Background: I'm developing a website in ASP.NET with VB.NET backend, .net framework is 4.0. It's actually a redesign of an existing site, and everything works on the old version, and in fact the settings are the same there...
So I've got a master page for the admin section of my website which requires RSA authentication, however I want to skip that part of it obviously when I just hit f5 and run in debug on my local machine. So at the beginning of the page load event I do a check for...
If NOT ConfigurationManager.AppSettings("IsDebugMode") then
here's my code for authentication...
else
return true 'user automatically authenticated
end if
however, when I hit f5, it keeps throwing the error "Object reference not set to an instance of an object." I've googled it, and it looks like this syntax is correct, and like I said, the code is copy/pasted from the existing site, which functions the same in this area, and works just fine.
Is there a setting somewhere that I need to "turn on" this feature? I've never used the configuration manager before, so I'm not sure if it is requiring more than I've built so far. Anyone familiar with this?
Find and open web.config file, it's usually in the root directory of your web application, locate the appSettings section, add in an entry like:
<add key="IsDebugMode" value="true" />
Related
I have a site that uses a .net security module to secure certain areas of the website. It's not working, the pages that should be password protected are not. Other than that, the site doesn't throw any errors.
I don't have access to the code, and the module doesn't seem to log anything.
Is there an IIS or .Net log of loading/calling httpModules? I feel like it's not loading/calling it, and it's just not telling me.
My web.config has this snippet, which loads the module:
<httpModules>
<add name="MyApp.SecurityModule" type="MyApp.Host.Security.WebForms.SecurityModule" />
</httpModules>
You can use Modules property in global.asax class to inspect the http modules that are loaded and associated with the application - use any request event such as BeginRequest or PostMapRequestHandler.
However, I don't think this would be an problem - if you are configured the module in the web.config then it would be loaded. If there are any issues then the ASP.NET will report an error. Most probably, http module code must be working in a certain way or needs certain per-conditions that are not being met.
Use tools such as Reflector or ILSpy to inspect & de-compile your application assemblies - check the code for the said type (MyApp.Host.Security.WebForms.SecurityModule) - frankly speaking, in the absence of documentation/commented code, it would be the only option to figure out how exactly your module is supposed to run (and then trouble-shoot accordingly).
Have you thought about using something like Glimpse: http://getglimpse.com/
If may help you debug the issue a little better.
Due to some security concerns i need to enable View State Encryption. I have viewstate & viewstateMAC turned off but i need to encrypt the "control state" string that is included in the __VIEWSTATE form parameter.
Currently my web.config looks like:
<pages enableViewState="false" enableViewStateMac="false">
When i set the following, in cassini, my viewstate is encrypted:
<pages enableViewState="false" enableViewStateMac="false" viewStateEncryptionMode="Always">
When i make the same change on my IIS 6 server, nothing happens.
I see the app domain recycle(Event: Application '/LM/W3SVC/...' located in 'C:...' initialized for domain '...'). when i touch web.config but i do not get encrypted viewstate as with cassini. I have tried Site Stop/Start, IIS Reset Stop/Start, Clear ASP.NET Temporary file cache. Anyone have any suggestions on what needs to be done to configure this?
I ran into a similar problem with this and it came down to the fact that if you pre-compile your site the web.config node for pages is ignored. You have to set those settings at compile to get it working. I know this is year late, but I figure if someone else comes here looking for solution to the problem this might be useful information.
A little blurb about this: http://blogs.msdn.com/b/asiatech/archive/2011/07/19/pages-settings-don-t-work-for-pre-compiled-asp-net-applications.aspx
(Link dead - blog pointed to this documentation: ASP.NET Web Site Project Precompilation Overview )
My customer had a viewstate MAC
validation problem. As a workaround, he wanted to disable the
viewstate MAC validation before find out the final solution. However,
he was still seeing the problems after added follow settings in the
configuration files.
Customer’s application is a pre-compiled ASP.Net application with
updatable option disabled. Looking at the code generated by compiler
with above settings, we found these settings are hard coded. So, this
means simply add the above setting into web.config doesn’t affect a
pre-compiled application. To make this taking affect, the application
has to be re-compiled.
