I'm converting about 90 C# applications to use Shibboleth and I can't figure out how to properly configure the shibboleth2.xml file. Each application has a few pages that do not require authentication, so I am unable to simply protect the entire directory. Also, each application has custom authentication, so I really only need one shibboleth protected page to retrieve the request variables which I then place into a user session.
This works, but I would have to add a path for every application. Is there a better way? Any advice would be greatly appreciated!
<Host name="development.test1.com">
<Path name="Application1/validatelogin" authType="shibboleth" requireSession="true"/>
<Path name="Application2/validatelogin" authType="shibboleth" requireSession="true"/>
<Path name="Application3/validatelogin" authType="shibboleth" requireSession="true"/>
<Path name="Application4/validatelogin" authType="shibboleth" requireSession="true"/>
...
</Host>
Related
I am using ELMAH in my MVC3 application and logging the errors to a SQL Database and sending emails.
Locally everything is working fine, and emails are being delivered (using casini). But on the production server (IIS7) no emails are being delivered. I am able however to send emails through code!
<elmah>
<errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="Elmah.Sql" applicationName="qatar" />
<errorMail from="errors#gmail.com"
to="someone#gmail.com"
subject="Error"
async="true"
smtpPort="587"
smtpServer="smtp.gmail.com"
enablessl ="true"
userName="myuser#gmail.com"
password="mypassword" />
Any clues or direction?
I found the reason, but still can't understand why it works locally:
enablessl should be changed to useSsl
I am using ActionMailer.Net in my MVC website to send email, I want to send from gmail, but gmail needs EnableSsl=True to be able to send, but I don't know where in ActionMailer.net I can configure this.
You have to edit your web.config file to something like this:
<system.net>
<mailSettings>
<!-- Method#1: Configure smtp server credentials -->
<smtp from="some-email#gmail.com">
<network enableSsl="true" host="smtp.gmail.com" port="587" userName="some-email#gmail.com" password="valid-password" />
</smtp>
</mailSettings>
</system.net>
Reference:
http://www.hanselman.com/blog/NuGetPackageOfTheWeek2MvcMailerSendsMailsWithASPNETMVCRazorViewsAndScaffolding.aspx\
This may be an extremely simple quesiton, but can I use node.js in a windows server 2008 environment with IIS? Is there a "Microsoft" library or some other solution that works better?
Sure you can, check out the IISNode Project.
You can install Node.js on Windows, but it is its own server, so unless you're using IIS as a proxy to it, there's no need for IIS at all. Note, though, the following as quoted from Node.js's installation instructions:
Neither [Windows] builds are satisfactorily stable but it is possible to get something running.
You essentially have two routes for running a Node.js application via IIS.
IISNode
Reverse Proxy using Application Request Routing
If you are dedicating an entire application to Node.js and simply need the public facing endpoint to work through your existing IIS Application, I would suggest using ARR to route the entire site through. I'm doing this for a couple of projects, and it works fairly well.
To be honest, I haven't liked IISNode, as it seems like you are making alien endpoints in your node code vs. IIS. It works, and if you are targeting Azure in particular it may be your best option. It also may be the best option if you have to shoe horn it into an existing .Net application.
I have been using Node on Windows with Cygwin and had few problems. You can use IIS to serve on default port 80 and run your Node apps on different ports.
If you want to proxy then most are using Nginx.
You can build node.js on Windows, but it's not recommended to use it due to possible stability issues. If IIS is using thread based pools then you shouldn't even use it as a reverse proxy (on linux based systems nginx is usually used to do this) for node.js because pool may quickly become fully loaded. If you want something similar to node.js on windows then you should try to look at manos.
I wanted to make it as easy as possible.
Issues with iisnode
I installed iisnode and ran the samples with no problem but...
I tried to deploy it on IIS with iisnode, but I had to bundle my meteor app and then deploy it as a node app. The problem I ran into discouraged me. I could not get fibers to install at all. compilation process kept trowing errors, so I gave up.
