I have a application deployed on liberty profile that connects to a db server over the network.
I'm trying to configure it so when connection time outs happen they are logged in messages or trace log files.
At the moment it just gives me an output like
Application xyz has not started in 30.004 seconds.
nothing to indicate why.... can anyone tell me how i configure it to output all DB related errors ?
A failure to connect to a database should not be related to whether or not your application starts. As any database access defined by application code would be running after the application has reported that it started.
I suspect there is a separate issue causing your application to not start. To confirm this theory you can comment out database access from your application and see if the app starts then.
Related
I have a web application built by ASP.NET Web API and the database is Oracle.
When I published the site on the IIS and run it, I recognized the following:
I found many records in the view DBA_AUDIT_SESSION and that's records LOGOFF/LOGON in the order.
After that, I let the site open for a while on a tab in the Chrome Browser without any interaction from me and I found many records LOGOFF, then return to the tab and open a page included it, and I found new records was generated on that view but with Action LOGON.
My question is:
1-That's normal or my application has an issue?
I analyzed that, but maybe I was wrong:
I think when the site run using IIS, all the old sessions will be LOGOFF, and after the application run on the browser, new sessions will be generated, and when the application sleep "without any interaction" the session will be LOGOFF and after return to the application and ask for a page included it, the application will ask a data from the database using an API and that connection will register as LOGON action.
Another question:
I check the main view DBA_AUDIT_TRAIL and I found the Action LOGON come with comment_text explain the Authentication process, and in my case, it comes with:
Authenticated by: DATABASE;
My question is in every LOGON action the port changed, why that?
Establishing a database connection is a pretty expensive operation. Ideally a web application should be using a connection pool, so that you create create pool of database sessions initially and they remain there for the life of the application. The app tier will ask for a connection from the pool as it needs to interact with the database.
So utopia is to see an initial set of LOGON records and then no LOGOFF records until your shut the application down.
I have an ASP.NET MVC app, running as Azure Web App.
I use pre-authentication/EasyAuth, and for 5 deployment slots it works fine. Each of them has their own Azure AD App Registration.
But the production site (not a deployment slot, root of the app) throws an error when after logging in, at the /.auth/login/aad/callback path:
I have compared Azure AD App manifest with one that works, and the only difference is the names, description and URLs - as expected.
Using Kudu to view an error, it seems to come from the EasyAuthModule:
So, basically this was an issue with the App Registration used, were created from another deployment slot.
Even though Authentication / Authroization for the web app was set up as Express, the correct App Registration was selected - it turns out it did not get the Client Secret transferred from App Registration to the Web App (in my case, it had the wrong key):
To fix it, you can switch to advanced as shown above, open the associated App Registration and create a new key:
The key is not shown until you save, and is only shown once. Copy it, and insert it into the Client Secret input of the Web App.
After saving all the blades, it is possible to switch back to Express auth. setup and the key will remain.
As I cannot comment I'll add my case as an answer in a bit more detail than I would have to a comment.
I had the exact same error messages From Easyauth in an ASP.NET MVC app running as Azure App Service Web App.
The initial error message was just "The page cannot be displayed because an internal server error has occurred." And via FTP and/or Visual Studio Server Explorer and/or Cloud Explorer I could check the real error page after setting the detailed error messages on from App Service Logs. Those errors were the same as with MartinHN got using Kudu.
So in the more detailed error the predominantly shown 500.74 error originally pointed me to the wrong direction (MFA). But Request Url (.auth/login/aad/callback ) where the error message indicated the internal server error was occurring in, led me to this SO question.
In my case though I had the Advanced Configuration already selected in App Services Active Directory Authentication. And the client secret key was not just wrong. It turned out that the client secret had expired. But it wasn’t obvious to me as I don’t have access to the AAD. I had to contact a separate AD team to check the secrets.
So expired client secret (keys) can also cause this very same error.
I am using Microsoft.SqlServer.Management.IntegrationServices in an ASP.NET web form to access an SSIS project in SSISDB. Testing locally on my own PC I am able to access the package from the test server and it runs fine.
My issue comes up when I try to run the site from the test server. The same test server hosts the site with IIS 7 and hosts the Sql Server database which stores the package with Integration Services. So like I said, the package is hosted on the server and when I run the site locally on my PC, all works fine.
When I run the site on test and try to access the package I get:
System.Data.SqlClient.SqlException (0x80131904): Login failed for user '[DOMAIN]\[PCNAME]$'.
