthentication enabled="false" />
</authentication>
</security>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
And when I try to load the rest service it says
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Any ideas?

Resources