There are two new attributes are added to cfmail in Coldfusion 11 named "encrypt" and "encryptionalgorithm ". But they are not working. When I am sending normal email it is successful on my local system but with encryption it fails.
<cfmail server="smtp.gmail.com"
username="deepakkumarpadhy631#gmail.com"
password="*****" port="465" usessl="true"
from="deepakkumarpadhy631#gmail.com"
to="dkumar431#gmail.com"
subject="Test Email"
type="text/html"
encrypt = "true"
encryptionalgorithm = "Standard" >
#emailTxt#
</cfmail>
Anyone faced the same issue?
Related
I recently migrated my ASP.Net website from a traditional windows 2003 shared server to Azure as a Web App. My VBScript forms which send e-mails to me have stopped working since the migration. I have tried a few different approaches to get my VBScript email code to work but have had no luck so far. Part of the problem is that I can't see what the error is.
The first part of my question is: How do I make the ASP.Net errors on my VBScript ASP page visible? I have set debug='true' in my web.config and I tried to set it on my ASP page (see below) but this hasn't worked. Currently I just get an 'Internal error 500' page after attempting to send the email with no indication of what went wrong.
Here is the code that sends the e-mail and appears to be the source of the problem. Can do I change this to work under Azure without rewriting my entire page in C#?
<%# Language=VBScript Debug='true' %> 'Debug=true doesn't work
Set Mailer = Server.CreateObject("Persits.MailSender")
Mailer.Host = "mail.mydomain.com" ' Specify a valid SMTP server
Mailer.From = Request.Form("AgentEmail") ' Specify sender's address
Mailer.FromName = Request.Form("AgentsName") ' Specify sender's name
Mailer.Port = 587
Mailer.isHTML = True
Mailer.AddAddress "person1#email.com"
Mailer.AddAddress "person2#email.net"
Mailer.AddAddress "person3#email.com"
Mailer.AddAddress Request.Form("AgentEmail")
Mailer.Body = "stuff in my email"
Mailer.Username = "me#emailcom"
Mailer.Password = "123456"
On Error Resume Next
Mailer.Send
If Err <> 0 Then
Response.Write "Error encountered: " & Err.Description
Else
Response.Write "Success"
End If
This code did work on my old Windows server. I've left out all of the HTML since that part appears to work just fine.
Assuming you're using Azure Websites (and not an Azure VM), you can use Classic ASP provided you jump through some hoops: https://khailiangtech.wordpress.com/2011/06/03/windows-azure-how-to-enable-classic-asp-support/
Windows Azure seems to support CDO (the built-in COM SMTP service) whereas your code is using Persits.MailSender - it might be possible to install the Persits.MailSender component via the <ServiceDefinition> XML - but I don't recommend this because of the 32/64-bit problem.
I suggest changing your script to use CDO instead, here's a reference: http://theholmesoffice.com/using-sendgrid-with-classic-asp-to-send-emails/ (the page is for using SendGrid's SMTP server, but you can use any SMTP server (just don't use port 25).
You're trying to instantiate an object from a DLL that is not installed: Server.CreateObject("Persits.MailSender")
You can't install any external COM object when using Web Apps. One option is to use a Virtual Machine and install your COM DLL.
For future reference, I ended up solving my problem by converting my code to C# and using to smtpClient. This is the general idea here:
SmtpClient smtpClient = new SmtpClient("mail.domain.com", 587);
smtpClient.UseDefaultCredentials = false;
smtpClient.Credentials = new System.Net.NetworkCredential(From, "password");
smtpClient.DeliveryMethod = SmtpDeliveryMethod.Network;
smtpClient.Port = 587;
MailMessage message = new MailMessage();
try
{
MailAddress fromAddress = new MailAddress(From, "Me");
smtpClient.Host = "mail.domain.com";
message.From = fromAddress;
message.To.Add(To);
message.Subject = Subject;
message.IsBodyHtml = true;
message.Body = Body;
smtpClient.Send(message);
Label_Results.Text = "Email successfully sent.";
}
catch (Exception ex)
{
ErrorLabel.Text = "<p>Send Email Failed:<p>" + ex.Message;
}
I have a two sites (one Classic ASP, one ASPX) housed on a 32-bit Windows 2003 server with IIS6. I am migrating these sites to a 64-bit Windows 2008 R2 server with IIS7.5. I've gone through all of the requisite steps to set up IIS on the new server and copied over all of the files from the old to the new server, including two Access databases in mdb format . These are accessed via DSN connections, which have been recreated on the new servers. I have confirmed IIS is set to run in 32-bit mode as well. The ASPX site seems to be working, but I'm running into issues with the older site, used by our company's dealers to file warranty claims (it was created in 2007).
