Nopcommerce security exception - nopcommerce

When I publish the nopcommerce on the server, I got this error. My host provides me full trust level.
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's
trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request failed.
Source Error:
An unhandled exception was generated during the execution of the current web request.
Information regarding the origin and location of the exception can be identified
using the exception stack trace below.
Stack Trace:
[SecurityException: Request failed.]
Nop.Core.TypeConverterRegistrationStartUpTask.Execute() +0
Nop.Core.Infrastructure.NopEngine.RunStartupTasks() +487
Nop.Core.Infrastructure.NopEngine.Initialize(NopConfig config) +48
Nop.Core.Infrastructure.EngineContext.Initialize(Boolean forceRecreate) +92
Nop.Web.MvcApplication.Application_Start() +66
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.36366
how to solve this error?

Check if your hosting meets the requirements: Technology & System Requirements
Next check whether you done this right: Installation Guide
For me this seems like your installation has not enough rights.
According to installation guide you need to give nopCommerce write permission on following directories and files
\App_Data\
\bin\
\Content\
\Content\Images\
\Content\Images\Thumbs\
\Content\Images\Uploaded\
\Content\files\ExportImport\
\Plugins\
\Plugins\bin\
\Global.asax
\web.config

Related

Adding WebAPI as a child/nested application in IIS

Steps to recreate this issue:
Inside IIS create a new .net 4 website (herein known as the parent).
Drop a test image in the folder for this website and observe you can
request it successfully in a browser
Add a new virtual directory OR application under the parent that points to a WebAPI 2 project
Attempt to access the API in the browser using www.path-to-parent-site.com/api/something/or/other
I get the following error:
System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Configuration.ConfigurationErrorsException: System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ConfigurationErrorsException: System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.]
System.Web.Configuration.HandlerFactoryCache.GetHandlerType(String type) +12328272
System.Web.Configuration.HandlerFactoryCache..ctor(String type) +27
System.Web.HttpApplication.GetFactory(String type) +94
System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +375
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34209
Is there anything I can do to get this working? I can find very little relevant information on this particular issue and even fewer solutions to those who have seen this error.
Note: If I add the WebAPI 2 project as a new website in IIS it works perfectly; its only when its nested as a child (either virtual directory or application has the same problem) that this happens.
Thanks
WebApi is not supposed to be hosted on a virtual directory, if you wanna do so you need to make the routing pattern dynamic and load the first part from the virtual directory.
var virtualDirectory = request.ApplicationPath;
routes.MapHttpRoute(
name: "API Default",
routeTemplate: virtualDirectory + "/api/{controller}/{id}",
defaults: new {
id = RouteParameter.Optional
}
);
You need to use parentsite.com/childvirtualdirectory/api even though the API is hosted in the childvirtualdirectory.
In my scenario, I had parentsite/api setup in IIS... then to access the web API, I needed to use http://parentsite/api/api/<<controller>>

CryptographicException ID1073 error The is invalid on ASP.NET 4.0 site

Has anyone ever come across this error? I'm getting this when I post back to a forms authenticated site after redirecting to another site and then redirecting back. I've already checked that loadUserProfiles="true" but that did not help. This is a site hosted on IISExpress via other sites also hosted on IISExpress, using localhost gen'ed SSL certs and differentiating via host header. I'm pretty clueless at this point on where the error even comes from. Is it a cookie error? The FormsAuth cookie? It's ASP.NET 4.0 site where I'm authenticating against a Thinktecture Id server. Any feedback is appreciated to help me with my current block. Thanks
Server Error in '/' Application.
The data is invalid.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: The data is invalid.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: The data is invalid.
]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope) +318
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded) +203
[InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ]
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded) +319
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +217
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +1951
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +149
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +595
Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +120
Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +113
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18044
Crypto errors like this are common if your application pool is not set to load its user profile. The crypto system needs to access user's cert store.
The exact moment the error occurs is when you authenticate and the sts sends back the signed SAML token.
This means that the error is subtle. You don't see it everytime, only in one exact moment. You can even be deceived that the error is gone because the site works correctly, however the error reappears as soon as someone tries to log in.
The problem was only happening in IE9 when running in Debug mode. After awhile it went away for whatever reason. :/

exception Collection is read-only error with ASP4.5 on IIS7.5

I am running Dotnetnuke7 on a shared hosting environment using ASP.net 4.5 and IIS configured in integrated pipeline mode (as required by DNN7).
When I install it on a Win2008/IIS7 server (ASP4.0) at the hosting provider the application runs fine, but when I install it on a Win2008R2/IIS7.5 server at the hosting provider(ASP4.5) I get an exception Collection is read-only when trying to log-in or submitting anything to the site. (For example use DNN search function). See detailed stacktrace below.
The hosting provider checked the .net 4.5 permissions, and also applies apppool-specific permissions, but no luck yet.
Anybody a clue what IIS7.5 parameter or option can be the cause here?
Server Error in '/' Application.
Collection is read-only.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NotSupportedException: Collection is read-only.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NotSupportedException: Collection is read-only.] System.Collections.Specialized.NameObjectCollectionBase.BaseSet(String name, Object value) +6703734
System.Web.HttpServerVarsCollection.SetServerVariableManagedOnly(String name, String value) +116
System.Web.HttpServerVarsCollection.SynchronizeServerVariable(String name, String value) +28
System.Web.HttpRequest.SynchronizeServerVariable(String name, String value) +112 System.Web.Hosting.IIS7WorkerRequest.GetServerVarChanges(HttpContext ctx) +308 System.Web.Hosting.IIS7WorkerRequest.SynchronizeVariables(HttpContext context) +9676858 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +151
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
For anyone stumpling on this - I had this exact issue today.
Resolved by two actions for me:
Verify isapi filters in IIS for .net 4.0/4.5 etc are ALLOWED
I had installed rewriter-modules (Helicon). Once I removed these ISAPI-filters again - all worked fine.
So check isapi-filters is my advice and start without any additional filters except the needed .net filters.

