I have three systems running on IIS7 with static IP address 192.168.66.5. I have configured the system to run on the same IP address with different ports and subdmain like;
192.168.66.5:81 hostname ams.tpf.go.tz
192.168.66.5:82 hostname gmis.tpf.go.tz
192.168.66.5:83 hostname records.tpf.go.tz
192.168.66.5:84 hostname cmis.tpf.go.tz
I configure all these on IIS7 and defined them in the router.
When the client opens ams.tpf.go.tz without specifying the port number, the error 404 is returned: the requested resource is not found.
This recently occurred to me also - make sure your IIS Website is started - mine had been stopped. This is the error I was receiving in Visual Studio:
Unable to start debugging on the web server. The web server could not find the requested resource.
Right Click on your Website (i.e. Default Website) in IIS Manager and click Manage Web Site --> Start.
Navigating to any applications in the IIS Website was showing this error:
HTTP Error 404. The requested resource is not found.
The easiest way to achieve this is to set the port 80 for the site you want to be the "default" one, since this is the default HTTP port.
Some times IIS Manager -> Manage Web Site -> Start, will not work if the below 2 services are not running
1. Windows Activation Technologies Service
2. World Wide Web Publishing Service
Start these services manually under windows services then start IIS again.
Another cause that happens to me with some frequency is to set the permissions correctly to the physical directory. It can be achieved going to IIS -> clicking on the website and then in the actions panel click over Edit Permissions. Be sure that the user you are going to assign the permissions, are the same as defined on Authentication -> Anonymous Authentication or ASP.NET Impersonation, if any of those authentication methods are enabled.
To know the user assigned on those authentication methods, go to the Authentication icon, select any of the authentication methods mentioned before, right click on it and select edit. After that, you have the option to select the user you want.
Hoping this helps.
My issue for anyone else that comes here from google. I am hosting a django website so in my webconfig file it is set to process requests using the python virtual environment. In the web.config file it is this portion:
<configuration>
<system.webServer>
<handlers>
<add name="Python FastCGI"
path="*"
verb="*"
modules="FastCgiModule"
scriptProcessor="C:\inetpub\wwwroot\receipts\venv\Scripts\python.exe|C:\inetpub\wwwroot\receipts\venv\Lib\site-packages\wfastcgi.py"
resourceType="Unspecified"
requireAccess="Script" />
</handlers>
...
</configuration>
When there was requests to the media folder IIS would say great I know what to do send it through the scriptProcessor (python processor). Requests to the media folder should not do that they only need to serve static files (no extra processing). I placed this web.config in the media directory and it solved my problem!
<configuration>
<system.webServer>
<handlers>
<!-- this configuration overrides the FastCGI handler to let IIS serve these static files -->
<clear />
<add name="StaticFile"
path="*"
verb="*"
modules="StaticFileModule"
resourceType="File"
requireAccess="Read" />
</handlers>
</system.webServer>
</configuration>
In my case IIS server and resolved with the below steps.
Check the security groups - whether we have opened the required ports from ALB SG to EC2 SG.
Login to server and check does IIS server's default site has 443 port opened if your health-check is on 443. (whatever port you are using for health checks).
Use the curl command to troubleshoot the issue.
If you would like to check on HTTPS use the below command to check the response. Use -k or --insecure to ignore the SSL issue.
curl https://[serverIP] -k
For HTTP test use the below command.
curl http://[serverIP]
Related
I’m using asp.net framework 4.8
I’m trying to use the membership class with Active directory provider.
security team insists to use LDAPS protocol with ca certificate, so I set the config in this way:
web.config
<connectionStrings>
<add name="ADService" connectionString="LDAPS://ipaddress:636/OU=ou,DC=dc,DC=dc"/> (censored)
</connectionStrings>
<system.web>
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADService"
connectionUsername="MYUSERNAME"
connectionPassword="MYPASSWORD "
connectionProtection="Secure"/>
</providers>
</membership>
</system.web>
When I try to use Membership.GetUser() I get the following exception:
{"Error HRESULT E_FAIL has been returned from a call to a COM
component. (C:\Projects\ \project\web.config line 83)"}
I tired to do the steps in:
Error HRESULT E_FAIL has been returned from a call to a COM component VS2012 when debugging
I was able to connect to the active directory using LDAP browser but no through my code.
