I am trying to use C# code in an aspx page within SharePoint 2010. I keep getting the "Code blocks are not allowed" error.
My aspx page located at (server)/SitePages/ajax.aspx: (edited in SharePoint Designer 2010 if it matters)
<%# Page Language="C#" %>
<script runat="server">
Response.Write("Hello world");
</script>
I added the following to web.config at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG
<PageParserPath VirtualPath="/SitePages/ajax.aspx" CompilationMode="Always" AllowServerSideScript="true" />
Here is the same line that I added to web.config, shown in context:
<SharePoint>
<SafeMode
MaxControls = "200"
CallStack = "false"
DirectFileDependencies ="10"
TotalFileDependencies = "50"
AllowPageLevelTrace = "false"
>
<PageParserPaths>
<PageParserPath VirtualPath="/SitePages/ajax.aspx" CompilationMode="Always" AllowServerSideScript="true" />
</PageParserPaths>
Why do I still get the "Code blocks" error? Is there another security switch somewhere?
(I know custom web parts are the preferred solution, but I don't think that will suffice here because the return value should be json - this is a page to hit via ajax to get data.)
I suppose, you have to define PageParserPath element in an Web application web.config that is located C:\inetpub\wwwroot\wss\VirtualDirectories[application folder]\web.config.
When you upload an aspx page to a document library (which is what you're doing when you use SharePoint Designer) that aspx page can't have inline code blocks and it can't have a code behind. This is primarily a security mechanism. It prevents any old user from uploading an aspx page with malicious content that will then be executed with full privileges on your server, and also serving content to (potentially) any user.
For an aspx page to execute code it needs to be compiled into a WSP and deployed to the GAC on the server. When you do that you can either use inline code blocks or, better yet, have an aspx page with a code behind. To publish that page to the site you would need to compile the project in visual studio into a WSP, deploy that to the server by logging into the machine with sufficient privileges, and then add and deploy the code. This ensures that non-developers can't upload executable code to your site.
Finally, on a more unrelated note, since you don't actually want to display a page, but just JSON content, you probably shouldn't use an aspx page at all (although you can). You should probably just create an HTTP handler or a web service that writes the appropriate content out.
Related
I am working on a system that has a WPF WebBrowser that is displaying dynamically generated HTML.
This contains links to files, using file:///servername/filename.ext addresses.
This should have worked in times gone by when this was first developed, but does not seem to behave now.
What I can see:
White click on the generated file in the browser of being an HTML file: File is served from about:blank and in the Internet Zone. Clicking a link does nothing.
What I have done:
I have added about:blank to the Trusted Zone, and have set the security for the Trusted Zone to Low. Clicking a link still does nothing.
Created an HTML file and hosted it on my local IIS. Browse to this file in IE. The file contains a link to a file:/// address. Nothing happens on click.
Added http://127.0.0.1 to the Trusted Zone. The above test still fails.
Changed the generated HTML to be a link to http://www.google.com. This works.
What I think is happening:
The WPF WebBrowser is IE underneath. Did IE have a security update that stopped access to file:/// paths?
What I cannot do due to technical restrictions with deployment:
Have the generated HTML and the files linked to served by a web server so everything is within an http(s) environment.
What I can do:
Update browser settings
Update our code
Update - additional information:
The HTML is being displayed on the WPF by binding to a string that contains the HTML (effectively <html><body>Look! Stuff!<br />Whatever</html>)
file:///foo/whatever.txt exists and I have access to it
That file is generated by a process on a server and the client is generating the link to the file. This is a historic design, I didn't come up with it, I'm just maintaining it. I can't do massive code overhauls.
I cannot install any additional services anywhere
All Browsers have updated to prevent interesting stuff happening on local HTML files. Because you could do interesting stuff in the past it meant interesting exploits could be utilized too.
I've had a recent issue where I created a HTML in code and wanted to display it in CEFSharp (much better than WebBrowser by the way) with a link to CSS and JavaScript Files.
How I fixed it was to run a LocalHost and did this using this code which works really well: An HTTP file server (130 lines of code) in VB.Net
For testing your HTML outside of code you could run this batch file to start your LocalHost:
ECHO OFF
ECHO "Launching Localhost:8080"
py -3 -m http.server
ECHO "Loading HTML.."
start chrome localhost:8000
This batch file assumes you have Python 3+ installed. You can verify this in the Command Prompt with:
python --version
I've solved this by cheating a little.
I've got the VM to write the HTML out to a file, and then pass the file name to the browser in the view. This means that I am displaying the created content from file:////foo.htm, and that is fine for links to file:///server/bar
Yes, this is a newbie question and might be ridiculous, but I'm apparently having tremendous difficulty finding an answer to get up and running.
I've created an ASP.NET Razor (v3) web site using the Visual Studio template. That's fine and I can see everything locally. However, when I try to view the Default.cshtml page on the server I get this error:
Server Error in '/' Application.
This type of page is not served.
