I have added the apple-app-site-association file to the root of a website, but IIS is not delivering the file.
What is the best way to make the server serve this specific file without a file extension? Is there a way within a web.config to explicitly say "serve this file"?
I was having the same issue and found this amazing post:
Serving apple-app-site-association from IIS IIS only serves files of known types, defined by their file extension. Since apple-app-site-association doesn’t include a file extention, IIS throws a 404 error, when I try to open it with a browser. I fixed this by adding a mimeMap in the web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<staticContent>
<!-- required for apple-app-site-association: -->
<mimeMap fileExtension="." mimeType="application/json" />
</staticContent>
</system.webServer>
</configuration>
If the above solution does not work, then add the following rule Create a rule in the "web.config" file, which will provide the JSON value when the Applebot robot crawls your site for the apple association
<rewrite>
<rules>
<rule name="apple_json_file">
<match url="^apple-app-site-association" />
<action type="Rewrite" url="apple-app-site-association.json" />
</rule>
</rules>
</rewrite>
Add this section in system.webServer
system.webServer node under a <location path="apple-app-site-association"> node to restrict this only to this file and avoid serving any other extension less file. –
Louie As explained by this answer, for security reasons, IIS only serves known file types, and uses the file extension to infer the file type. You can declare a file type for extension-less files, allowing to serve them.
But this causes the server to serve any extension-less file, which could cause unexpected files to get served to anyone, including robots probing for sensitive files incorrectly protected.
The solution explained by previously linked answer can be restricted to only that apple file. Better restrict it. Use a location node for this.
By the way, consider adjusting the caching policy for this file, if your default one is not suitable, especially if your server is behind a CDN.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
...
<location path="apple-app-site-association">
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="application/json" />
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="08:00:00" cacheControlCustom="public" />
</staticContent>
</system.webServer>
</location>
...
</configuration>
apple-app-site-association file is inside of the .well-known folder? I'm currently facing this issue, since I can't give up the path of .well-known/apple-app-site-association the dot here seems the IIS server to give an error –
Lungworm .well-known folder. This trouble already has its own question and answer. –
Louie Not my preferred solution, but in leu of DeyaEldeen's comment, the way I met many of our needs was to use the meta tag approach instead (within the <head> tag of the page):
<meta name="apple-itunes-app" content="app-id=5555555555">
This makes is so that whenever any users on iOS browse to the site, they are presented with a "view in app store" popup at the top of the page. Once they press on the popup, they get directed to the app store.
See Apple's docs for Smart App Banners.
Hopefully this helps some people with similar needs.
To add to the solutions provided by mogile_oli solution and Frédéric solution a little more configuration is required when using IIS configured for a Net.Core site.
TLDR: Remove aspNetCore handler in the .well-known/web.config and apply existing solution by either mogile_oli or Frédéric
One solution is to place the .well-known folder in the wwwroot folder as suggested here. However this either means making the apple-app-site-association part of your .Net Core project or manually adding this after any publish update. You then make the MIME changes mentioned by mogile_oli or Frédéric
Another solution is to configure static files within the .Net Core app's startup class then the folder/files can live outside of the .Net Core project. This has the downside that this would require a rebuild of the application if you want to make any directory changes.
The solution we opted for doesn't require the .Net Core app to have any knowledge of the .well-known folder.
.well-known folder in the root of the IIS site folder.apple-app-site-association (and if you doing the equivalent for android your assetlinks.json file too).<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="application/json" />
<!-- Only required for assetlinks.json if your IIS version doesn't already have .json defined -->
<!-- <mimeMap fileExtension=".json" mimeType="application/json" /> -->
</staticContent>
<handlers>
<!-- Assumes that you have the handler in your root web.config called aspNetCore. Change to match your configuration -->
<remove name="aspNetCore" />
</handlers>
</system.webServer>
</configuration>
This code snippet stops the .Net Core app handling the .well-known folder and then we are free to configure it as per the previous solution by mogile_oli. (As an added bonus if you are adding assetlinks.json and using an older IIS version you need to add a mimeMap for .json files as well).
(Optional) The code snippet above has applied to the entire .well-known folder and as mentioned by Frédéric this can pose a security risk (especially if we have other files in the .well-known folder). We can transform the above to make use of Frédéric's location recommendation:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="apple-app-site-association">
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="application/json" />
</staticContent>
<handlers>
<remove name="aspNetCore" />
</handlers>
</system.webServer>
</location>
<!-- Only required for assetlinks.json -->
<location path="assetlinks.json">
<system.webServer>
<!-- Only required if your IIS version doesn't already have .json defined -->
<!-- <staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent> -->
<handlers>
<remove name="aspNetCore" />
</handlers>
</system.webServer>
</location>
</configuration>
Hope this helps anyone in a similar situation as it took us a lot of trial and error.
For security reasons, IIS cannot allow browsing any file. Imaging, for example, web.config.
The quickest way is to add the file type to the known types by its extension:
Open IIS Manager -> Sites -> Your Web Site -> MIME TYPES -> Add...
File name extension=.
MIME type=application/json
-> OK
Now it works.
I think giving blanket setting for just one file is not good. I have used following approach.
<httpErrors errorMode="Custom">
<remove statusCode="404"/>
<error statusCode="404" path="/PageNotFound.aspx" responseMode="ExecuteURL"/>
</httpErrors>
In that handler I check for specific file request and do rersponse.write the json content to be served.
so the server setting is not compromised.
if(Request.Url.ToString().ToLower().EndsWith("/apple-app-site-association"))
{
Response.Write(File.ReadAllText("/apple-app-site-association"));
Response.ContentType = "text/json";
Response.Flush();
Response.End();
}
In my case, 500 Internal server error was coming while hosting the virtual directory on iis server. It got fixed by using below configuration in web.config file:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="application/json" />
</staticContent>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
For dotnet core, I found this solution in another post
// to allow access to apple-app-site-association file
app.UseStaticFiles(new StaticFileOptions()
{
FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, @".well-known")),
RequestPath = new PathString("/.well-known"),
DefaultContentType = "application/json",
ServeUnknownFileTypes = true,
});
Attention: if you already have app.UseStaticFiles(), do not change this. Instead add these lines right after, otherwise your other static files will not be served anymore.
© 2022 - 2025 — McMap. All rights reserved.