Develop Reference

How to change default trust setting in Asp.Net Core 3.1 web.config file?

I deployed my Asp Net Core 3.1 project on a server provided by a hosting company. Firstly, there was no problem with my project but my hosting company has changed IIS security options. Full trust option is converted to Medium. After that when I enter my web site I get 500 Internal Server Error. What can I do? How to change default Asp Core Trust options?
Error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
<?xml version="1.0" encoding="utf-8"?>
<location path="." allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal"
policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Medium" originUrl="" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed" />
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\admin.exe" arguments="" stdoutLogEnabled="false" hostingModel="InProcess" stdoutLogFile=".\logs\stdout">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
</environmentVariables>
</aspNetCore>
<!-- maxAllowedContentLength = 1GB (the value is in Bytes) -->
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>
</location>
EDIT
Hi again. When I enter the website a day later, I saw that my problem was solved. Why? Really, I don't know :)

how to remove cookies from my website

I developed a website with Asp.net Website project, and recently I added some https protocol on it. my problem is that the website shows that it is saving cookies, while I really do not like to save any cookies from my users.
I am not familiar with cookies very much but I am sure I did not put any code to save user cookies, how I can be sure If there would not be any cookies for my users and delete any settings for this and why this happening automatically?
my project is a very simple single page website with no form and authentication
here is my web.config if needed.
<?xml version="1.0"?>
<configuration>
<system.web>
<httpRuntime enableVersionHeader="false" targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5"/>
<customErrors mode="On" />
<sessionState mode="Off" />
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\(compressionType)\(AppPool)\(WebSite)\compressed files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" staticCompressionLevel="9" />
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/atom+xml" enabled="true" />
<add mimeType="application/xaml+xml" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true" dynamicCompressionBeforeCache="true"/>
</system.webServer>
</configuration>
Appreciate very much

ASP.Net has by default session state (https://msdn.microsoft.com/en-us/library/ms178581.aspx) turned on, which in turn relies on cookies by default. If you don't need session state (because users don't logon etc) you can turn it off in the web.config file. Just add
<sessionState mode="Off">
under the
<system.web>
element.

Trace.axd returns YSOD not custom error

This is officially driving me crazy...... I have a website on IIS7 running ASP.Net 3.5. Tracing is off and I have custom errors configured, however when I access www.mysite.com/trace.axd I receive a standard ASP.Net YSOD instead of my custom error page. The status returned is 500, however some more weird as using Cassini or Dev Server the status is 403.
So my question is how do I return my custom error page on the live box instead of the standard ASP.Net YSOD?
Custom Errors Config:
<customErrors mode="RemoteOnly" defaultRedirect="~/Error.aspx" redirectMode="ResponseRewrite">
<error statusCode="404" path="~/404.aspx" redirect="~/404.aspx" responseMode="ExecuteURL" /></customErrors>
Trace Settings:
<tracing>
<traceFailedRequests>
<add path="*.aspx">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="500" />
</add>
</traceFailedRequests>
</tracing>
Any help here is much appreciated, let me know if you need anything else :)

Remove the tracing HTTP handler in the Web.config file:
<system.webServer>
<!-- remove TraceHandler-Integrated - Remove the tracing handlers so that navigating to /trace.axd gives us a
404 Not Found instead of 500 Internal Server Error. -->
<handlers>
<remove name="TraceHandler-Integrated" />
<remove name="TraceHandler-Integrated-4.0" />
</handlers>
</system.webServer>
Navigating to /trace.axd now gives us a 404 Not Found instead of 500 Internal Server Error.

Why is my MVC3 web page not sending Windows credentials to IIS Express?

