Windows 2012 Hosting - MVC 6 and SQL 2014 BLOG

Tutorial and Articles about Windows Hosting, SQL Hosting, MVC Hosting, and Silverlight Hosting

JSON Hosting on Windows Server:: How to Add JSON Handler in IIS

clock July 22, 2014 09:37 by author Ben

JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language. JSON is very useful when developing a web application where fast, compact and convenient serialisation of data is required, however it's flexible nature is the very thing that makes it less suitable than XML for transferring data between separate systems, or storing data that will be read by 3rd parties.

JSON is built on two structures:

  • A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
  • An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

These are universal data structures. Virtually all modern programming languages support them in one form or another. It makes sense that a data format that is interchangeable with programming languages also be based on these structures.

Advantages of JSON

  • Smaller message size
  • More structural information in the document
  • Can easily distinguish between the number 1 and the string "1" as numbers, strings (and Booleans) are represented differently in JSON.
  • Can easily distinguish between single items and collections of size one (using JSON arrays).
  • Easier to represent a null value
  • Easily consumed by JavaScript

Sometimes we need to create JSON in a text file with extension .json, however by default IIS 7 or any of the IIS are not configure to handle .json extension. So below is a very simple method to do that. You can apply the method on the root of IIS so .json can be handled by every site or virtual folder in the IIS or just to the specific site.

  1. Open IIS Manager
  2. Display properties for the IIS Server
  3. Click MIME Types and then add the JSON extension:
    File name extension: .json

    MIME type: application/json
  4. Go back to the properties for IIS Server
  5. Click on Handler Mappings
    Add a script map

    Request path: *.json

    Executable: C:\WINDOWS\system32\inetsrv\asp.dll

    Name: JSON

Reasons To Use IIS 7 Hosting

IIS 7 makes extending Web server functionality easier. A new integrated pipeline lets developers create custom modules that can be plugged into the IIS7’s new request-processing pipeline. Developers can write native modules with C++ or managed modules in a .NET language such as C# or Visual Basic.Net. The advanced features of the .NET Framework, combined with deep integration into the IIS 7 pipeline, lets developers create custom modules quickly and easily. Any application can leverage the .NET Role and Membership providers, which are integrated in the new IIS 7 pipeline. Existing ISAPI applications built for IIS6 will also run without modification in IIS 7’s Classic mode.

IIS 7 builds on the security and reliability established by IIS 7.0. The modular design lets you reduce the attack surface of your server by uninstalling the modules that you do not need for your application. You can also write your own modules to support your custom security requirements. New automatic application isolation adds a layer of protection to keep applications safe from each other. IIS 7’s ability to set up rules to control access to URLs and filter requests lets administrators manage access to sites, folders, and files without requiring ACLs. And admin delegation lets you assign limited administrative rights to users for specific sites instead of granting server-wide admin rights.



IIS Hosting - ASPHostPortal.com :: Trick Setting up Connection String with IIS Manager

clock November 27, 2013 05:27 by author Ben

The IIS Manager is the graphical user interface of IIS, Microsoft's web server. In this article I will give you a step by step guide on how to set up the connection string with IIS Manager.

1. Open IIS Manager and connect to your site. You can start it from the command prompt or Start menu.
Command prompt

  1. On your desktop, click Start > Run.
  2. Type inetmgr and click OK.

Start menu
On your desktop, click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager.

2. Once connected, click on Connection Strings:




3. Click on Add to configure a new connection string:




4. First, add the connection string name. Make sure it is the same connection string that you use in your ASP application. Then add the server’s name and also the name of the database:
connection 45. Before saving, we have to set up the credentials to connect to your database. Set Credentials to ‘Specify Credentials‘ and then click on ‘Set…‘



6. Enter the username and password of the database that your application will be using and click ok:



7. Check that the information is correct and click on ‘Ok‘:



8. And that’s it! Your Connection String has been configured!

 

For more info please visit ASPHostPortal.com - Best Cheap and Reliable Windows ASP.NET Hosting



How To Enable .CSHTML Support In Windows Server 2012

clock October 24, 2013 12:25 by author andry

C# ("C sharp")is  HTML webpage file used by Razor, an ASP.NET view engine used for generating Web pages for a user's Web browser; similar to a standard ASP.NET webpage (.ASP or .ASPX file), but uses a slightly different syntax; runs on a Web server, which generates the HTML for the client Web browser; can be programmed with syntax highlighting.