When I try to connect to another active directory on my local domain, which is not secured (LDAP on port 389) it does work.
any suggestions?
LDAP over SSL follows all the same rules as HTTP over SSL (HTTPS). The two most important parts are:
The domain name you use to connect must match one of the domains names on the certificate.
The SSL certificate must be issued by an entity that your computer trusts, and
Rule #1 means that you cannot use an IP address to connect, which it seems you are trying to do. You must use a domain name. That might be your only problem.
For rule #2, you can check the certificate by downloading it to your computer using this PowerShell script:
$webRequest = [Net.WebRequest]::Create("https://example.com:636")
try { $webRequest.GetResponse() } catch {}
$cert = $webRequest.ServicePoint.Certificate
$bytes = $cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert)
set-content -value $bytes -encoding byte -path "certificate.cer"
Change example.com to your domain name (you can actually use the IP address here since it's just downloading the cert, not evaluating whether it will be trusted). After running it, you will have a certificate.cer file that you can double-click on and inspect. It will tell you obviously whether the certificate is not trusted. If that's the case, you will have to install the root certificate as a Trusted Root Certificate on your computer.
To help with rule #1, you can also look at all the domains listed in the certificate by looking at the Details tab and looking at "Subject Alternative Name" in the list. There may only be one, but there might be more. If there are more than one, just make sure you use on that DNS resolves to the right IP address.
Context
Umbraco CMS website runs on Azure as App Service
Scheduled Publishing
One of the Umbraco functionalities is to allow to publish content on a given time. The publish functionality makes a HTTP call to same web site (or a different server but same website in load balanced environment).
API call url:
http://sample-site-umbraco.azurewebsites.net/umbraco/RestServices/ScheduledPublish/Index
IP Security
Due to client requirements, access to the site is restricted to a given list of IP addresses. This task is being completed with IP Security restriction in web.config.
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="52428800" />
</requestFiltering>
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<!-- "clear" removes all upstream restrictions -->
<clear />
<!-- permit the loopback address -->
<add ipAddress="127.0.0.1" allowed="true" />
...
...
...
<!-- domain Name for Scheduled Publishing -->
<add allowed="true" domainName="sample-site-umbraco.azurewebsites.net"/>
</ipSecurity>
</security>
Problem
When IP Security is turned on, the HTTP call to publish API is being blocked as not white listed one.
API call response Status Code and Content:
404 - NotFound
"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."
Problem Thread on our.umbraco.com
Fix attempts
Adding domainName to the list of allowed entries
<!-- domain Name for Scheduled Publishing -->
<add allowed="true" domainName="sample-site-umbraco.azurewebsites.net"/>
This solution doesn't work. Calls are still being blocked.
Question
How this can be fixed? Is there any functionality that can be override?
Ok, I've found the solution. I think it will work.
I've found this question on stackoverflow and it worked :)
Solution
Solution is to add ALL outbound IP addresses into System.WebServer > Security > ipSecurity > [List].
Outbound Ip Addresses are comma separated list of ips.
You need to add all of them to the WhiteList in web.config.
Drawback
I'm not sure if the list of Outbound Ips is static and will not change in the future...
On one computer I have 2 projects - a client application and another that holds the identity server and identity manager. When I run the client site on this computer everything works. I am able to sign in, register etc. This project was already set up and working.
I made a copy of the projects and put them on another computer. I have set the sites up in IIS and created a self signed certificate.
When I run the client site and attempt to sign in I get the yellow asp.net error page with the message "The remote certificate is invalid according to the validation procedure". When stepping through with the debugger I also see: "The underlying connection was closed: could not establish trust relationship for the ssl/tls secure channel"
I figure the errors have to do with the certificate so in MMC I made sure that the certificates are installed in the trusted root certification authorties folder.
The other thing I did was check the web.config files in the projects.
In the client site I have something like:
<oidcClient clientId="codeclienthere"
clientSecret="secrethere"
signingCertificate="keythatmatches_certificate_hash_here"
issuerName="https://identityurlhere/issuer"
...
Then in the identity server and identity manager web.config files I have something like:
<appSettings>
<add key="owin:AppStartup" value="startup" />
<add key="Issuer" value="identity_url_here/issuer" />
<add key="Thumbprint" value="keythatmatches_certificate_hash" />
<add key="WebClientId" value="codeclienthere"/>
<add key="WebClientSecret" value="secrethere"/>
...
