I created a websharper sitelet project from Visual Studio 2012, which I called SiteletTest.
I compiled this project.
Then I copied SiteletTest/Web to inetpub/wwwroot.
Then I go to localhost/SiteletTest, localhost/SiteletTest/Home and localhost/SiteletTest/home but in each case I get http 404.
If I go to localhost/Main.html then I get a page, so going to this directory seems to work, but websharper doesn't appear to be working.
My web.config is below, and I have no idea what else to do. I already set the application pool to use .net 4:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms" />
<pages>
<controls>
<add tagPrefix="WebSharper" namespace="IntelliFactory.WebSharper.Web" assembly="IntelliFactory.WebSharper.Web" />
<add tagPrefix="ws" namespace="Website" assembly="Website" />
</controls>
</pages>
<httpModules>
<add name="WebSharper.Remoting" type="IntelliFactory.WebSharper.Web.RpcModule, IntelliFactory.WebSharper.Web" />
<add name="WebSharper.Sitelets" type="IntelliFactory.WebSharper.Sitelets.HttpModule, IntelliFactory.WebSharper.Sitelets" />
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="WebSharper.Remoting" type="IntelliFactory.WebSharper.Web.RpcModule, IntelliFactory.WebSharper.Web" />
<add name="WebSharper.Sitelets" type="IntelliFactory.WebSharper.Sitelets.HttpModule, IntelliFactory.WebSharper.Sitelets" />
</modules>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
<assemblyBinding appliesTo="v4.0.30319" xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="FSharp.Core" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
<bindingRedirect oldVersion="2.0.0.0" newVersion="4.3.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
I am not going to be paying for a license until I get an idea if this may work for my needs, so, how do I get this to work?
I don't want to copy the sitelet code, but here are some fragments:
type Action =
| Home
| Contact
| Protected
| Login of option<Action>
| Logout
| Echo of string
and another fragment:
module Pages =
/// The home page.
let HomePage : Content<Action> =
Skin.WithTemplate "Home" <| fun ctx ->
[
H1 [Text "Welcome to our site!"]
"Let us know how we can contact you" => ctx.Link Action.Contact
]
I'm pretty sure you are missing 1 of three things:
1- Your sitelet/router isn't defined... something like this:
type Site() =
interface IWebsite<Action> with
member x.Sitelet =
Sitelet.Infer
<| function
| Home -> Pages.HomePage
...
member x.Actions = []
This maps each of the action cases to the correct page. There are many ways to define it but the above Sitelet.Infer will simply map the route by name.
2- You did not specify a Website assembly attribute... something like this:
[<assembly : Website(typeof<Site>)>]
do ()
I think this tells ASP.NET to load the above Sitelet as your site.
3- A third option is to automatically load a client-side JavaScript control from a Default.aspx page in the C# Web Project. If you use the Web Application (ASP.NET) template, you will see an example of that... but with that I do not think you can control the URL Path in a REST-full manner.
Related
i read this article to implement elmah http://www.c-sharpcorner.com/UploadFile/858292/exception-logging-in-mvc-using-elmah/
but i want only authorized person with admin role can see the elmah.axd file. how could i do it? guide me.
i found one way to attach elmah.axd file with admin role. here is code
https://blog.elmah.io/elmah-tutorial/
<location path="elmah.axd">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="ELMAH"
verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah"
preCondition="integratedMode" />
</handlers>
</system.webServer>
</location>
tell me the above way is the only way to protect elmah.axd file for admin role.
from this link https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/
i found this one
<appSettings>
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
<add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>
if i add the above entry in web.config file then no authorized user other than admin role can not access elmah.axd file.......i have doubt. please some one guide me.
As I understand it from the docs, the first example is a general solution for ASP.NET. This has some issues with MVC, specifically with MVC's HandleErrorAttribute as well as getting custom errors.
The second example is for Elmah.MVC, a package specifically catering to ASP.NET MVC. This is the recommended way to set up Elmah when using the MVC framework.
<appSettings>
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
<add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>
What about ASP.NET MVC?
ELMAH were originally created for ASP.NET. Different features
available in ASP.NET MVC have been causing a lot of head-scratching
since introduced back in 2007. Some of you may have struggled with
MVC's HandleErrorAttribute as well as getting custom errors and ELMAH
working at the same time. In 2011, Alexander Beletsky created the
Elmah.MVC package to help MVC developers using ELMAH. We highly
recommend MVC projects to use this package, since it removes a lot of
the frustrations that people are having with MVC and ELMAH.
https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/
I have created a simple Web API in our existing MVC application (By adding an API controller). I hosted API to localhost and created an simple html page to call the service and to check CORS. To enable I changed my web.config file with following lines:
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
Everything was working fine and API was accessible through html page to localhost.
