dotnet
diff --git a/‎src/Servers/HttpSys/src/RequestProcessing/Request.cs
Lines changed: 85 additions & 19 deletions b/‎src/Servers/HttpSys/src/RequestProcessing/Request.cs
Lines changed: 85 additions & 19 deletions
diff --git a/‎src/Servers/HttpSys/test/FunctionalTests/Listener/RequestTests.cs
Lines changed: 37 additions & 1 deletion b/‎src/Servers/HttpSys/test/FunctionalTests/Listener/RequestTests.cs
Lines changed: 37 additions & 1 deletion
diff --git a/‎src/Servers/HttpSys/test/FunctionalTests/RequestTests.cs
Lines changed: 1 addition & 0 deletions b/‎src/Servers/HttpSys/test/FunctionalTests/RequestTests.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Servers/IIS/IIS/src/Core/IISHttpContext.cs
Lines changed: 91 additions & 5 deletions b/‎src/Servers/IIS/IIS/src/Core/IISHttpContext.cs
Lines changed: 91 additions & 5 deletions
diff --git a/‎src/Servers/IIS/IIS/src/Core/IISHttpServer.cs
Lines changed: 5 additions & 0 deletions b/‎src/Servers/IIS/IIS/src/Core/IISHttpServer.cs
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Servers/IIS/IIS/src/Core/IISServerSetupFilter.cs
Lines changed: 0 additions & 38 deletions b/‎src/Servers/IIS/IIS/src/Core/IISServerSetupFilter.cs
Lines changed: 0 additions & 38 deletions
diff --git a/‎src/Servers/IIS/IIS/src/WebHostBuilderIISExtensions.cs
Lines changed: 0 additions & 1 deletion b/‎src/Servers/IIS/IIS/src/WebHostBuilderIISExtensions.cs
Lines changed: 0 additions & 1 deletion
@@ -63,38 +63,104 @@ internal Request(RequestContext requestContext)
 
             PathBase = string.Empty;
             Path = originalPath;
+            var prefix = requestContext.Server.Options.UrlPrefixes.GetPrefix((int)requestContext.UrlContext);
 