Description: The type of page you have requested is not served because it has been explicitly forbidden. The extension '.cshtml' may be incorrect. Please review the URL below and make sure that it is spelled correctly.
Requested URL: /4.6.1Razor/Default.cshtml
My server administrator says this: You are not supposed to access a cshtml file directly on a production server, it’s blocked by default. Please access an html, htm, asp or aspx file and use that to get the data from the cshtml.
Okay ... so how exactly do I access a cshtml file via an aspx file? Or can someone point me to a working sample that I can look at?
The default files that Visual Studio created did not include an html, htm, asp, or aspx file so I'm a little confused as to how to start that. Also, the samples that Visual Studio points to are of course broken: http://www.asp.net/aspnet/samples/aspnet-web-pages.
A little help pointing me to the right direction would be appreciated. Thanks.
Maybe the question should be ... What kind of page / file (.asp or .aspx or what) do I need to render a .cshtml file and how do I do that. I've tried a .aspx file with the code: #RenderPage("Default.cshtml") but when I view the file in a browser it just echoes #RenderPage("Default.cshtml") instead of rendering anything.
This answer suggests you need to enable WebPages in the <appSettings> section of web.config:
<add key="webpages:Enabled" value="true" />
If this is not enough, check this question for server software requirements to process WebPages.
For IIS application configuration, have a look at this description.
If that doesn't work. Go to IIS --> MIME Types --> Check if the extension .cshtml exists, if not add it.
What settings in ASP.NET determine where (as in which directorie(s)) a website will look for its code-behind files?
I have two versions of an asp.net c# website, Live and Dev.
Live site: www.example.com with the pages and code in c:\dev\websites\examplecom_new
Dev site: d3.example.com with the pages and code in c:\dev\websites\examplecom-d2
There are historic reasons why the live site's directory ends in _new and why the dev site has d3 as its hostname and -d2 on its directory name, but they work and until now we've had no issues, developing things on d3 for subsequent release to live.
I recently refreshed the dev site to be an exact copy of the live one (I usually do this before starting a new round of work), and started on some development work. However, when I tried to run the code via the website, even though the browser was showing the Dev URL, d3.example.com, the error message referenced a code file from the live site's web directory, c:\dev\examplecom_new, not the development version c:\dev\examplecom-d2.
I've gone through the code in detail to ensure there are no hard-coded references to either the www site or the path to the live site directory, and as far as I can tell there are none. The code files in all cases are referred to in the .aspx files as local links, for example:
<%# Page Language="C#" MasterPageFile="~/ExampleCom.master" AutoEventWireup="true"
CodeFile="Checkout.aspx.cs" Inherits="Checkout" Title="Untitled Page" %>
Yeah, I know "Untitled Page" isn't the most useful title in the world. :)
I've gone through web.config, had a look in app_code\general.cs, and checked all the tabs on the Properties element in IIS, but I can't find anything that could be telling the site to use the .cs files from the live dir instead of the dev one.
I tried restoring the previous (pre-refresh) version of the Dev site (I always back them up before replacing, just in case), just in case there was a config change I wasn't aware of, but the old version exhibits exactly the same problem, the Checkout page calls code from live, not dev, even though its URL is showing the dev verson in the browser.
Needless to say this is something of a showstopper, the error that's happening appears to be due to a session mis-match between live and dev, but I have no idea why the dev site is calling code from the live site instead of code in its own directory. Any pointers to what might be wrong would be appreciated. I've tried both Googling for "asp.net code behind files called from wrong directory" and related searches, and searching Stack Overflow for the same types of thing, but not seen anything related. We're not using pre-compiled binaries, just standard .aspx pages and .aspx.cs C# code files.
At first I'd assumed there must have been a hardcoded redirect kicking things over from dev to live, however I can see no trace of one and the browser address bar still shows d3.example.com/Checkout.aspx when I'd have expected a redirect to live to change it to the www version.
The webserver is IIS 6 and we're running ASP 2.
Run "iisreset" command from command line and then clear temporary folder. All applications will be recompiled after that.
Let say I have one default.aspx page in local development but in production we have different mark up according to client requirement might be we will not use up-comming.ascx user control on client page but we using on local or using for other client. in short how can load aspx markup from database not .cs code since it is already compiled only change aspx.
I have a aspx page that uses ajax modal popup extender. I run the project successfully from Visual Studio, it works correctly with IE and Firefox as default browsers.
Now I took the html code and created an html file and put in the proper location. When I open the html file by double clicking on it, it is saying script error like “ASP.Net Ajax Client-side framework failed to load”. Why is it happening when I create an HTML file and open it; and not happening when I run the aspx page from Visual Studio. How to overcome it? What should be the best method to take care this in deployment to production?
Note: I have not entered any entries in the Web.Config related to Ajax. We are not using any update panel. We have used ToolkitScriptManager in the aspx page.
Note: There is one more message after this – ‘Sys’ is undefined.
Are the path of microsoft AJAX related JS files still valid/pointing to correct folder after you copy HTML to a location?