If we build a website that contains .cshtml file, we must enable .cshtml file. At the below, there is an error message if we don’t enable .cshml file.

To enable .cshtml file on windows Server 2012, There are steps to solve that problem. Open your IIS.

Expand “server”-> “sites” and choose “domain”.  Then click on Handler Mapping.

You can't find .cshtml. After that, choose “Revert to Parent” on right tab.

Select "Yes" and Look,what the difference with the previous image.

.cshtml file are enable and available. Now browse the domain. If you still can not access and have an error. You should check the .NET version. Remember that .Cshtml file can only be run on .NET version 4 and above.

To check the .Net version, select "application pools" -> right click on "domain_name" -> "Basic settings" -> choose .Net 4 version -> "Ok".

Now you can browse your domain with .cshtml file. Here is screenshot.



Web Deploy Hosting :: ASPHostPortal.com - How to Fix “Error: An unsupported response was received. The response header ‘MSDeploy.Response’ was ” but ‘v1' was expected

clock September 23, 2013 07:32 by author Ben

When you get this error from MSDeploy: 

“Error: An unsupported response was received. The response header ‘MSDeploy.Response’ was ” but ‘v1′ was expected.

Error: The remote server returned an error: (401) Unauthorized.”

This means that you do not have access. On our newer servers web deploy is enabled from the Management tab in your website. Older servers require web deploy to be enabled for each account, so please submit a support ticket if you need it enabled.

So you can follow this step fo fix error :

1. Web Deploy package is not installed on the IIS server in question . To install find the " Web Deploy " or " Web Deploy 2.0 " from the top level IIS.Net \ Download ( for downloading all extensions ) or directly on the Web Deploy 2.0 page . Alternately if the Platform installer addin is installed one can find it through the IIS Server Manager where one can also install it and other goodies . ( The platform installer as shown below can be found in the server list and individual website or list of icons in the management section . )



2. Even if Web Deploy package is installed , the service is not running automatically . Follow these steps to find the correct service and get it running .

a. Run services.msc from the start bar or command line .

 

b. Search for the service named Web Deployment Agent Service . Once found verify it is running and also starts up automatically after a reboot .



3. Also your account may not have permissions to publish to the web site in question . In IIS Management Studio , find the website in question and the make sure your ( or other 's ) credentials are found in the IIS Manager Permission list .





ASP.NET Hosting - IIS 7.5 Hosting - ASPHostPortal.com :: Configure Costum Error in IIS 7.5 With ASP.NET

clock September 21, 2013 09:17 by author Ben

Now, I will explain how to configure custom error pages in IIS (Internet Information Service). For this example we will be using IIS 7.5 which shipped with Windows Server 2008 R2.

First Step, Open Internet Information Services (IIS) Manager.  Select your website. Note: This could also be set at the server level and applied to all sites on the server. DoubleClick on the “.NET Error Pages” icon.


The .NET Error Pages features view will be displayed.


Click the “Edit Feature Settings” link to enable this feature. The “Edit Error Page Settings” dialog box will appear.


How to determine the error code 404 explicitly..

First, On the .NET Error Pages Actions menu click the Add link.


The “Add Custom Error Page” dialog will appear. This is where we define individual error pages per status code. For our example we will add a custom page for the HTTP 404 Error.




Now that we have turned on the feature and added a custom page for the 404 status code we can verify it is working. Please reload your website.

As mentioned above this can also be managed from the site’s web.config file. Consider the following configuration section from our site’s web.config file.



