Invalid file name for monitoring

Discussion in 'ASP .Net' started by =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 25, 2005.

  1. I'm undergoing an audit where my web application is supposed to handle
    (gracefully) a bunch of garbage being throwns at it.

    When I use the following url I get an error;

    http://localhost/myapplication/~Home/Page.aspx

    where the offending character is the tilde.

    [HttpException (0x80070057): Invalid file name for monitoring:
    'C:\projects\myapplication\~Home'. File names for monitoring must have
    absolute paths, and no wildcards.]
    System.Web.DirectoryMonitor.AddFileMonitor(String file) +429
    System.Web.DirectoryMonitor.StartMonitoringFile(String file,
    FileChangeEventHandler callback, String alias) +76
    System.Web.FileChangesMonitor.StartMonitoringPath(String alias,
    FileChangeEventHandler callback) +495
    System.Web.Caching.CacheDependency.Init(Boolean isPublic, Boolean
    isSensitive, String[] filenamesArg, String[] cachekeysArg, CacheDependency
    dependency, DateTime utcStart) +1535
    System.Web.Caching.CacheDependency..ctor(Boolean isSensitive, String[]
    filenames, DateTime utcStart) +50

    System.Web.Configuration.HttpConfigurationSystem.GetCacheDependencies(Hashtable cachedeps, DateTime utcStart) +151
    System.Web.Configuration.HttpConfigurationSystem.ComposeConfig(String
    reqPath, IHttpMapPath configmap) +760
    System.Web.HttpContext.GetCompleteConfigRecord(String reqpath,
    IHttpMapPath configmap) +434
    System.Web.HttpContext.GetCompleteConfig() +49
    System.Web.HttpContext.GetConfig(String name) +195
    System.Web.CustomErrors.GetSettings(HttpContext context, Boolean
    canThrow) +20
    System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow)
    +40
    System.Web.HttpRuntime.FinishRequest(HttpWorkerRequest wr, HttpContext
    context, Exception e) +480

    This is happening before the Application's BeginRequest fires, so I don't
    get a chance to handle it.

    Of course setting customErrors mode="On" prevents the detailed exception
    from being displayed, which is very good. However in this case the
    defaultRedirect doesn't seem to be working.

    Has anyone else seen this? I'm not ruling out Monday morning brain
    dysfunction.
     
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 25, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Lucas Tam Guest

    "=?Utf-8?B?QnJhZCBRdWlubg==?=" <> wrote
    in news::

    >
    > When I use the following url I get an error;
    >
    > http://localhost/myapplication/~Home/Page.aspx
    >
    > where the offending character is the tilde.
    >
    > [HttpException (0x80070057): Invalid file name for monitoring:
    > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    > absolute paths, and no wildcards.]


    The Tilde means "from the root of the application directory" - do you have
    any custom http handlers or something in the global.asax file doing a file
    system look up?




    --
    Lucas Tam ()
    Please delete "REMOVE" from the e-mail address when replying.
    http://members.ebay.com/aboutme/coolspot18/
     
    Lucas Tam, Apr 25, 2005
    #2
    1. Advertising

  3. "Lucas Tam" wrote:

    > "=?Utf-8?B?QnJhZCBRdWlubg==?=" <> wrote
    > in news::
    >
    > >
    > > When I use the following url I get an error;
    > >
    > > http://localhost/myapplication/~Home/Page.aspx
    > >
    > > where the offending character is the tilde.
    > >
    > > [HttpException (0x80070057): Invalid file name for monitoring:
    > > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    > > absolute paths, and no wildcards.]

    >
    > The Tilde means "from the root of the application directory" - do you have
    > any custom http handlers or something in the global.asax file doing a file
    > system look up?
    >


    I do have an HttpModule, but the error happens *before* the module's
    BeginRequest event is fired.

    I just created a a web application using File > New > Project and the
    minimal web application gives the same results when I type;

    http://localhost/WebApplication1/~WebForm1.aspx

    >
    >
    >
    > --
    > Lucas Tam ()
    > Please delete "REMOVE" from the e-mail address when replying.
    > http://members.ebay.com/aboutme/coolspot18/
    >
     
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 25, 2005
    #3
  4. Try using

    ~/page.aspx

    instead of

    ~Home/page.aspx

    ~/ stands for the *root* of the application.




