I have a web service deployed on IIS 8.5 (Windows Server 2012 R2) which has to be called passing four arguments. They are not optional, and are to be included directly in the URL, without a query string, as such:
.. api/myservice/argument1/argument2/argument3/argument4
If I try to call it with the URL written above, it answers and gives the expected response. However, a 404 - Not Found error is given instead when trying to use real production-like arguments as such:
api/myservice/AAAA_AAAAA.AAA_AAA_AA_AA_AAA_000000_000000_000000/333/AAA/AAA.AAA.AA.AA.AAA.000000.000000.000000
I thought the multiple dots raised the issue, so I replaced each one of them with %2E, but nothing changed.
I've searched for already answered questions: I tried this and this, to no avail.
What is the problem with that production-like URL?
Here is the code of the API:
[RoutePrefix("api/myservice")]
public class MyServiceController : ApiController
{
[HttpGet]
[Route("{argument1}/{argument2}/{argument3}/{argument4}")]
public string StartValidation(string argument1, string argument2, string argument3, string argument4)
{
// operations...
}
}
I traced the request with IIS Failed Request Tracing as suggested in an answer, but I'm not able to find a clue in the resulting log:
Can anyone help me?
Enable failed request tracing on IIS to check.
https://learn.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/tracefailedrequestslogging
Good possibility that IIS is rejecting these as part of URLScan (if enabled), but FRT will confirm.
First try to deploy it to your local Iis, if it works, means that your production can have a different configuration at the level of the IIS, or the compiled code is not the same as the one you have and you need to redeploy the api.
If the api fails at the level of your local IIS and it runs properly from the vs(if you pass any parameter with the postman) you hit a backend breakpoint, then you have a wrong configuration on your deployment on your local IIS.
If you never hit the breakpoint you have an error at the level of your code.
Hope this helps
I finally solved this. I added a piece code, provided by this answer to a quite identical question, to the web.config, but a different issue arose: it seemed IIS had to be run in "Integrated Mode". Thanks to the clue given by this answer to a question about this subsequent problem, I switched the Managed pipeline mode of the application pool where the API was deployed from Classic to Integrated, which allowed that code to work. The web API finally accepts arguments with periods.
Related
We got the following problem:
I am currently developing a web server implementing a specific API. The association behind that API provided specific test cases I'm using to test my implementation.
One of the test cases is:
5.3.2.12 Robustness, large resource ID
This test confirms correct error handling when sending a HTTP request with a very long location ID as URL parameter.
The url its calling looks something like this:
https://localhost:443/api/v2/functions/be13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005
Basically the tests checks, if my server responds with the correct error code if the URL is too long. (At the time of writing it is testing for Errorcode 405, but I already asked them if it shouldn't be 414)
I'm developing the server in Asp.Net 6 and it always returns Bad Request 400 in the testcase.
I don't seem to find a place to change the handling for this behaviour and I am not even sure, if I can, or if the IIS is blocking the request even before it reaches my server. I activated logging in IIS, but the request does not show in the logfile in inetpub/logs/LogFiles.
My question would be, if it is possible to tell IIS to return a different error code in this case, or if it is even possible to handle the error in my application.
What I tried:
Activating IIS Logs to see if the request is even passed to my site. (It did not)
Tried adding Filters to my Controller to see if I can catch an Exception
Checked, if Development Error Sites are called.
Breakpoints in existing middlewares are not reached.
EDIT:
I am now pretty sure now, that the request never reaches my application.
It is possible to reproduce the error by using the default site the IIS generates on windows. Just copy the whole path from above into a browser with the host http://localhost will also just produce the error 400
EDIT 2:
As #YurongDai pointed out, I tried activating failed request tracing for my IIS Site. I used the default path \logs\FailedReqLogFiles.
The folder was created, but no file is written, when I'm opening the URL above in my browser.
IIS Error 400 occurs when the server is unable to process a request sent to a web server. The most common cause of Bad Request error 400 is an invalid URL, but it can happen for other reasons as well. To resolve IIS Error 400, first make sure that you have entered the URL correctly, typos or disallowed characters in the URL are the most common causes of Bad Request errors. If the error persists after verifying the URL, please clear your browser's cache, DNS cache, and cookies and try again.