Reverse Proxy IIS
What I did to solve this for me is use a reverse proxy on IIS.
see my post on meteor forum
My final web.config entry was:
I did the same, however, the way I had the reverse proxy on IIS to use
a sub folder on the domain threw me of.
I was not aware that by using ROOT_URL we could specify the a sub
path.
example, if i run the following command inside my meteor app folder:
set ROOT_URL=http://localhost:3100/n/todos && meteor
I will be able to access my app at http://localhost:3100/n/todos,
notice I omitted the trailing /. And if we try to surf to the
address http://localhost:3100/n or http://localhost:3100/ will
give us an error Unknown path.
So, when I first setup the reverse proxy, I was getting the Unknown
Path error every time.
Turns out that on my IIS config, I have to specify the
http://localhost:3100/n/todos as the url value on the action, please
notice the "n/todos" at the end.
So my rewrite rule ended up like this: [file #
c:/inetpub/wwroot/web.config]
```
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="TODOs meteor app. Route the requests" stopProcessing="true" enabled="true">
<match url="^n/todos/(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://localhost:3100/n/todos/{R:1}" /> <!-- I was missing the /n/todos here -->
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="TODOs ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="false">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^http(s)?://localhost:3100/(.*)" />
<action type="Rewrite" value="/n/todos/{R:2}" />
</rule>
<rule name="TODOs RewriteRelativePaths" preCondition="ResponseIsHtml1" enabled="false">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^/(.*)" negate="false" />
<action type="Rewrite" value="/n/todos/{R:1}" />
</rule>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:3100/(.*)" />
<action type="Rewrite" value="http{R:1}://localhost/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
```
Thanks
I'm using the Telerik controls form MVC and they work great in my work/home dev environments, and in the work prod environment, but when I tried to deploy to my home prod environment (IIS7) I get a problem.
I've added the axd mime type, but wan't sure what else to do.
I read a post suggesting adding a handler, but wasn't sure if I'm setting that wrong or I'm just looking in the wrong direciton.
if you're on IIS7 make sure you add the handler to the <system.webServer><handlers> section:
<add name="MyName" path="MyName.axd" verb="*" type="NameSpace.Class, Assembly" />
I added: <add name="ScriptRegistrar" path="Access.axd" verb="*" type="Telerik.Web.Mvc.UI.ScriptRegistrar, Version=v2.0.50727" />
http://localhost:1000/asset.axd?id=sQAAAB-LCAAAAAAABADsvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHKZVZlXWYWQMztnbz33nvvvffee--997o7nU4n99__P1xmZAFs9s5K2smeIYCqyB8_fnwfPyJ-8UfT9qNHH7X5u_butGk-Gn10SX_u7ezujHfH93Ye0gfTjx619TqnX2YfPbr36f3RR_Tze7_4oxU1PKmWbb5s775ur8scb5_zV9VHj3ZGHy2pwbRaLKrlGKB_yYi_2JUv2rzM6-LtuN9gL2xwWTRtJt9__5d8_5f8PwEAAP__qtxwmrEAAAA%3d
To enable web resource combining with the Telerik Extensions you need to register the WebAssetHttpHandler in your webconfig:
IIS 7
<add name="AssetHandler" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc"/>
IIS 6
<add verb="GET,HEAD" path="asset.axd" validate="false" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc"/>
This handler enables you to use the Combine, Compress, and Cache features of the Script and StyleSheet Registrars. You can learn more and see additional config details in the Telerik online docs:
http://www.telerik.com/help/aspnet-mvc/web-assets-working-with-javascript-web-assets.html
This is both information to those experiencing the issue and a question.
edit: The question is why does dropping "www." from the URL cause this error when a website running at the same address can be referenced without "www.".
I recently reproduced this problem using a trivial WCF service (the one from endpoint.tv) after resolving the usual config issues one faces moving a service from local IIS to shared hosting.
