I've just finished developing the core features of my site, and have now uploaded it to a host to test.
Unfortunately, I get the following error:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
After tedious searching, I realised that it's because I developed in a full trust environment, and my stubborn host will only allow medium trust.
When I set medium trust in web.config, the debugger doesn't show what exactly needs the full trust environment.
Is there any way to clearly check this, or somehow force the site to co-operate?
I am using MVC with FormsAuthentication, Code-First Databasing, etc.
After a LOT of trial and error, I have found the error.
Microsoft's SignalR requires full trust, and there is no way around it.
Disabling that fixes the issue.
Edit
It also seems that any library that will help the site out in the long run is out. If anyone is getting this error, simply disable (comment out) any tertiary library you use BEFORE altering your core code.
Breakpoints do not help at all, as after disabling SignalR, I had an error on a certain page. Setting a breakpoint didnt stop the code in the error event, as it turns out the Security Exception is thrown somewhere deep inside C#, and not brought to the top.
You have two options
You could have two web.config files, one for debugging and one for publishing and testing under an environment that is as close as posible as your hosting environment.
Another option could be two have a single config file with the medium trust set, and use logging to a file/event logger to allow you to debug
Related
Someone (not me) developed a web site that hits a web service implemented in C#. When I run the web site in visual studio, the project automatically starts the web service. In the web service, I want to log some information to a file for testing. log4net is used in the webservice project, but nothing is logged. I will admit I do not spend much time dealing with log4net, but the web.config hsa values that look like they should produce a file, and it does not.
So, I tried to dump the text of interest to a text file on my local drive.
File.AppendAllText(logPath, txt + "\n");
There are no errors and nothing is sent to the file.
I start the Website, not the web service, so the debugger seems to not know about the web service (so I can't simply set a break point in the web service).
My expectation is that for security reasons things are started in a way that simply disallow this. I vaguely remember that when started in this way, your services are also not allowed to write to disk, so in a development box while running from visual studio, how can I write a simple file to disk.
It seems to me like this should be simple.
First at all, you should call the web service, to log anything. You could use an external program like fiddler or postman, or write a unit test. After the first call, you could attach the visual studio to the w3wp.exe, so you could debug the problem.
The user of the AppPool should be granted the write permission to the log file.
I want to comment at the above answer,but i have no rights.
To set that user to have write permission, for local develop environment,just right click the log folder ,select properties,under the "security" tab,click "Edit",add "EveryOne" with read,write,modify permissions.
In production environment,you should select the real apppool user instead.
Although the answers were useful, and correct, it is not what solved the issue. Also, related, see this:
log4net doesn't create log file when deployed on IIS7
Remember that I chose to start the WebSite, and that auto-starts the WebService. That problem has NOT been solved, but, a coworker burned some brain cells and he thinks that it has to do with how Visual Studio magically starts the web service and that log4net is NOT initialized. If I start the web service by itself, then logging works as configured. I am still testing to see if the above advice allows a lot to be written to a specific directory.
First of all, I'm not familiar with Web development so I might be missing something basic here. Do excuse me if that's really the case.
I'm currently working on a web application (not created by me), which is based on another web app.
Both applications share similar user log in code, but user account info are stored in different databases.
However, after logging in to 1 of the app, the WebSecurity.IsAuthenticated flag is also true on the other app (detected as logged on). Is this behaviour expected?
In case this information is of any use..
1 of the app uses ASP.NET development server while the other uses ISS express.
This is not exactly an answer to my initial question.
That has been answered by #Esa in the comment above --> Setting machine key to Web.Config.
The following is an answer to the problem I mentioned in the comment.
(Should I have posted this in comment instead?)
Both applications were overwriting the same __RequestVerificationToken cookie, which caused error "The anti-forgery token could not be decrypted..." when navigating.
This is because both applications were at the same path of "localhost:xxxxx" and hence detected as the same site. The error can be avoided by changing the virtual path of either application.
For VS, Project properties -> Web (tab) -> Virtual path
i am trying to create a folder using
Directory.CreateDirectory(Server.MapPath(pathToCreate));
i get Access is Denied error.
no problem in localhost.
Do you have file system write access enabled in your AppHarbor application?
I think you also need to do a re-deploy of your application after enabling it, but not 100% sure.
