I'm using Habitat Sitecore. It comes with a bunch of foundation and feature projects. One of the feature projects is Sitecore.Feature.ActiveDirectory.
I'm trying to configure domains from patch files. It is outlined by Kam in this blog.
In the /App_config/Include/Feature/Feature.ActiveDirectory.config, I added the following:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">
<sitecore>
<switchingProviders>
<membership>
<provider providerName="ad" storeFullNames="false" wildcard="*" domains="ad" />
</membership>
<roleManager>
<provider providerName="ad" storeFullNames="false" wildcard="*" domains="ad" />
</roleManager>
</switchingProviders>
<domainManager>
<domains>
<domain id="ad" type="Sitecore.Security.Domains.Domain, Sitecore.Kernel" patch:after="domain[#id='default']">
<param desc="name">$(id)</param>
<ensureAnonymousUser>false</ensureAnonymousUser>
<locallyManaged>false</locallyManaged>
<isDefault>false</isDefault>
</domain>
</domains>
</domainManager>
</sitecore>
</configuration>
However, I get the following Exception:
A domain specified in the Sitecore.Security.SwitchingRoleProvider provider/domain map could not be found. Domain name: ad
in
<add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager" />
What am I doing wrong?
Domains must be added directly to to Domains.config, located in App_Config\Security. It is not able to be patched. Make it part of your build train.
Related
My organization has implemented a web application in Django, and we need to host it on a Windows system. We are using Django 3.2.8 and Python 3.8.8.
The Django project is currently stored here:
C:\inetpub\wwwroot\CED_HRAP
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="Python FastCGI" path="\*" verb="*" modules="FastCGIModule" scriptProcessor="c:\python38\python.exe|c:\python38\lib\site-packages\wfastcgi.py" resourceType="Unspecified" requireAccess="Script" />
</handlers>
<defaultDocument>
<files>
<clear />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="base.html" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
</system.webServer>
<appSettings>
<add key="PYTHONPATH" value="C:\inetpub\wwwroot\CED_HRAP" />
<add key="WSGI_HANDLER" value="CED_HRAP.wsgi.application" />
<add key="DJANGO_SETTINGS_MODULE" value="CED_HRAP.settings" />
</appSettings>
</configuration>
Our settings.py file is located at
C:\inetpub\wwwroot\CED_HRAP\CED_HRAP\settings.py
We are currently seeing this error message:
HTTP Error 403.14 - Forbidden The Web server is configured to not list
the contents of this directory.
Most likely causes:
A default document is not configured for the requested URL, and
directory browsing is not enabled on the server.
How should we configure the default documents in the web.config file so that it links to Django's internal routing (urls.py)?
We followed the instructions here:
https://github.com/Johnnyboycurtis/webproject
(youtube: https://www.youtube.com/watch?v=APCQ15YqqQ0)
You can see that the web.config file in the above repository does not have any default documents specified. We added them to web.config in an effort to resolve the current error.
Have also looked at several other tutorials and documents on this process, but have not been able to resolve the problem.
Thanks!
This problem occurs because the website doesn't have the Directory Browsing feature enabled. Also, the default document isn't configured. To resolve this problem, use one of the following methods:
Method 1: Enable the Directory Browsing feature in IIS
To resolve this problem, follow these steps:
Start IIS Manager. To do it, select Start, select Run, type inetmgr.exe, and then select OK.
In IIS Manager, expand server name, expand Web sites, and then select the website that you want to change.
In the Features view, double-click Directory Browsing.
In the Actions pane, select Enable.
Method 2: Add a default document
To resolve this problem, follow these steps:
Start IIS Manager. To do it, select Start, select Run, type inetmgr.exe, and then select OK.
In IIS Manager, expand server name, expand Web sites, and then select the website that you want to change.
In the Features view, double-click Default Document.
In the Actions pane, select Enable.
In the File Name box, type the name of the default document, and then select OK.
