Hi I have a question regarding Azure keyvault and IIS. So our server provider did an windows patch:
2021-04 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5001347)
2021-04 Servicing Stack Update for Windows Server 2016 for x64-based Systems (KB5001402)
After this windows patch and restart of server our fetch from web.config to keyvault in Azure stopped to work.
When IIS is starting our app it can not find Microsoft.Configuration.ConfigurationBuilders.Azure
Even if the DLL is located in the bin folder.
One other important thing to mention is that our connectionStrings to the database that are located in their own file connectionstrings.config are working great with Azure Keyvault.
Our windows services on the same machine are also working great with Azure Keyvault.
So the issue is only affecting our appsettings section in our web.config.
We have tried to add the bin folder to privatePath in the web.config, that didnt help
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="bin;modulesbin"/>
This works great on our STAGING machine which has the same windows updates and uses the same configs.
Does anyone have a clue what we can do next?
What we are using:
System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
<configBuilders>
<builders>
<add name="AzureKeyVault" vaultName=somevaultname"
type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"
vaultUri="somevaulturi"/>
</builders>
</configBuilders>
Thanks for any help
Edit:
We have now installed newer Azure dlls.
Installed Azure CLI on server.
We hare now using AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_CLIENT_ID instead of AzureServicesAuthConnectionString in the environment variables.
After reboot, the webapp, services, connectionstring stopped working.
Error message in Event viewer:
Exception message: An error occurred loading a configuration file: The specified user does not have a valid profile. Unable to load 'Microsoft.Configuration.ConfigurationBuilders.Azure
Everything still work as expected on our stage server.
AZURE_TENANT_ID was added correctly under Administrator environment variables
but under system environment variables it was added with AZURE_TENTANT_ID (one t too much)
Such a typo. All good now.
Related
My team is moving on project to to Azure DevOps. While the project is running correctly locally, it failed to build two of our Web Sites in DevOps
The error message:
##[error]MyProject\MyWebServices\web.config(59,0): Error ASPCONFIG: Could not load file or assembly
'Microsoft.VisualStudio.QualityTools.UnitTestFramework,
Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or
one of its dependencies. The system cannot find the file specified.
The compiler command:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
-v /MyWebServices -p MyWebServices\ -u -f PrecompiledWeb\MyWebServices\
The Web.Config had the following line:
<compilation debug="true" targetFramework="4.5">
<assemblies>
<add assembly="Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>
I have read this post and this post and the solution provided are not working for me.It was not a type mismatched because I have tried both x84 and x64 compilation and they are both failing for me.
Any idea how to solve this problem?
If your project depends on build environment, we suggest that you use self-hosted agents, which give you more control to install dependent software needed for your builds and deployments. If the project is running correctly locally, you should get the same result using self-hosted agents which will build on your local machine.
In addition, if you prefer to use Microsoft-hosted agents, please make sure that it is the same build environment as your local machine. You can see the installed software for each hosted agent by choosing the Included Software link in the table.
BTW, you could set pipeline variable system.debug to true, and then queue a new build to get debug logs, so you can review it to get detailed build information. See: Troubleshoot pipeline runs for details.
I'm working on this for some time and I have no idea anymore what to do.. so here is the problem.
I've got a Azure Webservice, which works perfectly localy. It should connect to a Azure SQL Database (I use the same ConnectionString for debug AND azure.. so it SHOULD be right)
Using IntelliTrace, I find these Errors:
Requested registry access is not allowed.
System.IO.FileNotFoundException Could not load file or assembly 'EntityFramework, Version=6.0.0.0, Culture=Neutral....
System.Data.Entity.Core.ProviderIncompatibleException
System.Data.SqlClient.SqlException A network-related or instance-specific error occured while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct... (This about 50 times)
System.Threading.WaitHandleCannotBeOpenedException No handle of the given name exists.
System.Security.SecurityException Requested registry access is not allowed
Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironmentException error
System.Threading.WaitHandleCannotBeOpenedException No handle of the given name exists.
(Exception stack, top newest, bott oldest)
In my web.config I setup EF and ConnectionString like this:
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="EntityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework" requirePermission="false"/>
</configSections>
<connectionStrings>
<add name="DefaultConnection" connectionString="Server=SERVER.database.windows.net;Database=LeagueMetaDatabase;User ID=USER#ksew7pk8ad;Password=PW;Trusted_Connection=False;Encrypt=True;" providerName="System.Data.SqlClient"/>
</connectionStrings>
I also deactivated "Specific Version" for the EF assembly and activated "Copy Local".
