I am using Yii2 REST with ActiveController to create a new Pessoa(), on Apache works fine , but on IIS 8 an error occurs.
Does anyone know of any configuration in IIS?
REQUEST
Request URL:http://10.192.1.145/api/pessoa
Request Method:POST
Status Code:201 Created
Remote Address:10.192.1.145
Referrer Policy:no-referrer-when-downgrade
RESPONSE
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found
here</body>{"id":"21"}
I had a similar issue to this. It seems to be related to FastCGI. Not sure about it. I know it happens when setting response headers to 201 http status code (this line in source code) which get changed by IIS later. If you have access to server try those solutions:
W7 Pro IIS 7.5 overwrites PHP Location: Header (solved)
In my case I had only FTP access to server so I overridden the Create Action by something like what follows to force a 200 status code instead of 201:
public function actions()
{
$actions = parent::actions();
unset($actions['create']);
return $actions;
}
public function actionCreate() {
$model = new Pessoa();
$model->load(Yii::$app->getRequest()->getBodyParams(), '');
if ($model->save() === false && !$model->hasErrors()) {
throw new ServerErrorHttpException('Failed to update the object for unknown reason.');
}
return $model;
}
Just in case somebody else needs to keep the status code and remove only the response part added by IIS, this is what I did to solve my problem. You may need adapt it to your needs, though:
<!-- PS: In my case, i just had a one line HEAD and a one line BODY being added. -->
<outboundRules>
<rule name="Remove the tag HEAD" preCondition="isStatus201">
<match filterByTags="None" pattern="^\<head\>.*?$" />
<action type="Rewrite" value="" />
</rule>
<rule name="Remove the tag BODY" preCondition="isStatus201">
<match filterByTags="None" pattern="^\<body\>.*?\</body\>" />
<action type="Rewrite" value="" />
</rule>
<preConditions>
<preCondition name="isStatus201">
<add input="{RESPONSE_STATUS}" pattern="^201$" />
</preCondition>
</preConditions>
</outboundRules>
Tested in IIS 8.5;
Hope it helps somebody else.
In fact, I was able to optimize the RegEx so that a single rule catches all the lines up the closing body tag:
<outboundRules>
<rule name="Remove injected 201 content" preCondition="Status 201">
<match filterByTags="None" pattern="^(?:.*[\r\n]*)*.*</body>" />
<action type="Rewrite" value="" />
</rule>
<preConditions>
<preCondition name="Status 201" patternSyntax="Wildcard">
<add input="{RESPONSE_STATUS}" pattern="201" ignoreCase="false" />
</preCondition>
</preConditions>
</outboundRules>
Related
I am trying to develop a outlook add-in that finds an expression with regex in the mail body, but the getRegExMatches() always give me null.
I didn't know how to do it so I tried the example in https://learn.microsoft.com/en-us/office/dev/add-ins/reference/objectmodel/requirement-set-1.5/office.context.mailbox.item?product=outlook&version=v1.5#getregexmatches--object
the code for the rules of the example are
<Rule xsi:type="RuleCollection" Mode="And">
<Rule xsi:type="ItemIs" FormType="Read" ItemType="Message" />
<Rule xsi:type="RuleCollection" Mode="Or">
<Rule xsi:type="ItemHasRegularExpressionMatch" RegExName="fruits" RegExValue="apple|banana|coconut" PropertyName="BodyAsPlaintext" IgnoreCase="true" />
<Rule xsi:type="ItemHasRegularExpressionMatch" RegExName="veggies" RegExValue="tomato|onion|spinach|broccoli" PropertyName="BodyAsPlaintext" IgnoreCase="true" />
</Rule>
</Rule>
and in the javascript I can call this rule like this
var allMatches = Office.context.mailbox.item.getRegExMatches();
var fruits = allMatches.fruits;
var veggies = allMatches.veggies;
the var allMatches is the one that gives me a null, because of that the others 2 variables gives an error. This was supposed to give an array with strings, which this strings must be equals to the strings in the rules (like apple, banana, etc).
