0 Comments

This is de default of BlogEngine 2.7:

<?xml version="1.0"?>
<configuration>
    <system.web>
        <httpRuntime 
            enableVersionHeader="false" 
            useFullyQualifiedRedirectUrl="true" 
            maxRequestLength="16384" 
            executionTimeout="3600" 
            requestLengthDiskThreshold="16384" 
            requestValidationMode="2.0"/>
        <pages 
            enableSessionState="false" 
            enableViewStateMac="true" 
            enableEventValidation="true" 
            controlRenderingCompatibilityVersion="3.5" 
            clientIDMode="AutoID">
            ...
        </pages>
    </system.web>
</configuration>

And I have used these settings for quite a while. But my application pool keeps crashing after about a week.

I have enabled elmah logging

<elmah>
    <errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/elmahErrors" />
</elmah>

This enabled me to have a better look at what was causing the crashes. Because the elmah page is of course unavailable when BE crashes. The log had several error’s the two most common ones where:

  • A potentially dangerous Request.Path value was detected from the client
  • Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I have now added:
validateRequest="true"

to my pages section in the web.config and have added:

requestPathInvalidCharacters=""

to the httpRuntime section and my error logging feature stays empty and the BlogEngine application returns a nice 404 when trying some querystring injection and/or XSS attacks.

So this will fix all the thrown exceptions and keeps my application pool from automatically shutting down. I have found this on StackOverflow http://stackoverflow.com/a/6026291/169714 but turning off the validateRequest seems like a bad idea.


Good luck with BlogEngine!

kick it on DotNetKicks.com Shout it

Pin on pinterest Plus on Googleplus Post on LinkedIn
0 Comments

My blog was offline a few days ago. The IIS application pool stopped. To investigate if it had something to do with my BlogEngine installation, I wanted to install Elmah. That was an easy one. Here is how I did it in just a few steps:

- download your current BlogEngine installation from the remote webserver

- Open it with Visual Studio (open website)

- Run it with Visual Studio to make sure that there are no build errors

- Right click on the solution:

image

- Select manage NuGet Packages

- Search for Elmah

- Hit install

- Edit the web.config, add

<authorization>
  <allow roles="Administrators"/>
  <deny users="*"/>
</authorization>
Just below
<location path="elmah.axd" inheritInChildApplications="false">
  <system.web>

And change

<elmah>
 <security allowRemoteAccess="false"/>
</elmah>

the allow remote access to true.

- Save and upload the new web.config, and upload and overwrite the files from the bin folder.

Only logged in administrators now have access to yourdomain.com/elmah.axd

Good luck!

kick it on DotNetKicks.com Shout it

Pin on pinterest Plus on Googleplus Post on LinkedIn
1 Comments
  •   Posted in: 
  • Blog

feedburnerIn case you installed the free and famous Wordpress and are wondering how you can track the usage of the RSS feed, get a feedburner account. The next step according to feedburner is to get the wordpress widget, but that is not the best option. It takes you time to download, unzip, upload and configure.

Recommended way to track Wordpress RSS usage

  1. Register your two RSS feeds at feedburner.
    You can find the regular RSS locations from your wordpress website. It’s often in the footer. (yourPage/feed/ and yourPage/comments)
  2. Download your .htaccess file with your favorite FTP client
  3. Open the file with notepad
  4. Add the lines below and upload the modified file

# redirect all wordpress feeds to feedburner
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REQUEST_URI}      ^/?(feed.*|comments.*)        [NC]
 RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC] 
 RewriteRule ^feed/?.*$          http://feeds.feedburner.com/yourMainFeed [L,NC,R=302]
 RewriteRule ^comments/?.*$      http://feeds.feedburner.com/yourComments [L,NC,R=302]
</IfModule>

Verify that the redirect is working by F5-ing your site and clicking on the RSS link. It takes a while before the statistics are visible on the feedburner page.

Good luck blogging!

Pin on pinterest Plus on Googleplus Post on LinkedIn
2 Comments

BlogEngine recently released version 2.6 (May the 14th). My blog was running 2.5 from 27th of July 2011. So it was time to update.

The 2.6 new feature list has several great things on it, but a lot of features are for the administration dashboard. I use Windows Live Writer to prepare and publish posts. So I only use the dashboard to manage comments and sometimes settings. So the main reason for me to upgrade, is for all the minor bug fixes and improvements and the JavaScript and cascading style sheet minification and bundling which is available from Asp.Net 4 and above. Scott Guthrie has written about Bundling and Minification Support in November 2011.