When users access this site (via a secure portal on our externally-hosted web page), accessing the ASP site via a link prompts them to enter their username and password. These are checked by AuthentiX 6.2 against a table stored in one of the Access databases mentioned earlier, and if the user is in the database, they are taken to the site's first page. Here, the username (shown as "Dealer Acct") is shown, along with two boxes where they are prompted to enter an email address and a serial number (which is checked against the second database). However, when running test transactions on the new server, the user information is being left blank, and there is no provision to enter this information manually (by design I believe). When I attempt to proceed to the next page, I get the following error:
"You have not filled in one of the required fields correctly. Please correct RED colored items."
The red colored item, of course, is the username/"Dealer Account". I did notice several 10016 error messages, leading me to believe there may be an authentication issue I'm missing based on Googling that event ID (text details of event below)
>
Log Name: System
> Source: Microsoft-Windows-DistributedCOM Date:
> 5/26/2015 11:05:33 AM Event ID: 10016 Task Category: None Level:
> Error Keywords: Classic User: IIS APPPOOL\DefaultAppPool
> Computer: SR204A.xxxx.COM Description: The application-specific
> permission settings do not grant Local Activation permission for the
> COM Server application with CLSID
> {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID
> {9209B1A6-964A-11D0-9372-00A0C9034910} to the user IIS
> APPPOOL\DefaultAppPool SID
> (S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415) from
> address LocalHost (Using LRPC). This security permission can be
> modified using the Component Services administrative tool. Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86- B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM"
> />
> <EventID Qualifiers="49152">10016</EventID>
> <Version>0</Version>
> <Level>2</Level>
> <Task>0</Task>
> <Opcode>0</Opcode>
> <Keywords>0x80000000000000</Keywords>
> <TimeCreated SystemTime="2015-05-26T15:05:33.000000000Z" />
> <EventRecordID>9833</EventRecordID>
> <Correlation />
> <Execution ProcessID="0" ThreadID="0" />
> <Channel>System</Channel>
> <Computer>SR204A.xxxx.COM</Computer>
> <Security UserID="S-1-5-82-3006700770-424185619-1745488364-794895919- 4004696415"
> /> </System> <EventData>
> <Data Name="param1">application-specific</Data>
> <Data Name="param2">Local</Data>
> <Data Name="param3">Activation</Data>
> <Data Name="param4">{0C0A3666-30C9-11D0-8F20-00805F2CD064}</Data>
> <Data Name="param5">{9209B1A6-964A-11D0-9372-00A0C9034910}</Data>
> <Data Name="param6">IIS APPPOOL</Data>
> <Data Name="param7">DefaultAppPool</Data>
> <Data Name="param8">S-1-5-82-3006700770-424185619-1745488364- 794895919-4004696415</Data>
> <Data Name="param9">LocalHost (Using LRPC)</Data> </EventData> >></Event>
I also suspect that one of the DSN links isn't working correctly, but am unsure there. Here is the code from that page.
' Find the Current User
usingAuthentiXStandard = true
if (usingAuthentiXStandard) then
Set AuthX = Server.CreateObject("AUTHXOCX.AuthXOCXCtrl.1")
else
Set AuthX = Server.CreateObject("AUTHXISP.AuthXOCXCtrl.1")
protectedDomain = Request.ServerVariables("LOCAL_ADDR")
AuthX.SetVirtualDomain protectedDomain, Request.ServerVariables("SCRIPT_NAME")
AuthX.SetVirtualDomainPassword("")
end if
currentUser = left(UCASE(AuthX.CurrentUserName(Request.ServerVariables("LOCAL_ADDR"), Request.ServerVariables("SCRIPT_NAME"), Request.ServerVariables("HTTP_AUTHORIZATION"))),6)
Dim errormessage
strError = ""
if Request.Form("flag") = "1" Then
Dim rsSerialNumber, connection
Dim rowcount, SQL, sConnString
Set Connection=Server.CreateObject("ADODB.Connection")
Set rsSerialNumber=Server.CreateObject("ADODB.Recordset")
sConnString="DSN=warrantyreg"
Connection.Open(sConnString)
SQL = "SELECT UDFREF_28, [DATE PURCH] FROM [MAIN WARRANTY REGISTRATION DATA] WHERE UDFREF_28='"& Request.Form("txtSerialNumber")&"'"
rsSerialNumber.Open SQL,connection,3,3
rowcount=rsSerialNumber.recordcount
'response.write "The number of records is " & rowcount
if (rowcount > 0) then
if trim(rsSerialNumber.Fields("DATE PURCH").Value) <> "" then
strNextPage = 1
else
if Request("regflag") = 1 then
strNextPage = 1
else
if Request("regflag") = 2 then
strNextPage = 2
end if
end if
strRegError = 1
end if
else
strError = "<span class=""error"">Serial Number not found.</span>"
strNextPage = 0
end if
' Close our recordset and connection and dispose of the objects
