Archive

Archive for the ‘IIS’ Category

Quick and dirty way to generate a self signed cert that lasts 10 years

November 17, 2015 Leave a comment

While I love IIS’s and most program’s ability to generate a self signed cert, my gripe with those is that they last only a year. While a year is generally sufficient for development purposes, sometimes you want one that lasts a whole lot longer.

 

In order to get one that lasts longer, you will need to turn to openssl.

 

Here are the steps

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -config ..\share\openssl.cnf

openssl pkcs12 -export -out localhost.pfx -inkey key.pem -in cert.pem

 

Parameters

– newkey: Generate a RSA 2048 bit encryption key

– keyout: the file containing the private key

– out: the file containing the certificate details

– days: how many days is this certificate valid for

– nodes: needed for pfx

– config: for windows, to specific the configuration file location

 

image

Advertisements
Categories: Development, General, IIS, SSL

Enabling HTTPS for Seafile (Windows)

May 7, 2014 71 comments

EDIT: Video tutorial can be found at http://www.youtube.com/watch?v=HRNCpR_mSSs&feature=youtu.be

While there has been documentation on how to enable HTTPS for seafile in *nix environment. There is no documentation for doing this on windows.   Looking at the nginx implementation, it is essentially doing a reverse proxy. This is something that IIS+URL Rewrite can easily achieve!   Before we proceed, take a look and understand the reverse proxy requirements found at https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web-with-nginx   I will not go into steps on how to generate your own SSL cert, but rather focus on how to use IIS to reverse proxy the necessary ports.   Requirements

  1. Standard implementation of seafile ONLY
    1. ie seafile listens on the following port: 8000, 8082, 10001, 12001
  2. HTTP requests to port 80 will be redirected to HTTPS calls on port 443
  3. HTTPS requests on port 443 will be treated as follows
    1. if it starts with seafhttp, send it to seafile port 8082
    2. otherwise send it to seafile port 8000

Step by Step Guide

  1. Install seafile on the server
  2. Install IIS with default options
  3. Run IIS Manager image
  4. Install Web Platform Installer (WebPI)
  5. Inside WebPI, install URLRewrite
  6. Create 2 websites, pointing to separate physical folders. Ensure the https website is associated with a valid SSL certificate image
  7. Edit the web.config for the HTTP site

    <?xml version=”1.0″ encoding=”UTF-8″?> <configuration> <system.webServer> <rewrite> <rules> <rule name=”Redirect to HTTPS” stopProcessing=”true”> <match url=”(.*)” /> <action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” /> </rule> </rules> </rewrite> </system.webServer> </configuration>

  8. Edit the web.config for the HTTPS site

    <configuration> <system.webServer> <rewrite> <rules> <rule name=”seafhttp” stopProcessing=”true”> <match url=”seafhttp/(.*)” /> <action type=”Rewrite” url=”http://127.0.0.1:8082/{R:1}” appendQueryString=”false” logRewrittenUrl=”true” /> </rule> <rule name=”Reverse Proxy” patternSyntax=”ECMAScript” stopProcessing=”true”> <match url=”(.*)” /> <!– Redirect all requests to non-HTTPS site. –> <action type=”Rewrite” url=”http://localhost:8000/{R:1}” logRewrittenUrl=”true” /> </rule> </rules> </rewrite> </system.webServer> </configuration>

  9. Enjoy a secure version of seafile 🙂
Categories: General, Hacking, IIS

Disabling/Removing IIS Shared Configuration

March 1, 2014 Leave a comment

 

If you are using IIS Shared Configuration and changed the password for the account accessing the file path, you might encounter the following error

The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error:
The user name or password is incorrect.

The Windows Process Activation Service service terminated with the following error:
The user name or password is incorrect.

Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.

 

Internet Information Services (IIS) Manager will also start with a weird error message and then prompts you to login

 

All these points to an inability to access the shared configuration

 

How to resolve?

 

  1. Stop IIS (iisreset /stop)
  2. Goto C:\Windows\System32\inetsrv\config
    image
  3. Open redirection.config inside notepad
    image
  4. Change the <configurationRedirection> part to <configurationRedirection />
  5. Start IIS again (iisreset)
Categories: IIS, Windows Server

Owncloud

December 7, 2013 2 comments

Of recent I’ve been looking at secure cloud storage, where there is end to end encryption of the file and sys admins have no way of viewing the file.

 

This brought me to Owncloud which as of writing is at 6RC2.

 

Unfortunately installing Owncloud on a Windows Server IS a pain so I’m detailing the steps here for others that want to follow.

 

For clarity, the OS that I’m using is Windows Server 2012R2, for the older OS, I believe the only major thing would be the mime type mapping

 

While the Owncloud installation guide at http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_windows.html is relatively decent, it also doesn’t seem to address all the possible issues that occur, so the steps that follow detail EXACTLY what you need to do to get Owncloud to work properly on a windows box

 

