File sharing violation using SQL Server Compact Edition - asp.net

I have a personal website written in ASP.NET Web Pages, with a small SQL Server Compact Edition database. This is handy for me because the database is stored as a file (.sdf), and when I add, modify or delete any records and test it out locally, I can just use Publish... in WebMatrix and copy the .sdf file over.
This works great except for a random error message I get when it accesses the .sdf file.
I get...
There is a file sharing violation. A different process might be using the file.
Sometimes a page refresh will fix it, sometimes I have to refresh the page a couple of times. I suppose migrating the database to a SQL Server database will fix it, but I don't really want to do that. Is that the best option though?
Here's a link to the site, maybe you'll hit the error: http://www.garethlewisweb.com
Is there something I have to change in the code, or will I need to ask my hosting company to change something. I don't really have a lot of experience in this area.
Thanks!
Update
Here's my code
_AppStart.cshtml
#{
WebSecurity.InitializeDatabaseConnection("GarethLewisWeb", "UserProfile", "UserId", "Email", true);
// WebMail.SmtpServer = "mailserver.example.com";
// WebMail.EnableSsl = true;
// WebMail.UserName = "username#example.com";
// WebMail.Password = "your-password";
// WebMail.From = "your-name-here#example.com";
}
Default.cshtml
#{
Layout = "~/Shared/_SiteLayout.cshtml";
Page.Title = "Home";
var db = Database.Open("GarethLewisWeb");
var featuredPhotoSQL = " SELECT col " +
" FROM tablename ";
var featuredPhoto = db.QuerySingle(featuredPhotoSQL);
}
[Lots of HTML and C# code here...]

Well, you know- that is like trying to wash dishes in an oven. It won't work.
Basically - most likely you try to create multiple instances of SQL Server CE and then use the same DB and guess what - the old one still has the exclusive lock.
In general, you CAN NOT USE SQL CE ON A WEBSITE. It is not made for concurrent access, and even if you are one of the few, that is like asking for trouble. Google comes around, a fiend comes around, and occaionally your browser comes around with 2 requests that overlap and boom - dead.
You do not show any code, so I can only guess what causes the problem, but the documentation for CE is QUITE strict - it is NOT for multi threaded scenarios.

Not really an answer to this specific problem, but the migration to SQL Server solved this issue.

When we added Mode=Read Only; Temp Path=c:/Temp in the connection string then it fixed.
<connectionStrings>
<add name="XYZ" providerName="System.Data.SqlServerCe.4.0" connectionString="Data Source=|DataDirectory|\XYZ.sdf;Max Database Size = 4091;Enlist=false;encryption mode=engine default;password=!secret!;Mode = Read Only;Temp Path=c:/temp" />
</connectionStrings>
It worked for us !

Related

How to create database for a Semantic Logging Application Block with SqlDatabaseSink

How to set up the SQL Server database for Semantic logging.
Does the table for logging information needs to be created earlier?
If yes, what is the schema to be used.
I have the following code :
var listener = new ObservableEventListener();
string connectionString = #"Data Source=nibc2025;Initial Catalog=TreeDataBase;Integrated Security=True;User Id=sa;Password=nous#123";
listener.EnableEvents(AuditingEventSource.Log, EventLevel.LogAlways, Keywords.All);
databaseSubscription = listener.LogToSqlDatabase
(
"Test",
connectionString,
"Traces",
Buffering.DefaultBufferingInterval,
1,
Timeout.InfiniteTimeSpan, 500
);
// The following one line of code is not part of this function.
// It is just added here to show this is how I log my information.
// Inside LogInformation method I call the 'Write' method
AuditingEventSource.Log.LogInformation("sgsgg", "sgsg");
databaseSubscription.Sink.FlushAsync().Wait();
Well, Since this thread gets the most hits on Google regarding Semantic Logging onto SQL DB or even SLAB ...
The scripts to create the DB lies here
\packages\EnterpriseLibrary.SemanticLogging.Database.1.0.1304.0\scripts
And to create the EventSource and Fire the Blocks, information are given here, for a shortcut and quick fix solution
http://entlib.codeplex.com/discussions/540723
Regards,
OK. I got it. the script was in the packages folder. I had overlooked that.

