Viewing ASP.NET / .ASP pages outside Visual Web Developer

Are you using Windows XP and having problems with viewing your .asp pages via localhost?  If you’re having trouble viewing your ASP.NET / .ASP pages, and can swear that IIS has been installed successfully like I did (hah), perhaps these steps will help you, like they helped me.

I was able to view the .asp site while the debugger in Visual Web Developer 2008 was on and the project was open.  Once the project was closed, or if I was not in Visual Web Developer, I get this error message when trying to view the same site through “http://localhost/sitename/about.aspx”

The page cannot be found…

Page Cannot Be Found

It’s possible serving of ASP and ASP.NET pages have been prohibited.  To resolve this,

1. Click on [Start], select “Run” and you’ll see the Run dialog box open.
2. Type “inetmgr” and click [OK] to open your Internet Information Services (IIS) Manager.
3. In the left panel of the IIS Manager, click on [+] next to your computer name, to expand the menu tree.
4. Click on “Web Service Extensions” to display the list of web service extensions in the right panel.
5. You will see “Active Server Pages” and “ASP.NET v2.0…” listed in the right panel along with their current status.  Mine were “Prohibited” on both counts.
6. If the status is “Prohibited”, click on the service you wish to allow, e.g. “Active Server Pages”, and click on the [Allow] button.  This changes the status to “Allowed”.  I selected “allowed” for “ASP.NET v2.0…” as that is what I need.
7. You should be able to view your .ASP site via “http://localhost/sitename/” by now.

These were the steps I used, and they worked for me.  I hope you’ll find them helpful.  Good luck! 🙂

Addon – 28 May 2009 11:55am

Just to add, if you have completed the steps above and have made some progress but encounter this error:

“Server Error in ‘/’ Application”

Server Error In '/' Application

It is possible the site has not been setup properly still. At the IIS manager (see earlier steps for opening the IIS manager and expanding the menu tree), click on [+] for “Application Pools”, and then for “DefaultAppPool”.  If you only see “Default Application” and no other application names that resembles your site name, follow these steps as well:

1. In the extended menu tree of the IIS Manager, click on [+] “Web Sites” and then [+] “Default Web Site” to reveal the list of sites currently in your wwwroot folder.
2. Right-click on the site you wish to setup to be viewed in using IIS via “localhost”, e.g. [+] Testsite1, and select “Properties” to open the properties window for your site.
3. The Properties window has several tabs, namely, Directory, Documents, etc.  Make sure the “Directory” tab is selected.  If the Application name label and text field is greyed out, click on [Create] next to it.  The label and text field is no longer grayed out and your sitename (e.g. Testsite1) appears in the text field.
4. Click on [OK] to confirm and close the site properties window.
5. Now, you should be able to view your site using the “localhost” url through your internt browser. E.g. http://localhost/Testsite1/Default.aspx

Once again, these steps worked for me, I hope they work for you too.  Feel free to drop me a note if you wish to add or suggest anything.

Trapping malicious codes in your cfm sites

I came across this sometime ago, but complete forgot about it. If you are looking for ways to trap malicious codes in your cfm sites, have a look at this:


Function isHackAttempt(MaliciousCode) {
//Set the Regular Expression used and any local vars
Var strRegex = "(%)|(-- )|(' )|(script)|()|(%3c)|(%3e)|(script)|(SELECT)|(UPDATE) |(INSERT) |(DELETE) |(DROP)|(GRANT) |(REVOKE)|(UNION)|(<)|(>)";
Var blnCodeDetection = False;

//If argument is a Structure loop through it
If (IsStruct(MaliciousCode)) {
For (Field in MaliciousCode) {
If (REFindNoCase(strRegex, MaliciousCode[Field])) {
blnCodeDetection = True; //Malicious code was found, set flag var
}
}//If argument is an Array loop through it
} Else If (IsArray(MaliciousCode)) {
For (x = 1; x LTE ArrayLen(MaliciousCode); x = x + 1) {
If (REFindNoCase(strRegex, MaliciousCode[x])) {
blnCodeDetection = True; //Malicious code was found, set flag var
}
}//If none of the above its an individual variable
} Else {
If (REFindNoCase(strRegex, MaliciousCode[Field])) {
blnCodeDetection = True; //Malicious code was found, set flag var
}
}
Return blnCodeDetection; //Return the boolean result
}


Then all you need to do is figure out what you want to do with the errors that have been trapped – e.g. if isHackAttempt is true, display an error message.

Place the above code in your application.cfm and customise according to your specific needs.