    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Brad Quinn" <> wrote in message
    news:D...
    > "Lucas Tam" wrote:
    >
    >> "=?Utf-8?B?QnJhZCBRdWlubg==?=" <> wrote
    >> in news::
    >>
    >> >
    >> > When I use the following url I get an error;
    >> >
    >> > http://localhost/myapplication/~Home/Page.aspx
    >> >
    >> > where the offending character is the tilde.
    >> >
    >> > [HttpException (0x80070057): Invalid file name for monitoring:
    >> > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    >> > absolute paths, and no wildcards.]

    >>
    >> The Tilde means "from the root of the application directory" - do you have
    >> any custom http handlers or something in the global.asax file doing a file
    >> system look up?
    >>

    >
    > I do have an HttpModule, but the error happens *before* the module's
    > BeginRequest event is fired.
    >
    > I just created a a web application using File > New > Project and the
    > minimal web application gives the same results when I type;
    >
    > http://localhost/WebApplication1/~WebForm1.aspx
    >
    >>
    >>
    >>
    >> --
    >> Lucas Tam ()
    >> Please delete "REMOVE" from the e-mail address when replying.
    >> http://members.ebay.com/aboutme/coolspot18/
    >>
     
    Juan T. Llibre, Apr 25, 2005
    #4
  5. I can't prevent the person doing the audit from doing that. He's putting in
    all kinds of garbage to see if he can get the application to reveal something
    that it shouldn't.

    "Juan T. Llibre" wrote:

    > Try using
    >
    > ~/page.aspx
    >
    > instead of
    >
    > ~Home/page.aspx
    >
    > ~/ stands for the *root* of the application.
    >
    >
    >
    >
    > Juan T. Llibre
    > ASP.NET MVP
    > http://asp.net.do/foros/
    > Foros de ASP.NET en Español
    > Ven, y hablemos de ASP.NET...
    > ======================
    >
    > "Brad Quinn" <> wrote in message
    > news:D...
    > > "Lucas Tam" wrote:
    > >
    > >> "=?Utf-8?B?QnJhZCBRdWlubg==?=" <> wrote
    > >> in news::
    > >>
    > >> >
    > >> > When I use the following url I get an error;
    > >> >
    > >> > http://localhost/myapplication/~Home/Page.aspx
    > >> >
    > >> > where the offending character is the tilde.
    > >> >
    > >> > [HttpException (0x80070057): Invalid file name for monitoring:
    > >> > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    > >> > absolute paths, and no wildcards.]
    > >>
    > >> The Tilde means "from the root of the application directory" - do you have
    > >> any custom http handlers or something in the global.asax file doing a file
    > >> system look up?
    > >>

    > >
    > > I do have an HttpModule, but the error happens *before* the module's
    > > BeginRequest event is fired.
    > >
    > > I just created a a web application using File > New > Project and the
    > > minimal web application gives the same results when I type;
    > >
    > > http://localhost/WebApplication1/~WebForm1.aspx
    > >
    > >>
    > >>
    > >>
    > >> --
    > >> Lucas Tam ()
    > >> Please delete "REMOVE" from the e-mail address when replying.
    > >> http://members.ebay.com/aboutme/coolspot18/
    > >>

    >
    >
    >
     
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 26, 2005
    #5
  6. Here is my WebForm1 codebehind;
    =======================

    public class WebForm1 : System.Web.UI.Page
    {
    private void Page_Load(object sender, System.EventArgs e)
    {
    throw new ApplicationException( "FOO" );
    }