I have taken on an Internet facing Classic ASP application (hosted on Windows-Server-2012 / IIS8) that is using Anonymous Access and I want to move to Forms Authentication. Although it is not straight forward, as it currently stands (with the Anon.Access set) the unauthenticated user (i.e. a user that has not yet logged on) can view a .pdf, .doc, etc file if they enter the exact URL path to the file (i.e. security thru obscurity).
The Problem
I am expecting when I am not logged on, I should not be able to see the .pdf's when entering the absolute URL (this is OK)
however I am also expecting when I do logon I should be able to see the .pdf's when entering the absolute URL (this does not happen - what does happen is when I enter the absolute URL of a pdf, I am re-directed back to the home page - I am still logged on but the cookie must not be detected within the authorization - i.e. the "deny" rule above responds with a rejection and sends me back to the home page - note the cookie exists and has not expired)
My Setup and What I have Tried
The Cookie is set via the following code
Response.Cookies("MyAuthCookie") = myGuid
Response.Cookies("MyAuthCookie").Expires = DateAdd("h", 6, Now())
Response.Cookies("MyAuthCookie").Path = "/"
I have tried to tie down access to the .pdf, .doc files via web.config authorization allow/deny rules as follows
<location path="myProtectedFolder">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<machineKey decryptionKey="XXXXXXXX99999999XXXXXXXX" validationKey="XXXXXXXX99999999XXXXXXXX" />
<authentication mode="Forms">
<forms name="MyAuthCookie" loginUrl="/index.asp" path="/" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
Modules have been configured as follows
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
...and handlers as follows (to be processed by ISAPI)
<handlers>
<add name="pdfs64" path="*.pdf" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" resourceType="File" requireAccess="Read" preCondition="classicMode,runtimeVersionv4.0,bitness64" />
<add name="pdfs" path="*.pdf" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="File" requireAccess="Read" preCondition="classicMode,runtimeVersionv4.0,bitness32" />
</handlers>
Other areas of note
I have the website set to Anon.Access and Forms Auth (I tried Forms Auth on its own).
I have given the website folder/sub-folders read/execute to both the AppPool identity user and "Authenticated Users"
I have marked the AppPool as .Net 2 (also tried .Net 4) with Integrated Pipeline (also tried Classic)
Any help would be greatly appreciated
I finished up creating a true FormsAuthentication cookie from the cookie within a HttpModule (config for the module is the modules section). This then accommodated the allow/deny rules.
now I'm using Dianoga (https://github.com/kamsar/Dianoga) for image compression.
This tool is for png and jpg/jpeg files and PNG file is working fine. But, if I upload JPG file, the upload tool box is freezing like screenshot.
This is the execution line.
var jpegtran = Process.Start(ToolPath, " -optimize -copy none -progressive -outfile \"{0}\" \"{0}\"".FormatWith(tempFilePath));
If I change the code like,
var jpegtran = Process.Start(ToolPath, " -optimize -copy none -progressive -outfile \"{1}\" \"{0}\"".FormatWith(tempFilePath));
JPG file updated, but no compression process. The log says,
"ERROR Could not run the 'getMediaStream' pipeline for '/sitecore/media library/Images/satellite-westtibet'. Original media data will be used"
This is my web.config file in /App_Config/Include/.
<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<processors>
<attachFile argsType="Sitecore.Pipelines.Attach.AttachArgs">
<processor mode="on" type="Validations.Attach.ImageAttachMaxSize, Custom.Validations" patch:before="processor [#type='Sitecore.Pipelines.Attach.CheckSize,Sitecore.Kernel']">
<restrictedExtensions hint="list">
<extension>.jpg</extension>
<extension>.jepg</extension>
<extension>.png</extension>
<extension>.bmp</extension>
</restrictedExtensions>
</processor>
</attachFile>
<uiUpload>
<processor mode="on" type="Validations.Upload.ImageUploadMaxSize, Custom.Validations" patch:before="processor [#type='Sitecore.Pipelines.Upload.CheckSize, Sitecore.Kernel']">
<restrictedExtensions hint="list">
<extension>.jpg</extension>
<extension>.jepg</extension>
<extension>.png</extension>
<extension>.bmp</extension>
</restrictedExtensions>
</processor>
</uiUpload>
</processors>
<pipelines>
<getMediaStream>
<processor type="Validations.Compression.ImageCompression, Custom.Validations" />
</getMediaStream>
</pipelines>
<settings>
<setting name="Media.MaxImageSizeInDatabase" value="600KB" />
<setting name="Media.Resizing.Quality" value="72" />
</settings>
</sitecore>
</configuration>
Error with empty values of Width and Height
Finally fixed the issue. The problem was that I had to "unblock" the jpegtran.exe file. That's it.
