I have made a web application, which reads/writes from/to Active Directory. In my web.config file there is
<identity impersonate="true"/>
and
<authentication mode="Windows"/>
When I display
System.Web.HttpContext.Current.User.Identity.Name
in some label, it shows mydomain\myusername, so I think impersonation works.
Now to the question. When I access the application on the server, where the IIS web server is running, everything works great. But when I access the web application from a remote PC, I get an exception (the label still shows "mydomain\myusername").
I have traced the problem down. In the code behind when I call
Forest currentForest = Forest.GetCurrentForest();
the variable currentForest knows its currentForest.Name, currentForest.RootDomain or currentForest.ForestMode, but any call to currentForest.Domains, currentForest.Sites or currentForest.GlobalCatalogs results in
System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException.
Now I'm lost and don't know what to debug further. The account I'm using is member of Enterprise Admins (multi-domain forest). I have tried it on two different servers with different IIS versions (IIS 7.5 and IIS 6.0) with no luck.
And the thrown exception isn't of much help:
Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
DirectoryServicesCOMException (0x80072020): An operations error occurred.
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +557
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +98
System.DirectoryServices.ActiveDirectory.ADSearcher.FindAll() +46
System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +543
[ActiveDirectoryOperationException: An operations error occurred.]
System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +512484
System.DirectoryServices.ActiveDirectory.Forest.get_Domains() +44
myWebApp.ASPpage.Button_Click(Object sender, EventArgs e) in C:\Documents and Settings\myUser\documents\visual studio\Projects\MyWebApp\MyWebApp\ASPPage.aspx.cs:158
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
EDIT: If it is not obvious, I want to use currentForest.Domains to search the whole forest (all domains) for a user given by UPN name.
I found the answer to my question in one of "Related questions" on this page. The answer was in this topic: Why does DirectoryServicesCOMException occur querying Active Directory from a machine other than the web server?
I found, that it was exactly my case. After reading the suggested Microsoft article, I learned, that impersonating works only for local resources on the IIS server. To access network resources (SQL, Active Directory), I have to set "Trust this computer for delegation" in the computer object in Active Directory.
It was because the IIS always authenticate therefore System.Web.HttpContext.Current.User.Identity.Name showsmydomain\myusername; to verify that the impersonation works you could use:
System.Security.Principal.WindowsIdentity.GetCurrent().Name, also the System.Security.Principal.WindowsIdentity.GetCurrent(true) returns null when it is not impersonating.
Related
I have a server whose sole purpose is to host a prebuilt IIS app from a vendor.
The server has been built, IIS is working, and with everything installed, the app is accessible from http://servername.domain.com/app
I want to add an alternate URL, to be http://appname.domain.com/app, for ease of use and cleanliness.
I added the binding on both ports 80 and 443 with our site cert, using all unassigned IPs and none of the boxes ticked.
Despite changing nothing but the bindings, I'm getting the following error attempting to use the newly bound URL:
Value cannot be null.
Parameter name: source
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentNullException: Value cannot be null.
Parameter name: source
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ArgumentNullException: Value cannot be null.
Parameter name: source]
System.Linq.Enumerable.Where(IEnumerable`1 source, Func`2 predicate) +6466184
Xtraction.Web.Auth.Authenticate.HasSingleActiveProvider() +185
Xtraction.Web.Auth.Authenticate.Page_Load(Object sender, EventArgs e) +115
System.Web.UI.Control.OnLoad(EventArgs e) +106
Xtraction.Web.PageBase.OnLoad(EventArgs e) +17
System.Web.UI.Control.LoadRecursive() +68
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3785
Based on the error information you provided, the reason I retrieved is that your application pool is not set up to use a service account, which prevents you from logging into Xtraction.
You need to set the application pool to use the Windows service account:
Go to IIS Manager > Servers > Application Pools > Xtraction
Click the Advanced Settings link in the right pane
Go to the Identity section, if it's set to Network Service, then click the ellipsis on the right
Change to "Custom Account" and enter your service account - this must have dbowner (or at least db_datareader and db_datawriter)
permissions on the Xtraction database
Click OK and restart the application pool (or execute iisreset). You should now be able to log in to Xtraction
For more information, you can refer to this link.
I've given IUSR full control over the folder but when i upload files it gives me this error:
Access to the path 'C:\inetpub\wwwroot\vivaweb\usr_up_img\Desert.jpg' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\inetpub\wwwroot\vivaweb\usr_up_img\Desert.jpg' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
1. Add a "Debug=true" directive at the top of the file that generated the error. Example:
<%# Page Language="C#" Debug="true" %>
or:
2) Add the following section to the configuration file of your application:
<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Stack Trace:
[UnauthorizedAccessException: Access to the path 'C:\inetpub\wwwroot\vivaweb\usr_up_img\Desert.jpg' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +7716783
System.IO.File.Delete(String path) +7577512
ASP.vivaweb_dwzupload_resizeaspnet_aspx.ResizeImage(String oldPathImage, String newPathImage, Int32 Width, Int32 Height, Int32 imgQuality, Boolean keep, Boolean isThumb) +217
ASP.vivaweb_dwzupload_resizeaspnet_aspx.Page_Load(Object sender, EventArgs e) +379
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
It is clear your application is using "ASP.NET" user
So give permission to this user or simply give permission to user everyone
There are a few unanswered questions in this post that I'll have to make a few assumptions on. First, I have no idea how you have your site deployed and thus don't know what identity it's using. If you are running it directly through visual studio, depending on your version, it should be either using "ApplicationPoolIdenity" or "NetworkService".