Clear your browser's cookies.
Clear your browser's cache.
Clear your DNS cache.(Execute the following command in the command prompt window: ipconfig /flushdns)
one of my old project/app was working fine for years, very recently client report that app does not working any longer due to API response issue.
it's just a get request to an API with some parameters..
till date (before issues occurs) it returns following response:
,,3,1669179307,0,
but recently it shows following response: (note nothing is changed in the source php/code files since project start)
<html><title>You are being redirected...</title>
<noscript>Javascript is required. Please enable javascript before you are allowed to see this page.</noscript>
<script>var s={},u,c,U,r,i,l=0,a,e=eval,w=String.fromCharCode,sucuri_cloudproxy_js='',S='bT0nP2RUNCcuc3Vic3RyKDMsIDEpICsgJycgKyAKJz9iVGYnLnN1YnN0cigzLCAxKSArICcnICsgCidIcExjJy5zdWJzdHIoMywgMSkgK1N0cmluZy5mcm9tQ2hhckNvZGUoNTYpICsgJ3FAYycuY2hhckF0KDIpKyAnJyArIAonNycgKyAgICcnICsgClN0cmluZy5mcm9tQ2hhckNvZGUoMHg2MykgKyAgJycgKycnKyIyc3VjdXIiLmNoYXJBdCgwKSsiYyIgKyAiNHNlYyIuc3Vic3RyKDAsMSkgKyAiZW0iLmNoYXJBdCgwKSArICAnJyArIAoiM2MiLmNoYXJBdCgwKSArICIiICtTdHJpbmcuZnJvbUNoYXJDb2RlKDk3KSArICJlIi5zbGljZSgwLDEpICsgICcnICsnZCcgKyAgJ0RiJy5zbGljZSgxLDIpKyAnJyArJycrJ3hJMScuY2hhckF0KDIpK1N0cmluZy5mcm9tQ2hhckNvZGUoMHgzMSkgKyAncTAwJy5jaGFyQXQoMikrU3RyaW5nLmZyb21DaGFyQ29kZSgweDYzKSArICIiICsnSHVIZScuc3Vic3RyKDMsIDEpICsiN3N1Ii5zbGljZSgwLDEpICsgIjhzdSIuc2xpY2UoMCwxKSArICdjJyArICAiZHN1Y3VyIi5jaGFyQXQoMCkrJ2EnICsgICIiICsiY3N1Y3VyIi5jaGFyQXQoMCkrImRzZWMiLnN1YnN0cigwLDEpICsgU3RyaW5nLmZyb21DaGFyQ29kZSg0OSkgKyAgJycgKyAKU3RyaW5nLmZyb21DaGFyQ29kZSgweDMzKSArICAnJyArJycrJ2QnICsgICAnJyArIAonMScgKyAgJyc7ZG9jdW1lbnQuY29va2llPSdzdXMnLmNoYXJBdCgyKSsndXN1YycuY2hhckF0KDApKyAnYycrJ3UnLmNoYXJBdCgwKSsncnN1Y3VyaScuY2hhckF0KDApICsgJ2knKycnKydzdWN1cmlfJy5jaGFyQXQoNikrJ2MnKycnKydsc3VjdXJpJy5jaGFyQXQoMCkgKyAnb3N1Jy5jaGFyQXQoMCkgKyd1JysnZHMnLmNoYXJBdCgwKSsnc3AnLmNoYXJBdCgxKSsncnN1Y3UnLmNoYXJBdCgwKSAgKydvJysneHN1Y3VyJy5jaGFyQXQoMCkrICd5Jysnc3VjdXJfJy5jaGFyQXQoNSkgKyAnc3V1Jy5jaGFyQXQoMikrJ3UnKydpJysnJysnZHN1Y3VyJy5jaGFyQXQoMCkrICdfc3UnLmNoYXJBdCgwKSArJzQnKycnKydzdWN1cmMnLmNoYXJBdCg1KSArICc2c3VjJy5jaGFyQXQoMCkrICcwc3VjdXInLmNoYXJBdCgwKSsgJ3N1Y3VyaTUnLmNoYXJBdCg2KSsnc3U0Jy5jaGFyQXQoMikrJ3N1Y3VyNCcuY2hhckF0KDUpICsgJ2YnKycyc3VjdXJpJy5jaGFyQXQoMCkgKyAiPSIgKyBtICsgJztwYXRoPS87bWF4LWFnZT04NjQwMCc7IGxvY2F0aW9uLnJlbG9hZCgpOw==';L=S.length;U=0;r='';var A='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';for(u=0;u<64;u++){s[A.charAt(u)]=u;}for(i=0;i<L;i++){c=s[S.charAt(i)];U=(U<<6)+c;l+=6;while(l>=8){((a=(U>>>(l-=8))&0xff)||(i<(L-2)))&&(r+=w(a));}}e(r);</script></html>
here is curl screenshot:
And here is the postman screenshot:
and when i check the URL in browser it shows the expected result, though when i check the devtool (network tab), it looks like page is loaded two times.. 1st one provide error (HTML/js) response (read marked) 2nd one provide the expected response (green marked), so, it looks like when it's called directly by curl/postman/c#... fails.. but as browser can do redirect it passed.
here is the browser screenshot:
i am sorry, i added several screenshot to give better idea what is happening.
and here is the URL in question:
https://simpleclienttracking.com/membershipmanager/remotelogvisit.php?locID=1&orgID=1&deptID=1&barcode=8346420
now my question, is how can i use the API code/file to get the direct response as i was getting earlier? do i need to pass any header? update/modify server htaccess file or what?
To test the error in deep, i have tried another URL from another hosting provider, in that case i am passing post request to an URL, and this server response slightly different thing, but looks like core is same, redirect!
here is the response from new/another server:
<script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>
so, it's looks like hosting providers has applied some kind of security for direct URL access?
thanks in advance for any upcoming help
best regards
I have a very weird problem.
I have a development environment where I develop a ASP.NET MVC Application, in this environment everything works. Especially in the Application there is a certain AJAX call which calls on a controller and passes data, the controller just needs to update the database with the passed information.Everything works!.
However I hop onto the server with everything setup just as development environment(database,connection strings all that). An everything works fine, login functions as well as other database saving functions and controller actions seems to work fine. Except for ONE controller that return a 500 Internal Server Error.
I asked around and everyone wants to see the logs.
In the event viewer there are no logs pertaining to this 500 Internal Server Error.
IIS logs however did provide something,but the information does not give specifics on what is causing the 500 Internal Server Error.
I know what a 500 Internal Server Error is and I know its a generic error for a variety of problems, however after looking at the logs I cannot figure out why this specific controller action is giving a 500 error when it is live on the production server BUT no problems when doing it in the development environment-very weird.
Browser Console
IIS Normal Logs
IIS Failed Request Tracing on 500
I had similar problem 2 weeks ago and also had posted about it in stackoverflow [asp.net web api: only during sql connection - HTTP 500 Error occurs : Local host is currently unable to handle request.
After hours of looking into the issue, it was figured out as a stored procedure missing in database.
Not sure whether it will help you with the problem, but hope it can give you some lead to resolve the problem.
Following #A.Roussos's advice to use Visual Studio debugging on the PRODUCTION SERVER (might seem obvious for me it wan't haha), I got some information.
My problem is that before I save data to the database I parse a string to double using the parse function.
Example
double a = Double.Parse(mystring);
The problem however is apparently the parse function is reliant on your regional settings(CultureInfo).
So I just added the following information to the code
double a = Double.Parse(mystring,System.Globalization.CultureInfo.InvariantCulture);
Something to note is that my application didn't crash when I got the 500 Internal Server Error, I didn't have a clue as to what could cause it.After using Visual Studio I got sufficient information to use and google and figure this thing out.