             // 'OPTIONS * HTTP/1.1'
             if (KnownMethod == HttpApiTypes.HTTP_VERB.HttpVerbOPTIONS && string.Equals(RawUrl, "*", StringComparison.Ordinal))
             {
                 PathBase = string.Empty;
                 Path = string.Empty;
             }
-            else
+            // Prefix may be null if the request has been transfered to our queue
+            else if (prefix is not null)
             {
-                var prefix = requestContext.Server.Options.UrlPrefixes.GetPrefix((int)requestContext.UrlContext);
-                // Prefix may be null if the requested has been transfered to our queue
-                if (!(prefix is null))
+                var pathBase = prefix.PathWithoutTrailingSlash;
+                // url: /base/path, prefix: /base/, base: /base, path: /path
+                // url: /, prefix: /, base: , path: /
+                if (originalPath.Equals(pathBase, StringComparison.Ordinal))
                 {
-                    if (originalPath.Length == prefix.PathWithoutTrailingSlash.Length)
-                    {
-                        // They matched exactly except for the trailing slash.
-                        PathBase = originalPath;
-                        Path = string.Empty;
-                    }
-                    else
-                    {
-                        // url: /base/path, prefix: /base/, base: /base, path: /path
-                        // url: /, prefix: /, base: , path: /
-                        PathBase = originalPath.Substring(0, prefix.PathWithoutTrailingSlash.Length); // Preserve the user input casing
-                        Path = originalPath.Substring(prefix.PathWithoutTrailingSlash.Length);
-                    }
+                    // Exact match, no need to preserve the casing
+                    PathBase = pathBase;
+                    Path = string.Empty;
+                }
+                else if (originalPath.Equals(pathBase, StringComparison.OrdinalIgnoreCase))
+                {
+                    // Preserve the user input casing
+                    PathBase = originalPath;
+                    Path = string.Empty;
                 }
-                 else if (requestContext.Server.Options.UrlPrefixes.TryMatchLongestPrefix(IsHttps, cookedUrl.GetHost()!, originalPath, out var pathBase, out var path))
+                else if (originalPath.StartsWith(prefix.Path, StringComparison.Ordinal))
                 {
+                    // Exact match, no need to preserve the casing
                     PathBase = pathBase;
-                    Path = path;
+                    Path = originalPath[pathBase.Length..];
                 }
+                else if (originalPath.StartsWith(prefix.Path, StringComparison.OrdinalIgnoreCase))
+                {
+                    // Preserve the user input casing
+                    PathBase = originalPath[..pathBase.Length];
+                    Path = originalPath[pathBase.Length..];
+                }
+                else
+                {
+                    // Http.Sys path base matching is based on the cooked url which applies some non-standard normalizations that we don't use
+                    // like collapsing duplicate slashes "//", converting '\' to '/', and un-escaping "%2F" to '/'. Find the right split and
+                    // ignore the normalizations.
+                    var originalOffset = 0;
+                    var baseOffset = 0;
+                    while (originalOffset < originalPath.Length && baseOffset < pathBase.Length)
+                    {
+                        var baseValue = pathBase[baseOffset];
+                        var offsetValue = originalPath[originalOffset];
+                        if (baseValue == offsetValue
+                            || char.ToUpperInvariant(baseValue) == char.ToUpperInvariant(offsetValue))
+                        {
+                            // case-insensitive match, continue
+                            originalOffset++;
+                            baseOffset++;
+                        }
+                        else if (baseValue == '/' && offsetValue == '\\')
+                        {
+                            // Http.Sys considers these equivalent
+                            originalOffset++;
+                            baseOffset++;
+                        }
+                        else if (baseValue == '/' && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                        {
+                            // Http.Sys un-escapes this
+                            originalOffset += 3;
+                            baseOffset++;
+                        }
+                        else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                            && (offsetValue == '/' || offsetValue == '\\'))
+                        {
+                            // Duplicate slash, skip
+                            originalOffset++;
+                        }
+                        else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                            && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                        {
+                            // Duplicate slash equivalent, skip
+                            originalOffset += 3;
+                        }
+                        else
+                        {
+                            // Mismatch, fall back
+                            // The failing test case here is "/base/call//../ball//path1//path2", reduced to "/base/call/ball//path1//path2",
+                            // where http.sys collapses "//" before "../", but we do "../" first. We've lost the context that there were dot segments,
+                            // or duplicate slashes, how do we figure out that "call/" can be eliminated?
+                            originalOffset = 0;
+                            break;
+                        }
+                    }
+                    PathBase = originalPath[..originalOffset];
+                    Path = originalPath[originalOffset..];
+                }
+            }
+            else if (requestContext.Server.Options.UrlPrefixes.TryMatchLongestPrefix(IsHttps, cookedUrl.GetHost()!, originalPath, out var pathBase, out var path))
+            {
+                PathBase = pathBase;
+                Path = path;
             }
 
             ProtocolVersion = RequestContext.GetVersion();
 
@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
@@ -138,6 +138,42 @@ public async Task Request_OverlongUTF8Path(string requestPath, string expectedPa
             }
         }
 