    #region Web Form Designer generated code
    // snip
    #endregion
    }

    A piece of my web.config;
    =================

    <customErrors
    mode="On" defaultRedirect="~/WebForm2.aspx"
    />

    and my WebForm2.aspx;
    ================

    <%@ Page language="c#" Codebehind="WebForm2.aspx.cs" AutoEventWireup="false"
    Inherits="WebApplication1.WebForm2" %>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
    <HTML>
    <HEAD>
    <title>WebForm2</title>
    <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
    <meta name="CODE_LANGUAGE" Content="C#">
    <meta name="vs_defaultClientScript" content="JavaScript">
    <meta name="vs_targetSchema"
    content="http://schemas.microsoft.com/intellisense/ie5">
    </HEAD>
    <body MS_POSITIONING="GridLayout">
    <form id="Form1" method="post" runat="server">
    <asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 392px; POSITION:
    absolute; TOP: 208px" runat="server">ERROR</asp:Label>
    </form>
    </body>
    </HTML>


    When I navigate to http://localhost/WebApplication1/WebForm1.aspx I get the
    expected error page.

    When I enter http://localhost/WebApplication1/~WebForm1.aspx I do not.
     
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 26, 2005
    #6
  7. I can't control what the auditor types. He's being intentionally malicious.

    "Juan T. Llibre" wrote:

    > Try using
    >
    > ~/page.aspx
    >
    > instead of
    >
    > ~Home/page.aspx
    >
    > ~/ stands for the *root* of the application.
    >
    >
    >
    >
    > Juan T. Llibre
    > ASP.NET MVP
    > http://asp.net.do/foros/
    > Foros de ASP.NET en Español
    > Ven, y hablemos de ASP.NET...
    > ======================
    >
    > "Brad Quinn" <> wrote in message
    > news:D...
    > > "Lucas Tam" wrote:
    > >
    > >> "=?Utf-8?B?QnJhZCBRdWlubg==?=" <> wrote
    > >> in news::
    > >>
    > >> >
    > >> > When I use the following url I get an error;
    > >> >
    > >> > http://localhost/myapplication/~Home/Page.aspx
    > >> >
    > >> > where the offending character is the tilde.
    > >> >
    > >> > [HttpException (0x80070057): Invalid file name for monitoring:
    > >> > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    > >> > absolute paths, and no wildcards.]
    > >>
    > >> The Tilde means "from the root of the application directory" - do you have
    > >> any custom http handlers or something in the global.asax file doing a file
    > >> system look up?
    > >>

    > >
    > > I do have an HttpModule, but the error happens *before* the module's
    > > BeginRequest event is fired.
    > >
    > > I just created a a web application using File > New > Project and the
    > > minimal web application gives the same results when I type;
    > >
    > > http://localhost/WebApplication1/~WebForm1.aspx
    > >
    > >>
    > >>
    > >>
    > >> --
    > >> Lucas Tam ()
    > >> Please delete "REMOVE" from the e-mail address when replying.
    > >> http://members.ebay.com/aboutme/coolspot18/
    > >>

    >
    >
    >
     
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 26, 2005
    #7
  8. re:
    > When I enter
    > http://localhost/WebApplication1/~WebForm1.aspx I do not.


    As mentioned, that is not valid syntax.
    The tilde *musr* be followed by a slash.

    You have it right in:
    ><customErrors mode="On" defaultRedirect="~/WebForm2.aspx"


    Why do you insist on trying to use invalid syntax ?




    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Brad Quinn" <> wrote in message
    news:...
    > Here is my WebForm1 codebehind;
    > =======================
    >
    > public class WebForm1 : System.Web.UI.Page
    > {
    > private void Page_Load(object sender, System.EventArgs e)
    > {
    > throw new ApplicationException( "FOO" );
    > }
    >
    > #region Web Form Designer generated code
    > // snip
    > #endregion
    > }
    >
    > A piece of my web.config;
    > =================
    >
    > <customErrors
    > mode="On" defaultRedirect="~/WebForm2.aspx"
    > />
    >
    > and my WebForm2.aspx;
    > ================
    >
    > <%@ Page language="c#" Codebehind="WebForm2.aspx.cs" AutoEventWireup="false"
    > Inherits="WebApplication1.WebForm2" %>
    > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
    > <HTML>
    > <HEAD>
    > <title>WebForm2</title>
    > <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
    > <meta name="CODE_LANGUAGE" Content="C#">
    > <meta name="vs_defaultClientScript" content="JavaScript">
    > <meta name="vs_targetSchema"
    > content="http://schemas.microsoft.com/intellisense/ie5">
    > </HEAD>
    > <body MS_POSITIONING="GridLayout">
    > <form id="Form1" method="post" runat="server">
    > <asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 392px; POSITION:
    > absolute; TOP: 208px" runat="server">ERROR</asp:Label>
    > </form>
    > </body>
    > </HTML>
    >
    >
    > When I navigate to http://localhost/WebApplication1/WebForm1.aspx I get the
    > expected error page.
    >
    > When I enter http://localhost/WebApplication1/~WebForm1.aspx I do not.
    >
    >
     
