dotnet
diff --git a/‎src/Servers/HttpSys/src/RequestProcessing/Request.cs
Lines changed: 86 additions & 19 deletions b/‎src/Servers/HttpSys/src/RequestProcessing/Request.cs
Lines changed: 86 additions & 19 deletions
diff --git a/‎src/Servers/HttpSys/test/FunctionalTests/Listener/RequestTests.cs
Lines changed: 37 additions & 1 deletion b/‎src/Servers/HttpSys/test/FunctionalTests/Listener/RequestTests.cs
Lines changed: 37 additions & 1 deletion
diff --git a/‎src/Servers/HttpSys/test/FunctionalTests/RequestTests.cs
Lines changed: 1 addition & 0 deletions b/‎src/Servers/HttpSys/test/FunctionalTests/RequestTests.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Servers/IIS/IIS/src/Core/IISHttpContext.cs
Lines changed: 91 additions & 5 deletions b/‎src/Servers/IIS/IIS/src/Core/IISHttpContext.cs
Lines changed: 91 additions & 5 deletions
diff --git a/‎src/Servers/IIS/IIS/src/Core/IISHttpServer.cs
Lines changed: 5 additions & 0 deletions b/‎src/Servers/IIS/IIS/src/Core/IISHttpServer.cs
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Servers/IIS/IIS/src/Core/IISServerSetupFilter.cs
Lines changed: 0 additions & 8 deletions b/‎src/Servers/IIS/IIS/src/Core/IISServerSetupFilter.cs
Lines changed: 0 additions & 8 deletions
diff --git a/‎src/Servers/IIS/IIS/src/WebHostBuilderIISExtensions.cs
Lines changed: 1 addition & 1 deletion b/‎src/Servers/IIS/IIS/src/WebHostBuilderIISExtensions.cs
Lines changed: 1 addition & 1 deletion
@@ -60,39 +60,106 @@ internal Request(RequestContext requestContext)
 
         PathBase = string.Empty;
         Path = originalPath;
+        var prefix = requestContext.Server.Options.UrlPrefixes.GetPrefix((int)requestContext.UrlContext);
 
