app pool identity lightswitch isn't getting the logged on user - asp.net

I have a Lightswitch 3-tier web deployment and I'm stuck on the auth piece. I've played with IIS and tried every config I can think of, but after I publish to the web, it always shows the app pool identity as the user in the top/right side of the browser. The only way I can get the ID to "pass through" is to enable impersonation which I know isn't correct. Even with impersonation enabled, the Administration tab doesn't show with the ID I assigned as the administrator after the initial publish.
Have you seen this? I've tried this on multiple deployments, re-read the guides, re-read the LightSwitch book auth chapter, still to no avail.
Also, I find it curious that when I drop this code in a test.aspx it shows that my ID is indeed getting passed:
<%= User.Identity.Name %>
But when I put this in, it shows the app pool ID:
<%= Environment.UserName %>
It's like Lightswitch is reading the Environment.Username (which will always be the app pool) instead of the user being passed by IWA.
What do you think is going on here? I've relegated to NTLM at this point to make it "easy" (abandoning Kerberos for now) and it still doesn't work.
I have a great app that I'm ready to deploy, but I need to get security setup for it.

I figured it out. I had earlier tested the website by simply copying the release from my visual studio project folder to the web server. I decided to wipe the whole folder and publish "from scratch" and what do you know...it worked.
This is obviously my first experience with web development so just a noob mistake. I'm still curious what was in the config that was over-riding what I was telling IIS to do, but for now I'm off an running.
You can close this issue.

Related

PurchReqApproval Workflow stopped working

PurchReqApproval workflow stopped working, that is all the workflow's messages are in pending state. There were no modifications made to objects related to that workflow (maybe except EDTs).
I am thinking this issue might be consequence of changing server admin password. Any hints how and where can I check/fix outdated password in IIS/AX/Services?
Go to your IIS manager and then click on application pools. Find the relevant one and right click on it and do advanced settings, then look at its identity (username) and click the ellipse .... Try setting the password again and recycling the app pool and/or doing an iisreset.

Losing Session information after publishing an ASP.NET Website on IIS

I'm a beginner in ASP.NET 2.0.Probably this could sound too basic and stupid issue for someone expert in the ASP.NET.But this is giving me sleepless nights.
Basically i have developed a simple multilingual website with a master page and content pages which fills inside the content place holder portions of the master page. The application works great when it is configured to run on the ASP.NET Development Server 2.0. But once i publish it to run on the IIS web server it will no longer function. :( I could see from the trace that none of the session variables i use are stored and redirected to the relevant content pages.
Although the contents are displayed, the session variable values by which i take some decisions on the redirected pages are lost and i run into exceptions.
Please guide me where am i going wrong and exact procedure for Publishing an application.
Ex: my home page has URL which runs something like
http://localhost/Onlineupdate/Home.aspx?vers=1.1&lang=fr-FR
Based on the above URL, i strip and save the vers and the lang variables in a Session variable. However these are lost when hosted on IIS.
There are a dozen or so things that could cause the session data to be lost:
IIS restarting
The app pool restarting
due to a change to the web.config
due to a change to anything in the \bin directory
memory limit reached, or a bug causing the app pool to reset.
several other possible causes
Your host is actually a web farm, and you're using in-process memory, which will cause issues when one server fails over to the other, unless you're using SQL Server session state mode.
Since we don't have enough information to answer exactly what's happening in your specific situation, I'd ask you to start by reading up, starting here: http://msdn.microsoft.com/en-us/library/ms178581.aspx
Edit: I did find this blog article, which may be helpful: http://blogs.msdn.com/b/amenon/archive/2007/08/21/troubleshooting-session-loss.aspx
The following is not necessarily part of the answer, but added to try to be helpful.
If it's feasible, from my own personal experience, we've had success in eliminating our lost session issues by using the SqlServer Session State mode. Since we implemented this, our session issues have all but disappeared.
also i found the main problem that you should initialize session before use
like:
session[“id”]=””;
and after that it well work fine
In order to prevent this to happen first in the web.config set restartOnExternalChanges to false.
Now in web.config changes must be propagated manually(this means that the dev is now responsible to build a mechanism for config change propagation).
Hint: You can use file watcher for this that will listen for the web.config (or any config you use in you web. app) for changes and wrap it as a watchable configuration so you can reload the configs when they are changed.
Hope this helps
I faced the same issue in my ASP.NET MVC website .
and i have resolve it by next steps :
open IIS Manager
go to the application pools
right click on the application pool which related to your website
click on "Advanced Settings"
set "Idle Time-out (minutes)" to be "20"
set "Maximum Worker Processes" to be "1"
Click Ok to close the window
these steps has resolved my issue.