The regex rules should only work in the context of detected entities. You can read more about it here: https://learn.microsoft.com/en-us/outlook/add-ins/contextual-outlook-add-ins. Are you running your add-in from a detected entity as a contextual add-in? If not, then use Body.getAsync to get the body, and then try searching in the body with your regex.
We have developed a site with multiple controllers that accept GET and POST and return views and JSON, and everything works fine in our Development environment.
But on the client's acceptance server we have an issue: all the GETs return well their results, but the POSTs return an error described here by John West. The Stacktrace is identical.
System.InvalidOperationException: Could not invoke action method: askquestion. Controller name: Assistance. Controller type: [Namespace].Assistance.Controllers.AssistanceController
We use the approach of defining the route for each controller:
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<pipelines>
<initialize>
<processor type="[Namespace].Assistance.Pipelines.RegisterWebApiRoutes, [Namespace].Assistance"
patch:before="processor[#type='Sitecore.Mvc.Pipelines.Loader.InitializeRoutes, Sitecore.Mvc']" />
</initialize>
</pipelines>
</sitecore>
</configuration>
The processor is like this:
public class RegisterWebApiRoutes
{
public void Process(PipelineArgs args)
{
RouteTable.Routes.MapRoute(
name: "Assistance.Api",
url: "api/assistance/{action}",
defaults:new {controller = "Assistance" });
}
}
The action method is like this
[HttpPost]
public ActionResult AskQuestion(AskQuestionViewModel model)
{
if (ModelState.IsValid)
{
....
return View("Confirmation");
}
else
{
return View(model);
}
}
What is happening? Somehow Sitecore blocks AJAX POST requests. Definitely, this is the configuration issue. Where should I look?
OK, I have found the source of the issue.
They had URL Rewrite Module with one rule: LowerCaseRule1 (or it may be any other). But when it made it's work, the request turned to GET. Then the controller could not find the corresponding GET action and voila: could not invoke the action method.
I simply added the exception in rewrite rules and it worked.
<rewrite>
<rules>
<rule name="LowerCaseRule1" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
<action type="Redirect" redirectType="Permanent" url="{ToLower:{URL}}" />
<conditions>
<add input="{URL}" pattern="^.*\.(axd|ashx|asmx|lic|ico|swf|less|aspx|ascx|css|js|jpg|jpeg|png|gif)$" negate="true" ignoreCase="true" />
<!-- here is my exception -->
<add input="{URL}" pattern="/api/assistance" negate="true" />
</conditions>
</rule>
</rules>
</rewrite>
I'm trying to write an action in a webapi controllers to allow downloading a file.
But for some strange reason, the code doesn't works.
Here is my code:
<RoutePrefix("api/files")>
Public Class PermitFilesController
Inherits ApiController
<Route("download")>
public function GetFile() As HttpResponseMessage
Dim fStream as FileStream = File.Open("C:\Projects\1234.pdf", FileMode.Open, FileAccess.Read )
Dim response = Request.CreateResponse(HttpStatusCode.OK)
response.Content = new StreamContent(fStream)
'response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
'response.Content.Headers.ContentDisposition.FileName = Path.GetFileName(fStream.Name)
response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/pdf")
return response
End Function
I try to download simply using the url in browser:
localhost:<myport>/api/files/download
The error (in Chrome ) is Error code: ERR_CONNECTION_RESET
In FF, it is even stranger: it redirects me to www.localhost.com:/... with the same error - connection reset by host
I put a breakpoint in my code, and I noticed the code gets called twice (as soon as I exit from trace from last line, it gets called again to the first line).
I have several other actions in this controller, and they all work ok.
Anyone having any idea what am I doing wrong?
EDIT
I started Fiddler, and now my browser shown this error:
[Fiddler] ReadResponse() failed: The server did not return a response
for this request. Server returned 0 bytes.