[DebuggerNonUserCode]
private void __BuildControlTree(default_aspx __ctrl)
{
__ctrl.EnableViewStateMac = false;
__ctrl.EnableEventValidation = false;
__ctrl.ViewStateEncryptionMode = ViewStateEncryptionMode.Never;
This is a by-design behavior.
I think I may have found a problem with ASP.NET MVC and it's event pipeline. In particular, I am finding that Session_Start is being called multiple times, each containing a new SessionID.
Here's the step-by-step process:
Open VS2010
File | New Project
ASP.NET MVC 3 Web Application, accept default name, click OK
Select Internet Application (although I don't think it matters really), click OK
When finished creating, edit the Global.asax.cs file
Add the following method (yes it's empty):
protected void Session_Start()
{
}
Set a breakpoint in the method
Debug
Notice that the breakpoint is caught twice before displaying the page. If you watch "Session.SessionID" when the breakpoints are caught, you will see that the session id is new each time.
Once you get to the home page, click on the "Home" or "About" tab link.
Session_Start will be fired again, this time with a new SessionID.
Continue execution, and any subsequent actions will no longer fire Session_Start.
I tried the same thing on a standard ASP.NET Web Application (not MVC), and Session_Start only fired once.
I'm pretty sure I'm not doing something wrong here, as I am using the default project templates, and the only code that is being modified is the Global.asax.cs file, to add the Session_Start method.
I am using IIS Express, but I've repeated the above steps using the "Cassini" web server (Visual Studio Development Server), with the same result.
Any advice?
UPDATE
I decided to use Fiddler to inspect the HTTP traffic during my debug session. It seems that:
The first Session_Start is fired when I am requesting the "/" URL. This seems reasonable. The SessionID generated at that time is then written in the response to the browser. Again, seems reasonable.
Fiddler then shows requests/responses for the *.js and *.css files. All successes. None of those fire off Session_Start. Good so far.
Then Fiddler shows that a request has been made for "/favicon.ico". At this time, Session_Start fires, and generates a new SessionID... I continue.
On Fiddler, it shows that the "/favicon.ico" file was not found (404). The webpage is displayed. I click on the "Home" link.
The URL "/" is requested and response is OK in Fiddler. But then, another "/favicon.ico" file is requested, and again Session_Start fires with a new SessionID... I continue.
All subsequent requests have responses, and the browser stops asking for "/favicon.ico".
I made note of each of the three SessionID's generated, and it seems the one that the browser holds on to is the first one. So when we get to step 6 above, and everything seems to work, it's actually using the very first SessionID that was generated.
So... I decided to host a "favicon.ico" file. I placed the ico file in the root of the project, and started my debug session again. This time, Session_Start only fires once. "/favicon.ico" was served successfully (200).
So... I guess it is working the way it should in a sense... But why do calls to "/favicon.ico" fire off the Session_Start event???? Shouldn't I have the choice to NOT host a favicon?
ASIDE: I tried all the above in an ASP.NET (not mvc) project, and it did not have the same problem, even though there was no favicon.ico file hosted by a default "ASP.NET Web Application" project.
I kinda had this problem for a while, and finally I realised that it was because there was some http/https shenanigans going on... looks like it destroys and recreates your session if you flip the ssl around like that and you have
<sessionState mode="InProc" sqlCommandTimeout="3600" timeout="120" cookieless="false" />
<httpCookies httpOnlyCookies="true" requireSSL="true" />
Possibly a trap for new players or people who are really tired and not paying attention! :)
Just FYI in case this helps anyone...
I think I've come to a point where I have a couple of solutions (albeit both seem 'hacky' to me), so I think I'll accept these and move on.
Got a comment from #Tz_ above that mentioned I should ignore the route for the favicon file. That's essentially what I'll be doing. (kudos #Tz_!)
Came across the following post, (among others). It describes a problem that when the browser requests a "/favicon.ico" file from an ASP.NET MVC site, the MVC stack is mistakingly trying to look for and instantiate a controller. I'm wasn't sure if that was true or not for my situation, but the answer suggested adding the following route entry:
routes.IgnoreRoute("favicon.ico");
I gave it a shot (added the above), and that fixed it!
