Why is anonymous user trying to access /admin/host/synctriggers? - c#

Since a few days ago, I have started receiving error messages from all my Azure websites:
"The controller for path '/admin/host/synctriggers' was not found or does not implement IController."
This is coming my an anonymous user (or bot). The full error message is below.
What is this about and should I be concerned that there is some malicious activity involved?
Source : Error in: https://myproject.azurewebsites.net/admin/host/synctriggers?api-version=2018-11-01,
MemberName : Application_Error(Param : referrerUrl=),
SourceFilePath : C:\ProjectPath\Global.asax.cs,
Username : Anonymous
Date/Time : 20/7/2019 02:11:05
Stack Trace:
Message : The controller for path '/admin/host/synctriggers' was not found or does not implement IController.
Source : System.Web.Mvc
StackTrace : at System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType)
at System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName)
at MvcSiteMapProvider.DI.ControllerFactoryDecorator.CreateController(RequestContext requestContext, String controllerName)
at System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController& controller, IControllerFactory& factory)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.<>c__DisplayClass285_0.b__0()
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.StepInvoker.<>c__DisplayClass4_0.b__0()
at Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule.OnExecuteRequestStep(HttpContextBase context, Action step)
at System.Web.HttpApplication.<>c__DisplayClass284_0.b__0(Action nextStepAction)
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

We've been seeing this as well in the last week.
The User Agent comes through as "PolicyScan" and the source IP address is in the same Azure datacentre as the site being hit.
Not sure why this is happening, possible it's a error on the azure monitoring end, however the URL is certainly one of the URLs that is called relating to Azure functions.
https://learn.microsoft.com/bs-latn-ba/azure/azure-functions/functions-deployment-technologies

Apparently this is a known issue with User-Agent: PolicyScan introduced recently.
We started receiving similar errors on 18 July 2019, round about the same time others started reporting these errors. However we're getting two errors - as well as a request to admin/host/synctriggers we're also getting a request to admin/functions.
The complete URLs are:
https://myapp.azurewebsites.net/admin/functions?api-version=2018-11-01
https://myapp.azurewebsites.net/admin/host/synctriggers?api-version=2018-11-01

According to the reply from a Microsoft employee/contractor at https://social.msdn.microsoft.com/Forums/azure/en-US/361bb082-e40b-4722-885e-92964f4afad7/daily-requests-to-adminhosts-and-adminfunctions-resulting-in-http-404-or-500-responses?forum=windowsazurewebsitespreview, the issue should be resolved.
Indeed, I have not received the alert for a few days now.
I am still not clear on what PolicyScan is, though.

Related

An unhandled exception was generated during the execution of the current web request.[HttpAntiForgeryException]

I have a C# .NET MVC app and I am getting "anti-forgery token could not be decrypted". I don't know where the error is and I need help resolving this issue. And I am running this application on my localhost. Below is the error I am getting.
Server Error in '/' Application.
The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpAntiForgeryException (0x80004005): The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.]
System.Web.Helpers.AntiXsrf.AntiForgeryTokenSerializer.Deserialize(String serializedToken) +337
System.Web.Helpers.AntiXsrf.AntiForgeryTokenStore.GetFormToken(HttpContextBase httpContext) +91
System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +44
System.Web.Helpers.AntiForgery.Validate() +92
System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +18
System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +97
System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState) +743
System.Web.Mvc.Async.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +14
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) +343
System.Web.Mvc.Controller.<BeginExecuteCore>b__1c(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) +25
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +30
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) +465
System.Web.Mvc.Controller.<BeginExecute>b__14(AsyncCallback asyncCallback, Object callbackState, Controller controller) +18
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +20
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +374
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +16
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__4(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) +52
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +30
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +384
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) +48
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +16
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +103
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
When ASP.NET generates the token, it uses some machine key for that. If you later try to decrypt that token with another key, you will get this type of exception.
It is very strange that you can get this by just running localhost, since this usually happens on a load balanced scenario e.g. when you have not set up the machine key to be the same.
Another possible reason is that you manipulate the token on the frontend somehow or get the web page from another machine, though both scenarios seem to be unlikely.
Anyway, if you have troubles with the load balancing or something like this, you need to set up the same machine key in all web.config files.