+        [ConditionalTheory]
+        [InlineData("/", "/", "", "/")]
+        [InlineData("/base", "/base", "/base", "")]
+        [InlineData("/base", "/baSe", "/baSe", "")]
+        [InlineData("/base", "/base/path", "/base", "/path")]
+        [InlineData("/base", "///base/path1/path2", "///base", "/path1/path2")]
+        [InlineData("/base/ball", @"/baSe\ball//path1//path2", @"/baSe\ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base%2fball//path1//path2", @"/base%2fball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base%2Fball//path1//path2", @"/base%2Fball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base%5cball//path1//path2", @"/base\ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base%5Cball//path1//path2", @"/base\ball", "//path1//path2")]
+        [InlineData("/base/ball", "///baSe//ball//path1//path2", "///baSe//ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/\ball//path1//path2", @"/base/\ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/%2fball//path1//path2", @"/base/%2fball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/%2Fball//path1//path2", @"/base/%2Fball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/%5cball//path1//path2", @"/base/\ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/%5Cball//path1//path2", @"/base/\ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/call/../ball//path1//path2", @"/base/ball", "//path1//path2")]
+        // The results should be "/base/ball", "//path1//path2", but Http.Sys collapses the "//" before the "../"
+        // and we don't have a good way of emulating that.
+        [InlineData("/base/ball", @"/base/call//../ball//path1//path2", @"", "/base/call/ball//path1//path2")]
+        [InlineData("/base/ball", @"/base/call/.%2e/ball//path1//path2", @"/base/ball", "//path1//path2")]
+        [InlineData("/base/ball", @"/base/call/.%2E/ball//path1//path2", @"/base/ball", "//path1//path2")]
+        public async Task Request_WithPathBase(string pathBase, string requestPath, string expectedPathBase, string expectedPath)
+        {
+            using var server = Utilities.CreateHttpServerReturnRoot(pathBase, out var root);
+            var responseTask = SendSocketRequestAsync(root, requestPath);
+            var context = await server.AcceptAsync(Utilities.DefaultTimeout).Before(responseTask);
+            Assert.Equal(expectedPathBase, context.Request.PathBase);
+            Assert.Equal(expectedPath, context.Request.Path);
+            context.Dispose();
+
+            var response = await responseTask;
+            Assert.Equal("200", response.Substring(9));
+        }
+
         private async Task<string> SendSocketRequestAsync(string address, string path, string method = "GET")
         {
             var uri = new Uri(address);
 
@@ -208,6 +208,7 @@ public async Task Request_FieldsCanBeSetToNull_Set()
         [InlineData("/base path/", "/base%20path/sub%20path", "/base path", "/sub path")]
         [InlineData("/base葉path/", "/base%E8%91%89path/sub%E8%91%89path", "/base葉path", "/sub葉path")]
         [InlineData("/basepath/", "/basepath/sub%2Fpath", "/basepath", "/sub%2Fpath")]
+        [InlineData("/base", "///base/path1/path2", "///base", "/path1/path2")]
         public async Task Request_PathSplitting(string pathBase, string requestPath, string expectedPathBase, string expectedPath)
         {
             string root;
 
@@ -149,19 +149,105 @@ protected void InitializeContext()
                 KnownMethod = VerbId;
                 StatusCode = 200;
 
-                var originalPath = GetOriginalPath();
+                var originalPath = GetOriginalPath() ?? string.Empty;
+                var pathBase = _server.VirtualPath ?? string.Empty;
+                if (pathBase.Length > 1 && pathBase[^1] == '/')
+                {
+                    pathBase = pathBase[..^1];
+                }
 
