I have a .NET 4 application that uses Process.Start(URL); to open the user's default browser and take them to my update page if they accept an update request. This works fine for most people, but I'm getting crash logs from some users where this fails with:
System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
I have chastised myself for ignoring the possibility of failure here and using naive examples from the web and now I'm trying to work out what to do. My first instinct is to show a general "Couldn't open browser, here's the URL" message and maybe add a button to copy it to the clipboard, but can I do better?
A more robust way to open the URL? Although this seems to be the standard answer to questions about opening URLs, is it really the best way?
Something more informative to say to the user? Does failure mean a misconfiguration on the user's machine? Virus-scanner blocking access, maybe?
Related
I am trying to use Identity Server 4 for Authenticationa and authorization purpose but which ever project i try to run is throwing only 1 error which is like bugging me alot because i have search for this error and i cant find a stable and proper solution for this.
Error :
Error connecting to
http://localhost:5000/.well-known/openid-configuration: An error
occurred while sending the request.
Couple of projects in which i am getting same error and dont know how to solve it :
https://www.dropbox.com/s/9hs3huwt8h035ek/oauth2Demo-master.rar?dl=0
Another Project : Download but same error
In my first project it seems like there is some problem related to SSL certificate though i tried to follow below link to install certificate but still this error exist :
https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates
But in my second project there is no such SSL certificate problem but still same error.
Is there any way to resolve that error?
I downloaded the solution and I can confirm you need to make sure to run the OAuth2Demo.IdentityServer project, you can actually start it up and navigate to https://localhost:44305/admin/ to see the admin environment of identityserver. It apperantly also needs a sql connection to store configuration information, I didn't dig into those details but with the OAuth2Demo.IdentityServer running the other projects can also be started.
My suggestion is to get the things done one by one.
From your screens I see that on the first you are trying to reach IDS at localhost:44305, and on the second screen, you are trying to reach it at localhost:5000. It will be a good thing to set it as a constant value ( right click on your Identity Server project ->Properties->Debug->Web Server Settings->App URL) and then use this value through all of your clients.
Then - enable Identity Server logging - check here. You can extend this example - serilog basic configurations. So far logging has saved me many times, so I can say that it is really important. Make sure that the App pool account, running the application has the rights to create files, where you want them to be created.
Now the real problem:
Lets assume that you select localhost:5000 as url for your IDS.
First of all start (debug) only the Identity Server project. This should take you to localhost:5000 and you will see a welcome message from Identity Server 4.
If you see it, this means that your IDS is working. This also means that you will be able to access the Discovery Document - the one thing that is failing in your clients. Now its about time to setup your clients.
If not, this means that there is something wrong with your Identity Server instance, and that is the place to dig.
First thing I'll do is to check the logs. They will say what the problem is.
Then - I figure out that you are trying to use custom certificate for this (correct me if I've misunderstood). Why don't you try using the Developer Signing Credential (check the ConfigureServices of Startup.cs) at least for starting it up.
Later on, if you decide to use your custom certificate, have in mind that the user, that is running the IDS application (by user I mean the application pool user) should have at least read privileges over the certificate (I guess that you've seen that in the article you have provided).
Do all these, and let's see what progress you will have, but most important - enable the logging.
When using WebResource.axd you will see two parameters being passed in the query string. Usually looks something like this:
WebResource.axd?d=9H3mkymBtDwEocEoKm-S4A2&t=634093400273197793
I have run into an issue where I need a permanent link to the resource in question. Recently the link I was using stopped working. What would cause these ids to change? Rebooting the server? Recompiling the code? Is there anyway to make these ids permanent?
Background -
As part of a site monitoring service we are subscribed to, we have "recorded" several sets of user actions for our website. For example, we recorded the process of logging into the site. The monitoring is now saying that the user login process fails (it's working fine) because it cannot find the WebResource.axd with the ids it recorded.
This page provides all the information on the makeup of the URL
http://support.microsoft.com/kb/910442
The "d" stands for the requested Web Resource
Something worth noting is that you don't need to have the timestamp (t) parameter there to call the resource. Try it on your own site, view the source and grab a webresource.axd url and navigate to the it, remove the t
Another question from me. This wont be an easy one!
I'm having issues with handling a simple upload.
Pre Requirements to test with:
- No Flash (hijacking)
- Basic upload field usage + form to post
- Max file size is 20MB (web.config maxrequestlength)
- I'm running the web site with the build in IIS development tool in visual studio (i think)
- I'm using a MVC web project
Question: Is it possible to show a nice error message to the user when a file is larger than 20MB? (Without getting the whole file to the server first)
These links helped me the most:
http://www.telerik.com/community/forums/aspnet/upload/maximum-request-length-exceeded.aspx
ASP.NET MVC: Handling upload exceeding maxRequestLength
http://forums.whirlpool.net.au/archive/809909
http://forums.asp.net/t/1106579.aspx/1
Catching "Maximum request length exceeded"
But still i haven't been able to fix the issue. Atm i use the code of the accepted answer of the last link (Catching "Maximum request length exceeded"), but my code crashes when i run the code line below:
this.Server.Transfer("~/error/UploadTooLarge.aspx");
Error message: Error executing child request for ~/error/UploadTooLarge.aspx.