         // 'OPTIONS * HTTP/1.1'
         if (KnownMethod == HttpApiTypes.HTTP_VERB.HttpVerbOPTIONS && string.Equals(RawUrl, "*", StringComparison.Ordinal))
         {
             PathBase = string.Empty;
             Path = string.Empty;
         }
-        else
+        // Prefix may be null if the requested has been transfered to our queue
+        else if (prefix is not null)
         {
-            var prefix = requestContext.Server.Options.UrlPrefixes.GetPrefix((int)requestContext.UrlContext);
-            // Prefix may be null if the requested has been transfered to our queue
-            if (!(prefix is null))
+            var pathBase = prefix.PathWithoutTrailingSlash;
+
+            // url: /base/path, prefix: /base/, base: /base, path: /path
+            // url: /, prefix: /, base: , path: /
+            if (originalPath.Equals(pathBase, StringComparison.Ordinal))
             {
-                if (originalPath.Length == prefix.PathWithoutTrailingSlash.Length)
-                {
-                    // They matched exactly except for the trailing slash.
-                    PathBase = originalPath;
-                    Path = string.Empty;
-                }
-                else
-                {
-                    // url: /base/path, prefix: /base/, base: /base, path: /path
-                    // url: /, prefix: /, base: , path: /
-                    PathBase = originalPath.Substring(0, prefix.PathWithoutTrailingSlash.Length); // Preserve the user input casing
-                    Path = originalPath.Substring(prefix.PathWithoutTrailingSlash.Length);
-                }
+                // Exact match, no need to preserve the casing
+                PathBase = pathBase;
+                Path = string.Empty;
             }
-            else if (requestContext.Server.Options.UrlPrefixes.TryMatchLongestPrefix(IsHttps, cookedUrl.GetHost()!, originalPath, out var pathBase, out var path))
+            else if (originalPath.Equals(pathBase, StringComparison.OrdinalIgnoreCase))
             {
+                // Preserve the user input casing
+                PathBase = originalPath;
+                Path = string.Empty;
+            }
+            else if (originalPath.StartsWith(prefix.Path, StringComparison.Ordinal))
+            {
+                // Exact match, no need to preserve the casing
                 PathBase = pathBase;
-                Path = path;
+                Path = originalPath[pathBase.Length..];
+            }
+            else if (originalPath.StartsWith(prefix.Path, StringComparison.OrdinalIgnoreCase))
+            {
+                // Preserve the user input casing
+                PathBase = originalPath[..pathBase.Length];
+                Path = originalPath[pathBase.Length..];
+            }
+            else
+            {
+                // Http.Sys path base matching is based on the cooked url which applies some non-standard normalizations that we don't use
+                // like collapsing duplicate slashes "//", converting '\' to '/', and un-escaping "%2F" to '/'. Find the right split and
+                // ignore the normalizations.
+                var originalOffset = 0;
+                var baseOffset = 0;
+                while (originalOffset < originalPath.Length && baseOffset < pathBase.Length)
+                {
+                    var baseValue = pathBase[baseOffset];
+                    var offsetValue = originalPath[originalOffset];
+                    if (baseValue == offsetValue
+                        || char.ToUpperInvariant(baseValue) == char.ToUpperInvariant(offsetValue))
+                    {
+                        // case-insensitive match, continue
+                        originalOffset++;
+                        baseOffset++;
+                    }
+                    else if (baseValue == '/' && offsetValue == '\\')
+                    {
+                        // Http.Sys considers these equivalent
+                        originalOffset++;
+                        baseOffset++;
+                    }
+                    else if (baseValue == '/' && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                    {
+                        // Http.Sys un-escapes this
+                        originalOffset += 3;
+                        baseOffset++;
+                    }
+                    else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                        && (offsetValue == '/' || offsetValue == '\\'))
+                    {
+                        // Duplicate slash, skip
+                        originalOffset++;
+                    }
+                    else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                        && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                    {
+                        // Duplicate slash equivalent, skip
+                        originalOffset += 3;
+                    }
+                    else
+                    {
+                        // Mismatch, fall back
+                        // The failing test case here is "/base/call//../bat//path1//path2", reduced to "/base/call/bat//path1//path2",
+                        // where http.sys collapses "//" before "../", but we do "../" first. We've lost the context that there were dot segments,
+                        // or duplicate slashes, how do we figure out that "call/" can be eliminated?
+                        originalOffset = 0;
+                        break;
+                    }
+                }
+                PathBase = originalPath[..originalOffset];
+                Path = originalPath[originalOffset..];
             }
         }
+        else if (requestContext.Server.Options.UrlPrefixes.TryMatchLongestPrefix(IsHttps, cookedUrl.GetHost()!, originalPath, out var pathBase, out var path))
+        {
+            PathBase = pathBase;
+            Path = path;
+        }
 
         ProtocolVersion = RequestContext.GetVersion();
 
 
@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
@@ -138,6 +138,42 @@ public async Task Request_OverlongUTF8Path(string requestPath, string expectedPa
         }
     }
 
+    [ConditionalTheory]
+    [InlineData("/", "/", "", "/")]
+    [InlineData("/base", "/base", "/base", "")]
+    [InlineData("/base", "/baSe", "/baSe", "")]
+    [InlineData("/base", "/base/path", "/base", "/path")]
+    [InlineData("/base", "///base/path1/path2", "///base", "/path1/path2")]
+    [InlineData("/base/ball", @"/baSe\ball//path1//path2", @"/baSe\ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base%2fball//path1//path2", @"/base%2fball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base%2Fball//path1//path2", @"/base%2Fball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base%5cball//path1//path2", @"/base\ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base%5Cball//path1//path2", @"/base\ball", "//path1//path2")]
+    [InlineData("/base/ball", "///baSe//ball//path1//path2", "///baSe//ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/\ball//path1//path2", @"/base/\ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/%2fball//path1//path2", @"/base/%2fball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/%2Fball//path1//path2", @"/base/%2Fball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/%5cball//path1//path2", @"/base/\ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/%5Cball//path1//path2", @"/base/\ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/call/../ball//path1//path2", @"/base/ball", "//path1//path2")]
+    // The results should be "/base/ball", "//path1//path2", but Http.Sys collapses the "//" before the "../"
+    // and we don't have a good way of emulating that.
+    [InlineData("/base/ball", @"/base/call//../ball//path1//path2", @"", "/base/call/ball//path1//path2")]
+    [InlineData("/base/ball", @"/base/call/.%2e/ball//path1//path2", @"/base/ball", "//path1//path2")]
+    [InlineData("/base/ball", @"/base/call/.%2E/ball//path1//path2", @"/base/ball", "//path1//path2")]
+    public async Task Request_WithPathBase(string pathBase, string requestPath, string expectedPathBase, string expectedPath)
+    {
+        using var server = Utilities.CreateHttpServerReturnRoot(pathBase, out var root);
+        var responseTask = SendSocketRequestAsync(root, requestPath);
+        var context = await server.AcceptAsync(Utilities.DefaultTimeout).Before(responseTask);
+        Assert.Equal(expectedPathBase, context.Request.PathBase);
+        Assert.Equal(expectedPath, context.Request.Path);
+        context.Dispose();
+
+        var response = await responseTask;
+        Assert.Equal("200", response.Substring(9));
+    }
+
     private async Task<string> SendSocketRequestAsync(string address, string path, string method = "GET")
     {
         var uri = new Uri(address);
 
