Azure website doesn't handle routing to '.asp' file extensions

StackOverflow https://stackoverflow.com/questions/23321251

Question

I have been tasked with re-writing an old website written in classic asp and the client has specified that the page URL structure remain the same as the old site (I know I could add 301 redirects but they want it to look the same for now).

The old '.asp' pages will not exist on the server and it will not be running classic asp at all, the new site is built using MVC 5, it just needs the old URLs.

I have created a route to map pages for a specific 'Web Pages' controller to look like they have the '.asp' file extension as below, and this seems to work fine locally (IIS7).

My route is defined as:

routes.MapRoute(
    "WebPagesASP",
    "pages/{pagename}.asp",
    new { controller = "WebPages", action = "Details", pagename = UrlParameter.Optional }
    );

Once published to an Azure website however, I get the following error when attempting to view the 'asp' pages. The other routes with no file extension work fine, I also have some routes to other specific file extensions which work as expected.

You do not have permission to view this directory or page.

I have tried adding the following to the configuration to attempt to catch requests for asp files:

<system.webServer>
    <handlers>
      <add name="OldASPUrlRoutingHandler" type="System.Web.Routing.UrlRoutingHandler, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" path="*.asp" verb="GET"/>
    </handlers>
    <modules>
      <remove name="UrlRoutingModule" />
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
</system.webServer>

Also setting <modules runAllManagedModulesForAllRequests="true"> does not solve the issue. Again this all works fine locally, but fails when published to an Azure website.

The site is built in MVC 5.1.1 on .Net 4.5.1

Was it helpful?

Solution 3

OK so embarrassingly this was down to my own set up. To attempt to make things quicker in development I had copied over a collection of rewrite rules from the configuration transform of another project. Within these rules was the following:

<rule name="Block unauthorised file extensions" stopProcessing="true" xdt:Transform="Insert">
    <match url=".*\.(exe|php|pl|phtml|inc|asp|dll|jsp)(/.*)?"/>
    <action type="CustomResponse" statusCode="403" />
</rule>

This blocks any requests with URLs ending in '.asp' among others and returns a 403 status code.

The thing that got me was that this was working fine locally, which makes sense since the transform was only applied when published.

I removed "|asp" from the regex and it works fine. Thanks for the answers.

OTHER TIPS

Try to remove the ASPClassic handler and enable runAllManagedModulesForAllRequests:

<system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <handlers>
      <remove name="ASPClassic" />
    </handlers>
</system.webServer>

Have you tried to use different module type?

<add name="AspFileHandler" path="*.asp" verb="GET" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top