I changed the signing certificate and thumbprint values to match the certificate hash. For the attribute "issuerName" and key "Issuer" I tried leaving it the same, setting it the name of the certificate and prepending "CN=" to the name of the certificate. I am unsure what value should go here. I am also unsure what other things I should check.
The problem here was that there were hidden characters in the thumbprint that I did not notice. I had pasted in a text editor to compare or something and they got removed so when I pasted them back in the config file they did not match as needed.
I am just trying to see how open auth works in asp.net 4.5 application.
I just created a new template and it has the deafult code for handling google.
I just un commented the comments as per instructions to enable it, but when i run the application and click on login, it is throwing an exception instead of redirecting to google login page
I have to cross the proxy to make the outbound requests. I guess it is what is blocking it to connect to google.
Is there any way to cross through proxy and make the request ? please suggest
If you are using a proxy then you will need to tell ASP.NET which proxy it should use - this is to do with .NET rather than DotNetOpenAuth. As mentioned by #IsThatSo have a look at Specifying a proxy to use with DotNetOpenID which details that you how you specify the proxy to use.
system.net>
<defaultProxy>
<proxy
usesystemdefault = "False"
proxyaddress="http://myproxyserver:8080"
bypassonlocal="True"
/>
<bypasslist>
<add address="[a-z]+\.mydomain\.com"/>
<add address="[a-z]+\.myotherdomain\.com"/>
</bypasslist>
</defaultProxy>
</system.net>
I have four different server and a load balancer. I want to use captcha control. I did something with it this way:
I created a handler.ashx to create the captcha image. This handler is used in the Main page. I keep the captcha control password in session while creating the captcha control. Then I compared password typed by the user with the password in the session. It works very well, but only on one server.
It doesn't run correctly with four servers. Although the user enters the correct password every time, it sometimes matches with the session password and sometimes doesn't match. I think the problem reason is this:
For Example :
A,B,C and D are the four servers. The load balancer routes the first request to A server. Which opens the main page from A server and creates password '123456'. This is stored in session on A server. Then user typed in the password and clicked button. Now the load balancer routes this request to the B server. Because session in B Sever is null, the passwords don't match.
My web.config has this,
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424"/>
But It still doesnt work.
What should I do ?
So first thing (just to make sure) - I believe that this connection string is just an example because 127.0.0.1 is localhost and it wouldn't have chance to work ;).
Now I will assume that you have chosen server A for you state server. Please check following things:
"ASP.NET State Service" is up and running on the server A (it's disabled by default, you can check that in Administrative Tools --> Services)
the stateConnectionString in servers B, C and D is "tcpip=[Server A IP Address or Network Name]:42424" (it can be 127.0.0.1 only on server A)
servers can communicate between each other using TCP/IP via port 42424 (firewalls etc.)
Please remember that if you have changed configuration of "ASP.NET State Service" on server A to not use default port (42424), you must reflect that in your connection strings.
Sometimes it's easier to configure "SQL Server Mode" instead of "State Server Mode" so you might want to consider that. You can find more details here.
You need to use StateServer or SqlServer for managing the session state and they should be out of your firewall network that is used to balance the load.
http://www.hanselman.com/blog/LoadBalancingAndASPNET.aspx
When using Session State Server, there are few things which need to setup.
Setup ASP.Net State Service on the machine which you want as a StateServer.
net start aspstate
Change Session Mode in Web.Config File for all web applications and point to a StateServer
<system.web>
<!-- ... -->
<sessionState
mode="StateServer"
stateConnectionString="tcpip=your_server_ip:42424"
cookieless="false"
timeout="20" />
<!-- ... -->
</system.web>
3 . All Web Server the use same <machinekey> configuration
<machineKey
validationKey="1234567890123456789012345678901234567890AAAAAAAAAA"
decryptionKey="123456789012345678901234567890123456789012345678"
validation="SHA1"
decryption="Auto"
/>
(Note:To maintain session state across different Web servers in the Web farm, the application path of the Web site (for example, \LM\W3SVC\2) in the Microsoft Internet Information Services (IIS) metabase must be the same for all of the Web servers in the Web farm. The case also needs to be the same because the application path is case-sensitive.
[http://support.microsoft.com/kb/325056])