EDIT
I want to mention that webapi is integrated into a legacy classic asp.net application
The initialization code is as follows:
In global.asax.Application_Start
WebApiHelper.Initialize
....
....
Public Class WebApiHelper
Public Shared Sub Initialize()
GlobalConfiguration.Configuration.MessageHandlers.Add(New BasicAuthMessageHandler() With { _
.PrincipalProvider = New MPNAuthProvider() _
})
AreaRegistration.RegisterAllAreas()
WebApiConfig.Register(GlobalConfiguration.Configuration)
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters)
RouteConfig.RegisterRoutes(RouteTable.Routes)
GlobalConfiguration.Configuration.EnsureInitialized()
End Sub
....
MPNAuthProvider is used to ensure authenticated access to some webapi controllers
Public Class MPNAuthProvider
Implements IProviderPrincipal
Public Function CreatePrincipal(username As String, password As String) As IPrincipal Implements IProviderPrincipal.CreatePrincipal
Dim userID As Integer = 0
If Not UserData.ValidateUser(username, password, userID) Then Return Nothing
Dim identity = New GenericIdentity(userID)
Dim principal = New GenericPrincipal(identity, {"User"})
Return principal
End Function
End Class
Anything else I should check to see what happens?
Thank you
Initial Solution
After suggestion from Julien Jacobs, I tested my code into a separate, stand alone webapi project, and indeed the code proved to be correct.
So I started to investigate the web.config.
And I found the following settings that I had to comment out:
<system.web>
....
<httpModules>
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" />
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" />
</httpModules>
and
<modules runAllManagedModulesForAllRequests="true">
<remove name="RadUploadModule" />
<remove name="RadCompression" />
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode" />
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode" />
</modules>
After I commented them, the code started to work ok.
But this proved to not be the ideal solution, so please read on...
Updated solution
After more tests with the application, I realized that RadCompression, while not absolutely required, is very useful to web applications with Telerik Ajax, because it provides transparent, on the fly compression for all ajax traffic (plus viewstate, is configured).
Because I disabled it, the application started to be slower.
So I had to find a way to re-enable RadCompression, but disable it for certain requests (like webapi endpoint for files download).
And the solution is:
Add special config section for RadCompression configuration
<configSections>
<sectionGroup name="telerik.web.ui">
<section name="radCompression" type="Telerik.Web.UI.RadCompressionConfigurationSection, Telerik.Web.UI, PublicKeyToken=121fae78165ba3d4" allowDefinition="MachineToApplication" requirePermission="false"/>
</sectionGroup>
....
</configSections>
Add handlers in system.web\httpModules
<system.web>
....
<httpModules>
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" />
</httpModules>
Add handlers in system.webServer\modules
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="managedHandler" />
</modules>
</system.webServer>
And the critical part, to disable RadCompression for specific requests (URIs), add a new config section as below
<telerik.web.ui>
<radCompression enablePostbackCompression="true">
<excludeHandlers>
<!--This will match every api/permitfiles/download file regardless of its location in the web site--> <add handlerPath="api/permitfiles/download" matchExact="false"/>
</excludeHandlers>
</radCompression>
</telerik.web.ui>
With those changes, RadCompression is empowered globally in the app for all requests, but restricted for specific requests (like webapi files download)
I have a simple form that posts to an HttpPost action method, which returns its corresponding view. My issue is that I'm getting a 404 Not Found error. Oddly enough, if I change the form method and the attribute on the action method to a GET, then it works and the TestMethod view is displayed.
It seems I'm missing something for using POST, but my posts in other controllers work fine (e.g. account login and registration). Note the AllowAnonymous attribute is a custom attribute to be able to specify the controllers or actions that allow anonymous access, as opposed to specifying (via the Authorize attr) the controllers or actions that require authorization. I guess nothing is impossible, but I don't think that has anything to do with my issue. Any thoughts on what is wrong?
