|
In speaking with a security expert. His #1 recommendation was to disable PowerShell!
He said about 80% of the FILELESS (undetectable) infiltrations use PowerShell.
Since I was not a big user of it, I simply disabled it. It would be TOUGH for me to enable it.
Just an interesting point!
|
|
|
|
|
Wordle 377 4/6
⬜⬜🟨⬜🟨
⬜⬜🟨🟨🟨
🟩🟨🟨🟨🟨
🟩🟩🟩🟩🟩
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Lesley posted that over 12 hours ago ... still on the same page ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I know. Cut me some slack. just trying to get this wordle sharing thing down
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
We never cut slack on Leslies!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I recently implemented a small service to handle uploads from the browser to our "media server" (rather legacy, don't ask) and on our dev server, no problem. On the actual media server box, I kept getting the dreaded no-access-control-allow-origin header.
Fussed with all the IIS settings and web.config settings to no avail.
Tested vanilla POST calls, all passed CORS without issues.
Learned about "simple requests" which multiform is one of and which don't do an OPTIONS preflight request.
Found an obscure post that people were getting this CORS error on ngnix when the file size was too large.
Tried uploading a a 1K file, and it worked!
Discovered that if the file size was somewhere between by 31K and 67K test files, the larger one failed.
Discovered that if I removed the docInfo parameter:
public IActionResult Upload([FromForm] DocumentUpload docInfo)
The endpoint was hit, no CORS error.
Was thinking, geez, what is .NET 6 doing? Do I have to parse the multiform data myself?
Found a post on the topic that mentioned this code:
var form = ControllerContext.HttpContext.Request.Form;
Tried that and to my horror, it threw an UnauthorizedAccessException that c:\windows\temp\[temp file] is not accessible.
Googled, added IIS AppPool\[my application pool] as a user to c:\windows\temp.
AND IT WORKED.
Unbelievable. An unauthorized access exception results in the browser giving me a CORS error!
This took all week to figure out, spending probably 6 hours a day on it.
And the small <30K file uploads worked without problems because it didn't require creating a temp file for the stream content.
|
|
|
|
|
I have no idea what you're talking about other than the punch line, which seems to be that this house of cards is shite at generating error messages that are useful for debugging.
|
|
|
|
|
Greg Utas wrote: seems to be that this house of cards is shite at generating error messages that are useful for debugging
It's ALWAYS been this way. SQL Server is the worst.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
I know what an SQL server is but had no idea the post was talking about one.
|
|
|
|
|
Hmmm,
Marc Clifton wrote: Googled, added IIS AppPool\[my application pool] as a user to c:\windows\temp.
AND IT WORKED. Are you sure that allowing your application pool to use global %TEMP% is a good idea? Everybody can read/write to that location. It's probably more secure if your application pool uses the %USERPROFILE% temp path.
I'm not an IIS expert but I think a better fix would be loading the user profile[^] for the application pool identity. You should dig around for a setting to enable that. This setting will populate your environment variables and should change your temp folder to the %USERPROFILE% temp.
Just a security recommendation.
|
|
|
|
|
Agreed - the main point being, the absurd journey it took to discover that this was all the result of not being able to access the temp folder that .NET (or something?) was trying to use to buffer the files being uploaded.
|
|
|
|
|
I've had something similar before with something going wrong on the API, but the browser showing it as a CORS error. There's a whole flow that happens and I assume that the initial CORS request fails due to whatever is wrong in the background and the browser then just shows that CORS failed.
On a ASP.Net project I had to put a if statement in for handling CORS Options requests from Angular because it was calling the method like it would have with a normal request. Maybe just a weird setup in my case. With .Net Core I don't think the options request activates the breakpoints, although it looks like you can with some middleware: https://www.codeproject.com/Questions/5162494/Currently-I-am-working-on-angular-and-web-API-NET
Complete Guide to CORS
modified 1-Jul-22 8:17am.
|
|
|
|
|
Fantastic & interesting post & great detective skills.
