I am running Dotnetnuke7 on a shared hosting environment using ASP.net 4.5 and IIS configured in integrated pipeline mode (as required by DNN7).
When I install it on a Win2008/IIS7 server (ASP4.0) at the hosting provider the application runs fine, but when I install it on a Win2008R2/IIS7.5 server at the hosting provider(ASP4.5) I get an exception Collection is read-only when trying to log-in or submitting anything to the site. (For example use DNN search function). See detailed stacktrace below.
The hosting provider checked the .net 4.5 permissions, and also applies apppool-specific permissions, but no luck yet.
Anybody a clue what IIS7.5 parameter or option can be the cause here?
Server Error in '/' Application.
Collection is read-only.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NotSupportedException: Collection is read-only.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NotSupportedException: Collection is read-only.] System.Collections.Specialized.NameObjectCollectionBase.BaseSet(String name, Object value) +6703734
System.Web.HttpServerVarsCollection.SetServerVariableManagedOnly(String name, String value) +116
System.Web.HttpServerVarsCollection.SynchronizeServerVariable(String name, String value) +28
System.Web.HttpRequest.SynchronizeServerVariable(String name, String value) +112 System.Web.Hosting.IIS7WorkerRequest.GetServerVarChanges(HttpContext ctx) +308 System.Web.Hosting.IIS7WorkerRequest.SynchronizeVariables(HttpContext context) +9676858 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +151
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
For anyone stumpling on this - I had this exact issue today.
Resolved by two actions for me:
Verify isapi filters in IIS for .net 4.0/4.5 etc are ALLOWED
I had installed rewriter-modules (Helicon). Once I removed these ISAPI-filters again - all worked fine.
So check isapi-filters is my advice and start without any additional filters except the needed .net filters.
Related
When I publish the nopcommerce on the server, I got this error. My host provides me full trust level.
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's
trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request failed.
Source Error:
An unhandled exception was generated during the execution of the current web request.
Information regarding the origin and location of the exception can be identified
using the exception stack trace below.
Stack Trace:
[SecurityException: Request failed.]
Nop.Core.TypeConverterRegistrationStartUpTask.Execute() +0
Nop.Core.Infrastructure.NopEngine.RunStartupTasks() +487
Nop.Core.Infrastructure.NopEngine.Initialize(NopConfig config) +48
Nop.Core.Infrastructure.EngineContext.Initialize(Boolean forceRecreate) +92
Nop.Web.MvcApplication.Application_Start() +66
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.36366
how to solve this error?
Check if your hosting meets the requirements: Technology & System Requirements
Next check whether you done this right: Installation Guide
For me this seems like your installation has not enough rights.
According to installation guide you need to give nopCommerce write permission on following directories and files
\App_Data\
\bin\
\Content\
\Content\Images\
\Content\Images\Thumbs\
\Content\Images\Uploaded\
\Content\files\ExportImport\
\Plugins\
\Plugins\bin\
\Global.asax
\web.config
Steps to recreate this issue:
Inside IIS create a new .net 4 website (herein known as the parent).
Drop a test image in the folder for this website and observe you can
request it successfully in a browser
Add a new virtual directory OR application under the parent that points to a WebAPI 2 project
Attempt to access the API in the browser using www.path-to-parent-site.com/api/something/or/other
I get the following error:
System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Configuration.ConfigurationErrorsException: System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ConfigurationErrorsException: System.Web.Routing.UrlRoutingModule does not implement IHttpHandlerFactory or IHttpHandler.]
System.Web.Configuration.HandlerFactoryCache.GetHandlerType(String type) +12328272
System.Web.Configuration.HandlerFactoryCache..ctor(String type) +27
System.Web.HttpApplication.GetFactory(String type) +94
System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +375
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34209
Is there anything I can do to get this working? I can find very little relevant information on this particular issue and even fewer solutions to those who have seen this error.
Note: If I add the WebAPI 2 project as a new website in IIS it works perfectly; its only when its nested as a child (either virtual directory or application has the same problem) that this happens.
Thanks
WebApi is not supposed to be hosted on a virtual directory, if you wanna do so you need to make the routing pattern dynamic and load the first part from the virtual directory.
var virtualDirectory = request.ApplicationPath;
routes.MapHttpRoute(
name: "API Default",
routeTemplate: virtualDirectory + "/api/{controller}/{id}",
defaults: new {
id = RouteParameter.Optional
}
);
You need to use parentsite.com/childvirtualdirectory/api even though the API is hosted in the childvirtualdirectory.
In my scenario, I had parentsite/api setup in IIS... then to access the web API, I needed to use http://parentsite/api/api/<<controller>>
I tried this:
runas /user: domain\user cmd with no luck
This seems to only occur now when IIS is reset and I try to resume my browsing session. So I am logged into the application, I reset IIS on the server, refresh the page and see the error.