  1. Install Windows Server 2012R2 Standard out of the box
  2. Follow the features that are installed for Web Server
    -WebDav MUST NOT BE ENABLED
    -You need ODBC logging as SMTP uses ODBC to log
    -No need for ASP.NET installation, Owncloud DOES not need ASP.NET


    image image
    image image
  3. Install IIS Management Tools
    image
  4. Install SMTP Server
    image
  5. Run services.msc and set “Simple Mail Transfer Protocol” Startup type to Automatic.
    image
  6. Start the SMTP Service
  7. Restrict access to the SMTP Service
    image
  8. Disable public access to the SMTP Service from windows firewall
    image
  9. Run IIS Manager and it will prompt if you want to install WebPI, click Yes to install it
    image
  10. Once Web PI is installed, run it and choose and install PHP
    image
  11. Now goto http://dev.mysql.com/downloads/ and download the latest community build of MySQL. Run the installation leaving everything to default if you are lazy
  12. Just to play safe, goto Windows Firewall again and ensure that there is no public access to MySQL
  13. Now go and edit C:\Program Files (x86)\PHP\v5.5\php.ini
  14. Change/add the following values inside php.ini
    max_execution_time = 400
    memory_limit = 1G ;1G of memory usage for php
    upload_max_filesize = 1G ;up to 1GB file can be uploaded
    extension=php_fileinfo.dll
  15. Add in the OpenSSL Config
    Found at C:\Program Files (x86)\PHP\v5.5\extras\ssl\openssl.cnf
    image
  16. Ensure that you give the proper security permissions for PHP and the Temp Folders
    image
    image
  17. Download Owncloud and unzip it to a folder of your choice
  18. Configure the default apppool to not run any managed code
    image
  19. Goto the Default Website and then set the following
  20. Request Filtering > Http verbs, should be empty
    image
  21. Click on edit feature setting and change Maximum allowed content length to 4187593113
    image
  22. Goto handler mappings and allow all verbs for php via fast cgi
    image
  23. If you get the following prompt, just enclose the executable in quotation
    image
  24. Now map the Default Website directory to the owncloud folder
    image
  25. Open localhost to test and follow the prompts to setup Owncloud

Good luck!

Categories: IIS

Getting ASP.NET MVC 3 to work with ASP.NET Website project

April 10, 2012 13 comments

There are numerous blog posts on how to get MVC to work with ASP.NET Web Applications. However there are still scenarios where developers are using normal ASP.NET website projects rather than Web Application projects.

Below are the steps to enable MVC 3 with an asp.net website project

1. Install ASP.NET MVC 3

2. Modify web.config

Open up web.config in Visual Studio and add the following lines inside the <compilation><assemblies> section

<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

3. Modify global.asax

Next you will need to add in the code for MVC triggers inside global.asax (create one if it does not exist)

Add the following lines after <%@ Application Language="C#" %>

<%@ Import Namespace="System.Web.Mvc" %>
<%@ Import Namespace="System.Web.Routing" %>

Add the following after <script runat="server">

public void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
}

public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

routes.MapRoute("Home",
"home/{action}/{id}",
new { controller = "Home", action = "Index", id = UrlParameter.Optional });}

add the following inside application_start

RegisterGlobalFilters(GlobalFilters.Filters);
RegisterRoutes(RouteTable.Routes);

At this point, your global.asax should look like
image

4. Creating the controller

Because this is a website project, compilation is at runtime, so you will have to create your controllers inside the App_Code folder rather than the normal Controller folder in the main site

Note that your controller class needs to end with the Controller keyword. In the example, with a controller = “Home”, the classname for the controller needs to be HomeController

To add your first controller, right click on the App_Code folder and create a new class with the file name as HomeController.cs

Paste the following code into the HomeController.cs (replace everything)

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

public partial class HomeController : Controller
{
    protected override void Execute(System.Web.Routing.RequestContext requestContext)
    {
        base.Execute(requestContext);
    }

    public ActionResult Index()
    {
        var r = new ContentResult();
        r.Content = "Hello World";
        return r;
    }
}

 

5. Test the site

Now that you have generated the routing and created the controller, browse to localhost/home. You should see “Hello World”

image

Categories: ASP.NET, IIS, MVC

Effects of MS11-100 on asp.net websites

March 16, 2012 3 comments

On 29 Dec 2011, Microsoft released a security bulletin MS11-100 which attempts to resolve hash collisions vulnerabilities found in asp.net.

 

However if you have form pages with > 1000 elements, then you will encounter the following error (for asp.net)

System.Web.HttpException (0x80004005): The URL-encoded form data is not valid. —> System.InvalidOperationException: Operation is not valid due to the current state of the object.
at System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded()
at System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding)
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

What is happening is that asp.net is now checking your Form posted data and if it exceeds a certain threshold it will throw the exception above.

 

To workaround this, what you can do is to put the following item inside appsettings

<add key="aspnet:MaxHttpCollectionKeys" value="10000" />

 

By default this value is 1000, but you are free to either limit or give it a larger value

Categories: ASP.NET, IIS

HTTP 400 Errors when using WCF

February 15, 2012 Leave a comment

if you encounter the following weird errors

The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://tempuri.org/:ClientPrintResult. The InnerException message was ‘There was an error deserializing the object of type System.String. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader

or

The remote server returned an unexpected response: (400) Bad Request

 

It usually means that you are sending more than 8192 bytes of data to the WCF service. if this is a legitimate case, you will need to update both the server’s web.config and your applications app.config.

 

The examples below are based on custom binding, but you can easily find the equivalent settings for the other bindings as well.

For this example, the maximum data that can be sent is 10MB (10485760). The maximum permissible value is 2147483647 (int.MaxValue = 2GB)

 

For web.config

modify the items in bold and blue, add in the section or properties if they do not exist, else just update the values

<binaryMessageEncoding  maxReadPoolSize="10485760" maxSessionSize="10485760" maxWritePoolSize="10485760">

<readerQuotas maxDepth="32" maxStringContentLength="10485760" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />

</binaryMessageEncoding>

<httpTransport maxReceivedMessageSize="10485760" maxBufferSize="10485760" />

For app.config

modify the items in bold and blue, add in the section or properties if they do not exist, else just update the values

<binaryMessageEncoding>

<readerQuotas maxDepth="32" maxStringContentLength="10485760" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />

</binaryMessageEncoding>

 

<httpTransport maxReceivedMessageSize="10485760" maxBufferSize="10485760"  />

Categories: ASP.NET, IIS, WCF