So, I still don't know why "/favicon.ico" request has a mistaken identity in MVC, but I know how to fix it in my situation. Either:
Host a favicon,
or add an ignore route entry.
Again, both seem like hacks to me, as I think this is something controller factories should be capable of handling gracefully. IMHO
Reason you are getting Session_Start firing each time is because you have <httpCookies requireSSL="true" /> in <system.web> in your Web.Config remove this and you are good to go.
I can't reproduce this problem. I've tested on ASP.NET MVC 3/Tool Update, Win08/R2/SP1 and Win7/SP1 using IIS 7.5, Cassini and IIS Express. I see the 404 favicon request in Fiddler, but the break point is not hit for favicon. I tested with IE9, the current FF and Chrome. Each time I hit the site with a new browser, Session_Start() is called and I see the new session ID. I work for Microsoft so I'd like to know how to reproduce this problem.
This happened to me when I had some <img> in my pages with a wrong "src" attribute. Putting a valid path in "src" solved my problem.
We run a link redirection service which can handle links thrown at it in various formats. One of these formats is to append the destination URL to the end of the link, for example
http://url.fwd/abcd/http://www.mydomain.com/page.aspx
This was working on a Windows Server 2003 / IIS6 box for the last two years, but now we're trying to move to a Windows Server 2008 / IIS7 setup and its not working anymore.
I've read about the problem with colons in the URL but it doesn't affect pages not ending in '.aspx'. For instance,
http://url.fwd/abcd/http://www.mydomain.com/page.php
would redirect fine.
http://url.fwd/abcd/http//www.mydomain.com/page.aspx
also works fine (note the lack of a second colon). Despite being the wrong URL, it does get handled by our URL forwarding system, which uses a custom 404 page. On the old system, we had a similar problem, so a method was written in Global.asax > Application_Error specifically to handle the '.aspx' case, and it worked fine.
On our new server, the Application_Error never gets thrown in Global.asax. Instead, I get a System.NotSupportedException - "The given path's format is not supported". This System.NotSupportedException is the exact case we handle in the Global.asax page, so it's definitely not being fired.
I've changed the registry keys indicated in several forum posts,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET VerificationCompatibility=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP|Parameters AllowRestrictedChars=1
I've tried changing the Handler Mappings settings for .aspx.
I've tried setting the App pool to use classic mode instead of integrated, but this causes a completely different error where static content such as images and CSS do not display at all. I've checked that static content is enabled in the windows features, and it is.
Under classic mode, the '.aspx' request throws two Bad Request errors with absolutely no information whatsoever. The code of the error page I get is literally
Bad Request<html><body>Bad Request</body></html>
UPDATE: I've changed the static file Handler Mapping to the form found in this page
http://improve.dk/blog/2006/12/11/making-url-rewriting-on-iis7-work-like-iis6
However, as the author rightly points out, this is a hack and not the correct way of doing things under IIS7. It also only fixes the static file problem in classic mode. '.aspx' pages still throw an error under classic mode.
Any thoughts or input would be greatly appreciated at this point.
IIS 7 Solution
The easy solution in IIS 7 is to add a setting in your web.config file to tell IIS to process all requests through your Global.asax events. Just add or change this section in your web.config to enable requests:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
In my case, I was publish my site in production and I miss copy to server App_global.asax.compiled file. For this reason was not fire the Events inside Global.asax.
Hope anyelse help this tips, I lost 8 hours seeking.
Why when I access an aspx (e.g., http://www.example.com/foo.aspx - not the real site) through IE6 would I get a 404 Error (i.e., "The page cannot be found") in IIS6
I've got scripts enabled for the website and I've tried with executables enabled as well.
Here is the full error:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or
is temporarily unavailable.
------------------------------------------------------------------------------
Please try the following:
Make sure that the Web site address displayed in the address bar of your
browser is spelled and formatted correctly.