I am using integrated security in my connection string:
SqlConnection connection = new SqlConnection(#"Data Source=[Test_Server];Initial Catalog=master;Integrated Security=True;");
IntegrationServices integrationServices = new IntegrationServices(connection);
My error comes up here when trying to connect.
I've tried adding '[DOMAIN]\[PCNAME]$' as a Sql login using Windows authentication with every permission I can think of. User mapping for database SSISDB has accessadmin, datareader, datawriter, owner, public, and ssis admin. I know not all of these should be needed, but I'm trying everything.
I went to SSISDB under databases, and gave the login permission to Connect, Execute, and Select.
Under Integration Services Catalogs I gave my folder, under SSISDB catalog, permission for the my Windows User ('[DOMAIN]\[PCNAME]$') login to Read, Execute Objects, and Read Objects.
I gave the SSISDataTransfer project permission for the Windows User to Read, Modify, and Execute.
I'm out of ideas and figure it's probably some IIS issue. It has Windows Authentication installed and set.
Anyone have any ideas? I've found posts about how to get the code to work, but nothing on connection specifics. Thanks!
i have had similar problem recently and i have worked with SSIS packages being used with web applications too. in my opinion you should use a custom user account to be used as your app pool account. and you will have to add this account to your database server. when running an app pool as local system or network service, the account being used for connection to a remote database server will be "DomainName\MachineName$" which will be different for every machine which tries to connect to your sql server. so instead of adding all these user names in sql, you will be better off using a custom user account.
Secondly looks like your web application does not run on the same machine as your sql server which i think will not work because you can invoke SSIS package from the same server only.
Another thing to try is to add a credential to sql server - in Security - Credentials in SQL Server management studio. This credential would be the authenitcated user that you are running it successfully under. Then in your SSIS package, in SQL Server agent, go into the job step and in the "Run As"drop down, select the new credential for your user that you created.
Ive created a app in asp.net using c# that needs to create folders on a number of network shares. Ive configured the app pool account to use a domain account and given that domain account the correct permissions to the network share folder. When i run my code im getting the following exception. Any ideas?
Exception: System.ComponentModel.Win32Exception
Message: Logon failure: unknown user name or bad password
You should create an account on the network that has the relevant access to that share and then set your application pool to use that identity.
This way, all requests from your application will appear to be that user.
Take care with this approach, however, as if anyone changes the password to that account, you will need to update it within your IIS
OK seems I've been a bit of a chump. Seems there was some code I wrote (cant remember doing it) that impersonated the account I had set for the custom app pool but with the old password. Simply commented out the code and it now works as expected. Note to self!!!!!! Must read stack trace more carefully in future.
Apologies for wasting your time
I am trying to call an old VB6 dll (no source code available) from an ASP.NET project. The dll connects to a server using windows authentication, so I need to call functions as a specific user, not NETWORKSERVICE as it is now.
This would preferably be determined at call time, not load time because I am impersonating the remote user and would like for this to be the user calling the functions, not the application user and not NETWORKSERVICE as it is now.
So, theres the browser running as USER, connecting to the application impersonating USER, calling the dll as USER, but the dll is trying to connect to a remote server as NETWORKSERVICE, not USER.
Is it possible to make this dll connect to the remote server as USER? Or, if nothing else, connect as the application user?
Edit:
Impersonation is done in code by calling Impersonate() on the remote user's WindowsIdentity. The company I work for has a custom SecurityPrincipal and SecurityIdentity so it's kind of weird how I have to go about getting the WindowsIdentity (it's a little more in depth than User.Identity), but I have used this method before successfully and have verified that System.Security.Principal.WindowsIdentity.GetCurrent().Name
is the correct user during the impersonation.
I would first try to find out how the DLL is connecting as a different user (Process Explorer can help with this). Is it possible that the DLL is communicating with a service (or some other process) which is running on the box which is logged in as NETWORKSERVICE? If so, you can change that service to run as a different user. Just grasping at straws, hope you figure it out!
I did eventually find the problem (which just lead to other problems, but anyway) it turned out to be I was missing an AspCompat="true" on my page. Actually the problem was that I was using a "Handler" and not a "Page". Handlers do not have the STA abilities that Pages have. What was happening was every time I tried to access the COM component, there would be a thread switch (impersonation lost) since the application is running in an MTA and the COM component must run in an STA.