I have web services developed using Spring+ApacheCXF and I need tod eploy them on JBoss AS7.
They are being deployed by CXFServlet properly.
But JBoss AS7 also deploying them by scanning #WebService annotations(as expected without Spring Injection).
How to disable scanning #WebService annotations in JBoss AS 7?
PS: I am deploying as a .war file.
PS PS:
My current cxf webservices are being deployed properly. But JBoss AS7 also trying to scan #WebService classes and deploying them also(without dependencies injected).I am looking for a way to turn of JBossAS7's scanning for #WebService classes.
This applies for Jboss 6 as well. I tried it on my Jboss 6.2.2.
Comment the following in standalone.xml
<!-- <extension module="org.jboss.as.webservices"/> -->
Then comment the below snippet in the same standalone.xml. Note if you are using different profile name or in domain mode you will have to do it at similar places.
<!--
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config">
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
</pre-handler-chain>
</endpoint-config>
<client-config name="Standard-Client-Config"/>
</subsystem>
-->
I believe you will want to remove this from your standalone.xml
<extension module="org.jboss.as.webservices"/>
and
<subsystem xmlns="urn:jboss:domain:webservices:1.1">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config">
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
</pre-handler-chain>
</endpoint-config>
</subsystem>
This is what I did to remove the jboss webservices so I could use something else. I'm still in the middle of testing this but it is no longer deploying the services. I assume I will just be able to use spring to deploy. Hope this helps.
I am using exclude-filter in my application context XML file to exclude web service components from Spring component scan.
<context:component-scan base-package="your.application.base.package">
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller" />
<context:exclude-filter type="annotation" expression="javax.jws.WebService" />
</context:component-scan>
At the same time I include them in component scan in CXF context XML.
I'm using JBoss EAP 6.1 and i solved the same problem excluding the subsystems jaxrs and webservices.
jboss-deployment-structure.xml
<?xml version="1.0"?>
<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
<deployment>
<exclude-subsystems>
<subsystem name="jaxrs" />
<subsystem name="webservices" />
</exclude-subsystems>
<exclusions>
<module name="javaee.api" />
<module name="org.apache.log4j" />
</exclusions>
<dependencies>
<module meta-inf="export" name="com.liferay.portal">
<imports>
<include path="META-INF" />
</imports>
</module>
<module name="javax.mail.api" />
<module name="org.jboss.modules" />
</dependencies>
</deployment>
</jboss-deployment-structure>
I'm attempting to gzip a JSON response from an ASMX web service to be consumed on the client-side by jQuery.
My web.config already has httpCompression set like so: (I'm using IIS 7)
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"
staticCompressionDisableCpuUsage="90" staticCompressionEnableCpuUsage="60"
dynamicCompressionDisableCpuUsage="80" dynamicCompressionEnableCpuUsage="50">
<dynamicTypes>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="application/x-javascript" enabled="true"/>
<add mimeType="text/css" enabled="true"/>
<add mimeType="video/x-flv" enabled="true"/>
<add mimeType="application/x-shockwave-flash" enabled="true"/>
<add mimeType="text/javascript" enabled="true"/>
<add mimeType="text/*" enabled="true"/>
<add mimeType="application/json; charset=utf-8" enabled="true"/>
</dynamicTypes>
<staticTypes>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="application/x-javascript" enabled="true"/>
<add mimeType="text/css" enabled="true"/>
<add mimeType="video/x-flv" enabled="true"/>
<add mimeType="application/x-shockwave-flash" enabled="true"/>
<add mimeType="text/javascript" enabled="true"/>
<add mimeType="text/*" enabled="true"/>
</staticTypes>
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll"/>
</httpCompression>
<urlCompression doDynamicCompression="true" doStaticCompression="true"/>
Through fiddler I can see that normal aspx and other compressions work fine. However, the jQuery ajax request and response work as they should, only nothing gets compressed.