SqlSessionState: Unable to cast object of type System.DBNull to type System.Byte[]

Occasionally we get the following error. I have not been able to reproduce it. I've tried logging out and navigating to a page that requires authentication, but it doesn't throw this exception.
So far this exception has only occurred on web services that are called immediately after page load. (So page load occurs, then an onready event starts loading some data with ajax calls)
We are using web forms with a SQL server session store.
Unable to cast object of type 'System.DBNull' to type 'System.Byte[]'.
at System.Web.SessionState.SqlSessionStateStore.DoGet(HttpContext context, String id, Boolean getExclusive, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) at System.Web.SessionState.SqlSessionStateStore.GetItemExclusive(HttpContext context, String id, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) at System.Web.SessionState.SessionStateModule.GetSessionStateItem() at System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData) at System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
What can I do to fix this?
Sounds like your session is timing out yet you are assuming you are retrieving the object from the session state.
I suggest adding a null check to the code before attempting to assign the session object.

How use original bundle collection into area MVC5

I have a MVC5 website with one area called Freemium. I used bundles collection for my entire website and everything works really well except when I open the freemium area. All of my jquery and css files are not load! I try to figure out the problem and the only solution I found is to copy all the css and jquery files into the area folder but I don't want to do that because that will always be the same files copy & paste.
So when I render the css and js with
#Styles.Render("~/Freemium/Content/metro-ui/css")
I get the error:
The controller for path '/Freemium/Content/metro-ui/css' was not found or does not implement IController.
Stack trace:
at System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType)
at System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName)
at System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController& controller, IControllerFactory& factory)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)**
Here it's the bundles I need to make working in the freemium area.
private static BundleCollection SetMetroUIFreemiumBundles(BundleCollection bundles)
{
// CSS
bundles.Add(new StyleBundle("~/Freemium/Content/metro-ui/css/metrocss")
.Include("~/Content/metro-ui/css/metro-bootstrap.css"
, "~/Content/metro-ui/css/metro-bootstrap-responsive.css"
, "~/Content/metro-ui/css/iconFont.min.css"));
// Scripts
bundles.Add(new ScriptBundle("~/Freemium/Scripts/metro-ui/metrojs")
.Include("~/Scripts/metro-ui/jquery.ui.widget.js"
, "~/Scripts/metro-ui/metro.min.js"));
return bundles;
}
It's been a while since I created an MVC site, but shouldn't it be
#Styles.Render("~/Freemium/Content/metro-ui/css/metrocss")
The Render("path") path should match the new StyleBundle("path").

arterySignalR/ping MVC4 was not found

I'm using MVC4, C#, Entity framework with repository pattern and I installed the Elmah nuget package. I have set the Elmah to send email when application error appear and since that I receive this:
System.Web.HttpException: The controller for path '/3582be999d2646eca85b82b5302fc0af/arterySignalR/ping' was not found or does not implement IController.
Generated: Tue, 05 Nov 2013 14:43:21 GMT System.Web.HttpException
(0x80004005): The controller for path
'/3582be999d2646eca85b82b5302fc0af/arterySignalR/ping' was not found
or does not implement IController. at
System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext
requestContext, Type controllerType) at
System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext
requestContext, String controllerName) at
System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase
httpContext, IController& controller, IControllerFactory& factory)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase
httpContext, AsyncCallback callback, Object state) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext,
AsyncCallback callback, Object state) at
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext
context, AsyncCallback cb, Object extraData) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
I dont know why I receive that error, I even don't know what arterySignalR/ping is and I want to know if someone of you know the solution to solve that.
Thank you very much,
Karine
That is a 404 Error that has been picked up by ELMAH. Someone requested that url from your website but as it does not exist it generated the 404 error.
If you do not know what arterySignalR/ping is, then you can simply ignore it. It could be simple as someone mistyping the website url. If the error is repeating continuously, then it could indicate a problem with a script/webpage or another application which may warrant attention.

How to publish web service in ASP.Net?

Below url is web service which I hosted: http://monocept.net/vlt/html/AutoComplete.asmx
when I am invoking this service it calls web method GetCompleteList(). This method implementation is defined in AutoComplete.asmx.cs file. When I invoking this service it throws exception as HTTP 404, where as in my local machine service is working fine and able to hit GetCompleteList() Web method.
The error page is actually dumping out the exception/stack trace in a HTML comment:
[HttpException]: The controller for path '/vlt/html/AutoComplete.asmx/GetCompleteList' was not found or does not implement IController.
at System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType)
at System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName)
at System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController& controller, IControllerFactory& factory)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I'm not familiar with MVC, so I really can't give you a solid answer, but researching that exception turns up a few results.
You haven't defined a controller for this path. It is MVC error. Your service doesn't has a business logic.
Have you ensured that you are excluding the route in your global.asax file?
routes.IgnoreRoute("{resource}.asmx/{*pathInfo}");

Categories

Resources