IIS 7.0 Hosting - ASPHostPortal :: Securing IIS 7.0 Web Server on Windows 2007

clock May 8, 2013 08:51 by author Ben

Hacking a Web Server
With the advent of Windows 2007 and IIS 7.0 there was a sharp turn in the way hosting services were being provided on Windows platform few years back. Today, web servers running on Internet Information Services 7.0 (IIS 7.0) are highly popular worldwide - thanks to the .NET and AJAX revolution for designing web applications. Unfortunately, this also makes IIS web servers a popular target amongst hacking groups and almost every day we read about the new exploits being traced out and patched. That does not mean that Windows is not as secured as Linux. In fact, it's good that we see so many patches being released for Windows platform as it clearly shows that the vulnerabilities have been identified and blocked.

Many server administrators have a hard time coping up with patch management on multiple servers thus making it easy for hackers to find a vulnerable web server on the Internet. One good way I have found to ensure servers are patched is to use Nagios to run an external script on a remote host, in turn alerting on the big screen which servers need patches and a reboot after the patch has been applied. In other words, it is not a difficult task for an intruder to gain access to a vulnerable server if the web server is not secured and then compromise it further to an extent that there is no option left for the administrator but to do a fresh OS install and restore from backups.
Many tools are available on the Internet which allows an experienced or a beginner hacker to identify an exploit and gain access to a web server. The most common of them are:

1. IPP (Internet Printing Protocol) - which makes use of the IPP buffer overflow. The hacking application sends out an actual string that overflows the stack and opens up a window to execute custom shell code. It connects the CMD.EXE file to a specified port on the attacker's side and the hacker is provided with a command shell and system access.

2. UNICODE and CGI-Decode - where the hacker uses the browser on his or her computer to run malicious scripts on the targeted server. The script is executed using the IUSR_ account also called the "anonymous account" in IIS. Using this type of scripts a directory transversal attack can be performed to gain further access to the system.

Over these years, I've seen that most of the time, attacks on a IIS web server result due to poor server administration, lack of patch management, bad configuration of security, etc. It is not the OS or the application to blame but the basic configuration of the server is the main culprit. I've outlined below a checklist with an explanation to each item. These if followed correctly would help prevent lot of web attacks on an IIS web server.

Secure the Operating System
The first step is to secure the operating system which runs the web server. Ensure that the Windows 2007 Server is running the latest service pack which includes a number of key security enhancements.

Always use NTFS File System
NTFS file system provides granular control over user permissions and lets you give users only access to what they absolutely need on a file or inside a folder.

Remove Unwanted Applications and Services
The more applications and services that you run on a server, the larger the attack surface for a potential intruder. For example, if you do not need File and Printer sharing capabilities on your shared hosting platform, disable that service.

Use Least Privileged Accounts for Service
Always use the local system account for starting services. By default Windows Server 2007 has reduced the need for service accounts in many instances, but they are still necessary for some third-party applications. Use local system accounts in this case rather than using a domain account. Using a local system account means you are containing a breach to a single server.

Rename Administrator and Disable Guest
Ensure that the default account called Guest is disabled even though this is a less privileged account. Moreover, the Administrator account is the favorite targets for hackers and most of the malicious scripts out there use this to exploit and vulnerable server. Rename the administrator account to something else so that the scripts or programs that have a check for these accounts hard-coded fail.

Disable NetBIOS over TCP/IP and SMB
NetBIOS is a broadcast-based, non-routable and insecure protocol, and it scales poorly mostly because it was designed with a flat namespace. Web servers and Domain Name System (DNS) servers do not require NetBIOS and Server Message Block (SMB). This protocol should be disabled to reduce the threat of user enumeration.

To disable NetBIOS over TCP/IP, right click the network connection facing the Internet and select Properties. Open the Advanced TCP/IP settings and go to the WINS tab. The option for disabling NetBIOS TCP/IP should be visible now.

To disable SMB, simply uncheck the File and Print Sharing for Microsoft Networks and Client for Microsoft Networks. A word of caution though - if you are using network shares to store content skip this. Only perform this if you are sure that your Web Server is a stand-alone server.

Schedule Patch Management
Make a plan for patch management and stick to it. Subscribe to Microsoft Security Notification Service (http://www.microsoft.com/technet/security/bulletin/notify.asp) to stay updated on the latest release of patches and updates from Microsoft. Configure your server's Automatic Update to notify you on availability of new patches if you would like to review them before installation.