There is a good upgrade guide available online which I used, but since the upgrade path might differ from user to user, I have decided to blog mine:

First of all: know your blogs storage method, mine is XML. I know because I have not configured any database in a web.config file. So here are my steps:

1. Backup current BlogEngine 2.5 installation by FTP it to a local folder
2. Download BlogEngine 2.6 (web install)
3. I have compared web.config of 2.5 to 2.6 with Beyond Compare


4. Delete everything from FTP web root, except `googleverification.html`, my nibbler html (to claim my website ownership) and robot.txt and dotnettechy.html except app_data
5. upload everything from 2.6 except app_data content
6. upload themes/jphellemons folder
7. upload widgets - buy me a beer, cumulus, syndication, tagcanvas, twitterfeed

twitterfeed missed some .cs files in app_code
8. upload pictures and custom favicon blogengine.ico, android market button,
9. upload socialbe folder

and I tested it… but it didn’t work. Seems to have lost everything, admin login didn't work. requesting password. no e-mail received.
10. downloaded logger.txt from app_data folder, spotted that SMTP does not work out of the box on this webhost. So I had to modify the web.config so that asp.net can send mails with the web.config settings. I used this blogpost as reference: http://dotnetblogengine.net/post/The-Next-Chapter-of-BlogEngineNET-Version-26.aspx And I tried to open my upgraded blog again and noticed that twitterfeed widget had some .cs classes that required a manual upload in the App_Code folder.

So now I am running version 2.6 of BlogEngine.Net Glimlach

Good luck upgrading!

kick it on DotNetKicks.com Shout it

Pin on pinterest Plus on Googleplus Post on LinkedIn
4 Comments

The BlogEngine team has released BlogEngine 2.5 last 27th of June. I postponed it for a while but you have to keep your Online Software up to date! So I decided to give it a try. The migration from 1.x to 2.0 was almost painless, so moving to 2.5 should work out fine too. My installation as no database, but stores stuff in the App_Data folder. I followed this guide:  http://blogengine.codeplex.com/wikipage?title=Upgrading%20to%20BlogEngine.NET%202.5

my 8 easy steps: (maybe you only need 4) [more]

1) download current 2.0 installation as backup

2) download 2.5 web version
     http://blogengine.codeplex.com/releases/view/69117#DownloadId=253216 

3) removed everything in the 2.5 App_Data folder except: blogs folder and blogs.xml file

4) copied the App_Data from 2.0 local backup to the 2.5 local folder and uploaded everything to the online version with overwriting enabled. (I recommend FileZilla for everything FTP related)

5) go to your online URL (mine crashed)

6) I received ‘Unrecognized configuration section system.web.extensions’ So I had to ask the hosting company to migrate my site from an Asp.Net 2.0 application pool to 4.0

7) After that I received another crash in imaginary.twitterfeed.cs (rule 21) and imaginary.twittersearch.cs (rule 22) on almost the same line:

private string _dataFileName = HostingEnvironment.MapPath(
Path.Combine(BlogSettings.Instance.StorageLocation, TWITTERFEED_DATA_FILENAME));

change it to:

private string _dataFileName = HostingEnvironment.MapPath(
Path.Combine(Blog.CurrentInstance.StorageLocation, TWITTERFEED_DATA_FILENAME));

 

8) The next crash was in admin/extension manager/extensions.ascx.cs from line 202 after some research that was because according to this thread http://blogengine.codeplex.com/discussions/252979

You should remove the directory of admin/extension manager because that is renamed to admin/extensions from version 2.0.0.49

My blog worked after these 8 easy steps! The following steps are optional:

in app_code/extensions/sentcommentmail.cs (rule 95) and contact.aspx.cs (rule 100) there was some obsolete use of replyto. So I changed it to:

var mail = new MailMessage
{
   From = new MailAddress(BlogSettings.Instance.Email),
   Subject = BlogSettings.Instance.EmailSubjectPrefix + subject + post.Title
};
mail.ReplyToList.Add(new MailAddress(replyTo, HttpUtility.HtmlDecode(comment.Author)));

and in contact.aspx.cs:

mail.ReplyTo = new MailAddress(email, name);

 

mail.ReplyToList.Add(new MailAddress(email, name));

 

So everybody should update their BlogEngine installation Glimlach because of all the nice features!

kick it on DotNetKicks.com Shout it

Pin on pinterest Plus on Googleplus Post on LinkedIn