UPDATE: Based on the poster's response, yes you do have to do a re-deploy after enabling this option.
There are already a handful of questions out there but none seem to have gotten any attention or answers to what is causing this error, and how to fix it.
Background
I have created an ASP.NET MVC4 application that has a single point of data access in another application I created using the WCF Application project template in VS2012. If I run both applications in debug mode (so it is using IIS express at this point for both) they can talk to each other just fine. All my calls work, no issues.
I wanted to test it in a more realistic environment so I got my IIS set up (IIS 8 on a windows 8 box), created a website, and underneath that website I am hosting both these applications, the MVC one, which I am calling Dashboard, and the WCF one which I am calling Service. So it looks something like this in IIS
MYMACHINENAME
|
--App Pools
|Sites
--local
--aspnet_client
--dashboard (application, MVC4)
--service (application, WCF)
I can hit the localhost/service and I see the right information there, so I know it is hosting correctly.
I updated the service reference in the MVC4 project to point to localhost/service rather than the iis express one I was using.
The Problem
Adding the new service reference to the MVC4 app worked fine, I got the wsdl info and I can see all the endpoint calls I defined. After adding the new service reference, I re-published the 'dashboard' application. When I navigation to localhost/dashboard, I get an error deep inside the Reference.cs file that the service reference created.
Here is the code that is throwing the error:
MyServiceAPIClient svc = new MyServiceAPIClient();
svc.Open();
User userRecord = svc.GetUserRecord(adSAMName);
On that third line it gets into the Reference.cs file that is created when I add the service reference. This line of code it dies on in the Reference.cs file is here:
public Dashboard.Web.MyApiService.User GetUserRecord(string userName) {
return base.Channel.GetUserRecord(userName);
}
And the error message is this:
An error occurred while getting provider information from the database.
This can be caused by Entity Framework using an incorrect connection string.
Check the inner exceptions for details and ensure that the connection string is correct.
There is no inner exception for me to look at, so I am at a loss here.
The Question
Should be pretty obvious what the question is here. Multiple questions really:
What could be causing this issue? Keep in mind it works fine in IIS express, just debugging both in VS2012.
Is this an issue with the configuration of my MVC app, WCF app, or IIS? A combination of them all?
How do I fix it??
There is a lot of code files and config files I can post here, but I wanted to keep it shorter for reading sake, if there is code that you would like to see here, let me know if the comments and I can post it.
Update
I did as advised and attached to the process running the service in IIS. Digging into the inner exceptions it seems to be an access/login issue with trying to hit the database.
I can't seem to get the connection string to work with a built in SQL user though, so I am scratching my head again.
This is the connection string I am trying:
<add name="MyDB" connectionString="Server:.;Database=MyDatabase;User Id=SQLAuthUser;Password=yourmom;" providerName="System.Data.SqlClient"/>
I run the process again and it tells me login failed for that user I specified, and I am also getting this message that I have never seen before:
Could not determine storage version; a valid storage connection or a version hint is required.
Halp!?
Update: Solution
So my connection string is now this:
<add name="NeumontDB" connectionString="Server=ServerName; Database=NeumontDB; User Id=Username; Password=password;" providerName="System.Data.SqlClient"/>
And I also needed to set sql server to allow mixed mode authentication. Now I seem to be able to hit the service without issues.. Hooray!
The problem lies in your WCF app, and is most likely a config related. To fix this, I would recommend that you attach debugger to your WCF hosted in IIS and debug the GetUserRecord method.
Here are some tips for how to debug WCF service hosted in IIS
Debug WCF service hosted in local IIS not working
debugging asp.net WCF service hosted in IIS
What I suspect is that you are using windows auth in your connection string, and the user owning the app pool does not have access to the Database. If your debugging reveals that that's the case, I would recommend that you assign DB rights to apppool user or change the connection string to use SQL authentication
Now for the connection string error, I would recommend that you go through the following blog entry.
http://failuresincoding.blogspot.com/2011/12/entity-framework-provider-did-not.html
Also, Do you have multiple SQL Servers on the local box? I would recommend that you use the complete instance name instead of "."
Is there any way to specify a permanent port for ASP.NET Configuration site (Web Site Administration Tool)?