rsSerialNumber.Close
Set rsSerialNumber = Nothing
Connection.Close
'Set Connection = Nothing
'Check Dealer Number
Set rsDealerAccount=Server.CreateObject("ADODB.Recordset")
sConnString="DSN=XXXX5;UID=xx;PWD=xxxx"
Connection.Open(sConnString)
'Check Dealer Account
'SQL = "SELECT CUSTID_23 FROM [Customer Master] WHERE CUSTID_23='"& Request("txtDealerAccount")&"'"
SQL = "SELECT CUSTID_23 FROM " & chr(34) & "Customer_Master" & chr(34) & "WHERE CUSTID_23='"& Request("txtDealerAccount")&"'"
rsDealerAccount.Open SQL,connection,3,3
rowcount=rsDealerAccount.recordcount
if (rowcount = 0) then
strNextPage = 0
strError2 ="<span class=""error"">Dealer Account not found.</span>"
end if
if strNextPage = 1 then
Server.Transfer("step2.asp")
Response.end()
end if
if strNextPage = 2 then
Server.Transfer("regrequired.asp")
Response.end()
end if
' Close our recordset and connection and dispose of the objects
rsDealerAccount.Close
Set rsDealerAccount = Nothing
Connection.Close
Set Connection = Nothing
I'm hopeful that someone here can see something that I'm missing. Thanks in advance.
I'm trying to send email from an ASP.NET using my SendGrid account. It works on my dev machine, but not in production, even though the credentials are the same. Likewise, in production I can connect to the SMTP server via telnet (using base64 encoded credentials), but the ASP site can't connect--I get error "Unauthenticated senders not allowed."
I've tried a mix of port numbers (25, 587, 465 -- my site is SSL). Using port 465 times out. 25 and 587 return respond immediately--but with the login error. This is really baffling because, like I say, it's the same credentials on dev machine and production.
I looked very briefly at Microsoft Network Monitor 3.4, but could not make heads or tails of it. I was hoping it would tell me the blow-by-blow commands being sent since I suspect the web site is doing something a little different from how telnet connects, but I don't know what.
Note I also asked my web host if outgoing traffic on these ports were blocked on production firewall, but they aren't.
Here's the actual code--like I say works fine on localhost, but SMTP connection fails in production
[AllowAnonymous]
[HttpPost]
public ActionResult ResetPasswordSend(string email)
{
List<string> userList = new List<string>();
try
{
string[] invalidChars = new string[] { ";", "," };
foreach (var invalidChar in invalidChars) if (email.Contains(invalidChar)) throw new Exception("Email contains invalid character.");
int count = 0;
// since emails are not unique, I must launch resets for all of them
var users = _db.HsProfile.Query("[Email]=#0", SqlDb.Params(email));
foreach (var profile in users)
{
count++;
userList.Add(profile.UserName);
var token = WebSecurity.GeneratePasswordResetToken(profile.UserName, 15);
WebMail.Send(profile.Email, "HumaneSolution.com Password Reset for user " + profile.UserName,
"You received this email because you or someone with your email address requested a password reset on HumaneSolution.com. " +
"If you didn't do this, then you don't need to take any action, and nothing will happen.\n\n" +
"To proceed with the password reset, click the link below within 15 minutes:\n\n" +
Url.BaseUrl("Account/EnterNewPassword/" + token) + "\n\n" +
"Sent to: " + email + " at " + DateTime.Now.ToLongDateString() + " " + DateTime.Now.ToLongTimeString() + "\n" +
"User name: " + profile.UserName);
}
if (count == 0) throw new Exception("Email " + email + " is not registered at HumaneSolution.com.");
}
catch (Exception exc)
{
ViewBag.Error = exc.Message;
}
return View(userList);
}
Based on suggestion from SendGrid, I re-wrote the email code so it does not use WebMail.Send but rather the SmtpClient and MailMessage objects explicitly. SendGrid says there might be some kind of timing problem in how ASP.NET loads credentials from the config file automatically. Here's exactly what they said:
Are you by chance storing your SendGrid credentials in a configuration file, separate from the code that connects to our SMTP server? The reason I ask is because I have seen rails and C# configurations like this receive the unauthenticated error due to the credentials not being passed at the correct time. Usually this is solved by moving the credentials directly in with the code instead of a separate configuration file. Give that a try and see if you notice a difference.<<
I didn't follow their advice completely -- i.e. I'm still using config file, but I'm loading the config values in subclasses of SmtpClient and MailMessage so I avoid hardcoding creds in my app. Anyway, it worked, all is well again.