Commerce Server and ASP.NET Integrated Pipeline error

I am using Microsoft Commerce Server 2007 and a custom ASP.NET 2.0 website. Everything works well in Classic Pipeline, but when I try to use the Integrated pipeline, it fails with the following error:
Server Error in '/' Application.
Request is not available in this context
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Request is not available in this context
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpContext.get_Request()
+8794400 Microsoft.CommerceServer.Runtime.Orders.CommerceOrderModule.Init(HttpApplication
appInstance) +134
System.Web.HttpApplication.InitModulesCommon()
+65 System.Web.HttpApplication.InitIntegratedModules()
+49 System.Web.HttpApplication.InitInternal(HttpContext
context, HttpApplicationState state,
MethodInfo[] handlers) +729
System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext
context) +298
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext
context) +107
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) +363
I've done my best to research this, and it's definitely caused by Commerce Server trying to access the HttpContext.Current when there is no current request. This all happens before anything in my code, and there's nothing to break into or any source code to look at. I've even tried attaching the debugger to the IIS process (w3wp.exe), but it doesn't catch anything.
I have followed the instructions Here to add the web.config section, but it hasn't made any difference.
I have a different website on a different server using Commerce Server in Integrated Pipeline mode with no problems, so I know it's possible. I can't find a significant difference between the two web.config files, so I'm assuming it's a config error somewhere else, but I don't have any idea where to look.
It is critical that I can get this working in Integrated Pipeline mode for performance reasons, plus I am creating a custom URL Rewriting HTTP Module which works with the integrated pipeline only.
Thank you in advance for any help!

System.Web.AspNetHostingPermission SecurityException when trying to use ManagedFusion Rewriter on Goddaddy

I wonder if someone could help me out with an issue I'm experiencing trying to get my site up and running on Goddaddy.
I'm trying to get extension-less url rewriting working using the ManagedFusion Rewriter (http://www.codeplex.com/urlrewriter/) Unfortunately I'm getting the following error:
Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Web.Hosting.HostingEnvironment.get_ApplicationID() +61
IIS7Injector.TraceManager.TraceEvent(TraceEventType eventType, String message) +62
IIS7Injector.ConfigManager.IsSkippedUrl(HttpRequest request, String ContentType) +38
IIS7Injector.InjectedContentStream.Write(Byte[] buffer, Int32 offset, Int32 count) +153
ManagedFusion.Rewriter.FormActionFilter.Write(Byte[] buffer, Int32 offset, Int32 count) +485
System.Web.HttpWriter.FilterIntegrated(Boolean finalFiltering, IIS7WorkerRequest wr) +265
System.Web.HttpResponse.FilterOutput() +80
System.Web.CallFilterExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +54
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
Version Information: Microsoft .NET Framework Version:2.0.50727.1434; ASP.NET Version:2.0.50727.1434
I'm runnung using IIS 7 in integrated mode. I've modified my web.config file by following the instructions in the readme file here:
http://www.codeplex.com/urlrewriter/Release/ProjectReleases.aspx?ReleaseId=22618
Thank very much in advance.
I hit this same exception on a new install, changing the App pool identity to NetworkService / aspnet fixed it.
Additionally, enabling Load User Profile on the app pool also worked.
Try the following:
App Pool -> Advanced Settings -> Load Users Profile = True
for me it was:
1. unblock all files
http://nicholasrogoff.wordpress.com/2010/09/01/how-to-bulk-unblock-files-in-windows-7-or-server-2008/
2.restart application pool
One cause for this problem is when you have done the totally odd thing of publishing you application on the server by using the server to download the application from the Internet. The files will then be marked as originating from the Internet, and security settings then prevent them from running.
The "downloaded-from-Internet" mark is stored in the file system as an NTFS alternative data stream. Use the "Streams" tool to display and remove the flags:
http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
Then restart the application pool.
This is actually a known issue with GoDaddy's Medium Trust environment. However with the latest release of URL Rewriter 3.0 all these issues are now gone. Please get the latest release and let me know if you have any issues.
I had a similar issue with GoDaddy. Even though it didn't seem related at first since it's not in the stack trace (and may not apply to you since you're using third party code), removing Response.End() calls solved the issue in my case.
I had this issue because of a networked drive at work.When i moved my project to my desktop it started working again.

Resources