I checked in the bin folder of the service on the server, the dll is there.
The service uses a lot of async, but as already said it works localy.. I also installed .NET 4.5.1 on the server just to be sure that is not the problem
// Edit
First of all, thanks for all the help so far!
I tried narrowing the problem down.. reconstructing the hole project and trying to find what does not work. It seems that async Tasks can NOT read the ConnectionString in the Web.config on the Azure Server Cloud. In the emulator, it works. I hardcoded the ConnectionString into the Context and it is working this way.
Anyone can tell me what creates this behaviour and how I can put it back into the Web.config?
How is your solution deployed to Azure? Are you using a Cloud Service or Web Site? If you're running an Azure Web Site the problem might be related to your connection string name being the same in both the web.config and also your Azure Web Site. If this is the case you might want to try renaming the connection string defined in the Azure Management Portal for you web site. This can be done through the Configure management page.
Hope this helps.
Are the DB & Cloud Service in same data center? If not, link your resources via the Azure control panel and/or make sure that you have enabled "allow azure services to connect" in the DB configure section.
Also, make sure your SERVER connection specifies "tcp" - The Windows Azure SQL Database service is only available with TCP port 1433. To access a SQL Database database from your computer, ensure that your firewall allows outgoing TCP communication on TCP port 1433 (from Guidelines for Connecting to Windows Azure SQL Database). If you grab the ADO connection string from the DB dashboard page, you should see:
Server=tcp:{your_servername}.database.windows.net,1433;Database={your_database_name};User ID={your_userid};Password={your_password_here};Trusted_Connection=False;Encrypt=True;Connection Timeout=30;
First of all, thanks for all the help so far!
I tried narrowing the problem down.. reconstructing the hole project and trying to find what does not work.
It seems that async Tasks can NOT read the ConnectionString in the Web.config on the Azure Server Cloud. In the emulator, it works. I hardcoded the ConnectionString into the Context and it is working this way.
Anyone can tell me what creates this behaviour and how I can put it back into the Web.config?
I am having an issue where when I run my asp.net website, I get a security exception to do with the trust level in the config file. I have tried adding the following code into the config file in the solution, but no luck;
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
Description of the 'Security Exception' -
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details
System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I am only trying to run this locally from Visual Studio, and it has been working before.
We have recently moved our environments from working in a TS session (where vs2010 is), to having our own virtual machines (where vs2012 is). To get to the VS2010, we have to remote in from our virtual machine, and each time we log in it brings over our documents folder and everything. Could it be to do with this, logging in from somewhere else causes permission issues?
Many thanks.
I have some code that wraps the PayflowPro .NET API. It essentially posts to a HTTPS address (a payment gateway) from C#. I can run this code locally and it works nicely. I can run it in my MSUnit tests and it works, and I can run it from a console application on my test environment and it also works.
I have a workflow hosted in IIS 6.1, which instantiates a class which in turn calls this code. When this workflow is started the code fails everytime; I get an error like System.Exception: Failed to connect to host Input Server Uri = https://pilot-payflowpro.paypal.com/ from the API object.
This exception is coming from the API, but I am completely lost as to how I can succesfully post from a console application but not from an IIS process.
The class is exactly the same, word for word.
I log in as administrator, so the console app is running as administrator. Therefore I have tried using the administrator account for the application pool for the website (for this testing only, obviously)
The console app can post so therefore the firewall / proxy aren't interfering... right?
Is there anything I need to adjust in IIS to allow an application to communicate outside? Are there any obvious security settings that I'm overlooking? Any suggestions for test cases to run to find out what might be going on?
edit: Turns out that this problem is somehow related to the VM environment in which the server is running. This problem doesn't occur on my development box, the test server or the production server - it's only occurring on the integration server. The cause is still unknown but I am no longer working on it.
This might be caused by an ASP.NET trust configuration issue. To check the trust level open the following file in an editor:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config (if ASP.NET 2.0)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CONFIG\web.config (if ASP.NET 4.0)
You may also need to edit the C:\WINDOWS\Microsoft.NET\Framework64 versions of these if you're running on 64 bit Windows.
