Adding WebAPI as a child/nested application in IIS - asp.net

Steps to recreate this issue:
Inside IIS create a new .net 4 website (herein known as the parent).
Drop a test image in the folder for this website and observe you can
request it successfully in a browser
Add a new virtual directory OR application under the parent that points to a WebAPI 2 project
Attempt to access the API in the browser using www.path-to-parent-site.com/api/something/or/other
I get the following error:
System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Configuration.ConfigurationErrorsException: System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ConfigurationErrorsException: System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.]
System.Web.Configuration.HandlerFactoryCache.GetHandlerType(String type) +12328272
System.Web.Configuration.HandlerFactoryCache..ctor(String type) +27
System.Web.HttpApplication.GetFactory(String type) +94
System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +375
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34209
Is there anything I can do to get this working? I can find very little relevant information on this particular issue and even fewer solutions to those who have seen this error.
Note: If I add the WebAPI 2 project as a new website in IIS it works perfectly; its only when its nested as a child (either virtual directory or application has the same problem) that this happens.
Thanks

WebApi is not supposed to be hosted on a virtual directory, if you wanna do so you need to make the routing pattern dynamic and load the first part from the virtual directory.
var virtualDirectory = request.ApplicationPath;
routes.MapHttpRoute(
name: "API Default",
routeTemplate: virtualDirectory + "/api/{controller}/{id}",
defaults: new {
id = RouteParameter.Optional
}
);

You need to use parentsite.com/childvirtualdirectory/api even though the API is hosted in the childvirtualdirectory.
In my scenario, I had parentsite/api setup in IIS... then to access the web API, I needed to use http://parentsite/api/api/<<controller>>

Related

Nopcommerce security exception

When I publish the nopcommerce on the server, I got this error. My host provides me full trust level.
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's
trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request failed.
Source Error:
An unhandled exception was generated during the execution of the current web request.
Information regarding the origin and location of the exception can be identified
using the exception stack trace below.
Stack Trace:
[SecurityException: Request failed.]
Nop.Core.TypeConverterRegistrationStartUpTask.Execute() +0
Nop.Core.Infrastructure.NopEngine.RunStartupTasks() +487
Nop.Core.Infrastructure.NopEngine.Initialize(NopConfig config) +48
Nop.Core.Infrastructure.EngineContext.Initialize(Boolean forceRecreate) +92
Nop.Web.MvcApplication.Application_Start() +66
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.36366
how to solve this error?
Check if your hosting meets the requirements: Technology & System Requirements
Next check whether you done this right: Installation Guide
For me this seems like your installation has not enough rights.
According to installation guide you need to give nopCommerce write permission on following directories and files
\App_Data\
\bin\
\Content\
\Content\Images\
\Content\Images\Thumbs\
\Content\Images\Uploaded\
\Content\files\ExportImport\
\Plugins\
\Plugins\bin\
\Global.asax
\web.config

Key not valid for use in specified state. After IIS Reset

I tried this:
runas /user: domain\user cmd with no luck
This seems to only occur now when IIS is reset and I try to resume my browsing session. So I am logged into the application, I reset IIS on the server, refresh the page and see the error.
I am building an application in .NET 4.0 MVC with a Secure Token Service that is using WIF 4.0. Everything works as expected, except this case. I even tried to use a custom error page, but the error is happening there as well. Because of that, I can't get the custom page to show either. Also, This is using a certificate that is located on both load balanced servers. This happens in my dev environment whihc consists of only one server (app, wfe, db operated there)
One thing I noticed is that if I switch my IIS APP Pool user back to Network Service account it doesn't throw the error any more. We have some restrictions (mostly network related) in the application that we need to use an account in our AD for the app pool sections
Anybody have any experience with this issue?
Key not valid for use in specified state.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details:
System.Security.Cryptography.CryptographicException: Key not valid for
use in specified state.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: Key not valid for use in specified state. ]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[]
encryptedData, Byte[] optionalEntropy, DataProtectionScope scope) +428
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +54
[InvalidOperationException: ID1073: A CryptographicException occurred
when attempting to decrypt the cookie using the ProtectedData API (see
inner exception for details). If you are using IIS 7.5, this could be
due to the loadUserProfile setting on the Application Pool being set
to false. ]
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +146
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[]
cookie, Boolean outbound) +113
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader
reader, SecurityTokenResolver tokenResolver) +647
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[]
token, SecurityTokenResolver tokenResolver) +105
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[]
sessionCookie) +262
Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken&
sessionToken) +76
Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object
sender, EventArgs eventArgs) +53
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+148 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
This issue is related to session cookies.
WIF protects session cookies using Data Protection API (DPAPI) by default, and the DPAPI is closely related to machine keys.
If the keys used to encrypt the session cookies change, it throws this exception.
It could be also related to your app hosting infrastructure.
if your app is running in an Network Load Balancer (NLB) environment
if you change the app pool settings (e.g., change the pool’s user)
More details about this scenario on the MSDN blog entry:
WIF 1.0 – ID1073 A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API Archive.Today Shortlink
Todd Foust (October 29, 2012)
So, if your app runs in NLB environment, you could :
Configure your load balancer to use sticky sessions. This means that your user will be directed to the same server during the session duration. (I’m not very fond of that one)
Use a certificate to encrypt the session cookies
set all web.config files to use the same machine key in system.web
If you are not running the app in a NLB env, you could try:
set the machinekey in your web.config to use a pre-defined value instead of auto-generated values
Regarding auto-generated machinekey setting, please see:
How unique is your machine key?Archive.Today Shortlink

