我遇到了一个奇怪的情况,我在 Azure 上运行的单个 ASP.NET Core Web 应用程序在从特定目录提供文件时遇到了问题。
具体来说,我试图从路径中提供一个文件,https://myurl.com/.well-known/acme-challenge/6uVkXzXxHHkm1d6cQiUqI07lrYspInk7i9WCKKl-RlQ
我注意到这是一个稍微不寻常的 url,因为文件路径不包含文件扩展名并且目录以 (.) 开头,这是我无法控制的要求。
不幸的是,虽然我可以成功地在几乎所有的应用服务实例上运行它,但我有一个实例失败并出现以下错误:
无法访问所请求的页面,因为该页面的相关配置数据无效。配置错误无法读取配置文件 \?\D:\home\site.well-known\web.config
我的 web.config 如下所示:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<modules>
<!-- Remove WebDAV module so that we can make DELETE requests -->
<remove name="WebDAVModule" />
</modules>
<handlers>
<!-- Remove WebDAV module so that we can make DELETE requests -->
<remove name="WebDAV" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<!-- When deploying on Azure, make sure that "dotnet" is installed and the path to it is registered in the PATH environment variable or specify the full path to it -->
<aspNetCore requestTimeout="23:00:00" processPath=".\Nop.Web.exe" arguments="" forwardWindowsAuthToken="false" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" startupTimeLimit="3600" hostingModel="InProcess">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
<environmentVariable name="COMPLUS_ForceENC" value="1" />
</environmentVariables>
</aspNetCore>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<!-- Protects against XSS injections. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-XSS-Protection" value="1; mode=block" />
<!-- Protects against Clickjacking attacks. ref.: http://stackoverflow.com/a/22105445/1233379 -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
<!-- Protects against MIME-type confusion attack. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
<add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" />
<!-- Prevents from leaking referrer data over insecure connections. ref.: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ -->
<add name="Referrer-Policy" value="same-origin" />
<!--Feature-Policy is a new header that allows a site to control which features and APIs can be used in the browser. ref.: https://wicg.github.io/feature-policy/ -->
<add name="Feature-Policy" value="accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
<!--ProjectGuid: 4f1f649c-1020-45be-a487-f416d9297ff3-->
根据错误,看起来 ASP.NET 出于某种原因正在我的 wwwroot 目录中寻找 web.config 文件。有人能提供任何关于我可能做错什么的指导吗?