Scroll down to the <securityPolicy> configuration section which looks like:
<location allowOverride="false">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
<trustLevel name="High" policyFile="web_hightrust.config"/>
<trustLevel name="Medium" policyFile="web_mediumtrust.config"/>
<trustLevel name="Low" policyFile="web_lowtrust.config"/>
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
<trust level="Medium" originUrl=""/>
</system.web>
</location>
If you see anything other than <trust level="Full" originUrl=""/> it means the server is running under Partial Trust.
Open the .config file specified by the relevant policyFile attribute, for example web_mediumtrust.config if level="Medium".
It's highly unlikely that the server will be running under anything less than Low Trust.
Locate the <NamedPermissionSets> section, under this there is a <PermissionSet> that looks like:
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
This contains a number of <IPermission> nodes. Look for one that called WebPermission, it looks like this:
<IPermission
class="WebPermission"
version="1">
If it's missing or looks like:
<IPermission
class="WebPermission"
version="1">
<ConnectAccess>
<URI uri="$OriginHost$"/>
</ConnectAccess>
</IPermission>
You need to add or modify so it looks like:
<IPermission
class="WebPermission"
version="1"
Unrestricted="true"/>
This setting controls outbound and inbound access from your application to or from a URI.
It may also be necessary to ensure that the SocketPermission configuration is similarly configured:
<IPermission
class="SocketPermission"
version="1"
Unrestricted="true"/>
Turns out that this problem is somehow related to the VM environment in which the server is running. This problem doesn't occur on my development box, the test server or the production server - it's only occurring on the integration server. The cause is still unknown but I am no longer working on it.
Simple problem. I start up VS2008 and create a new WCF Service application. This will create a default application with a few test methods showing it works. I press CTRL+F5 and it does indeed work! Great! However, it uses the Visual Studio Development server, which I don't want to support.
So I go to the project properties, switch to using a local IIS Web server, create the virtual directory and press CTRL+F5 again. And this "HTTP Error 404.3 - Not Found" error is greeting me back.
So something in my IIS7/Vista-64 setup is wrong. What could I be missing?
Click Start -> Run cmd and type:
cd "\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation"
ServiceModelReg.exe -i
If you faced this problem for the first time. with Windows 8 and IIS 8.0 make sure to activate Windows Communication Foundation HTTP windows feature.
Go to Control Panel select "Programs and features"
From the lift hand side menu select "Turn Windows features on or off".
Expand ".Net Framework 3.5 (includes .NET 2.0 and 3.0)" item
Finally select "Windows Communication Foundation HTTP Activation"
Enjoy your WCF Servcie.
The problem, however, is then to re-register ASP.Net to IIS, which is explained below.
And also if you're on a 64bit machine always use Framework64 paths: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -iru
Below is the explanation from Microsoft:
http://download.microsoft.com/download/0/A/E/0AEB3BC1-506E-4954-8AB1-4FA2EE75985C/ReleaseNotes.docx
When attempting to run a service that receives messages over the HTTP transport, you may receive an error similar to the following:
Server Error in '/WCFApplication' Application
Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
Description: An unhandled exception occurred during the execution of the current Web request. Review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.TypeLoadException: Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
This error can occur when IIS is installed after installing .NET Framework 4, or if the 3.0 version of the WCF Http Activation module is installed after installing IIS and .NET Framework 4.
To resolve this problem, you must use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe,) to register the correct version of ASP.NET. This can be accomplished by using the –iru parameters when running aspnet_regiis.exe as follows:
aspnet_regiis.exe -iru
And credit, where it's due: Source
I had to tick "HTTP Activation" in "Add Role Services" within Windows Server 2012.
try to install IIS by expanding your Internet information service and then check ASP.Net 3.5 or ASP.Net 4.5 and ISAPI.... in root of world wide.........
please look image to more help
I tried running ServiceModelReg and aspnet_regiis.exe with various flags and added HTTP Activation feature but it still didn't work. What finally worked was adding the following handler manually to my web.config file.
<system.webServer>
<handlers>
<add name="svc-Integrated" path="*.svc" verb="GET,HEAD,POST,DEBUG" type="System.ServiceModel.Activation.HttpHandler, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" modules="ManagedPipelineHandler" scriptProcessor="" resourceType="Unspecified" requireAccess="Script" allowPathInfo="false" preCondition="integratedMode" responseBufferLimit="4194304" />
My project was running .Net 3.5 and IIS was 7.5 and 7.0.