I am trying to get Paypal's IPN service working within my app.
When I use the Paypal Sandbox IPN Simulator set to the transaction type of, "Web Accept," Paypal says the message went through just fine (and if I mess up the code in my Action that handles the IPN, Paypal says there was a server error, so this seems to be communicating correctly).
However, it doesn't appear to actually be doing anything. If I navigate to my IPN action in a browser myapp.com/Paypal/IPN, I receive a response from paypal that says INVALID (as expected) and this is written to my output via Debug.Write. When I click "Send IPN" in Paypal's simulator, I get no debug messages at all, although my IPN action is full of Debug.Write lines. (Do calls made from outside your local environment simply not allow Debug.Write output?)
For reference, here is the majority of my IPN Action (I've removed various logic for clarity's sake):
public ActionResult IPN()
{
Debug.Write("entering ipn action ");
var formVals = new Dictionary<string, string>();
formVals.Add("cmd", "_notify-validate");
string response = GetPayPalResponse(formVals, true);
Debug.Write("IPN Response received: " + response + " <-- That was response. . . ");
if (response == "VALID")
{
Debug.Write("Response Was Verified");
}
else
{
Debug.Write("RESPONSE WAS NOT VERIFIED");
}
return this.View();
}
string GetPayPalResponse(Dictionary<string, string> formVals, bool useSandbox)
{
string paypalUrl = useSandbox
? "https://www.sandbox.paypal.com/cgi-bin/webscr"
: "https://www.paypal.com/cgi-bin/webscr";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(paypalUrl);
//Set values for the request back
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
byte[] param = Request.BinaryRead(Request.ContentLength);
string strRequest = Encoding.ASCII.GetString(param);
StringBuilder sb = new StringBuilder();
sb.Append(strRequest);
foreach (string key in formVals.Keys)
{
sb.AppendFormat("&{0}={1}", key, formVals[key]);
}
strRequest += sb.ToString();
req.ContentLength = strRequest.Length;
string response = "";
using (StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII))
{
streamOut.Write(strRequest);
streamOut.Close();
using (StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream()))
{
response = streamIn.ReadToEnd();
}
}
return response;
}
Am I correct in understanding that if Paypal is actually submitting a request to my IPN action, I should receive the Debug.Write messages the same as when I visit the IPN action within my browser?
It does not appear to me that anything actually happens when Paypal sends the IPN simulated message to my web application, but Paypal says things are ok and Paypal somehow knows if I intentionally make the IPN action have an error when it is caused (so it appears to actually be calling the action somehow).
Can anyone help me understand what I am not understanding here?
I just want my user's to be able to pay using Paypal's standard payment method with a 'buy now' button and be able to change a database value from false to 'true' when the payment is confirmed to have been received.
Thank you for your time.
Note: Another way I tested this was to have the action change something in my database if it was called (I simply did something like MyEntity.Value = new value then db.SaveAll();. This change to my database was made if I navigated directly to the action within my browser, but no change occurs when I had the paypal IPN simulator 'ping' the action.
Update:
Ok, running trace using trace.axd:
<trace enabled="true" requestLimit="100" pageOutput="false" traceMode="SortByTime" localOnly="false" />
It behaves as if nothing happens when I run the Paypal IPN Simulator or if I browse to my web page using a device that is off my local network.
Note that I do see details change when I visit the pages on my local computer:
8 7/8/2012 6:25:01 PM paypal/ipn 200 GET View Details
9 7/8/2012 6:25:02 PM paypal/themes/ui-lightness/jquery-ui-1.8.19.custom.css 404 GET View Details
10 7/8/2012 6:25:02 PM favicon.ico 404 GET View Details
11 7/8/2012 6:25:52 PM favicon.ico 404 GET View Details
12 7/8/2012 6:26:09 PM home/paypaltest 200 GET View Details
Update 2:
I got the debugger to start debugging by attaching the debugger to : w3wp.exe
It appears that Paypal is indeed making it to my page and responding with VERIFIED at this point when I use the IPN simulator. Not sure what this means for me. Will update.
