ClickOnce Error 403: Forbidden - iis-7

A customer gets a 403 error when trying to install our VSTO ClickOnce application. We are hosted on GoDaddy IIS7.
"Downloading (one of our files ending in .deploy) did not succeed. System.Net.WebException: The remote server returned an error (403): Forbidden."
FWIW I've made sure all files needed for the installation are present in the remote directory. The publish from Visual Studio succeeds without any errors.
The installer is hosted on GoDaddy, and it has all the correct ClickOnce MIME types set. We didn't modify any of these.
BTW, could not find the ClickOnce error log! Searching online reveals that the log is located in Temporary Internet Files by default, but it was not there. We don't have our own custom log file location set, and we'd prefer not to set up a custom location for the customer's log if we can just grab the default one instead. It doesn't sound as though the log file provides any additional information beyond the stack trace revealed by the "Details" button in the error dialog, anyway.

Sounds like there is no read access to this file for your customers.
Try to download the file directly.

Related

HTTP Error 500.19 - Internal Server Error 0x80070003 Cannot read configuration file

I'm getting the above error when I publish my application and move it from development to production server. Below are the error details.
Detailed Error Information
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x80070003
Config Error Cannot read configuration file
Config File \?\C:\inetpub\wwwroot\WorkmenCompTest\web.config
Requested URL http://localhost:80/wictest
Physical Path C:\inetpub\wwwroot\WorkmenCompTest
Logon Method Not yet determined
Logon User Not yet determined
This website used to work previously but recently the published version stopped working due to this error. As far as I can tell, the only change was installing iTextSharp and iTextSharp xmlworker through nuget.
I have tried, without success:
giving modify permission on the site folder to Everyone
checking the web.config file, and using an older version of the web.config file (from when the site worked).
uninstalling iTextSharp and iTextSharp XMLWorker
The project still runs without issue from Visual Studio.
This is solved. The error was caused by the folder name not matching the path for the virtual directory. Oh wow I feel dumb.
Check the applicationhost.config file under - .vs\lpsWeb-UI\config folder of your application root.
Under sites section of the config file check what the physical path points to.
If you modify those you should be able to fix the issue.
This is because of different physical path in the IIS.To change the physical path of application content
You can perform this procedure by using the user interface (UI), by running Appcmd.exe commands in a command-line window, by editing configuration files directly, or by writing WMI scripts.
User Interface
To use the UI
Open IIS Manager. For information about opening IIS Manager, see Open IIS Manager (IIS 7).
In the Connections pane, expand the Sites node and click to select the site in which your application runs.
In the Actions pane, click View Applications.
On the Applications feature page, select an application from the list and then click Basic Settings in the Actions pane.
In the Physical path box, change the path of the application content.
Click OK.
DefaultAppPool application pool runs under the Network Service account. This account is local to the computer and this account does not exist on another computer. Make sure that you configure the DefaultAppPool application pool to use an account that is a domain user. Then, you can use the same account on the WorkmenComp file server. Alternatively, you can create a workgroup account on the WorkmenComp file server.
I am getting this HTTP Error 500.19 error when I am giving physical path as Z:\App_Live in IIS
Instead of using z:\ ,
I used network path \\server\share\live_folder in the IIS physical path – something like this \\server\share\wwwroot\inetpub\wwwroot
Also you may need to specify username/password in "connect as".

