UrlScan and ASP.NET debugging

Navigation

Activities

My articles (in English)

My articles (in Italian)

Microsoft Solutions Framework v3.0
ioProgrammo 2004, January

My old articles for <a href="http://www.objectway.it">ObjectWay SpA</a> (in Italian)

My projects

The Italian Blog... (my Official Italian blog)

Sfoghi di un genio del male!

I like Microsoft Baseline Security Analyzer and all the suggestions that it gives to improve the security of the scanned PC.

One of the most important suggestion, for me, is to run the IIS Lockdown tool on every Pc with IIS installed.

I always do it, and I don't care if it's a production, a staging or a development server.

But for staging and development servers there is an issue. The IIS Lockdown tool installs the URLScan ISAPI filter to block malformed URLs, bad file extensions and wrong HTTP commands.

The only allowed HTTP commands in the default configuration are GET, POST and HEAD.

To allow VS.NET to debug ASP.NET pages you have to find URLSCAN.INI and edit it to add the DEBUG command to the list of the allowed commands.

If you don't enable it VS.NET tells you to enable server side debugging, but doesn't give you any other hint.

But for your security, don't enable DEBUG on production servers...

Posted: Oct 06 2003, 10:26 AM by barbilor | with 6 comment(s)

Filed under: ASP.NET Development

Comments

G. Andrew Duthie said:

Great tip!

I've had problems with debugging ASP.NET on one machine, and figured that perhaps I just had a bad install.

I agree that the MSBSA is an excellent tool, but URLScan is perhaps a little opaque in terms of the things it does. A little more documentation (and flagging of potential problems caused by locking down IIS) would certainly be helpful.

# October 6, 2003 7:56 AM

Darrell said:

Microsoft already provides a solution to this problem that does not require you to do much custom configuration of the ini file. See my blog post here: http://dotnetjunkies.com/weblog/darrell.norton/posts/2090.aspx

# October 6, 2003 11:46 AM

TrackBack said:

# March 2, 2004 11:51 PM

K.Saravana said:

I have a problem in enabling Debugging in my ASP.NET application.
Plz help

# March 10, 2004 1:33 AM

Lorenzo Barbieri said:

Try to be more clear.
But it's better for you to post on the www.asp.net forum or on microsoft newsgroup...
Perhaps this can help... I've not yet checked it
http://weblogs.asp.net/mkpark/articles/86872.aspx

# March 10, 2004 3:37 AM

Lorenzo Barbieri @ Weblogs.Asp.Net

Recent Posts

Tags

Navigation

Activities

My articles<br><font size="1">(in English)</font>

My articles<br><font size="1">(in Italian)</font>

My old articles<br><font size="1">for <a href="http://www.objectway.it">ObjectWay SpA</a> (in Italian)</font>

My projects

The Italian Blog...<br><font size="1">(my Official Italian blog)</font>

Archives