FORM:
#using (Html.BeginForm("TestMethod", "Test", FormMethod.Post, new { #id = "testForm" })) {
<fieldset>
<legend>Test Form</legend>
<input type="submit" value="Submit" />
</fieldset>
}
CONTROLLER ACTION:
[AllowAnonymous]
[HttpPost]
public ActionResult TestMethod() {
return View();
}
VIEW:
<h2>TestMethod</h2>
<p>HttpPost method was successful.</p>
REGISTER ROUTES METHOD FROM Global.asax.cs:
public static void RegisterRoutes(RouteCollection routes) {
routes.IgnoreRoute("favicon.ico");
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
// About
routes.MapRoute(
"About", // Route name
"about", // URL with parameters
new { controller = "Home", action = "About" } // Parameter defaults
);
// Faq
routes.MapRoute(
"Faq", // Route name
"faq", // URL with parameters
new { controller = "Home", action = "Faq" } // Parameter defaults
);
// Glossary
routes.MapRoute(
"Glossary", // Route name
"glossary", // URL with parameters
new { controller = "Home", action = "Glossary" } // Parameter defaults
);
// Register
routes.MapRoute(
"Register", // Route name
"register", // URL with parameters
new { controller = "Account", action = "Register" } // Parameter defaults
);
// LogIn
routes.MapRoute(
"LogIn", // Route name
"login/{id}", // URL with parameters
new { controller = "Account", action = "LogOn", id = UrlParameter.Optional } // Parameter defaults
);
routes.MapRoute(
"LogOn", // Route name
"logon/{id}", // URL with parameters
new { controller = "Account", action = "LogOn", id = UrlParameter.Optional } // Parameter defaults
);
// Default
routes.MapRoute(
"Default", // Route name
"{controller}/{action}/{id}", // URL with parameters
new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults
);
}
AUTHORIZE ATTRIBUTE CODE:
// AllowAnonymousAttribute class
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class AllowAnonymousAttribute : Attribute { }
// GlobalAuthorize class
public sealed class GlobalAuthorize : AuthorizeAttribute {
public override void OnAuthorization(AuthorizationContext filterContext) {
bool skipAuthorization =
filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);
if (!skipAuthorization) base.OnAuthorization(filterContext);
}
}
// RedirectAuthorizeAttribute class
public class RedirectAuthorizeAttribute : AuthorizeAttribute {
public string RedirectUrl { get; set; }
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
filterContext.Result = new RedirectResult(RedirectUrl);
}
}
GLOBAL FILTERS:
public static void RegisterGlobalFilters(GlobalFilterCollection filters) {
filters.Add(new RequireHttpsAttribute());
filters.Add(new GlobalAuthorize());
filters.Add(new HandleErrorAttribute());
}
ROUTE REWRITING RULES:
<rewrite>
<rules>
<!-- Block all requests made to a website that do not have the host header set. -->
<rule name="Fail bad requests" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
<!-- Remove trailing slash from all incoming requests. -->
<rule name="Remove trailing slash" stopProcessing="false">
<match url="(.*)/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="{R:1}" />
</rule>
<!-- Convert all requests to all lowercase. -->
<rule name="Convert to lowercase" stopProcessing="false">
<match url=".*[A-Z].*" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{R:0}}" redirectType="Permanent" />
</rule>
<!-- Any URL with (HTTPS == OFF) and (HTTP_HOST with colon) -> use for development testing. -->
<rule name="Development redirect to HTTPS" enabled="true" stopProcessing="true">
<match url=".*" ignoreCase="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{HTTP_HOST}" pattern="([^/:]*?):[^/]*?" />
</conditions>
<action type="Redirect" url="https://{C:1}:44300{URL}" />
</rule>
<!-- Redirect any HTTP request to HTTPS. -->
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
I think I finally found the culprit. First of all, I'll concede that, knowing now what the issue was, the title of this question isn't very accurate. The problem mostly dealt with a rule rewrite in Web.config. Until responding to others' comments for this question, I had completely forgotten about the rule rewrites, which is why I hadn't checked them out further to begin with.