converting MSIDXS search to Windows Search Service for website

Here's my situation: I'm in the process of a website overhaul to the public website for our company. The old site was running on server 2003 on .net framework 3.5? it may have been originally built on the 2.0 framework for that matter. ANYway, the old site had a search feature which worked really nicely for users to find pages related to topics they were interested in. It used the old MSIDXS oledb connection type... simple code as follows...
Dim odbSearch As New System.Data.OleDb.OleDbConnection("Provider=""MSIDXS"";Data Source=""Proto"";")
Dim cmdSearch As New System.Data.OleDb.OleDbCommand
cmdSearch.CommandText = String.Format("SELECT doctitle, filename, vpath, rank, characterization, size FROM scope() WHERE FREETEXT(Contents, '{0}') ORDER BY rank DESC", searchText) WHERE CONTAINS(*,'\""" & searchText & "*\""') AND scope='file:C:\...\Web_App' ORDER BY System.ItemPathDisplay DESC
This worked great. But now we're moving this to a 2008 r2 server, which doesn't have the MSIDXS indexing anymore... or it does, but doesn't work for sites? I was able to turn it on, but it never found anything, and the catalog remained empty, and everything I've read said this isn't how to do searches on sites anymore. The 'new way' that I read about was using windows search service. I've adjusted the service on the box to 'index' the website's directory, and it seems to have stuff in the catalog... however, what code I've converted always returns 0. so the new code looks like...
Dim odbSearch As New System.Data.OleDb.OleDbConnection("Provider=Search.CollatorDSO.1;Extended Properties='Application=Windows';")
cmdSearch.CommandText = String.Format("SELECT system.title, system.filename, System.ItemPathDisplay FROM SystemIndex WHERE scope='file:C:\...\Web_App'")
Dim rdrSearch As OleDbDataReader = cmdSearch.ExecuteReader()
While rdsSearch.read()
I can't get this to actually return any results. regardless of what I put in as the search criteria, it jumps right to the end while.
Can someone tell me what piece of the puzzle I'm missing?
Everything was actually correct; I wasn't getting any rows back because I had already narrowed the systemIndex to be looking at the subdirectory that I wanted, so including a scope in the where clause was causing zero results. As soon as I took that out, the search works.
It looks that the scope should be specified as 'file:C:\\...\\Web_App', or add a '#' sign at the beginning of your query string.

Preparedquery vulnerable to Sql injection

I am running OWASP Zap as a security review for our code.
A SQL injection is being detected when we are using preparedquery and I am struggling to determine why? The basis of our code is:
DLPreparedQuery preparedQuery = this._env.Conn.Prepare("select a from Table1",
new DLDataTypes[] { DLDataTypes.BigInt, DLDataTypes.Char, DLDataTypes.BigInt, DLDataTypes.BigInt, DLDataTypes.Char, DLDataTypes.BigInt },
new string[] { "#P1", "#P2", "#P3", "#P4", "#P5", "#P6" },
DLQueryOptions.Default, -1);
object[,] objResult = (object[,])preparedQuery.Query(1, 'ABC', 'DEF', 1,'AAA',21);
We also escape all user input text with antixss using
Microsoft.Security.Application.Encoder.HtmlEncode(inputData)
Are there settings I should be looking at at SQLServer?
Thanks in Advance.
Haven’t worked with preparedquery but I’d suggest you run sql profiler until you identify the malicious statement. After identifying how statement looks like, you’ll most probably know what to do.
HtmlEncode doesn’t work here. I’d suggest you try replacing single quote ‘ with two single quotes. This is not a bullet proof solution but it’s likely to give you good results.
If your database is in full recovery mode you can try using some third party transaction log reader to scan through already executed statements and try to identify what could be the issue.

Moved from Windows server 2000 to 2008 now classic ASP catalog queries not working correctly

This one is driving me crazy.
Replaced our old Windows 2000 web server with a Windows 2008 one which means moving to IIS7.
Now the move went smoothly except for the search catalogs we had set up on the old machine.
I added the Indexing Service and created the catalog for our website.
However, now the classic ASP page that queries the catalog is behaving strangely.
Specifically, the "vpath" and "doctitle" are blank. Other fields are being returned correctly like "characterization" and "rank" but others are not.
And the most annoying part is anytime I make a change to the search results page I get this error:
The page cannot be displayed because an internal server error has occurred.
...and I have to wait a couple of seconds before retrying. And then the page will come up fine. Very bizarre.
Anyway, here's the classic ASP code:
Set objQuery = Server.CreateObject("ixsso.Query")
With objQuery
.Catalog = "Website"
.Columns = "doctitle, vpath, size, characterization, rank"
.SortBy = "rank[d], doctitle"
.MaxRecords = 50
End With
objQuery.Query = "(#filename *.asp) AND (#contents " & Request.Form("searchterms") & ")"
Set rsSystem = objQuery.CreateRecordset("nonsequential")
Do Until rsSystem.EOF
%><dt><% = rsSystem("doctitle") %></dt>
<dd><% = rsSystem("characterization") %>...</dd><%
rsSystem.MoveNext
Loop
Anyone else experience this?
Thanks.
The first thing you should do is to Enable IIS's detailed errors, to indicate which line of code is causing this error specifically.
Read the following page's "2) Enable IIS7 detailed errors" section, and give it a try. I hope it will help you some.
http://mvolo.com/blogs/serverside/archive/2007/07/26/Troubleshoot-IIS7-errors-like-a-pro.aspx