    Juan T. Llibre, Apr 26, 2005
    #8
  9. If the auditor can't type a valid URL,
    he/she shouldn't be the auditor.


    --
    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Brad Quinn" <> wrote in message
    news:...
    >I can't control what the auditor types. He's being intentionally malicious.
    >
    > "Juan T. Llibre" wrote:
    >
    >> Try using
    >>
    >> ~/page.aspx
    >>
    >> instead of
    >>
    >> ~Home/page.aspx
    >>
    >> ~/ stands for the *root* of the application.
    >>
    >>
    >>
    >>
    >> Juan T. Llibre
    >> ASP.NET MVP
    >> http://asp.net.do/foros/
    >> Foros de ASP.NET en Español
    >> Ven, y hablemos de ASP.NET...
    >> ======================
    >>
    >> "Brad Quinn" <> wrote in message
    >> news:D...
    >> > "Lucas Tam" wrote:
    >> >
    >> >> "=?Utf-8?B?QnJhZCBRdWlubg==?=" <> wrote
    >> >> in news::
    >> >>
    >> >> >
    >> >> > When I use the following url I get an error;
    >> >> >
    >> >> > http://localhost/myapplication/~Home/Page.aspx
    >> >> >
    >> >> > where the offending character is the tilde.
    >> >> >
    >> >> > [HttpException (0x80070057): Invalid file name for monitoring:
    >> >> > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    >> >> > absolute paths, and no wildcards.]
    >> >>
    >> >> The Tilde means "from the root of the application directory" - do you have
    >> >> any custom http handlers or something in the global.asax file doing a file
    >> >> system look up?
    >> >>
    >> >
    >> > I do have an HttpModule, but the error happens *before* the module's
    >> > BeginRequest event is fired.
    >> >
    >> > I just created a a web application using File > New > Project and the
    >> > minimal web application gives the same results when I type;
    >> >
    >> > http://localhost/WebApplication1/~WebForm1.aspx
    >> >
    >> >>
    >> >>
    >> >>
    >> >> --
    >> >> Lucas Tam ()
    >> >> Please delete "REMOVE" from the e-mail address when replying.
    >> >> http://members.ebay.com/aboutme/coolspot18/
    >> >>

    >>
    >>
    >>
     
    Juan T. Llibre, Apr 26, 2005
    #9
  10. The point of the auditor's exercise is NOT to enter valid information. He
    WANTS to produce errors to see if they're handled correctly.

    For instance, if I accidentally set customErrors mode="Off" the user would
    see a detailed exception which is, from the standpoint of security, a bad
    thing.

    My application handles all exceptions gracefully. I log the contents of the
    request and display a generic error page.

    However when this error occurs, my application is not even aware that it
    happened.

    Whether the user is being stupid or malicious, I want to know about it.

