Bug found (and solved) for cc.net running in IIS / ASP.NET 4

Added by Chris . over 6 years ago

Hi all,

Hope this will reach the ccnet developpers (where else should I post such a news?)

I faced (and solved) a bug in cc.net why migrating my existing asp.net websites from asp.net 2 to asp.net 4.

In our config, cctray connects not by remoting but by connecting to the webdashboard. It was working fine with asp.net 2 but no more with asp.net 4, leading to a 500 http error. The event log in Windows were displaying an error ID=1309: "A validation error has occurred. [...] http://[svrname]/CruiseControl/server/intranet/RawXmlMessage.aspx [...] A potentially dangerous Request.Form value was detected from the client (message="<serverMessage xmlns...")."

The answer for this is to add a subkey "<httpRuntime requestValidationMode = "2.0" />" (without the quote...) in the system.web node. More info there: http://msdn.microsoft.com/en-us/library/system.web.configuration.pagessection.validaterequest.aspx

I think this should be included in the default web.config shipped with cc.net.

Regards

Chris


Replies (1)

RE: Bug found (and solved) for cc.net running in IIS / ASP.NET 4 - Added by Ruben Willems about 6 years ago

issue #121

placed it comment for the moment, as the syntax highlighter gave some errors about it

<system.web>
<httpHandlers>
<!-- Yes, we are overriding .aspx - don't delete this! We are using .aspx since we know it is already bound to ASP.NET. In future we might use a
different extension so that people can add their own ASP.NET pages if they want to, but we should make sure in that case to change how
URLs are created -->
<add verb="*" path="*.aspx" type="ThoughtWorks.CruiseControl.WebDashboard.MVC.ASPNET.HttpHandler,ThoughtWorks.CruiseControl.WebDashboard"
/> <!-- preCondition="integratedMode" adding this attribute can solve problems on IIS7 and CCNet 1.5+ -->
<add verb="*" path="*.xml" type="ThoughtWorks.CruiseControl.WebDashboard.MVC.ASPNET.HttpHandler,ThoughtWorks.CruiseControl.WebDashboard"
/> <!-- preCondition="integratedMode" adding this attribute can solve problems on IIS7 and CCNet 1.5+ -->
</httpHandlers>

&lt;!-- when running CCNet in a ASP.Net 4.0 environment
according to http://www.asp.net/whitepapers/aspnet4/breaking-changes
&lt;httpRuntime requestValidationMode = "2.0" /&gt;
-->
&lt;/system.web&gt;

(1-1/1)