Geek Answers Handbook

Publish Extensions .cs and others in IIS 7.0

I am developing a web application and running it using IIS. My application is a file server. I need to render files in a web browser, and I have some problems viewing some files or directories.

For example, I cannot view files with the extension .cs or the contents of bin directories. The web server returns 404 for these URLs:

 Server Error HTTP Error 404 - File or directory not found. Description: The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable. Server Version Information: Internet Information Services 7.0.

I guess this is the kind of protection that IIS has. My questions:

  • Do you know why IIS filters these files?
  • Do you know how to configure IIS to allow these URLs?

And the most important question for me:

  • I need to deploy my web application to many clients, so I would like to configure it programmatically. Do you know if it can be configured in a web application , instead IIS is correct? Otherwise, how do I configure it using a script or similar?
+7
source share
5 answers

Well,

Finally, I had to change IIS settings, allowing me to override requestFiltering :

 In file %systemroot%\System32\inetsrv\config\applicationHost.config change: <section name="requestFiltering" overrideModeDefault="Allow" />

And then I used the following configuration in my Web.config: Note that now all the files on the web server are insecure . You need to configure your rules to protect your bin directory, as well as your code files or whatever you need.

  <system.webServer> <security> <!-- Very important, the IIS configuration must have the overrideModeDefault to allow in the file %systemroot%\System32\inetsrv\config\applicationHost.config --> <!-- section name="requestFiltering" overrideModeDefault="Allow" /> --> <requestFiltering> <fileExtensions allowUnlisted="true"> <remove fileExtension=".asa" /> <remove fileExtension=".asax" /> <remove fileExtension=".ascx" /> <remove fileExtension=".master" /> <remove fileExtension=".skin" /> <remove fileExtension=".browser" /> <remove fileExtension=".sitemap" /> <remove fileExtension=".config" /> <remove fileExtension=".cs" /> <remove fileExtension=".csproj" /> <remove fileExtension=".vb" /> <remove fileExtension=".vbproj" /> <remove fileExtension=".webinfo" /> <remove fileExtension=".licx" /> <remove fileExtension=".resx" /> <remove fileExtension=".resources" /> <remove fileExtension=".mdb" /> <remove fileExtension=".vjsproj" /> <remove fileExtension=".java" /> <remove fileExtension=".jsl" /> <remove fileExtension=".ldb" /> <remove fileExtension=".dsdgm" /> <remove fileExtension=".ssdgm" /> <remove fileExtension=".lsad" /> <remove fileExtension=".ssmap" /> <remove fileExtension=".cd" /> <remove fileExtension=".dsprototype" /> <remove fileExtension=".lsaprototype" /> <remove fileExtension=".sdm" /> <remove fileExtension=".sdmDocument" /> <remove fileExtension=".mdf" /> <remove fileExtension=".ldf" /> <remove fileExtension=".ad" /> <remove fileExtension=".dd" /> <remove fileExtension=".ldd" /> <remove fileExtension=".sd" /> <remove fileExtension=".adprototype" /> <remove fileExtension=".lddprototype" /> <remove fileExtension=".exclude" /> <remove fileExtension=".refresh" /> <remove fileExtension=".compiled" /> <remove fileExtension=".msgx" /> <remove fileExtension=".vsdisco" /> </fileExtensions> <hiddenSegments> <remove segment="web.config" /> <remove segment="bin" /> <remove segment="App_code" /> <remove segment="App_GlobalResources" /> <remove segment="App_LocalResources" /> <remove segment="App_WebReferences" /> <remove segment="App_Data" /> <remove segment="App_Browsers" /> </hiddenSegments> </requestFiltering> </security> ... </system.webServer>
+10
source

When you install the .NET Framework and register ASP.NET, by default IIS will not service these files. If you need REALLY , you will need to change the "Request Filtering" section in IIS.

The following is an example of how you included the .cs extensions:

 <system.webServer> <security> <requestFiltering> <fileExtensions> <remove fileExtension=".cs" /> <add fileExtension=".cs" allowed="true" /> </fileExtensions> </requestFiltering> </security> </system.webServer>
+7
source

This is a security measure due to the installation of asp.net on the system.

From Microsoft

All requests with / bin in the URL are rejected and return 404 error (IIS 6.0)

This happens when IIS 6.0 and ASP.NET are installed. In order to take a more proactive stance from intruders and intruders, the ASP.NET ISAPI filter, aspnet_filter.dll, blocks an incoming request containing / bin in the URL. This behavior occurs throughout the server, regardless of whether the request is static or dynamic content.

the preferred solution to this problem is to change the content path to the server so that / bin is not needed in any request.

If the content URL cannot be changed, an alternative solution is to install a registry key that stops the ASP.NET ISAPI filter from filtering requests containing / bin in the URL. This is a server installation.

Better to avoid all / bin folders than include this on your server

To allow .cs files, try this Serverfault article https://serverfault.com/questions/175499/serving-cs-csproj-files-on-iis7-5

Since their suggestion is a webconfig fix, you can apply it based on each site as you like.

+2
source

I would suggest that you are doing something wrong. You do not want IIS to work with your files directly from disk for various reasons (for example, any .html or .xml file will then be re-pinned, rather than loading its contents).

What you want to do is that your code sends files to the user, rather than letting IIS do this. It will get by with IIS limitations (make it clear that you are sending code, not it), and it will still preserve IIS restrictions for your application folder structure.

+2
source

These files are filtered for security, for example, if I know that your site has the page http://example.com/default.aspx I could just download the code for this page by entering http://example.com/default. aspx.cs in my browser. The same goes for the bin folder.

How are you trying to display these files, is it your own user interface or the inclusion of directory browsing?

+1
source

More articles:


All Articles