I think i get this message because i'm using VS.NET's build in web server (see: http://forums.asp.net/t/1106579.aspx/1 last post of that page).
I'm affraid i made the whole question a bit hard to read. In short:
How can i show a neat error message when i uploaded file is too large (using S.NET's build in web server)?
If you don't want to send to whole file to the server first, then your only option would be javascript.
The FileReader object would solve that for you
https://developer.mozilla.org/en-US/docs/DOM/FileReader
Problem being it won't work on older browsers.
Now, if older browsers are not a problem for you then you should find plenty of tutorials showing you how to use the FileReader object. With it you can do asynchronous uploads so you even add a nice progress bar considering is fairly large file.
Scenario: We have a website that is viewed both internally and externally. When an error occurs the users are displayed with a detailed error page(Stack trace etc).
Problem: The external customers do not need that much information about the error. We are looking to have the external customers see a messsage instead. Ex. Please contact Administrator. Also if possible we would like to log this message in our SQL database.
Note: I'm assuming I make a custom error page like - Implementing a Custom Error page on an ASP.Net website but how do I determine whether or not the user is internal/external? Also is this the best way to approach the problem? Additionally if anyone has suggestions on the best way to store these errors in the database that is also appreciated.
Thanks in advance.
YOu can try settings your mode to RemoteOnly in the web.config
<customErrors mode="RemoteOnly">
This way local users will see the error, and external users will see the other error pages which you have set up.
There is an article here about such things http://aspnetresources.com/articles/CustomErrorPages
The way I would do this is to have different entry points for external and internal users. I would do this through the hostname. By varying the hostname I could then create a custom error experiance for each type of user.
If by 'internal' you mean logged in, and 'external' you mean anonymous, you could use the same custom error page but check the user's logged in state using Request.IsAuthenticated
You could then simply display the message based on the user's status.
For storage of errors you could use log4net and/or ELMAH. ELMHA is specifically for catching unhandled exceptions. Log4net is predominantly for logging from within your code, i.e. from within a try/catch statement.
It is good practice to use both.
That article is on the right track of what you need to do. Also, see:
http://aspnetresources.com/articles/CustomErrorPages
http://www.asp.net/hosting/tutorials/displaying-a-custom-error-page-cs
http://weblogs.asp.net/erobillard/archive/2003/04/23/5992.aspx
The determination about whether a user is internal or external will be handled by the web server.
customErrors for RemoteOnly will probably not help you because RemoteOnly only refers to users not accessing the page from the same physical box. Users on the LAN will be treated as remote just like users from the WAN will.
If I had to solve your problem, I would start in Application_Error and examine Request.UserHostAddress and Request.UserHostName but even those are not going to be completely reliable because on my corporate intranet, my address of 10.4.42.219 might very well match your companies internal addresses, and UserHostName is supposed to be a human readable name but it isn't always - case in point, look at it running in debug mode and both UserHostAddress and UserHostName will be "127.0.0.1" when you'd expect the latter to be "localhost".
See the problem here is that by the time they hit your webserver, they're inside the firewall, and the server is a listener - so it doesn't matter what IP the incoming connection CLAIMS to be from (spoofing being a very real problem), your webserver isn't gonna initiate a response, it's going to send a response down the very pipeline that the client opened.
Now if your firewall can be configured to leverage spoofing and force the IP coming in to be a specific value, that would be one possible way to reliably identify external connections, and by process of elimination, the internal ones but I can't speak to the viability of that approach with any certainty.
Edit to add: I suspect your initial question may itself be flawed. The question I'm asking myself is, who on your internal side really cares about the error message? Is your corporate secretary going to want to see stack trace info? Probably not.
I suspect that what you REALLY need here is active authentication and role based security, such that only specifically identified users - members of the "Error Investigator" role perhaps - should see those detailed exceptions, and everyone else, including internal users, gets the pretty custom page.
We've now got plenty of sites which all use a log4net base error loging framework and we receive error from site from anywhere it append. We've notice that some of them catch error because of "Bot" like google, bing, yahoo, etc. But there's a things we've not sure about how to resolve. I've two questions about it :
Is "Java/1.6.0_24" a Bot? Because the user-agent of my question #2 is about this.
The "Java/1.6.0_24" still calling subfolder on our site that just do not exists! Like, if we have a page called "Page1.aspx", instead of calling "~/Page1.aspx", he calls it "~/minisite/Page1.aspx". How can I tell him he's wrong? Is there a way to do it?
Thanks you
It's most likely a bot but it could as well be some kind of browser based on Java that sends that user-agent string - you can't trust it 100% but it can give you an estimate idea of what the connecting entity is. Depending on the kind of bot it might as well just ignore your robots.txt so I'd just impement some handling stuff somewhere.
Did those folders ever exist? If so, you could use HTTP's permanent redirect (code 301) to tell him to no longer look there - however that doesn't guarantee it will do so.