HTTP Error 403.14 - Forbidden Error when accessing website

So I have all the updated code, the entire solution builds. It works on everyone else's machine, however when I try and access localhost/extranet on my machine, it gives me this error:
HTTP Error 403.14 - Forbidden
Detail Error Info:
Module DirectoryListingModule
Notification ExecuteRequestHandler
Handler 0x00000000
Requested URL http://localhost:80/extranet/
Physical Path C:\svn\K2\trunk\appteam\web\Chatham.Web.UI.Extranet\
Logon Method Anonymous
Logon User Anonymous
Now I tried going into IIS7, and enabling directory browsing, this removed the error, but still didn't bring up my website. I also tried going in and disabling the default document, re-enabling it, everything, nothing worked. I've also restarted IIS a few times to no avail.
Any ideas?
It sounds like your IIS is not processing the routing rules for your application and is trying to find a default.aspx, index.htm, etc. Since it cannot, it is wanting to display the directory listings (which is why you were getting the 404.14).
I just checked my dev setup and I think that your AppPool has to be set on Integrated as opposed to Classic on the Managed Pipeline for the AppPool. I have ran into this before, there may be ways to use the Classic Pipeline, but this would/should be the quickest way to resolve your issue. To check/change the pipeline mode, click on Application Pools from the menu on the left side of IIS, find your AppPool and look in the managed pipeline column. If it is set to Classic -> Right click the AppPool, choose basic settings, then change the dropdown from Classic to Integrated.
If I am incorrect, someone please feel free to correct me on this in the comments.
Edit - Just to add, you can run an MVC app in the Classic Pipeline mode, but you have to do the IIS 6 tricks to get it to work properly. Mainly, you need to turn on wildcard script mapping for MVC to work in Classic mode, If not it expects an .aspx file (or similar) to exist for it to handle the execution pipeline over to .NET from IIS.
Causes this error is removed Global.asax file from your root directory of your site.
To solve this problem add a Global.asax file to your project.
See here: How to add Global.asax file to ASP.NET MVC4 project
In IIS, you need to find out which app pool your application is running from. Just right click the web application under Sites>Manage Web Site>Advanced Settings. The first property should be the app pool.
Now, click Application Pools. You should see a column called "Identity". Add that user to the ACL of the C:\svn\K2\trunk\appteam\web\Chatham.Web.UI.Extranet\ directory. If it just says 'ApplicationPoolIdentity', it can be a little tricky figuring out the user. If it's just running under DefaultAppPool, you can use IIS AppPool\DefaultAppPool.
My solution was because I didn't have ASP.NET installed via "Turn Windows Features on and Off" so it was simple. I figured it out by enabling directory browser and trying to go to my views folder which then gave a more descriptive answer and pretty much said that there was a problem with a module because ASP.NET is not properly installed. It then dawned on my to go and install it.
Change the 'start page' by right click on the page and select 'Set as Start Page' that you want to open first when the web application starts first. This might solve your problem. :)
Also make sure in IIS Application Pool settings that Enabled 32-bit Applications under Advanced Settings is set to FALSE. I spent hours trying to fix this and that was my issue. Windows Server 2012 IIS 8.5
I solved this problem by setting exact .net framework. My website was using v4.0 version of .net.
Workaround to handle the problem:
Open command line as an administrator
Go to directory "C:\Windows\Microsoft.NET\Framework\v4.0.30319"
Execute the following: aspnet_regiis.exe -i
Open IIS and change Pipeline Mode of Your application to Integrated
Hope this helps
In my case the HTTP Redirection feature was missing on the server (with IIS 10).
Adding the feature resolved the issue and the site started to load fine.