@@ -208,6 +208,7 @@ public async Task Request_FieldsCanBeSetToNull_Set()
     [InlineData("/base path/", "/base%20path/sub%20path", "/base path", "/sub path")]
     [InlineData("/base葉path/", "/base%E8%91%89path/sub%E8%91%89path", "/base葉path", "/sub葉path")]
     [InlineData("/basepath/", "/basepath/sub%2Fpath", "/basepath", "/sub%2Fpath")]
+    [InlineData("/base", "///base/path1/path2", "///base", "/path1/path2")]
     public async Task Request_PathSplitting(string pathBase, string requestPath, string expectedPathBase, string expectedPath)
     {
         string root;
 
@@ -143,19 +143,105 @@ protected void InitializeContext()
             KnownMethod = VerbId;
             StatusCode = 200;
 
-            var originalPath = GetOriginalPath();
+            var originalPath = GetOriginalPath() ?? string.Empty;
+            var pathBase = _server.VirtualPath ?? string.Empty;
+            if (pathBase.Length > 1 && pathBase[^1] == '/')
+            {
+                pathBase = pathBase[..^1];
+            }
 
             if (KnownMethod == HttpApiTypes.HTTP_VERB.HttpVerbOPTIONS && string.Equals(RawTarget, "*", StringComparison.Ordinal))
             {
                 PathBase = string.Empty;
                 Path = string.Empty;
             }
-            else
+            else if (string.IsNullOrEmpty(pathBase) || pathBase == "/")
             {
-                // Path and pathbase are unescaped by RequestUriBuilder
-                // The UsePathBase middleware will modify the pathbase and path correctly
                 PathBase = string.Empty;
-                Path = originalPath ?? string.Empty;
+                Path = originalPath;
+            }
+            else if (originalPath.Equals(pathBase, StringComparison.Ordinal))
+            {
+                // Exact match, no need to preserve the casing
+                PathBase = pathBase;
+                Path = string.Empty;
+            }
+            else if (originalPath.Equals(pathBase, StringComparison.OrdinalIgnoreCase))
+            {
+                // Preserve the user input casing
+                PathBase = originalPath;
+                Path = string.Empty;
+            }
+            else if (originalPath.Length == pathBase.Length + 1
+                && originalPath[^1] == '/'
+                && originalPath.StartsWith(pathBase, StringComparison.Ordinal))
+            {
+                // Exact match, no need to preserve the casing
+                PathBase = pathBase;
+                Path = "/";
+            }
+            else if (originalPath.Length == pathBase.Length + 1
+                && originalPath[^1] == '/'
+                && originalPath.StartsWith(pathBase, StringComparison.OrdinalIgnoreCase))
+            {
+                // Preserve the user input casing
+                PathBase = originalPath[..pathBase.Length];
+                Path = "/";
+            }
+            else
+            {
+                // Http.Sys path base matching is based on the cooked url which applies some non-standard normalizations that we don't use
+                // like collapsing duplicate slashes "//", converting '\' to '/', and un-escaping "%2F" to '/'. Find the right split and
+                // ignore the normalizations.
+                var originalOffset = 0;
+                var baseOffset = 0;
+                while (originalOffset < originalPath.Length && baseOffset < pathBase.Length)
+                {
+                    var baseValue = pathBase[baseOffset];
+                    var offsetValue = originalPath[originalOffset];
+                    if (baseValue == offsetValue
+                        || char.ToUpperInvariant(baseValue) == char.ToUpperInvariant(offsetValue))
+                    {
+                        // case-insensitive match, continue
+                        originalOffset++;
+                        baseOffset++;
+                    }
+                    else if (baseValue == '/' && offsetValue == '\\')
+                    {
+                        // Http.Sys considers these equivalent
+                        originalOffset++;
+                        baseOffset++;
+                    }
+                    else if (baseValue == '/' && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                    {
+                        // Http.Sys un-escapes this
+                        originalOffset += 3;
+                        baseOffset++;
+                    }
+                    else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                        && (offsetValue == '/' || offsetValue == '\\'))
+                    {
+                        // Duplicate slash, skip
+                        originalOffset++;
+                    }
+                    else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                        && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                    {
+                        // Duplicate slash equivalent, skip
+                        originalOffset += 3;
+                    }
+                    else
+                    {
+                        // Mismatch, fall back
+                        // The failing test case here is "/base/call//../bat//path1//path2", reduced to "/base/call/bat//path1//path2",
+                        // where http.sys collapses "//" before "../", but we do "../" first. We've lost the context that there were dot segments,
+                        // or duplicate slashes, how do we figure out that "call/" can be eliminated?
+                        originalOffset = 0;
+                        break;
+                    }
+                }
+                PathBase = originalPath[..originalOffset];
+                Path = originalPath[originalOffset..];
             }
 