If you are running your site through IIS, you can figure that out easily (and change it if you like). Just open up application pools under the IIS instance and you should see them in an "identity" column.
After that, you will need to make sure to give permissions the same as the identity used to your site. Get the root folder used to house the site and give it appropriate permissions. Right click the folder and go to Properties -> Security -> Edit. Add in the identity that your site is using and you should be done.
A final note, you may actually want to turn on the debug configuration setting in your web.config file if you are in a local/debugging environment. It will give more information to work with to solve your issue.
I added the following to:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
<system.net>
<connectionManagement>
<add address="*" maxconnection="192" />
</connectionManagement>
</system.net>
After saving the application was running fine. However calls to third party web services/web method (MICROSOFT MAPPOINT, another API unrelated to Microsoft i.e two independent references) failed to work. One of which returned the following error:
--------------------------------------
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.]
WebApp.AddUpdate.LoadWebServiceRecord() +7740
WebApp.AddUpdate.MessageBox1_YesClicked(Object sender, EventArgs e) +51
WebApp.webcontrols.MessageBox.Yes_Click(Object sender, EventArgs e) +140
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +114
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +139
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +28
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2980
Version Information: Microsoft .NET Framework Version:2.0.50727.4206; ASP.NET Version:2.0.50727.4209
i.e exception above appears to have been created as it could no longer contact the service.
Remove the amendment in machine.config i.e remove the maxconnection rows and it all works fine again. Any idea why?
Do i need to declare the third party reference's in maxconnection?
if so would it be possible to provide and example?
Generally speaking, you shouldn't have to adjust it manually. ASP.NET 2 sets processModel to auto by default which among other things automatically scales maxconnections for the # of CPUs available (12N).
As to the error you're seeing, there must be more than meets than eye; the two are completely unrelated and there is no reason any maxconnection value would trigger a NullReferenceException in your application.
HTH
References:
http://technet.microsoft.com/en-us/magazine/2006.11.insidemscom.aspx
http://msdn.microsoft.com/en-us/library/7w2sway1.aspx
I'm Totally new in ASP.net and currently working on a CRM application. This project uses .mdb files as backend but I am getting the following runtime error:
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:
System.Data.OleDb.OleDbException:
Unspecified error
Stack Trace:
[OleDbException (0x80004005):
Unspecified error]
EmployeeManager.isUser(String strUID,
String strPswd) in
d:\hosting\nitindia\App_Code\EmployeeManager.vb:481
Employees.BtnSubmit_Click(Object
sender, EventArgs e) in
d:\hosting\nitindia\Employees.aspx.vb:35
System.Web.UI.WebControls.Button.OnClick(EventArgs
e) +111
System.Web.UI.WebControls.Button.RaisePostBackEvent(String
eventArgument) +110
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument)
+13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection
postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint) +1565
The above error occurs only when we upload these pages & test online. When running on localhost the error is not being raised.
What is the cause of this issue, and solution?
System.Data.OleDb.OleDbException: Unspecified error
This error mostly belongs to permission error, for this error we have mutiple solutions as per situation
Put the impersonate=false in web.config file.
If you want to put the impersonate = true in that case you need to provide the read/write permission to impersonate user on "C:\Documents and Settings\server name\ASPNET" folder or through process monitor utility you can check which file don't have sufficient permission.
If you have windows server 2008 then you will not found the ASPNET folder and still want impersonate=true then you need to change the configuration in IIS 7.5/7.0.
Go to IIS -> select your application pool -> Advanced Setting -> Process Model ->Identity=ApplicationPoolIdentity
Go to IIS -> select your application pool -> Advanced Setting -> Load User Profile = False
See here for more details.
Both of these conditions may cause this (rather unhelpfully named) error to occur:
The ASPNET account not having permissions to open the file.
The database file is locked by another user.
for answer finders :
try to look into https://learn.microsoft.com/en-us/iis/application-frameworks/running-classic-asp-applications-on-iis-7-and-iis-8/using-classic-asp-with-microsoft-access-databases-on-iis#using-process-monitor-to-gather-more-information and set Permissions on the Temporary Folders
PS in my case it was impersonate user who does not have access to current user temp folder C:\Users\`Username`\AppData\Local\Temp\
Anyone familiar with error below? When I run my webapp to generate a dynamic excel doc from my local machine it works fine but when the same piece of code is invoked on the server I get the below error. It seems like it's a permissions issues since it works on my machine but not the server but I don't know where to start in order to pinpoint the problem. Any guidance/help is greatly appreciated!
Server Error in '/' Application.
--------------------------------------------------------------------------------
This command is unavailable because the license to use this application has expired.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: This command is unavailable because the license to use this application has expired.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x800a03ec): This command is unavailable because the license to use this application has expired.]
Microsoft.Office.Interop.Excel.Workbooks.Add(Object Template) +0
PaymentsReport.Page_Load(Object sender, EventArgs e) +70
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +34
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1061
Office/Excel is installed on the server and I can open/save excel docs on the server. Could it be the version of excel on the server vs. my local machine? If so how can I make sure I have the latest on the server?
Apart from being installed, you need to make sure the application is activated on the server:
http://support.microsoft.com/kb/294973
Has details on how to do this.
Using Office Interop requires that the Office components you're using actually be installed on the server.
I'm gonna take a WAG and say that you just can't slap any old copy of Office on a server and let multiple users access it via your website. You need to look at the licensing restrictions for using MS office in a server environment.
Do you have a licensed, activated copy of Excel on the server? It probably works on your local machine because you have Office/Excel installed locally.