SharePoint 2007 Remote File Access Denied CAS

I have code running in an ascx within PageLayout within SharePoint 2007 that accesses files on a remote server i.e. File.Create("\servername\sharename\folder\file.txt"). The code runs within a SharePoint web application that has CAS trust set to Full in the web.config. The File.Create throws the following exception:-
System.UnauthorizedAccessException
Access to the path '\\servername\sharename\folder\file.txt' is denied.
The share is shared to Everyone with Full Control and the NTFS permissions are set to Everyone with Full Control. The web application app pool is running under a domain account also with explicit permissions to access that resource (not that this should be needed).
I ran Process Monitor on the remote machine and no hits were being recorded on the server. This leads me to believe that it is an issue with the SharePoint Code Access Security settings. Like I've said above, the trust in the web.config is set to Full.
Is it possible that CAS is still blocking the remote access? Can anyone think of any other area to review?
Update
A bit more information...
I've tried making the app pool acct domain admin and the problem still occurs. When using the same method to access a drive on the local machine it works fine. Running the same code in SnippetCompiler outside of sharepoint using the app pool account works fine.
Hope this helps, let me know if you can think of any more avenues of investigation or tests I can try.
Update
Im not sure if this would affect the issue but the local server is running Windows Server 2003 and the remote server is running Windows 2000.
Update
I've just tried running the code through a web part and it works fine. The file structure I use in the project that is failing is as follows:-
wss
- VirtualDirectories
- SharePointWebApp
- ...sp web app files
- .
- .
- PageLayoutControls
- control.ascx
- .
- .
Then in IIS I have the following structure:-
IIS
- Websites
- SharePointWebApp (pointing to \wss\VirtualDirectories\SharePointWebApp)
- PageLayoutControls (virtual directory pointing to \wss\VirtualDirectories\PageLayoutControls)
Then within the PageLayouts I reference the controls using the following:-
<%# Register TagPrefix="TEST" TagName="MyControl" Src="~/PageLayoutControls/control.ascx" %>
<asp:Content ContentPlaceholderID="PlaceHolderMain" runat="server">
<TEST:MyControl id="myControl" runat="server"/>
</asp:Content>Let me know if you need more info.
Update
The mystery deepens...
When I access the sharepoint site from Internet Explorer (6 or 7) on the SharePoint web front end server I do NOT get the exception.
When I access the sharepoint site from Mozilla Firefox from the SP web front end server I DO get the exception.
When I access the sharepoint site remotely from ANY browser I get the exception.
Also, it makes no difference what user I use to log on to the site, as long as they have permissions to access the sharepoint site.
Any thoughts?
Update
Hmm, I've now found that if I access the sharepoint site remotely and the sharepoint site tries to do a File.Create() locally (i.e. File.Create("C:\temp\abc.txt")) then it works. If I access the sharepoint site from the sharepoint box and do a File.Create() remotely (i.e. File.Create("\ServerName\ShareName\FolderName\file.txt")) then it works.
It only fails when I access the sharepoint site remotely and have the sharepoint site try to do a File.Create() remotely as well. Kind of a double hop problem. This makes me think it may be an NTLM / Kerberos issue.
Currently, we are running using NTLM authentication.
Has anyone else experienced this sort of issue?
Update
Yep, I'm pretty sure this is an NTLM issue not allowing a double hop. I just changed the authentication on the sharepoint site to use Basic Authentication and its worked. Changed it back to Integrated Authentication and it failed.
Now to decide whether to move the farm to use Kerberos or find another way around the issue. :-/
Update
Just giving SPSecurity.RunWithElevatedPrivileges a shot now. One thing though, is RunWithElevatedPrivileges meant to be used in this context? Previously, I've only used it to get access to lists and libraries within SharePoint rather than accessing a file access the network.
Any thoughts?
Update
Yep, SPSecurity.RunWithElevatedPrivileges resolves the issue. :-)
I wonder if this is the double-hop issue and that your code is trying to access the resource as the impersonated user, but that fails because NTLM will not impersonate to another server (Kerberos would).
Have you tried SPSecurity.RunWithElevatedPrivileges? That would remove the impersonation (RevertToSelf) and then maybe the application pool owner can just act as himself (herself?) whereas maybe it couldn't before.
Just a thought and should be pretty easy to try out.

Authentication dialog when running with Visual Studio web server

When using Visual Studio's built in web server, every time I make a page request the standard login box pops up and asks for credentials. It doesn't work if I actually put in my credentials, so I just have to hit cancel 5 times so it will go away.
When I run the application through IIS (locally or on test server) it works just fine (no login box comes up).
Anyone know how to fix this or have any idea what might be causing it?
I assume you mean JavaScript alert box-looking login dialog, right? This dialog pops up when you make a request to a portion of website where anonymous access is disabled from IIS. It is different from ASP.NET authentication.
Do you have some portion of web site protected? Or are you making any HTTP request to external sites, like images and etc?
If your page looks ok after hitting cancel multiple times, it must be one of those HTTP request to protected file like images, css, js or whatever.
I'd look in Fiddler or Firebug to see if any request is failed when you hit cancel in that login dialog.
I'd also try clearing cache/authenticated session on the page that runs on IIS to see if it actually shows you that login dialog.
I had this same issue. However, my solution was different and the issue seemed different as well.
I had been working on a ASP.NET 2.0 web application, using VS 2008. Everything was working fine with the built-in IIS server. I hadn't opened this project for about a week and then when I chose "View in browser" in VS, I was prompted for my windows login creds. This project never did this before, so I was a bit baffled. I checked all the web.config settings and everything seemed fine. My project settings seemed correct as well. I decided to test the project by opening this same project in VS on a separate dev box on my network using a network path. I again chose "View in browser" and it worked fine. No logon prompt.
This told me that the issue wasn't with the actual web project itself, rather my dev environment. I checked all my browser settings as suggested above, and they were correct. I then compared my project settings while I had the same project (same physical files) opened in both dev boxes. I noticed a difference...
Under the Start Option in the Property Pages, the Web Server was set to use the Default Web server in both cases. However, on the box that was asking for my creds, the NTLM Authentication checkbox was selected. I unselected this and it resolved the issue.
I'm not sure how this was possible since I was opening the same project files, and would assume the project settings would be exactly the same. And the fact it was working fine a week ago really perplexed me. I chalked it up to an issue with VS 2008 on the box with the issue. I hope this helps anyone else that may be running into this issue.
This was because localhost was not in my trusted sites so it wouldn't do automatic NTLM authentication... I'm not sure why it was that way, but it was... adding localhost to the list fixed it.
In your project, there should be a vwd.webinfo file.
The following lines control authentication when debugging (in IISExpress). Set as follows to avoid all dialogs.
<VisualWebDeveloper>
<iisExpressSettings anonymousAuthentication="enabled" windowsAuthentication="disabled" useClassicPipelineMode="false"/>
</VisualWebDeveloper>
If windowsAuthentication="enabled" you may still get a dialog, even if anonymousAuthentication="enabled" :-)

Resources