The problem was the following response (from fiddler) upon checking the url in browser. In searching the web for posts on the topic I found a number of unresolved issues pointing to the same problem in addition to the posts where the usual shared hosting config issues fix them up.
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 17 Aug 2010 00:27:52 GMT
Content-Length: 0
In Safari/Chrome this manifests as a blank page.
In IE you get "The webpage cannot be found".
In FF you get "XML Parsing Error: no element found Location: http://................ Line Number 1, Column 1:" (which I saw in numerous unresolved posts on the web - feel free to backlink a possible solution)
In Opera you get "Invalid Address"
I was scratching my head regarding this for a while, then I thought to try putting in the "www." which I was previously omitting from my url for no particular reason.
Problem solved.
I can now see the normal output in the browser and interact with the service via WCF Test Client.
So the question is:
Why does this make a difference to the hosted WCF service when I know it does not make a difference for browsing to the website hosted at the same address? With or without the "www." I can browse to the website at the same domain, hosted on the same account.
So far I've tested this repro on a GoDaddy service. I may try some others later.
Also, if you happen to know - I'd be interested to know what features are likely to make my WCF services need full trust rather than medium trust. And any thoughts you have on whether it is a good idea to utilise such features (in context of least priv ideology).
For reference this is the web.config, including an additional endpoint suggested by Mike to try and resolve this.
<?xml version="1.0"?>
<configuration>
<system.web>
<customErrors mode="Off"/>
<compilation><!--debug="true"-->
<buildProviders>
<remove extension=".svc"/>
<add extension=".svc" type="System.ServiceModel.Activation.ServiceBuildProvider,System.ServiceModel, Version=3.0.0.0, Culture=neutral,PublicKeyToken=b77a5c561934e089"/>
</buildProviders>
</compilation>
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<services>
<service behaviorConfiguration="blah"
name="WCFServ.EvalService">
<endpoint address="http://www.abcdomain.com/WCFServ/WCFServ.EvalService.svc"
binding="basicHttpBinding"
contract="WCFServ.IEvalService" />
<endpoint address="http://abcdomain.com/WCFServ/WCFServ.EvalService.svc"
binding="basicHttpBinding"
contract="WCFServ.IEvalService" />
<!--<endpoint address=""
binding="mexHttpBinding"
contract="IMetadataExchange" />-->
<!--<host>
<baseAddresses>
<add baseAddress="http://abcdomain.com/WCFServ/" />
</baseAddresses>
</host>-->
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="blah">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://www.abcdomain.com/WCFServ/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
</system.serviceModel>
<!--http://localhost/WCFServ/WCFServ.EvalService.svc-->
<startup><supportedRuntime version="v2.0.50727"/></startup></configuration>
Because you're using absolute URLs as your endpoint addresses, WCF needs to see a specific host header in HTTP requests in order to bind to those addresses.
Web servers are no different; if they're configured for a specific host, the request headers must have the host name or they won't serve up content. However, multiple host names can be bound to web sites, however, so sometimes a site may be tied to both www.example.com and example.com. Also, some web browsers, if you go to example.com and get a 404 or if the DNS lookup fails, will automatically retry the request at www.example.com.
I think the easiest thing for you to do to resolve your issue is to modify your endpoint(s) so they are host neutral. For example:
<services>
<service behaviorConfiguration="blah" name="WCFServ.EvalService">
<endpoint address="/WCFServ/WCFServ.EvalService.svc"
binding="basicHttpBinding"
contract="WCFServ.IEvalService"/>
</service>
</services>
<!-- Just leave this out
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://www.abcdomain.com/WCFServ/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
-->
Make sure that you have endpoints defined without the www in your web config.
This page has some good explanations about WCF addressing:
WCF Adressing In Depth.
Is your problem solved by adding the following attribute on your serviceclass?
[ServiceBehavior(AddressFilterMode=AddressFilterMode.Any)]