exception Collection is read-only error with ASP4.5 on IIS7.5

I am running Dotnetnuke7 on a shared hosting environment using ASP.net 4.5 and IIS configured in integrated pipeline mode (as required by DNN7).
When I install it on a Win2008/IIS7 server (ASP4.0) at the hosting provider the application runs fine, but when I install it on a Win2008R2/IIS7.5 server at the hosting provider(ASP4.5) I get an exception Collection is read-only when trying to log-in or submitting anything to the site. (For example use DNN search function). See detailed stacktrace below.
The hosting provider checked the .net 4.5 permissions, and also applies apppool-specific permissions, but no luck yet.
Anybody a clue what IIS7.5 parameter or option can be the cause here?
Server Error in '/' Application.
Collection is read-only.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NotSupportedException: Collection is read-only.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NotSupportedException: Collection is read-only.] System.Collections.Specialized.NameObjectCollectionBase.BaseSet(String name, Object value) +6703734
System.Web.HttpServerVarsCollection.SetServerVariableManagedOnly(String name, String value) +116
System.Web.HttpServerVarsCollection.SynchronizeServerVariable(String name, String value) +28
System.Web.HttpRequest.SynchronizeServerVariable(String name, String value) +112 System.Web.Hosting.IIS7WorkerRequest.GetServerVarChanges(HttpContext ctx) +308 System.Web.Hosting.IIS7WorkerRequest.SynchronizeVariables(HttpContext context) +9676858 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +151
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
For anyone stumpling on this - I had this exact issue today.
Resolved by two actions for me:
Verify isapi filters in IIS for .net 4.0/4.5 etc are ALLOWED
I had installed rewriter-modules (Helicon). Once I removed these ISAPI-filters again - all worked fine.
So check isapi-filters is my advice and start without any additional filters except the needed .net filters.

web api TaskScheduler.UnobservedTaskException

I have recently published an asp.net web api to a production web site. On production about once a day the an unhandled exception causes the web site process to recycle:
An unhandled exception occurred and the process was terminated.
Application ID: /LM/W3SVC/2/ROOT/oasis Process ID: 9236 Exception:
System.AggregateException Message: A Task's exception(s) were not
observed either by Waiting on the Task or accessing its Exception
property. As a result, the unobserved exception was rethrown by the
finalizer thread. StackTrace: at
System.Threading.Tasks.TaskExceptionHolder.Finalize() InnerException:
System.Web.HttpException Message: The remote host closed the
connection. The error code is 0x800704CD. StackTrace: at
System.Web.Http.WebHost.HttpControllerHandler.EndProcessRequest(IAsyncResult
result) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
This exception appears to not to originate in program code but in web api internals. I need to prevent such an excetion from recycling the process as this destroys the sessions of numberous users.
I understand that one way to handle this exception is to use :
TaskScheduler.UnobservedTaskException += (sender, e) =>
{
McpsEventLog.PostException(e.Exception, "webapicontroller");
e.SetObserved();
};
But for this to work, where can I put this code. somewhere in the web api controller? Or in the global.asax. Does someone know how the UnobserveredTaskException can be impletmented in an asp.net Web Api rest service?
You are right: Unhandled exception are unacceptable in the context of a web application. The right place to setup that handler is the Application_Start event.
You also should set up UnhandledException-event. It does not allow you to swallow the exception, though. Only log it.
Finally, see my question about this topic: How to treat unhandled thread-exceptions in ASP.NET? I did not get a usable answer but it might still help you.

Commerce Server and ASP.NET Integrated Pipeline error

I am using Microsoft Commerce Server 2007 and a custom ASP.NET 2.0 website. Everything works well in Classic Pipeline, but when I try to use the Integrated pipeline, it fails with the following error:
Server Error in '/' Application.
Request is not available in this context
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Request is not available in this context
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpContext.get_Request()
+8794400 Microsoft.CommerceServer.Runtime.Orders.CommerceOrderModule.Init(HttpApplication
appInstance) +134
System.Web.HttpApplication.InitModulesCommon()
+65 System.Web.HttpApplication.InitIntegratedModules()
+49 System.Web.HttpApplication.InitInternal(HttpContext
context, HttpApplicationState state,
MethodInfo[] handlers) +729
System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext
context) +298
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext
context) +107
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) +363
I've done my best to research this, and it's definitely caused by Commerce Server trying to access the HttpContext.Current when there is no current request. This all happens before anything in my code, and there's nothing to break into or any source code to look at. I've even tried attaching the debugger to the IIS process (w3wp.exe), but it doesn't catch anything.
I have followed the instructions Here to add the web.config section, but it hasn't made any difference.
I have a different website on a different server using Commerce Server in Integrated Pipeline mode with no problems, so I know it's possible. I can't find a significant difference between the two web.config files, so I'm assuming it's a config error somewhere else, but I don't have any idea where to look.
It is critical that I can get this working in Integrated Pipeline mode for performance reasons, plus I am creating a custom URL Rewriting HTTP Module which works with the integrated pipeline only.
Thank you in advance for any help!

Resources