I have been struggling with getting Windows Authentication to work with my MVC3 application in development (VS 2010 SP1), with no real luck so far. I am running XP on my dev machine (no money until next year for an upgrade), if that makes a difference. I should also mention I am using IIS Express as the default web development server from VS 2010.
I started with an empty MVC3 app awhile back, as I didn't have the Intranet template available from the VS menu until I upgraded the MVC3 tools yesterday (OK, I was a little slow). Once I installed and inspected that template, I added a reference to DirectoryServices to my project and added the bit of code that displays the current logged-on user in the upper right corner of the page. According to the graphics, it should now say "Welcome PCE\dnewman!"
I followed the excellent instructions in this post: IIS Express Windows Authentication and did make some headway. However, I now get the 401.2 error from IIS Express, telling me I am not authorized...
So, I went in to my project properties and set Anonymous Authentication to Enabled. Now I can access the web page, but what I see in the upper right corner of my page is "Welcome !" -- no username.
I tried this with both IE and Firefox, with the same result. What the $#^&! am I missing here? It seems I am not logged in to Windows!! Where do I need to start looking for the problem?
At a previous employer a couple of years back, I wrote a Windows Forms app that authenticated the user with their Windows logon credentials. In that case, I had to take special care to both send the credentials and then to explicitly authenticate them on the service end. Is there something I have to do to make the browser include credentials with every GET or POST?
By request, here's the contents of my web.config, with apologies for all the Glimpse config stuff.
<?xml version="1.0"
encoding="utf-8"?>
<configuration>
<configSections>
<section name="glimpse"
type="Glimpse.Core.Configuration.GlimpseConfiguration" />
</configSections>
<appSettings>
<add key="ClientValidationEnabled"
value="true" />
<add key="UnobtrusiveJavaScriptEnabled"
value="true" />
</appSettings>
<system.web>
<compilation debug="true"
targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.WebPages" />
</namespaces>
</pages>
<trace writeToDiagnosticsTrace="true"
enabled="true"
pageOutput="false" />
<httpModules>
<add name="Glimpse"
type="Glimpse.Core.Module" />
</httpModules>
<httpHandlers>
<add path="glimpse.axd"
verb="GET,POST"
type="Glimpse.Core.Handler" />
</httpHandlers>
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false"/>
<windowsAuthentication enabled="true" />
</authentication>
</security>
<modules runAllManagedModulesForAllRequests="true">
<add name="Glimpse"
type="Glimpse.Core.Module,Glimpse.Core"
preCondition="integratedMode" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="Glimpse"
path="glimpse.axd"
verb="GET,POST"
type="Glimpse.Core.Handler,Glimpse.Core"
preCondition="integratedMode" />
</handlers>
</system.webServer>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IReporting"
maxBufferSize="1024000"
maxBufferPoolSize="1000000"
maxReceivedMessageSize="1024000">
<readerQuotas maxDepth="200"
maxStringContentLength="65536"
maxArrayLength="32768"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<security mode="None" />
</binding>
<binding name="normalBinding">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint name="tcpAdminServiceEndpoint"
address="net.tcp://PCESRV22.pce.local:9000/ProductionMonitor/AdminService"
binding="netTcpBinding"
bindingConfiguration="normalBinding"
contract="Contracts.IAdmin" />
<endpoint name="tcpMasterDataServiceEndpoint"
address="net.tcp://PCESRV22.pce.local:9010/ProductionMonitor/MasterDataService"
binding="netTcpBinding"
bindingConfiguration="normalBinding"
contract="Contracts.IMasterData" />
<endpoint name="tcpReportingServiceEndpoint"
address="net.tcp://PCESRV22.pce.local:9030/ProductionMonitor/ReportingService"
binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IReporting"
contract="Contracts.IReporting" />
</client>
</system.serviceModel>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc"
publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0"
newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<glimpse enabled="true" />
</configuration>
I am more than willing to divulge more details as needed, but I really don't even know where to start looking. Every post or article I can find seems to assume this part just happens as part of the Windows/MVC3/ASP.NET setup.
Thanks, Dave

If you follow all the recommendations in the referenced post, you'll end up with a non-working mess, like I did. Each answer has its own merit, but applying all of them only ends in frustration.
The post from Microsoft that answered all questions and got me working is here: How to Create an Intranet Site Using ASP.NET MVC
Save this link, it's golden...
I also found the "Add Deployable Dependencies" option can break Windows authentication. If I selected the "ASP.NET Web Pages with Razor syntax" option in the "Add Deployable Dependencies" dialog box, it immediately broke Windows authentication and seemed to go back to forms authentication -- I got a 404 error "The resource cannot be found" looking for /Account/Login. I didn't have to deploy it, just selecting that option broke it. The only way to fix it then is to start over. I was unable to remove enough of anything to get it to start working again, and I was unable to determine what change was made that caused this behavior.
This blog post saved the day: How to Deploy an ASP.NET MVC 3 App to Web Hosting with "\bin Deployment" - it shows which assemblies are needed and how to get them included with your web app when you deploy it WITHOUT using the "Add Deployable Dependencies" nonsense.
I hope this saves somebody the hours I spent trying to get it all to work.