Anyway, the issue was a rule that rewrote URLs to all lowercase. I knew my account registration and login forms were working fine, so I checked them out and noticed that their Html.BeginForm statements were parameterless, which, evidently results in a lowercase url being generated. I tried parameterless POST request for my test method, and it worked. Then, I tried using parameters for action and controller in the Html.BeginForm statement, but this time I entered them as lowercase strings: Html.BeginForm("testmethod", "test"...). Sure enough, it, too, worked just fine, and the page source showed the form action as lowercase.
To fix my problem, I just had to set a condition to not match POST requests: <add input="{REQUEST_METHOD}" matchType="Pattern" pattern="POST" negate="true" />. Note that the issue was not the lowercase rule specifically, but rather that the POST request was being redirected. I found one blog that discusses the issue of POST redirects being converted to GETs and resulting in errors, which is exaclty what I was experiencing. It's a couple years old, but apparently it's still pertinent info.
At any rate, I'm now back up and running. Thanks to all who threw in their two cents.
P.S. As I'm closing browser tabs and concluding my search, I figured I'd link to this SO question, as it is definitely related to my issue.
I tested your code just now. I initially got redirected for not using HTTPS so I disabled this attribute, but after that your code worked.
Here's my logical deducting...
If HTTPS was the problem, you wouldn't be getting a 404.
If you weren't logged in, you would be redirected to the login page.
The only thing I can think of is that your controller is either not named "TestController" or that your controller is in an area and you forget to supply this area with the BeginForm. Is it one of these by any chance?
I am using the solution detailed in this SO Question. I've used this on other sites before and its worked fine, and it works on my dev box. However, when I publish to a our Windows VPS, errors return the standard IIS error page.
I have never administered a web server before, and I am not sure what settings I need to check to figure out why its not returning the custom errors I have set up. I have tried setting .net error pages for the app to off and on, with the default page set to the root site, as well as just '/'.
I have also tried setting the error pages (under iis in 7.5) to custom and detailed.
None of these seem to have any effect on the error page that is returned. What am I doing wrong here?
I remember having similar problem and I added this line to the code
protected void Application_Error()
{
var exc = Server.GetLastError();
var httpExc = exc as HttpException;
Response.Clear();
Server.ClearError();
var routeData = new RouteData();
routeData.Values["controller"] = "Error";
routeData.Values["action"] = "General";
routeData.Values["exception"] = exc;
Response.StatusCode = 500;
if (httpExc != null)
{
Response.StatusCode = httpExc.GetHttpCode();
routeData.Values["action"] = "Http404";
routeData.Values["exception"] = httpExc;
}
Response.TrySkipIisCustomErrors = true; //this fixed it
IController errorsController = new WWS_Website.Controllers.ErrorController();
var rc = new RequestContext(new HttpContextWrapper(Context), routeData);
errorsController.Execute(rc);
}
You can replace the standard IIS error pages by using the httpErrors section in the system.webServer section in your web.config file. This is in addition to the customErrors section in system.web.
<system.webServer>
...
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
<remove statusCode="400" subStatusCode="-1" />
<error statusCode="400" prefixLanguageFilePath=""
path="/errors/400" responseMode="ExecuteURL" />
<remove statusCode="404" subStatusCode="13" />
<error statusCode="404" subStatusCode="13" prefixLanguageFilePath=""
path="/errors/file-upload-too-large" responseMode="Redirect" />
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath=""
path="/errors/404" responseMode="ExecuteURL" />
<remove statusCode="403" subStatusCode="-1" />
<error statusCode="403" prefixLanguageFilePath=""
path="/errors/403" responseMode="ExecuteURL" />
</httpErrors>