             var cookedUrl = GetCookedUrl();
 
@@ -27,6 +27,7 @@ internal sealed class IISHttpServer : IServer
     private readonly IISServerOptions _options;
     private readonly IISNativeApplication _nativeApplication;
     private readonly ServerAddressesFeature _serverAddressesFeature;
+    private readonly string? _virtualPath;
 
     private readonly TaskCompletionSource _shutdownSignal = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);
     private bool? _websocketAvailable;
@@ -66,6 +67,8 @@ ILogger<IISHttpServer> logger
         _logger = logger;
         _options = options.Value;
         _serverAddressesFeature = new ServerAddressesFeature();
+        var iisConfigData = NativeMethods.HttpGetApplicationProperties();
+        _virtualPath = iisConfigData.pwzVirtualApplicationPath;
 
         if (_options.ForwardWindowsAuthentication)
         {
@@ -80,6 +83,8 @@ ILogger<IISHttpServer> logger
         }
     }
 
+    public string? VirtualPath => _virtualPath;
+
     public unsafe Task StartAsync<TContext>(IHttpApplication<TContext> application, CancellationToken cancellationToken) where TContext : notnull
     {
         _httpServerHandle = GCHandle.Alloc(this);
 
@@ -10,13 +10,6 @@ namespace Microsoft.AspNetCore.Server.IIS.Core;
 
 internal sealed class IISServerSetupFilter : IStartupFilter
 {
-    private readonly string _virtualPath;
-
-    public IISServerSetupFilter(string virtualPath)
-    {
-        _virtualPath = virtualPath;
-    }
-
     public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)
     {
         return app =>
@@ -27,7 +20,6 @@ public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)
                 throw new InvalidOperationException("Application is running inside IIS process but is not configured to use IIS server.");
             }
 
-            app.UsePathBase(_virtualPath);
             next(app);
         };
     }
 