If you reached this page by clicking a link, contact the Web site
administrator to alert them that the link is incorrectly formatted.
Click the Back button to try another link.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)
------------------------------------------------------------------------------
Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a title search for the
words HTTP and 404.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for
topics titled Web Site Setup, Common Administrative Tasks, and About Custom
Error Messages.
I can get to Default.htm in the same directory, so I know the path is right. I've opened it up to everyone (temporarily) so I know the permissions are right.
It could be a lot of things. I had this issue today because .NET had not been re-initialized after installing IIS (aspnet_regiis -i -enable or equivalent).
Check that the anonymous user under which the site runs has read access to the file foo.aspx.
IIS6 and later uses a 404 response, thereby not letting an attacker know whether such a file even exists.
I just happened to find another culprit for this issue. My foo.aspx page referenced a particular master page that had a <%# Register %> directive to a user control that did not exist. Removing the reference to the non-existent user control caused my foo.aspx to load instead of 404.
I found a solution here.
The real catch was using this:
Response.TrySkipIisCustomErrors = true;
The site is pointing to a different directory where the page is not.
It could be permissions, however I would think you would get an access error instead.
I'm assuming you are running IIS.
Check that www.example.com is going to the site that you think it is.
If you are hosting multiple sites on the same IP using host headers you may want to double check the name you are using is going to the site you think it is.
Ray and Joe probably have it. In order to serve any file type, IIS has to have a mapping for it. Aspx files require that they be mapped to the AspNet ISAPI dll, which the .Net installation normally takes care of. If you install IIS after .Net (and I'm sure there are other situations), you have to initiate this yourself by running aspnet_regiis.
ALTERNATE SOLUTION (same error perhaps different cause).
I had installed Visual Studio 2008 Pro without SQL Express it, and it caused this same error. Reinstallation of VS2008 with sql express included seemed to have corrected the problem, or perhaps the install took other actions. I did try to register ASP.net numerous times prior but no luck however it is definitely the most probable cause Just posting my experience for those pulling their hair as I was..
Thanks
If you register the .NET 4 version of IIS, you may find it's grabbed the registration of the aspx extension. If ASP.NET v4 is prohibited then 404 will be returned
I had this issue where some customers were reporting the 404.0 and some didn't have the problem at all(same page). I was able to navigate to any of the pages with no problems from my machine. Some customers would refresh and it would go away. I am using .Net 4.5.2 and IIS 7.5.
Looking at the IIS log file I would see:
sc-status sc-substatus sc-win32-status
404 0 2
sc-status.sc-substatus: 404.0 - Not Found
sc-win32-status: 2 - ERROR_FILE_NOT_FOUND
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681382(v=vs.85).aspx
https://en.wikipedia.org/wiki/HTTP_404
I found the problem was I had deployed a new version of the website in which the old version of the website had RouteConfig.cs/FriendlyUrlSetting setup by creating a project using the web forms template. The new version was created using an empty template. So obvious to me now.. no URL routing. Customers had a cache issue with certain pages on their machine(no .aspx extension) and having them clear browser data ultimately fixed the problem.
I got this issue when I tried using a different drive to host my apps. I ended up moving them to the wwwroot folder because it was working there and I did not have to time figure out why it is not working on the E:\ drive.
I had bin\roslyn compiler missing. Adding that all worked fine.
Check for double quote errors. I started getting a 404 on a single page because I accidentally had this:
<asp:TemplateField HeaderText="ImageURL"">
instead of this:
<asp:TemplateField HeaderText="ImageURL">
For an aspx page, error 404 can be quite misleading! I have seen all the answers and they presuppose assuming various issues with the file, page, path, etc. but the simplest issues is the fact that if there is an error in your asp page (i.e bad format, improper usage of control, etc. asp will think the page does not exist and will post a 404 when in all actuality, it is easy to ascertain if there is a bad format by simply clicking on design mode. If the page does not render no need to do anything else but look at what is causing the render error, fix and viola'! Your page shows since it was never missing or can't be found, but it simple did not know how to display! Too often people go looking for the wrong solutions and waste so much time! Hope this helps somone. :-)