                 if (KnownMethod == HttpApiTypes.HTTP_VERB.HttpVerbOPTIONS && string.Equals(RawTarget, "*", StringComparison.Ordinal))
                 {
                     PathBase = string.Empty;
                     Path = string.Empty;
                 }
-                else
+                else if (string.IsNullOrEmpty(pathBase) || pathBase == "/")
                 {
-                    // Path and pathbase are unescaped by RequestUriBuilder
-                    // The UsePathBase middleware will modify the pathbase and path correctly
                     PathBase = string.Empty;
-                    Path = originalPath ?? string.Empty;
+                    Path = originalPath;
+                }
+                else if (originalPath.Equals(pathBase, StringComparison.Ordinal))
+                {
+                    // Exact match, no need to preserve the casing
+                    PathBase = pathBase;
+                    Path = string.Empty;
+                }
+                else if (originalPath.Equals(pathBase, StringComparison.OrdinalIgnoreCase))
+                {
+                    // Preserve the user input casing
+                    PathBase = originalPath;
+                    Path = string.Empty;
+                }
+                else if (originalPath.Length == pathBase.Length + 1
+                    && originalPath[^1] == '/'
+                    && originalPath.StartsWith(pathBase, StringComparison.Ordinal))
+                {
+                    // Exact match, no need to preserve the casing
+                    PathBase = pathBase;
+                    Path = "/";
+                }
+                else if (originalPath.Length == pathBase.Length + 1
+                    && originalPath[^1] == '/'
+                    && originalPath.StartsWith(pathBase, StringComparison.OrdinalIgnoreCase))
+                {
+                    // Preserve the user input casing
+                    PathBase = originalPath[..pathBase.Length];
+                    Path = "/";
+                }
+                else
+                {
+                    // Http.Sys path base matching is based on the cooked url which applies some non-standard normalizations that we don't use
+                    // like collapsing duplicate slashes "//", converting '\' to '/', and un-escaping "%2F" to '/'. Find the right split and
+                    // ignore the normalizations.
+                    var originalOffset = 0;
+                    var baseOffset = 0;
+                    while (originalOffset < originalPath.Length && baseOffset < pathBase.Length)
+                    {
+                        var baseValue = pathBase[baseOffset];
+                        var offsetValue = originalPath[originalOffset];
+                        if (baseValue == offsetValue
+                            || char.ToUpperInvariant(baseValue) == char.ToUpperInvariant(offsetValue))
+                        {
+                            // case-insensitive match, continue
+                            originalOffset++;
+                            baseOffset++;
+                        }
+                        else if (baseValue == '/' && offsetValue == '\\')
+                        {
+                            // Http.Sys considers these equivalent
+                            originalOffset++;
+                            baseOffset++;
+                        }
+                        else if (baseValue == '/' && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                        {
+                            // Http.Sys un-escapes this
+                            originalOffset += 3;
+                            baseOffset++;
+                        }
+                        else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                            && (offsetValue == '/' || offsetValue == '\\'))
+                        {
+                            // Duplicate slash, skip
+                            originalOffset++;
+                        }
+                        else if (baseOffset > 0 && pathBase[baseOffset - 1] == '/'
+                            && originalPath.AsSpan(originalOffset).StartsWith("%2F", StringComparison.OrdinalIgnoreCase))
+                        {
+                            // Duplicate slash equivalent, skip
+                            originalOffset += 3;
+                        }
+                        else
+                        {
+                            // Mismatch, fall back
+                            // The failing test case here is "/base/call//../ball//path1//path2", reduced to "/base/call/ball//path1//path2",
+                            // where http.sys collapses "//" before "../", but we do "../" first. We've lost the context that there were dot segments,
+                            // or duplicate slashes, how do we figure out that "call/" can be eliminated?
+                            originalOffset = 0;
+                            break;
+                        }
+                    }
+                    PathBase = originalPath[..originalOffset];
+                    Path = originalPath[originalOffset..];
                 }
 
                 var cookedUrl = GetCookedUrl();
 
@@ -30,6 +30,7 @@ internal class IISHttpServer : IServer
         private readonly IISServerOptions _options;
         private readonly IISNativeApplication _nativeApplication;
         private readonly ServerAddressesFeature _serverAddressesFeature;
+        private readonly string? _virtualPath;
 
         private readonly TaskCompletionSource _shutdownSignal = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);
         private bool? _websocketAvailable;
@@ -69,6 +70,8 @@ ILogger<IISHttpServer> logger
             _logger = logger;
             _options = options.Value;
             _serverAddressesFeature = new ServerAddressesFeature();
+            var iisConfigData = NativeMethods.HttpGetApplicationProperties();
+            _virtualPath = iisConfigData.pwzVirtualApplicationPath;
 
             if (_options.ForwardWindowsAuthentication)
             {
@@ -83,6 +86,8 @@ ILogger<IISHttpServer> logger
             }
         }
 
+        public string? VirtualPath => _virtualPath;
+
         public unsafe Task StartAsync<TContext>(IHttpApplication<TContext> application, CancellationToken cancellationToken) where TContext : notnull
         {
             _httpServerHandle = GCHandle.Alloc(this);
 