DefaultDocument suddenly not working on IIS7

I have a website which has been running on IIS7 for about 2 months. We have the default documents set up to load a default.asp page when users go to the domain with no page. Suddenly this morning, I am getting errors and the default document will not load. If I type the default.asp, the file loads just fine.
Error Info:
Module: DefaultDocumentModule
Notification: ExecuteRequestHandler
Handler: StaticFile
Error Code: 0x80070002
here is a section from my applicationhost.config:
<system.webServer>
<asp>
<cache diskTemplateCacheDirectory="%SystemDrive%\inetpub\temp\ASP Compiled Templates" />
</asp>
<defaultDocument enabled="true">
<files>
<clear />
<add value="Default.asp" />
<add value="Default.htm" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
<globalModules>
<add name="UriCacheModule" image="%windir%\System32\inetsrv\cachuri.dll" />
<add name="FileCacheModule" image="%windir%\System32\inetsrv\cachfile.dll" />
<add name="TokenCacheModule" image="%windir%\System32\inetsrv\cachtokn.dll" />
<add name="HttpCacheModule" image="%windir%\System32\inetsrv\cachhttp.dll" />
<add name="StaticCompressionModule" image="%windir%\System32\inetsrv\compstat.dll" />
<add name="DefaultDocumentModule" image="%windir%\System32\inetsrv\defdoc.dll" />
<add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" />
<add name="ProtocolSupportModule" image="%windir%\System32\inetsrv\protsup.dll" />
<add name="HttpRedirectionModule" image="%windir%\System32\inetsrv\redirect.dll" />
<add name="ServerSideIncludeModule" image="%windir%\System32\inetsrv\iis_ssi.dll" />
<add name="StaticFileModule" image="%windir%\System32\inetsrv\static.dll" />
<add name="AnonymousAuthenticationModule" image="%windir%\System32\inetsrv\authanon.dll" />
<add name="RequestFilteringModule" image="%windir%\System32\inetsrv\modrqflt.dll" />
<add name="CustomErrorModule" image="%windir%\System32\inetsrv\custerr.dll" />
<add name="HttpLoggingModule" image="%windir%\System32\inetsrv\loghttp.dll" />
<add name="RequestMonitorModule" image="%windir%\System32\inetsrv\iisreqs.dll" />
<add name="IsapiModule" image="%windir%\System32\inetsrv\isapi.dll" />
<add name="IsapiFilterModule" image="%windir%\System32\inetsrv\filter.dll" />
<add name="CgiModule" image="%windir%\System32\inetsrv\cgi.dll" />
<add name="FastCgiModule" image="%windir%\System32\inetsrv\iisfcgi.dll" />
<add name="ManagedEngine" image="%windir%\Microsoft.NET\Framework\v2.0.50727\webengine.dll" preCondition="integratedMode,runtimeVersionv2.0,bitness32" />
<add name="ConfigurationValidationModule" image="%windir%\System32\inetsrv\validcfg.dll" />
<add name="ManagedEngine64" image="%windir%\Microsoft.NET\Framework64\v2.0.50727\webengine.dll" preCondition="integratedMode,runtimeVersionv2.0,bitness64" />
<add name="RewriteModule" image="%SystemRoot%\system32\inetsrv\rewrite.dll" />
<add name="ManagedEngineV4.0_32bit" image="C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness32" />
<add name="ManagedEngineV4.0_64bit" image="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness64" />
<add name="WebDAVModule" image="%SystemRoot%\system32\inetsrv\webdav.dll" />
<add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />
</globalModules>
I have also verified that the modules physically exist on disk. I am not aware of any changes on this server, and the default document has definitely been working up till yesterday. Server is Windows Server 2008 x64 with IIS 7.0.
I've recycled the app pool, booted the server, removed and reentered the default documents. the error looks like it cant find the default document module..
What else can I try?

My coworker and I have been chasing this all morning and someone on IRC pointed us to the resolution. Turns out that IIS was having trouble with the default document b/c the website root folder had gotten marked as Hidden. Apparently, when the folder is Hidden, the default document module cannot find it and you get the ERROR_FILE_NOT_FOUND shown above.
We verified this behavior on a Dev server by setting the web root folder to Hidden and sure enough got the same error for the default document. Removed the Hidden attribute and the default document loads correctly.
I have seen a lot of questions about this today, and no one has posted an answer that fit our problem. I want to say thanks to whoever that was on IRC! And hopefully this will help others to post it here.