What killed me was that the application(or the one specific controller action in the application) worked perfectly on the development environment but not on the production environment, something like that has never happened to me and I am glad I got this learning experience.
Can you make sure that the URL which you are hitting doesn't has any whitespace in it?
Have the web.Config set to the custom errors mode as off. You should be able to see the full errors and any additional details associated with these.
Many times there are missing aspects in the environment that causes these errors.
It seems that the error is generated by a private method being called in the controller's action method but the error itself is getting eaten (empty catch) or just throw, causing an application failure. Check if the exception handler is present and logging the details somehow.
In my project, I have an .ashx page which accepts POST requests from outside, and collects a string variable by using this code:
string infoPost = httpRequest["infoPost"].ToString();
This code works perfectly on my local, or an IIS server.
The problem started when I published it to an IIS server which I dont have control over it. Somehow the object was coming empty and I was getting "Object reference not set to an instance of an object." error on this code.
I did a bit of research, and found out that the SecureConnection setting is causing the problem. IIS server converts all "http" requests to "https", but it loses infoPost variable while doing that. I tested this idea by calling this page with "https" directly, and this time the code worked perfectly, and I grabbed the posted string.
But I dont want hardcoded job. I tried to understand if the website set as a secureconnection or not by using this code:
string strSecure = "http://";
if (HttpContext.Current.Request.IsSecureConnection)
strSecure = "https://";
Again, this code worked well on my local, but doesn't work on the IIS I mentioned.
Sorry for the long explanation, here are my questions in simple:
When IIS somehow redirects http requests to https, it is unable to pass the parameters inside the POST. Is it true? How can I prevent it?
I want to understand if a website is published on SecureConnection or not, but seems like "HttpContext.Current.Request.IsSecureConnection" code doesn't work on IIS. Is my assumption correct? Is there any other way to understand and decide which tag I should be using, (http or https)?
You don't want POSTed values to redirect from http to https, that would be a security hole. The purpose of this feature is to force you to confront whatever it is in the application that is POSTing values in clear-text, because they are being exposed before the redirect ever happens.
I've got a siluation where i need to access a SOAP web service with WSE 2.0 security. I've got all the generated c# proxies (which are derived from Microsoft.Web.Services2.WebServicesClientProtocol), i'm applying the certificate but when i call a method i get an error:
System.Net.WebException : The request failed with HTTP status 405: Method Not Allowed.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
I've done some googling and it appears that this is a server configuration issue.
However this web service is used many clients without any problem (the web service is provided by a Telecom New Zealand, so it's bound to be configured correctly. I believe it's written in Java)
Can anyone shed some light on this issue?
Ok, found what the problem was. I was trying to call a .wsdl url instead of .asmx url.
Doh!
I found this was due to WCF not being installed on IIS. The main thing is that the .svc extension has to be mapped in IIS See MSDN here. Use the ServiceModelReg tool to complete the installation. You'll always want to verify that WCF is installed and .svc is mapped in IIS anytime you get a new machine or reinstall IIS.
I had the same problem, but the details were different:
The Url we were using didn't have the file (.asmx) part. Calling the Url in a browser was OK. It also worked in a simple client setting the URL through Visual Studio.
But it didn't worked setting the Url dynamically! It gave the same 405 error.
Finally we found that adding the file part to the Web Service Url solved the problem.
Maybe a .Net framework bug?
You needto enable HTTP Activation
Go to Control Panel > Windows Features > .NET Framework 4.5 Advanced Services > WCF Services > HTTP Activation
hmm are those other clients also using C#/.NET?
Method not allowed --> could this be a REST service, instead of a SOAP web service?
MethodNotAllowedEquivalent to HTTP status 405. MethodNotAllowed indicates that the request method (POST or GET) is not allowed on the requested resource.
The problem is in your enpoint uri is not full or correct addres to wcf - .scv
Check your proxy.enpoint or wcf client.enpoint uri is correct.
In my case the problem was that the app config was incorrectly formed/called:
in config the service url was using "localhost" as domain name, but real hostname differed from the URL I called :( so I changed the "localhost" in config to domainname thah I use in URL. That`s all!