I need to add a link to the ASP.NET Configuration site, but I can't due to the port changing each time it starts.
Its the port for ASP.NET Development server
http://msdn.microsoft.com/en-us/library/ms178109.aspx
I'm not sure that you can.
The Web Site Administration Tool isn't really meant to be "linked" to as such, it's a fairly powerful, unsecured application, that's only really meant to be run by a developer/admin.
The "Considerations" section of the documentation explain why:
The following sections provide some considerations for working with the Web Site Administration Tool.
Restarting the Application When Saving
Most changes to configuration settings that you make in the Web Site Administration Tool take effect immediately. This requires the Web site to which the change applies to be restarted. Because this will cause currently active sessions in the Web site to be lost, you should make configuration changes to a staged or development version of the Web site before publishing these changes to the production server.
Saving Your Settings
Most changes to configuration settings that you make in the Web Site Administration Tool take effect immediately. For settings for which the Web Site Administration Tool interface has a dedicated Save button, leaving the Web Site Administration Tool idle or allowing the Web Site Administration Tool to time out before you click Save will cause your configuration settings changes to be lost.
Time Out
As a security measure, the Web Site Administration Tool times out after a period of inactivity. Any settings that did not take effect immediately and were not saved will be lost. If the Web Site Administration Tool has timed out, close your browser, and then reopen the Web Site Administration Tool in a new window.
The Web Site Administration Tool manages only some of the configuration settings that are available to the Web site. Many other settings require direct modification of configuration files either manually, by using the MMC Snap-In for ASP.NET, or programmatically, by using the ASP.NET Configuration API.
From that you can see that this isn't something that's intended to be kept around.
That said, with a little bit of hacking around, you could probably shoot yourself in the foot achieve what you're after:
If you right click on the ASP.NET Development server task tray item for the admin tool, and select "Show Details", you can see that the virtual directory that the tool runs under is mapped to (something like):
C:\Windows\Microsoft.NET\Framework\v4.0.30319\asp.netwebadminfiles\
If you were to create (and secure) a virtual directory on your application mapped to that path, you might well be able to get this all up and running as you want.
As pseudocoder points out in his comment below, while going down the Virtual Directory route does "work", there are some limitations to the tool that, coupled with the security issues mean that you probably wouldn't want to use it going forward.
If you were to stick with the Development Server option, the tool won't respond to non-local requests, and once you've deployed the site to a proper web server (IIS) for users to access the Admin site won't be running anyway.
It would probably be better if you could explain why you want to use this permanently so we can advise you on some better options - for example the Membership, Profile and Role providers both provide nice APIs for managing user details that can be easily built into a custom admin area.
Tricky one, however I think to get this working correctly, you're going to have to spend some time doing something, and it's probably better for you in the long run to spend that time doing the right thing rather than hacking in the wrong option.
The Development server can be started from a command line, using a commands along the lines of:
call "C:\Program Files\Microsoft Visual Studio 9.0\vc\vcvarsall.bat"
"C:\Program Files\Common Files\Microsoft Shared\DevServer\9.0\WebDev.WebServer.exe" /port:3900 /path:"PATHSITE" /vpath:"PathSite"
The first line sets up the CMD instance to use the variables and path settings needed to run most of the Dev tooling
You'll want to change the path to the DevServer as appropriate for your environment (mine's in \10.0\ for example, and has a 2.0 and 4.0 version).
Armed with this information, you could do something along the lines of:
Add a link to your site to a page called /StartAdmin.aspx or similar.
In that page, you would then need to have the logic to:
Check through the running processes for the instance of the DevServer that was previously used to host the Admin site.
Close that process down.
Spool up another instance of the DevServer with a known port, pointing to the path for the WebAdmin Site.
Redirect the user to this new site.
All of which is possible, but it's not trivial, and you'll find you'll need to be doing odd things with the process your starting, and you'll need to be very careful you don't shut down the instance of the DevServer that's actually running your site by mistake.
However, this would probably take as long as it would to knock up a quick set of user admin screens, and you'd learn something more useful along the way*
* Which isn't to say that learning how to start and leave running a process isn't useful, it's more to say that I'm guessing its not what you're supposed to be learning at the moment, and you should probably be focusing on that ;)