IIS 7 not showing virtual directory mapped to another machine

I have an issue with IIS7 when mapping virtual directories to another machine.
This is my setup:
my Web APP is running on the web server (let's call it WEBSERVER). Windows Server 2008, IIS 7.
I got some assets/images in an assets server (let's call it ASSETSSERVER). Windows Server 2003, on the C:\Assets folder, shared as \\ASSETSSERVER\Assets
Servers are in a workgroup, not a domain. This is something beyond my control, which I can't change.
Following the recommendation of our network team, I configured the app pool to run under the user WEBSERVER\portaluser
In my web app, I define a virtual directory. I map it to \\ASSETSSERVER\Assets. In the log in credentials, I specify the user ASSETSERVER\assetsuser (which exists). The 'Test credentials' buttons show that i am authenticated OK and that I have authorisation.
At first, I got a 500.19 error telling me I could not log in. This post revealed the solution: I had to create a WEBSERVER\assetsuser user with same password (counter-intuitive, but it worked).
After that, my assets still refuse to display. I now get a message similar to this:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: An error occurred loading a configuration file: Failed to start monitoring changes to '\\ASSETSERVER\assets'.
Source Error:
[No relevant source lines]
Source File: \\ASSETSERVER\assets\web.config Line: 0
I have done some extensive googling, and I have tried the following:
Modified the local policy to allow WEBSERVER\portaluser to impersonate other accounts after login, as suggested here (it's for Windows 2000 Server but it was worth a try!)
Added permissions to everyone to the \\ASSETSSERVER\assets, as indicated here (bottom answer)
Added read/execute/list permissions to the c:\ drive in ASSETSSERVER to the ASSETSSERVER\assetsuser user, as suggested here (method 3)
I edited the registry key to stop IIS from monitoring the folders for changes, as indicated here (the writer claims that it's not related to IIS but I am quite certain that IIS does monitor the folders for changes in web.config)
I have configured allowsubdirconfig="false" in applicationHost.config as indicated here
None of these solutions have worked, and I am running out of ideas of what to try. It seems like I'm so close yet so far. Any suggestions?
After several of work I found the solution to this issue.
It was as simple as creating a user called "portaluser" (the same as my app pool identity user) in ASSETSSERVER.
This is counter-intuitive: I explicitly told IIS7 to connect to ASSETSERVER as the assetsuser server, but it was still using portaluser to check for the existence of web.config (and monitor for changes).
Having seen that, I decided to use the same account to run the app pool and to connect to the remote virtual directory. I just used 'assetsuser' instead of 'portaluser'
Hope this helps

ASP.NET Web API looking for web.config in the wrong spot

IIS 7.5 is looking for my web.config file in a mapped route and not in the actual folder location.
Example
C:\inetpub\wwwroot\api\thedoors\1 <-- is where it's looking this is not a directory but a specified url in WebApiConfig class
Where it should look is
c:\inetpub]wwwroot\thedoors\
I'm using publish from VS 2012 to publish locally to my IIS 7.5 web server.
Server Error in Application "THEDOORS"
Internet Information Services 7.5
Error Summary
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Detailed Error Information
ModuleIIS Web Core
NotificationMapRequestHandler
HandlerStaticFile
Error Code0x80070002
Requested URLhttp://localhost:80/api/thedoors/1
Physical PathC:\inetpub\wwwroot\TheDoors\api\thedoors\1
Logon MethodAnonymous
Logon UserAnonymous
Most likely causes:
The directory or file specified does not exist on the Web server. The URL contains a typographical error. A custom filter or module, such as URLScan, restricts access to the file.
Things you can try:
Create the content on the Web server. Review the browser URL. Create a tracing rule to track failed requests for this HTTP status code and see which module is calling SetStatus. For more information about creating a tracing rule for failed requests, click here.
Links and More Information
This error means that the file or directory does not exist on the server. Create the file or directory and try the request again.
View more information »
Benny, this is not the problem with the virtual location of your web.config file. It is telling you that something about your web.config file is not correct. It seems that it cannot find physical web.config in the location C:\inetpub\wwwroot\api\thedoors\web.config where your Web API is executing. Do you have the file in the specified location?
UPDATE: I would open IIS Managment Console and check folder mappings.
I just created a sample Web API project and published it to a local IIS, but I cannot reproduce the issue. My folder mappings seem to be OK. The folder is C:\inetpub\wwwroot\sampleapi and web.config is there.