With same changes I hosted it on server (shared hosting server). It is throwing the same irritating error
XMLHttpRequest cannot load http://www.mywebsite.com/api/Booking. Invalid HTTP status code 405
According to search on Google it should work with these web.config changes. Please help to resolve the issue.
Thanks
Finally after spending a full day resolved the issue, followed link posted by "Yaser".
But I would say it is not easy that's why I am mentioning steps here.
First of all we need to install package through Nuget "Install-Package Microsoft.AspNet.WebApi.Cors" but if your target framework is 4.0 you cannot install it. First convert into 4.5 by right click on Project => Properties then in application tab select framework 4.5
The another gotcha is most of dll's will not work after changing framework version, again Right click on solution and select on Manage Nuget Package and update all. (take back up your project before doing this)
if everything works fine you are just one step away - add the following line in webapiconfig.cs under app_start folder
config.EnableCors();
After that open you API controller, add following line at controller level
[EnableCors(origins: "*", headers: "*", methods: "*")]
public class BookingController : ApiController
{
}
Last step change your web.config on production server add following line (compare with localhost web.config)
<dependentAssembly>
<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
All make a new build and replace all the bin files with new one ........ :)
Thanks
in my mvc-project i have set up ELMAH for the exception-handling. ELMAH comes with a frontend which can be accessed by "/elmah.axd".
In the web.config this is configured like this:
<location path="elmah.axd">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow roles="ADMIN" /> <!-- instead i want to use 'permission' from my custom RoleProvider -->
<deny users="*"/>
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="ELMAH"
verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah"
preCondition="integratedMode" />
</handlers>
</system.webServer>
</location>
If i would use the standard RoleProvider i would use the authorization as specified in the example above. But as i have a custom RoleProvider i can't / dont know how to do this.
For my Views i have implemented a custom Authentication-Attribute which is very similar to the [Authorize] Attribute (but takes Permissions instead...). Now i want to specify the accessibility for "elmah.axd" (which is no physical file) using my custom RoleProvider.
Does anyone have a clue how i could archieve my goal?
here seems to be a viable approach...
We have successfully configured windows identity foundation (WIF) in our ASP.NET 4.5 MVC 4 project with the help of the Identity and Access... extension for Visual Studio 2012. But are unable to exclude a specific path from authorization to allow anonymous access.
When we access our default route (i.e. /Home), the passive redirection will redirect us to the configured issuer Uri. This is currect. But now assume we want to exclude Path /Guest from STS Authentication so that everybody can access http://ourhost/Guest without beeing routed to the STS issuer. Only static documents are located there.
Snippets from Web.config:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://ourhost/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="9B74****40D0" name="OurSTS" />
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="http://oursts/Issue" realm="http://ourhost/" reply="http://ourhost/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>
Further we have...
<system.webServer>
<!-- ... -->
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
and finally:
<system.web>
<!-- ... -->
<authentication mode="None" />
</system.web>
We tried the following without success:
<location path="~/Guest"> <!-- also "/Guest" is not working -->
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
We also tried to put a small Web.config file into this folder, without success. No matter which Uri we locate to in the browser, we're always redirected.
What is the proper way to accomplish this?
EDIT
Removed the previous "accepted answered", set "accepted answer" to Eugenios answer as this is the more useful reply.
In an MVC app you typically define access through the [Authorize] attribute in controllers and actions.
Just remove from web.config:
<system.web>
<authorization>
<deny users="?" />
</authorization>
Note: this is usually added automatically by the "Add STS Reference" wizard in VS2010
It seems that the behaviour is exactly the same on VS2012 and the new tools. I just created a brand new MVC4 app. Ran the "Identity and Access..." tool with a local config STS (left all defaults).
It did add this fragment to the web.config:
<authorization>
<deny users="?" />
</authorization>
I removed it and added [Authorize] to the About controller action:
[Authorize]
public ActionResult About()
{
ViewBag.Message = "Your app description page.";
return View();
}
When I click on the "About" link, then I get redirected to the STS. Everything else works with anonymous access.
Note:
You have some control on this too in the wizard (see the "Configuration" page of the wizard).
I can not get [Authorize] to work - it is not doing the redirect to my STS, and I am sure it is something I am missing. I did discover how to solve for the original ask, though.
In global.asax:
protected void Application_Start()
{
... config stuff ...
FederatedAuthentication.WSFederationAuthenticationModule.AuthorizationFailed += WSFederationAuthenticationModule_AuthorizationFailed;
}
and then:
void WSFederationAuthenticationModule_AuthorizationFailed(object sender, AuthorizationFailedEventArgs e)
{
// Do path/file detection here
if (Request.Path.Contains("/Content/") || Request.Path.Contains("/Scripts/"))
{
e.RedirectToIdentityProvider = false;
}
}
I was in the same situation as Thomas. In my case, I was testing/using IISExpress locally.