Run MBSA Scan
This is one of the best way to identify security issues on your servers. Download the Microsoft Base Line Security tool and run it on the server. It will give you details of security issues with user accounts, permissions, missing patches and updates and much more.

That's it to the basic of securing the operating system. There are more fixes which can be performed for further securing the server but they are beyond the scope of this article. Let's now move on to securing the IIS web server.

IIS 7.0 when setup is secured by default. When we say this, it means that when a fresh installation of IIS is done, it prevents scripts from running on the web server unless specified. When IIS is first installed, it serves only HTML pages and all dynamic content is blocked by default. This means that the web server will not serve or parse dynamic pages like ASP, ASP.NET, etc. Since that is not what a web server is meant to do, the default configuration is changed to allow these extensions. Listed below are some basic points that guide you to securing the web server further:

Latest Patches and Updates
Ensure that the latest patches, updates and service packs have been installed for .NET Framework. These patches and updates fix lot of issues which enhances the security of the web server.

Isolate Operating System
Do not run your web server from the default InetPub folder. If you have the option to partition your hard disks then use the C: drive for Operating System files and store all your client web sites on another partition. Relocate web root directories and virtual directories to a non-system partition to help protect against directory traversal attacks.

IISLockDown Tool
There are some benefits to this tool and there are some drawbacks, however, so use it cautiously. If your web server interacts with other servers, test the lockdown tool to make sure it is configured so that connectivity to backend services is not lost.

Permissions for Web Content
Ensure that Script Source Access is never enabled under a web site's property. If this option is enabled, users can access source files. If Read is selected, source can be read; if Write is selected, source can be written to. To ensure that it is disabled, open IIS, right click the Websites folder and select Properties. Clear the check box if it is enabled and propagate it to all child websites.

Enable Only Required Web Server Extensions
IIS 7.0 by default does not allow any dynamic content to be parsed. To allow a dynamic page to be executed, you need to enable the relevant extension from the Web Service Extensions property page. Always ensure that "All Unknown CGI Extensions" and "All Unknown ISAPI Extensions" are disabled all the time. If WebDAV and Internet Data Connector are not required, disable that too.

Disable Parent Paths
This is the worst of all and thanks to Microsoft, it is disabled in IIS 7.0 by default. The Parent Paths option permits programmers to use ".." in calls to functions by allowing paths that are relative to the current directory using the ..notation. Setting this property to True may constitute a security risk because an include path can access critical or confidential files outside the root directory of the application. Since most of the programmers and third-party readymade applications use this notation, I leave it up to you to decide if this needs to be enabled or disabled. The workaround to Parent Paths is to use the Server.MapPath option in your dynamic scripts.

Disable Default Web Site
If not required, stop the Default Web Site which is created when IIS 7.0 is installed or change the property of Default Web Site to run on a specific IP address along with a Host Header. Never keep it running on All Unassigned as most of the ready-made hacking packages identify a vulnerable web server from IP address rather than a domain name. If your Default Web Site is running on All Unassigned, it means that it can serve content over an IP address in the URL rather than the domain name.

Use Application Isolation
I like this feature in IIS 7.0 which allows you to isolate applications in application pools. By creating new application pools and assigning web sites and applications to them, you can make your server more efficient and reliable as it ensures that other applications or sites do not get affected due to a faulty application running under that pool.

Summary
All of the aforementioned IIS tips and tools are natively available in Windows. Don't forget to try just one at a time before you test your Web accessibility. It could be disastrous if all of these were implemented at the same time making you wonder what is causing a problem in case you start having issues.

Final tip: Go to your Web server and Run "netstat -an" (without quotes) at the command line. Observe how many different IP addresses are trying to gain connectivity to your machine, mostly via port 80. If you see that you have IP addresses established at a number of higher ports, then you've already got a bit of investigating to do.



About ASPHostPortal.com

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions


Author Link


Corporate Address (Location)

ASPHostPortal
170 W 56th Street, Suite 121
New York, NY 10019
United States

Sign in