VBScript Out Of Memory Error

I have a classic ASP CRM that was built by a third party company. Currently, I have access to the source code and am able to make any changes required.
Randomly throughout the day, usually after some prolonged usage by users, most of my pages start getting an Out of Memory error.
The way that the application is built, is all the pages and scripts pull core functions from a Global.asp file. In that file are embeds to other global files as well, but the error presented shows
Out Of Memory
WhateverScriptYouTriedToRun.asp Line 0
Line 0 is the include for the global.asp file. Once the error occurs, after an unspecified amount of time the error occurence subsides for some time but then begins to reoccur again. With how the application is written, and the functions it uses, and the "diagnostics" I've already done - it seems to be a common used function that is withholding data such as recordset or something of that nature and then not releasing it properly. Other users then try to use the same function and eventually it just fills up causing the error. The only way for me to effectively clear the error is to actually restart IIS, Recycle the App Pool, and Restart the SQL Server Services.
Needless to say, myself and my users are getting annoyed....
I can't pinpoint the error due to the actual error message presented being Line 0 - but from there I have no idea where in the 20K lines of code it could be hanging up. Any thoughts or ideas on how to isolate or at least point me in the right direction to begin clearing this up? Is there a way for me to increase "memory" size for VBScript? I know there is a limitation but is it set at say...512K and you can increase it to 1GB?
Here are things I have tried:
Removing SQL Inline statements into Views
Going through several hundred scripts and ensuring that every OpenConnection & OpenRecordSet is followed by an appropriate Close.
Going through the Global File and commenting out any large SQL statements such as ApplicationLog (A function that writes the executed query into a table).
Some smaller script edits.
Common Memory Leak
You say you are closing all recordsets and connections which is good.
But are you deleting objects?
For example:
Set adoCon = new
Set rsCommon = new
'Do query stuff
'You do this:
rsCommon.close
adocon.close
'But do you do this?
Set adoCon = nothing
Set rsCommon = nothing
No garbage collection in classic ASP, so any objects not destroyed will remain in memory.
Also, ensure your closes/nothings are run in every branch. For example:
adocon.open
rscommon.open etc
'Sql query
myData = rscommon("condition")
if(myData) then
response.write("ok")
else
response.redirect("error.asp")
end if
'close
rsCommon.close
adocon.close
Set adoCon = nothing
Set rsCommon = nothing
Nothing is closed/destroyed before the redirect so it will only empty memory some of the time as not all branches of logic lead to the proper memory clearance.
Better Design
Also unfortunately it sounds like the website wasn't designed well. I always structure my classic ASP as:
<%
Option Explicit
'Declare all vars
Dim this
Dim that
'Open connections
Set adoCon...
adocon.open()
'Fetch required data
rscommon.open strSQL, adoCon
this = rsCommon.getRows()
rsCommon.close
'Fetch something else
rscommon.open strSQL, adoCon
that = rsCommon.getRows()
rsCommon.close
'Close connections and drop objects
adoCon.close
set adoCon = nothing
set rscommon = nothing
'Process redirects
if(condition) then
response.redirect(url)
end if
%>
<html>
<body>
<%
'Use data
for(i = 0 to ubound(this,2)
response.write(this(0, i) & " " & this(1, i) & "<br />")
next
%>
</body>
</html>
Hope some of this helped.
Have you looked at using a memory monitoring tool to see how much memory fragmentation is happening? My guess at a possible cause is that some object of a size is trying to be created but there isn't enough room in the memory to store it as one contiguous chunk. Imagine needing room to store an object that would take 100 MB and while there may be several hundred megabytes free, the largest contiguous chunk is 90MB then this doesn't fit.
Debug Diagnostic Tool v1.1 would be a tool where Bernard's articles may help in understanding how to use the tool.
Another thought is the question of how much string concatenation is there in the code? I remember where I used to work had problems with doing a lot of string concatenation operations that sucked up memory that may be another idea to consider.
Yeah, I could see some shock at that kind of number the first few times you see it but then if you understand what the code is doing it may make sense for why so much space gets reserved right off the bat at times.
I haven't used that debug tool specifically but I did have a tool that took a snapshot of memory when pages were hung so I couldn't tell if there was a performance impact of the tool or not. Course in my case I used a similar tool in 2004 so it has been a few years since I've had to research this kind of issue.
Just going to throw this in here, but this problem has taken a long time to solve. Here's a breakdown of what we did:
We took all the inline SQL and made SQL Views, every SELECT statement is now handled with a VIEW first.
I took every single SQL INSERT and UPDATE (as much as I could without breaking the system) and put them into Stored Procedures.
#2 was the one item that really made the biggest difference
Went through several thousand scripts, and ensured that variables were properly disposed of, and all the DB Open Connections were followed correctly with a Close Connection and same with Open/Close RecordSet.
One of the slow killers was doing something like:
ID = Request.QueryString("ID)
at the top of the page. Before redirecting, or closing a page, there is always a:
Set ID = Nothing
or the complete removal of the inference.

Resources