What am I missing?
You can change httpCompression only in applicationHost.config.
See this link
Like you, I tried changing it in web.config first, but it didn't work. It worked only when I added the following lines to C:\Windows\System32\inetsrv\config\applicationHost.config:
<dynamicTypes>
...
<add mimeType="application/json" enabled="true" />
<add mimeType="application/json; charset=utf-8" enabled="true" />
...
</dynamicTypes>
DO USE NOTEPAD to edit applicationHost.config. I've wasted several hours before understood that my changes made in notepad++ (as well as in Visual Studio 2010 editor!!) aren't applied by IIS.
Alternative way to add additional mimeType into dynamicTypes/staticTypes collection is to use appcmd. "C:\Windows\System32\Inetsrv\Appcmd.exe" set config -section:system.webServer/httpCompression /+"dynamicTypes.[mimeType='application/javascript',enabled='True']" /commit:apphost
And again: after these changes made - you'll see them only in notepad. Notepad++ (as well as Visual Studio 2010 editor!!) maintains some kind of f*ing alternate reality/storage for applicationHost.config. It shows you his own version of the file (different from the one you see in notepad) even after the file edited in notepad and reopened in np++/VS.
Eric P's answer is mostly correct... you need to EXACTLY match the Content-Type header sent by IIS in its HTTP Response Headers. For some reason our IIS7 server was responding with:
Content-Type: application/json; q=0.5
I had never ever observed a quality factor in a server response before. How bizarre.
When we added this to the dynamicTypes in the .config file everything started working:
<dynamicTypes>
...
<add mimeType="application/json" enabled="true" />
<add mimeType="application/json; q=0.5" enabled="true" />
<add mimeType="application/json; charset=utf-8" enabled="true" />
<add mimeType="application/json; q=0.5; charset=utf-8" enabled="true" />
...
</dynamicTypes>
Changes in web.config don't work because of the following line in applicationHost.config:
<section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
If you replace it by:
<section name="httpCompression" overrideModeDefault="Allow" />
the changes are possible locally.
I think this is more convenient as you are able to configure every service differently and you don't have to edit your applicationHost.config if you must add a new MIME type.
Here is an example how to activate compression in web.config on a single ASMX service located in the service subfolder:
<location path="service/MySpecificWebService.asmx">
<system.webServer>
<httpCompression>
<dynamicTypes>
<add mimeType="application/json" enabled="true" />
<add mimeType="application/json; charset=utf-8" enabled="true" />
</dynamicTypes>
</httpCompression>
<urlCompression doDynamicCompression="true" />
</system.webServer>
</location>
Concerning the actual editing of applicationHost.config, I suspect that it is not a true file in the file system. If you copy that file on your desktop, you will be able to edit it with any text editor, then copy it back to its original folder.
http://forums.iis.net/t/1160210.aspx?missing+applicationhost+config
The config file is supposed to be %windir%\system32\inetsrv\config\applicationhost.config.
(Note that if your application (which is searching for applicationhost.config) is a 32bit app (for example, if you're using a 32bit CMD.EXE), then you won't be able to see the configuration file due to Windows SYSWOW32 redirection)
A bit of explanation regarding the missing applicationhost.config to change overrideModeDefault attribute to Allow. It's due to SYSWOW32 redirection.
Also you may not see the configuration files until you
Open the folder by pasting "%windir%\system32\inetsrv\config\" exactly in the File Explorer location bar, and not your text editor
Right-click and edit the file directly in that folder.
This is because for some reason some 64bit editors still use a faulty file-chooser dialog somehow.