@@ -42,7 +42,6 @@ public static IWebHostBuilder UseIIS(this IWebHostBuilder hostBuilder)
                         services.AddSingleton(new IISNativeApplication(new NativeSafeHandle(iisConfigData.pNativeApplication)));
                         services.AddSingleton<IServer, IISHttpServer>();
                         services.AddTransient<IISServerAuthenticationHandlerInternal>();
-                        services.AddSingleton<IStartupFilter>(new IISServerSetupFilter(iisConfigData.pwzVirtualApplicationPath));
                         services.AddAuthenticationCore();
                         services.AddSingleton<IServerIntegratedAuth>(_ => new ServerIntegratedAuth()
                         {
Original file line number	Diff line number	Diff line change
`@@ -208,6 +208,7 @@ public async Task Request_FieldsCanBeSetToNull_Set()`
`208`	`208`	`[InlineData("/base path/", "/base%20path/sub%20path", "/base path", "/sub path")]`
`209`	`209`	`[InlineData("/base葉path/", "/base%E8%91%89path/sub%E8%91%89path", "/base葉path", "/sub葉path")]`
`210`	`210`	`[InlineData("/basepath/", "/basepath/sub%2Fpath", "/basepath", "/sub%2Fpath")]`
	`211`	`+ [InlineData("/base", "///base/path1/path2", "///base", "/path1/path2")]`
`211`	`212`	`public async Task Request_PathSplitting(string pathBase, string requestPath, string expectedPathBase, string expectedPath)`
`212`	`213`	`{`
`213`	`214`	`string root;`
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ internal class IISHttpServer : IServer`
`30`	`30`	`private readonly IISServerOptions _options;`
`31`	`31`	`private readonly IISNativeApplication _nativeApplication;`
`32`	`32`	`private readonly ServerAddressesFeature _serverAddressesFeature;`
	`33`	`+ private readonly string? _virtualPath;`
`33`	`34`
`34`	`35`	`private readonly TaskCompletionSource _shutdownSignal = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);`
`35`	`36`	`private bool? _websocketAvailable;`
`@@ -69,6 +70,8 @@ ILogger<IISHttpServer> logger`
`69`	`70`	`_logger = logger;`
`70`	`71`	`_options = options.Value;`
`71`	`72`	`_serverAddressesFeature = new ServerAddressesFeature();`
	`73`	`+ var iisConfigData = NativeMethods.HttpGetApplicationProperties();`
	`74`	`+ _virtualPath = iisConfigData.pwzVirtualApplicationPath;`
`72`	`75`
`73`	`76`	`if (_options.ForwardWindowsAuthentication)`
`74`	`77`	`{`
`@@ -83,6 +86,8 @@ ILogger<IISHttpServer> logger`
`83`	`86`	`}`
`84`	`87`	`}`
`85`	`88`
	`89`	`+ public string? VirtualPath => _virtualPath;`
	`90`	`+`
`86`	`91`	`public unsafe Task StartAsync<TContext>(IHttpApplication<TContext> application, CancellationToken cancellationToken) where TContext : notnull`
`87`	`92`	`{`
`88`	`93`	`_httpServerHandle = GCHandle.Alloc(this);`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,6 @@ public static IWebHostBuilder UseIIS(this IWebHostBuilder hostBuilder)`
`42`	`42`	`services.AddSingleton(new IISNativeApplication(new NativeSafeHandle(iisConfigData.pNativeApplication)));`
`43`	`43`	`services.AddSingleton<IServer, IISHttpServer>();`
`44`	`44`	`services.AddTransient<IISServerAuthenticationHandlerInternal>();`
`45`		`- services.AddSingleton<IStartupFilter>(new IISServerSetupFilter(iisConfigData.pwzVirtualApplicationPath));`
`46`	`45`	`services.AddAuthenticationCore();`
`47`	`46`	`services.AddSingleton<IServerIntegratedAuth>(_ => new ServerIntegratedAuth()`
`48`	`47`	`{`