I am building an application in .NET 4.0 MVC with a Secure Token Service that is using WIF 4.0. Everything works as expected, except this case. I even tried to use a custom error page, but the error is happening there as well. Because of that, I can't get the custom page to show either. Also, This is using a certificate that is located on both load balanced servers. This happens in my dev environment whihc consists of only one server (app, wfe, db operated there)
One thing I noticed is that if I switch my IIS APP Pool user back to Network Service account it doesn't throw the error any more. We have some restrictions (mostly network related) in the application that we need to use an account in our AD for the app pool sections
Anybody have any experience with this issue?
Key not valid for use in specified state.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details:
System.Security.Cryptography.CryptographicException: Key not valid for
use in specified state.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: Key not valid for use in specified state. ]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[]
encryptedData, Byte[] optionalEntropy, DataProtectionScope scope) +428
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +54
[InvalidOperationException: ID1073: A CryptographicException occurred
when attempting to decrypt the cookie using the ProtectedData API (see
inner exception for details). If you are using IIS 7.5, this could be
due to the loadUserProfile setting on the Application Pool being set
to false. ]
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +146
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[]
cookie, Boolean outbound) +113
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader
reader, SecurityTokenResolver tokenResolver) +647
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[]
token, SecurityTokenResolver tokenResolver) +105
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[]
sessionCookie) +262
Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken&
sessionToken) +76
Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object
sender, EventArgs eventArgs) +53
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+148 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
This issue is related to session cookies.
WIF protects session cookies using Data Protection API (DPAPI) by default, and the DPAPI is closely related to machine keys.
If the keys used to encrypt the session cookies change, it throws this exception.
It could be also related to your app hosting infrastructure.
if your app is running in an Network Load Balancer (NLB) environment
if you change the app pool settings (e.g., change the pool’s user)
More details about this scenario on the MSDN blog entry:
WIF 1.0 – ID1073 A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API Archive.Today Shortlink
Todd Foust (October 29, 2012)
So, if your app runs in NLB environment, you could :
Configure your load balancer to use sticky sessions. This means that your user will be directed to the same server during the session duration. (I’m not very fond of that one)
Use a certificate to encrypt the session cookies
set all web.config files to use the same machine key in system.web
If you are not running the app in a NLB env, you could try:
set the machinekey in your web.config to use a pre-defined value instead of auto-generated values
Regarding auto-generated machinekey setting, please see:
How unique is your machine key?Archive.Today Shortlink
Has anyone ever come across this error? I'm getting this when I post back to a forms authenticated site after redirecting to another site and then redirecting back. I've already checked that loadUserProfiles="true" but that did not help. This is a site hosted on IISExpress via other sites also hosted on IISExpress, using localhost gen'ed SSL certs and differentiating via host header. I'm pretty clueless at this point on where the error even comes from. Is it a cookie error? The FormsAuth cookie? It's ASP.NET 4.0 site where I'm authenticating against a Thinktecture Id server. Any feedback is appreciated to help me with my current block. Thanks
Server Error in '/' Application.
The data is invalid.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: The data is invalid.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: The data is invalid.
]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope) +318
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded) +203
[InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ]
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded) +319
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +217
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +1951
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +149
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +595
Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +120
Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +113
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18044
Crypto errors like this are common if your application pool is not set to load its user profile. The crypto system needs to access user's cert store.
The exact moment the error occurs is when you authenticate and the sts sends back the signed SAML token.
This means that the error is subtle. You don't see it everytime, only in one exact moment. You can even be deceived that the error is gone because the site works correctly, however the error reappears as soon as someone tries to log in.
The problem was only happening in IE9 when running in Debug mode. After awhile it went away for whatever reason. :/
I am using Microsoft Commerce Server 2007 and a custom ASP.NET 2.0 website. Everything works well in Classic Pipeline, but when I try to use the Integrated pipeline, it fails with the following error:
Server Error in '/' Application.
Request is not available in this context
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Request is not available in this context
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpContext.get_Request()
+8794400 Microsoft.CommerceServer.Runtime.Orders.CommerceOrderModule.Init(HttpApplication
appInstance) +134
System.Web.HttpApplication.InitModulesCommon()
+65 System.Web.HttpApplication.InitIntegratedModules()
+49 System.Web.HttpApplication.InitInternal(HttpContext
context, HttpApplicationState state,
MethodInfo[] handlers) +729
System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext
context) +298
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext
context) +107
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) +363
I've done my best to research this, and it's definitely caused by Commerce Server trying to access the HttpContext.Current when there is no current request. This all happens before anything in my code, and there's nothing to break into or any source code to look at. I've even tried attaching the debugger to the IIS process (w3wp.exe), but it doesn't catch anything.
I have followed the instructions Here to add the web.config section, but it hasn't made any difference.
I have a different website on a different server using Commerce Server in Integrated Pipeline mode with no problems, so I know it's possible. I can't find a significant difference between the two web.config files, so I'm assuming it's a config error somewhere else, but I don't have any idea where to look.
It is critical that I can get this working in Integrated Pipeline mode for performance reasons, plus I am creating a custom URL Rewriting HTTP Module which works with the integrated pipeline only.
Thank you in advance for any help!