Eugenio's answer almost got me working, with one added requirement. I had to set the "Anonymous Authentication" in my MVC Project Property to "Enabled."
This was either disabled by default or possibly set that way when using the VS 2012 "Identity and Access..." tooling.
So, to recap, there was no code or special attributes to write/maintain.
My csproj file contains:
<IISExpressAnonymousAuthentication>enabled</IISExpressAnonymousAuthentication>
My web.config contains:
<system.web>
<authentication mode="None" />
</system.web>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true" issuer="https://REMOVED.accesscontrol.windows.net/v2/wsfederation" realm="urn:REMOVED" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>
And, I add the standard [Authorize] attribute to controller actions that I want to be defended by WIF:
[Authorize]
public ActionResult About()
{
....
}
What finally pointed me into the right direction was an older blog post which explains how to protect a specific controller or area of the page. In combination with global filters I'm almost there.
It seems like the key is not to use the passiveRedirectEnabled="true" option but set it to false. Only then you have the full control over the authentication process, but would need to trigger the passive redirection yourself then, using the SignInRequestMessage class (which is not a big deal).
Better solutions with less code required are welcome.
EDIT
Removed "accepted answered" state for this, set "accepted answer" to Eugenios anwer as this is the more useful reply.
I solved this in the web.config, the firts line Allow all unauthorized users and the second line disabled redirection
<wsFederation passiveRedirectEnabled="false" issuer="xxx" realm="xxx"/>
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
Is anyone else frustrated with the built in ASP.NET unit testing framework? The problem I am having is connecting and testing against the Membership provider for ASP.NET in a MVC3 application. It looks like the database connection has not been established or that there is a different set of rules in place then when I run the application normally. Here are the two scenarios.
1) Attempting to find an existing user by name:
Unit Test -
[TestMethod]
public void RegisterTest()
{
AccountController target = new AccountController();
RegisterModel model = new RegisterModel() { UserName = "existinguser", Email = "email#test.com", Password = "Password", ConfirmPassword = "Password" };
actual = target.Register(model);
}
Code chunk from the AccountController -
MembershipCreateStatus createStatus;
MembershipUserCollection members = Membership.FindUsersByName(model.UserName);
MembershipUser user = null;
if (members.Count > 0)
createStatus = MembershipCreateStatus.DuplicateUserName;
Result -
When I step into this code the members array is empty even though I know this user to be in the system. Is there some trick to establishing a connection to the membership store in the unit testing application? I have attempted using the datasource attribute with no success.
2) Attempting to create a new membership account:
The unit test is the same as above however I am passing a new user that is not already in the system. When I step into the controller and get to the following line it gives me a membershipCreateStatus of 'InvalidQuestion'. This seems odd since when running this live I don't have that problem and can create accounts with the line as it is.
user = Membership.CreateUser(model.UserName, model.Password, model.Email, string.Empty, string.Empty, true, null, out createStatus);
Thanks in advance for your help. I am really trying to do this test first method but it's making it harder using the built in testing framework. Certainly there is a way to connect to the DB for all the unit tests (not providing a connection for each test) and simulate the same actions I would through a browser.
When you run your unit tests it will effectively run as a new application and will therefore use its own config file - in other words not web.config that your MVC app uses. So what I would guess you are missing without more information is an entry in the app.config file in your test project, for the connection string to the database that holds your membership information (you may also be missing app.config).
If you are trying to take a TDD approach you should be writing unit tests and if you need to connect to a database for the unit tests to run, they are probably integration tests rather than unit tests. Because the Membership classes use static methods this makes things difficult. What I would recommend is wrapping the membership functionality up in it's own service with a corresponding interface (IMembershipService for example) which can then be injected by your IoC container. For the purposes of your unit tests, you can then simply mock the IMembershipService interface that you created with no need to connect to your database.
I had the same problem. And yes it looks like my unit tests are more like integration tests but I just needed to test the controllers and speed wasn't a concern at this point in the project. I basically added all the sql memberbership config and connection string from the MVC 3 project's web.config to test project's app.config and the membership provider worked when the unit tests ran. Below is my test project's app.config in it's entiriety.
<?xml version="1.0" encoding="utf-8"?>
<!--
Note: Add entries to the App.config file for configuration settings
that apply only to the Test project.
-->
<configuration>
<appSettings></appSettings>
<connectionStrings>
<add name="ApplicationServices" connectionString="mySqlServer;initial catalog=mySqlMembershipDB;persist security info=True;user id=mySqlUser;password=mySqlPassword;" providerName="System.Data.SqlClient" />
</connectionStrings>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile defaultProvider="AspNetSqlProfileProvider">
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false" defaultProvider="AspNetSqlRoleProvider">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</roleManager>
</system.web>
</configuration>