Marc Clifton wrote: Googled, added IIS AppPool\[my application pool] as a user to c:\windows\temp.
I'm filing this one away in my brain for later use.
That is a crazy situation but I totally believe it because of horrors I've seen with similar & IIS & CORS etc.
BTW, was this change needed only on your dev box or did you have to make that change on the Server also?
This is just crazy to me. Can you post the link where you found that solution? Very interesting and quite terrible.
|
|
|
|
|
raddevus wrote: was this change needed only on your dev box or did you have to make that change on the Server also?
I've never had to make this change anywhere, whether my local devbox, our development server setup, our live servers. It occurred on an obscure server used only as a repository of uploaded files, and it had never seen a .NET application before.
I ended up install VS2022 on it to debug the situation, to some extent I'm glad the VS2022 setup didn't magically "fix" the problem.
|
|
|
|
|
One other piece of configuration you need to do: Configure Storage Spaces to run automatically and scrub the temp folder structure after 30 days. IIS is atrocious when it comes to cleaning up after itself.
|
|
|
|
|
Looking at the source[^], it seems you can control the directory it uses by setting the ASPNETCORE_TEMP environment variable.
(I found that last week trying to get a .NET 6 API endpoint to accept file uploads with no filename on the Content-Disposition header, to make it match the existing .NET Framework Web API endpoint. Which turned out to be a massive PITA.)
It's probably worth reporting the misleading error in the GitHub repo:
Issues · dotnet/aspnetcore · GitHub[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I'm on a 5 year plan to move to Canada, which hubby and I will do assuming things continue to go south here in the states. Living in Canada will be like moving from the meth lab to the apartment above the meth lab, but at least we'll be able to breathe. Learning Canadian English should be fun. I imagine there are lots of synonyms for hockey.
Do you think getting this tattoo somewhere visible will help streamline the admission process?[^]
To err is human. Fortune favors the monsters.
modified 1-Jul-22 5:14am.
|
|
|
|
|
Only if it's a matching pair, and on the genitalia ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I doubt if the genitalia are generally visible!
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
I think that claiming that you are a persecuted minority refugee from a third world country would help more.
Given the way many Canadians view the US, this may actually work.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
We don't think Americans are being persecuted; we're afraid of them.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
Please note:
- I never said that Americans are persecuted minorities.
- I never even said that codewitch is part of a persecuted minority.
- I said that given the way many Canadians think of the US, making the claim might be of use.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
|
In my youth, I spend one year in a US family / High School.
During that year, one question was repeatedly raised: If you could, wouldn't you move to the US of A? What?? You would not?? But ... Why not? Can there be any viable reason for not wanting to become an American, if you could? You must be completely crazy, out of your mind!
When I returned home, I said (to a lot of people): I sure would like to se the US again, but let's give it ten years, to see how it develops! After ten years were gone, and USA had just been through reganism, I said: Well, let's give it another ten years, to see how it stabilizes! Right now I do not remember how USA looked after those ten years have passed, but going to the US was out of the question.
And later? Well ... I still have a slight urge to travel the country. As a tourist. Peeking at it from the outside. But after I left it in in my youth, I have never felt any urge to settle there. I do see some positive elements in US culture - unfortunately, the US has not been very good at exporting those. And it would be a lie to claim that those elements I appreciate have been strengthening their position in the years since my visit in my youth.
|
|
|
|
|
"... positive elements in US culture ..."
May I please inquire to which you refer?
I see you are from Norway. Aren't the Scandanavian countries supposed to be among the happiest?
As for not wishing to live here in USA that seems easy to understand as USA is one of the most violent countries. Further I always believed Americans are stupid. Recent events do not prove me wrong. However I have little knowledge of other countries except to have observed in Canada people politely waited in line for public bus transport upon a visit there many years ago, something unheard of during my life growing up in Chicago, sadly now one of the most violent cities in USA, though a day did not pass I did not hear a gun shot in a former neighborhood of residence many years ago.
|
|
|
|