Update 3:
With debugging working I was able to properly test everything and the IPN verification was actually working as intended - I just couldn't tell without proper debugging messages.
Thank you for your time.
With debugging working I was able to properly test everything and the IPN verification was actually working as intended - I just couldn't tell without proper debugging messages.
Thank you for your time.
I have two .NET web applications running on the same server - sentinel (hosted at https://sentinel.mydomain.com/) and fortknox (at http://www.mydomain.com/fortknox)
Sentinel is an authentication 'portal'. FortKnox is a 'proof of concept' app that uses forms authentication but has the loginUrl set to https://sentinel.mydomain.com/login (along with a special Application_EndRequest handler to qualify the ReturnUrl). Sentinel is written in .NET 4.0 using MVC 4 and Razor; FortKnox is ASP.NET MVC 2 using .NET 2.0.
I'm using ASP.NET FormsAuthentication with the cookie domain set to .mydomain.com so that cookies set by sentinel.mydomain.com will be sent with requests to www.mydomain.com, and vice versa. The cookie part is working perfectly - both applications are getting the same .ASPXAUTH encrypted forms ticket.
The problem is that, on our production servers, fortknox can't decrypt cookies created by sentinel - even though they have identical machine keys. Even when both apps are running on the same physical box, it doesn't work.
A user hits fortknox, they're redirected to sentinel, they log in, the cookie is set, they're redirected back to fortknox, and then I get "Unable to validate data":
Exception: Unable to validate data.
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo, Boolean signData)
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo)
at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)
at FortKnox.Web.MvcApplication.Application_BeginRequest()
The machine keys are identical - I've gone as far as including this chunk of (nasty!) code in the mark-up of each page:
try {
var cookie = Request.Cookies[".ASPXAUTH"].Value;
Response.Write("Cookie: " + cookie + Environment.NewLine);
var ticket = FormsAuthentication.Decrypt(cookie);
Response.Write("Ticket name: " + ticket.Name + Environment.NewLine);
} catch (Exception x) {
Response.Write("Exception: " + x.Message + Environment.NewLine);
Response.Write(x.StackTrace);
}
Response.Write("<hr /></pre>");
var machineConfigMachineKey = (MachineKeySection)WebConfigurationManager.OpenMachineConfiguration().SectionGroups["system.web"].Sections["machineKey"];
var webConfigMachineKey = (MachineKeySection)WebConfigurationManager.OpenWebConfiguration("").SectionGroups["system.web"].Sections["machineKey"];
Response.Write("<pre>");
Response.Write("<b>machine.config decrypt: </b>" + machineConfigMachineKey.DecryptionKey + "<br />");
Response.Write("<b>web.config decrypt: </b>" + webConfigMachineKey.DecryptionKey + "<br />");
Response.Write("<br />");
Response.Write("<b>machine.config validate: </b>" + machineConfigMachineKey.ValidationKey + "<br />");
Response.Write("<b>web.config validate: </b>" + webConfigMachineKey.ValidationKey + "<br />");
Response.Write("</pre>");
Response.Write("<hr />");
and verified that the machine keys being used at runtime are exactly the same.
What's especially frustrating is that this has been working on our development and staging servers, and has only failed in production. The only difference between the servers is that the production boxes have Windows Updates installed frequently whilst our dev/staging boxes are potentially missing some updates; they're otherwise identical (cloned from the same image and created using the same setup scripts)
So... same server; same machine key. ASP.NET 4 sets a FormsAuthentication cookie. ASP.NET 2 app can't decrypt it. Bug only happening on certain servers; on others, it's working. At this point, I'm completely stuck... any ideas?
EDIT: Live server has been brought right up to the latest patch level. I have tried applying
<add key="aspnet:UseLegacyEncryption" value="true" />
as both true AND false, to both the login app and the fortknox app. Still no luck...
Any chance it has something to do with the old 2010 padding oracle security patch - http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx? Try setting
<add key="aspnet:UseLegacyEncryption" value="true" />
to force the patched servers to act like they used to before the patch?
(or, you know... patch your servers. Your choice.)
Did you try all the following keys? http://support.microsoft.com/kb/2425938
<add key="aspnet:UseLegacyEncryption" value="true" />
<add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />
<add key="aspnet:ScriptResourceAllowNonJsFiles" value="true" />