    "Brad Quinn" wrote:

    > I'm undergoing an audit where my web application is supposed to handle
    > (gracefully) a bunch of garbage being throwns at it.
    >
    > When I use the following url I get an error;
    >
    > http://localhost/myapplication/~Home/Page.aspx
    >
    > where the offending character is the tilde.
    >
    > [HttpException (0x80070057): Invalid file name for monitoring:
    > 'C:\projects\myapplication\~Home'. File names for monitoring must have
    > absolute paths, and no wildcards.]
    > System.Web.DirectoryMonitor.AddFileMonitor(String file) +429
    > System.Web.DirectoryMonitor.StartMonitoringFile(String file,
    > FileChangeEventHandler callback, String alias) +76
    > System.Web.FileChangesMonitor.StartMonitoringPath(String alias,
    > FileChangeEventHandler callback) +495
    > System.Web.Caching.CacheDependency.Init(Boolean isPublic, Boolean
    > isSensitive, String[] filenamesArg, String[] cachekeysArg, CacheDependency
    > dependency, DateTime utcStart) +1535
    > System.Web.Caching.CacheDependency..ctor(Boolean isSensitive, String[]
    > filenames, DateTime utcStart) +50
    >
    > System.Web.Configuration.HttpConfigurationSystem.GetCacheDependencies(Hashtable cachedeps, DateTime utcStart) +151
    > System.Web.Configuration.HttpConfigurationSystem.ComposeConfig(String
    > reqPath, IHttpMapPath configmap) +760
    > System.Web.HttpContext.GetCompleteConfigRecord(String reqpath,
    > IHttpMapPath configmap) +434
    > System.Web.HttpContext.GetCompleteConfig() +49
    > System.Web.HttpContext.GetConfig(String name) +195
    > System.Web.CustomErrors.GetSettings(HttpContext context, Boolean
    > canThrow) +20
    > System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow)
    > +40
    > System.Web.HttpRuntime.FinishRequest(HttpWorkerRequest wr, HttpContext
    > context, Exception e) +480
    >
    > This is happening before the Application's BeginRequest fires, so I don't
    > get a chance to handle it.
    >
    > Of course setting customErrors mode="On" prevents the detailed exception
    > from being displayed, which is very good. However in this case the
    > defaultRedirect doesn't seem to be working.
    >
    > Has anyone else seen this? I'm not ruling out Monday morning brain
    > dysfunction.
     
    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 26, 2005
    #10
  11. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Lucas Tam Guest

    "Juan T. Llibre" <> wrote in news:#faB64fSFHA.3420
    @TK2MSFTNGP14.phx.gbl:

    > If the auditor can't type a valid URL,
    > he/she shouldn't be the auditor.



    ummm... the auditor found an unhandled exception - I think the auditor is
    doing his/her job!



    --
    Lucas Tam ()
    Please delete "REMOVE" from the e-mail address when replying.
    http://members.ebay.com/aboutme/coolspot18/
     
    Lucas Tam, Apr 29, 2005
    #11
  12. Yup.

    I thought a "standard" ( accounting ) auditor was referenced.
    If it's a software auditor, yes, you're right.



    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Lucas Tam" <> wrote in message
    news:Xns9647DCEE7B44nntprogerscom@127.0.0.1...
    > "Juan T. Llibre" <> wrote in news:#faB64fSFHA.3420
    > @TK2MSFTNGP14.phx.gbl:
    >
    >> If the auditor can't type a valid URL,
    >> he/she shouldn't be the auditor.

    >
    >
    > ummm... the auditor found an unhandled exception - I think the auditor is
    > doing his/her job!
    >
    >
    >
    > --
    > Lucas Tam ()
    > Please delete "REMOVE" from the e-mail address when replying.
    > http://members.ebay.com/aboutme/coolspot18/
     
    Juan T. Llibre, Apr 29, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jo67
    Replies:
    2
    Views:
    864
  2. =?Utf-8?B?TWFya1dI?=

    Invalid file name for monitoring

    =?Utf-8?B?TWFya1dI?=, Sep 24, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,013
    Guest
    Dec 18, 2004
  3. Ron Simpson

    asp.net invalid file name for monitoring

    Ron Simpson, Sep 24, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    2,051
    Ron Simpson
    Sep 24, 2004
  4. Brian
    Replies:
    0
    Views:
    721
    Brian
    Feb 20, 2006
  5. Ron
    Replies:
    1
    Views:
    170
    Bob Barrows [MVP]
    Sep 24, 2004
Loading...

Share This Page