Windows Server 2008 R2 + IIS 7.5 - Resource cannot be found

I have migrated our company web apps from Windows Server 2003 to Windows Server 2008 R2. The are all .Net 2.0 classic web apps. They all seem to work fine, except when accessing any resource with a path starting with /Reports/...
In one app the physical path on disk is c:\Websites\app_name\WebService\Reports... In this reports folder PDF files are dynamically generated and written to disk. They can be accessed via a URL such as this:
http://domain_name/Reports/xxxx.pdf
where /Reports is a virtual directory mapping to the physical path above. This worked fine on 2003 server & IIS6 but on IIS7.5 & 2008 R2 I keep getting the following error:
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Reports/xxxx.pdf
I have another web app that generates the reports dynamically and streams them directly to the client browser for saving to the local disk, rather than being written to disk on the server. Similar to the above example, the page that generates the report is found under path as follows:
/Reports/Viewer.aspx
In this case there is no virtual directory being used. The URL referenced in the browser is:
http://another_domain_name//Reports/Viewer.aspx
Once again I get the same error message as above... HTTP 404 - The resource cannot be found.
I have tried all the permission settings under the sun to try and get it working but to no avail. I've use built in accounts, created new accounts with permissions from very minimal right up to full admin rights. I've also played with the new AppPool Identities with no success. It doesn't seem to matter what permissions I set specifically on the directories, or the accounts configured for the app pool or basic settings on each website itself.
Once thing I have discovered though, is that whilst the browser is getting the HTTP 404 error, there is no record of this request appearing in the IIS log files for each website!! This is really confusing me, as I would definitely expect to see a failed 404 log entry on the requested resource.
Something else to note, I'm running SQL Server 2008 Enterprise on this machine with Reporting services installed and enabled. It's a stretch, but could there be some contention over the /Reports path in my websites vs something else running on the machine? I'm using different bindings/host headers for each individual domain and website running on the server.
Check Reports folder conflict. And remember, Google is faster than SO.
IIS gives 404 errors for more than just File Not Found these days - so it doesn't give away too much to attackers. Have a look at the event log (application), and also try accessing it from the server itself.
The other thing to check is that your IIS app pools are correctly configured - especially with the correct pipeline mode and .NET framework version.
At a command prompt, type:
netsh http show urlacl
See if there are any bindings with /reports/ --maybe a left over from a SQL Server Reporting Services install?
v/r
BK

web deploy 401 from package, works in VS2010

I'm trying to get an automated deployment working from a CI server (TFS 2010)
Basically I've got a package getting built and if all the tests past I'd like to deploy it.
Outside of TFS and just using the visual studio command line, I navigate to the folder location of the package and use the following:
C:\site\Package>site.deploy.cmd /Y
/M:"https://WebServer:8172/MsDeploy.axd" -allowUntrusted /U:username
/P:password /A:Basic
Where in this case the user is a domain user with full permissions on the destination website folder. When I run this I get a 401 unauthorized error. I've created an IIS Manager and set up the permissions for the network service account on the destination files too but that also gives the same error.
The frustrating point is that from the VS 2010 right mouse click publish page it works perfectly with either user. Does anyone have any ideas. I've been all over stack overflow and I'm certain that the folder permissions are correct and that IIS is configured correctly. The fact that VS 2010 can publish with the same credentials backs that up for me.
I did see that you can pass ?site=SiteName when specifying the server but I just get errors about not expecting that parameter.
Looking at the site.deploy.cmd and site.SetParameters.xml it appears that it certainly looks likes it's going for Web Deploy 2 and that the configuration settings have been correctly grabbed from the config transform.
Thanks
If it's a non-admin user, you need to include the IIS site in the remote URL.
C:\site\Package>site.deploy.cmd /Y /M:"https://WebServer:8172/MsDeploy.axd?site=Website Name" -allowUntrusted /U:username /P:password /A:Basic
It's possible the generated cmd file does this for you, but only when you supply a certain argument.
http://www.jrjlee.com/2011/12/deploying-web-packages-as-non.html
this may work. append your site name with querystring to your url

Resources