Question 85694 in ASP.NET Question posted in
The official documentation can be found here.

How can I set an allowed server variable in my web.config instead of applicationHost.config? – Asp.net

I’m running a non core ASP dotnet app on IIS 10.

I’m configuring rewrite rules for https behind a load balancer per this config: https://www.jamescrowley.net/2014/03/07/ssl-termination-and-secure-cookiesrequiressl-with-asp-net-forms-authentication/

This is the part that confuses me:

You’ll also need to add HTTPS to the list of allowedServerVariables in
the applicationHost.config (or through the URL Rewrite config)

<rewrite>
    <allowedServerVariables>
        <add name="HTTPS" />
    </allowedServerVariables>
</rewrite>

"or through the URL Rewrite config" seems to indicate this can be set in web.config.

I don’t want to add this variable to the global applicationHost.config file I want to set it in my specific applications web.config.

Where do I put <allowedServerVariables> in web.config? I tried putting it under the rewrite rules as in the config snippet but I get an error:

enter image description here

Edit

This is not a solution to my actual question, but it appears what I was asking for is impossible.

I wanted to set this in my web.config because all the configuration tooling around IIS is terrible and painful to work with, but here we go. The snippet below is how I was able to script this on the server.

// Using try catch to make idempotent
// ErrorAction does not work here
// Despite examples online Get-WebConfigurationProperty nor Get-WebConfiguration were able to check if a variable was already set or not
try {
    C:/Windows/system32/inetsrv/appcmd unlock config -section:system.webServer/rewrite/allowedServerVariables
    Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST"  -filter "system.webServer/rewrite/allowedServerVariables" -name "." -value @{name='HTTPS'}
}catch{}
Tags:

2

Answers


  1. 0

    Try in your web.config:

    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>           
            <rules>
                <rule name="RULE_NAME">
                    <serverVariables>
                        <set name="SOME_NAME" value="{SOME_VALUE}"/>
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

    Some time ago I got this example from https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples

    In your example:

        <rule name="HTTPS_AlwaysOn" patternSyntax="Wildcard">
        <match url="*" />
        <serverVariables>
            <set name="HTTPS" value="on" />
        </serverVariables>
        ...
    Login or Signup to reply.
  2. 0

    Ok, I get your idea. You don’t want to add it to applicationHost.config.

    But distributed rewrite rules can only set/overwrite the request headers and server variables that are defined in the allowed list for server variables allowedServerVariables. If a distributed rewrite rule attempts to set any server variable that is not listed in the allowedServerVariables collection a runtime error will be generated by URL Rewrite Module. The allowedServerVariables collection by default is stored in applicationHost.config

    So for it to work, it is required to add it to the allowedServerVariables collection. This is specifically noted in the official documentation: https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-20-configuration-reference#using-inbound-rewrite-rules-to-set-request-headers-and-server-variables.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search