@@ -37,7 +37,7 @@ public static IWebHostBuilder UseIIS(this IWebHostBuilder hostBuilder)
                     services.AddSingleton(new IISNativeApplication(new NativeSafeHandle(iisConfigData.pNativeApplication)));
                     services.AddSingleton<IServer, IISHttpServer>();
                     services.AddTransient<IISServerAuthenticationHandlerInternal>();
-                    services.AddSingleton<IStartupFilter>(new IISServerSetupFilter(iisConfigData.pwzVirtualApplicationPath));
+                    services.AddSingleton<IStartupFilter, IISServerSetupFilter>();
                     services.AddAuthenticationCore();
                     services.AddSingleton<IServerIntegratedAuth>(_ => new ServerIntegratedAuth()
                     {
Original file line number	Diff line number	Diff line change
`@@ -208,6 +208,7 @@ public async Task Request_FieldsCanBeSetToNull_Set()`
`208`	`208`	`[InlineData("/base path/", "/base%20path/sub%20path", "/base path", "/sub path")]`
`209`	`209`	`[InlineData("/base葉path/", "/base%E8%91%89path/sub%E8%91%89path", "/base葉path", "/sub葉path")]`
`210`	`210`	`[InlineData("/basepath/", "/basepath/sub%2Fpath", "/basepath", "/sub%2Fpath")]`
	`211`	`+ [InlineData("/base", "///base/path1/path2", "///base", "/path1/path2")]`
`211`	`212`	`public async Task Request_PathSplitting(string pathBase, string requestPath, string expectedPathBase, string expectedPath)`
`212`	`213`	`{`
`213`	`214`	`string root;`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ internal sealed class IISHttpServer : IServer`
`27`	`27`	`private readonly IISServerOptions _options;`
`28`	`28`	`private readonly IISNativeApplication _nativeApplication;`
`29`	`29`	`private readonly ServerAddressesFeature _serverAddressesFeature;`
	`30`	`+ private readonly string? _virtualPath;`
`30`	`31`
`31`	`32`	`private readonly TaskCompletionSource _shutdownSignal = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);`
`32`	`33`	`private bool? _websocketAvailable;`
`@@ -66,6 +67,8 @@ ILogger<IISHttpServer> logger`
`66`	`67`	`_logger = logger;`
`67`	`68`	`_options = options.Value;`
`68`	`69`	`_serverAddressesFeature = new ServerAddressesFeature();`
	`70`	`+ var iisConfigData = NativeMethods.HttpGetApplicationProperties();`
	`71`	`+ _virtualPath = iisConfigData.pwzVirtualApplicationPath;`
`69`	`72`
`70`	`73`	`if (_options.ForwardWindowsAuthentication)`
`71`	`74`	`{`
`@@ -80,6 +83,8 @@ ILogger<IISHttpServer> logger`
`80`	`83`	`}`
`81`	`84`	`}`
`82`	`85`
	`86`	`+ public string? VirtualPath => _virtualPath;`
	`87`	`+`
`83`	`88`	`public unsafe Task StartAsync<TContext>(IHttpApplication<TContext> application, CancellationToken cancellationToken) where TContext : notnull`
`84`	`89`	`{`
`85`	`90`	`_httpServerHandle = GCHandle.Alloc(this);`
Original file line number	Diff line number	Diff line change
`@@ -10,13 +10,6 @@ namespace Microsoft.AspNetCore.Server.IIS.Core;`
`10`	`10`
`11`	`11`	`internal sealed class IISServerSetupFilter : IStartupFilter`
`12`	`12`	`{`
`13`		`- private readonly string _virtualPath;`
`14`		`-`
`15`		`- public IISServerSetupFilter(string virtualPath)`
`16`		`- {`
`17`		`- _virtualPath = virtualPath;`
`18`		`- }`
`19`		`-`
`20`	`13`	`public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)`
`21`	`14`	`{`
`22`	`15`	`return app =>`
`@@ -27,7 +20,6 @@ public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)`
`27`	`20`	`throw new InvalidOperationException("Application is running inside IIS process but is not configured to use IIS server.");`
`28`	`21`	`}`
`29`	`22`
`30`		`- app.UsePathBase(_virtualPath);`
`31`	`23`	`next(app);`
`32`	`24`	`};`
`33`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public static IWebHostBuilder UseIIS(this IWebHostBuilder hostBuilder)`
`37`	`37`	`services.AddSingleton(new IISNativeApplication(new NativeSafeHandle(iisConfigData.pNativeApplication)));`
`38`	`38`	`services.AddSingleton<IServer, IISHttpServer>();`
`39`	`39`	`services.AddTransient<IISServerAuthenticationHandlerInternal>();`
`40`		`- services.AddSingleton<IStartupFilter>(new IISServerSetupFilter(iisConfigData.pwzVirtualApplicationPath));`
	`40`	`+ services.AddSingleton<IStartupFilter, IISServerSetupFilter>();`
`41`	`41`	`services.AddAuthenticationCore();`
`42`	`42`	`services.AddSingleton<IServerIntegratedAuth>(_ => new ServerIntegratedAuth()`
`43`	`43`	`{`