I keep getting the following error when trying to run an application in the production environment with "anonymous" authentication and hardcoded username.
When I turn on basic authentication, which then prompts for username/password everything works like a charm. but I need to get the hardcoded version to work as well. Can't figure out whats going on.
Everything works perfectly on another server.
Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations
error occurred.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +781
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_SchemaEntry() +49
System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry
de) +62
System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry
ctxBase, Boolean ownCtxBase, String username, String password,
ContextOptions options) +123
System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry
entry) +234
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
+497
[PrincipalOperationException: An operations error occurred.]
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
+534256
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
+61
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
+141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
+42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context, Type principalType, Nullable`1 identityType, String
identityValue, DateTime refDate) +27
System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext
context, String identityValue) +95
SERT_BO.ADHelper.UserBelongsToGrp(String adGroup, String sAMAccountName, String& emailAddr, String& fullName) in
D:\SERT\BusinessObjects\SERT_BO\ADHelper.cs:199
SERT_BO.UserSession.GetUserSession(String userName) in D:\SERT\BusinessObjects\SERT_BO\UserSession.cs:44
SERT.SetUserSession.Page_Load(Object sender, EventArgs e) in D:\SERT\SERT\SERT\SetUserSession.aspx.cs:23
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.UI.Control.LoadRecursive() +71
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+3064
One thing to check is that the AppPool in which the ASP.NET app is running has the right privileges. As a quick test you can set the identity of the AppPool to Local System and see if this solves the issue. If the problem is here, then you can set the application pool identity to a (domain?) user that has enough privileges on this server.
looks like the issue was that the server was looking at the wrong AD controller. it had to be written out COMPLETELY.
Related
I have a WebForms application that uses Active Directory for authentication and authorization. It works just fine on localhost, but fails when I attempt to access the site once published to Azure. I have ensured that the application is registered with Azure Active Directory. The app launches and works as expected if I don't attempt to get the AD security groups of the current user. Here's the code in the Page_Load event of the Site Master that is causing the issues:
protected void Page_Load(object sender, EventArgs e)
{
PrincipalSearchResult<Principal> groups = UserPrincipal.Current.GetAuthorizationGroups();
IEnumerable<string> groupNames = groups.Select(x => x.Name);
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
HyperLink newphaud = LIV.FindControl("liaNewPhaud") as HyperLink;
HtmlGenericControl liadmin = LIV.FindControl("navAdminsDdl") as HtmlGenericControl;
newphaud.Visible = (groupNames.Contains("SG1") || groupNames.Contains("SG2"));
liadmin.Visible = groupNames.Contains("SG1");
}
}
Here's the exception detail:
System.Runtime.InteropServices.COMException: Access is denied.
Here's the stack trace:
[COMException (0x80070005): Access is denied.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +399115
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.RefreshCache() +45
System.DirectoryServices.AccountManagement.PrincipalContext.DoMachineInit() +211
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +128
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +14
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) +90
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) +32
System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() +191
phaud.SiteMaster.Page_Load(Object sender, EventArgs e) in C:\Users\user1\source\repos\phaud\phaud\Site.Master.cs:19
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +95
System.Web.UI.Control.LoadRecursive() +59
System.Web.UI.Control.LoadRecursive() +131
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +678
What do I need to do to allow my Azure web app to access AD?
Please do note that Azure AD != Windows AD. From the code it does seems that your app is accessing the local Windows AD. So when you are in Azure you have basically two options
1) Use Azure AD API for authentication and get the User Info
2) You can have a separate Windows VM running the Windows AD which then would be accessed by your Azure Web App.
If I were you I would have explored the first option. Hope it helps
I have one asp code which is working perfectly on one system. I am using Microsoft web matrix to run it. But when I am trying to run it in another system, I am getting some errors:
Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the
required permission please contact your system administrator or change
the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was
not found, but some or all event logs could not be searched.
Inaccessible logs: Security.
Source Error:
Line 136: catch (Exception ex1)
Line 137: {
Line 138: EventLog.WriteEntry("GLOBAL_ASAX.Session_Start", ex1.Message + ": " + ex1.StackTrace, EventLogEntryType.Error);
Line 139: }
Line 140: }
Source File: c:\Users\sysadmin\Documents\NET2_VXLICENSING_Web\Global.asax Line: 138
Stack Trace:
[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]
System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +665
System.Diagnostics.EventLog.SourceExists(String source, String machineName) +104
System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, String currentMachineName) +75
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +205
System.Diagnostics.EventLog.WriteEntry(String source, String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +87
System.Diagnostics.EventLog.WriteEntry(String source, String message, EventLogEntryType type) +14
ASP.global_asax.Session_Start(Object sender, EventArgs e) in c:\Users\sysadmin\Documents\NET2_VXLICENSING_Web\Global.asax:138
System.Web.SessionState.SessionStateModule.RaiseOnStart(EventArgs e) +8879616
System.Web.SessionState.SessionStateModule.CompleteAcquireState() +237
System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData) +504
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +66
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Version Information: Microsoft .NET Framework Version:2.0.50727.5485; ASP.NET Version:2.0.50727.5491
I searched a lot on the internet about it but nothing is working. I also updated registry keys.
I'm using Activedirectory as membership provider. I want to store the current logged in user in a session.
protected void user_login_LoggedIn(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser();
}
the code above gives the error below
The parameter 'username' must not be empty.
Parameter name: username
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:
System.ArgumentException: The parameter 'username' must not be empty.
Parameter name: username
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ArgumentException: The parameter 'username' must not be empty.
Parameter name: username]
System.Web.Util.SecUtility.CheckParameter(String& param, Boolean checkForNull, Boolean checkIfEmpty, Boolean checkForCommas, Int32 maxSize, String paramName) +1976411
System.Web.Security.ActiveDirectoryMembershipProvider.CheckUserName(String& username, Int32 maxSize, String paramName) +30
System.Web.Security.ActiveDirectoryMembershipProvider.GetUser(String username, Boolean userIsOnline) +86
System.Web.Security.Membership.GetUser(String username, Boolean userIsOnline) +82
System.Web.Security.Membership.GetUser() +19
darts.login.user_login_LoggedIn(Object sender, EventArgs e) in E:\Projects\DARTS\source\darts\darts\login.aspx.cs:24
System.Web.UI.WebControls.Login.OnLoggedIn(EventArgs e) +111
System.Web.UI.WebControls.Login.AttemptLogin() +179
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
Version Information: Microsoft .NET Framework Version:2.0.50727.4211; ASP
Edit:
Based upon using this from ASP.NET to get the login information about the currently authenticated user, I see a couple ways that this might work. First, if you are using Forms authentication with the Active Directory membership provider, you could capture the username there. Then you just put the username inside of the GetUser() method like so: GetUser(yourUser) and you should get the information needed.
If this isn't an option, I believe the username information is stored under your login control (in your case, I believe the name is user_login if you are indeed using a login control). You would simply say user_login.username and put that inside the GetUser() method.
Finally, you could try the old fallback of HttpContext.Current.User.Identity.Name and put that inside of your GetUser() method.
I've got an ASP.NET app that requires Windows Integrated Security.
For some reason, I don't what to discuss that here, I need to create a WebRequest at runtime, call some other page in the app and process the result.
The application runs on a server for which we use a DNS alias, something like theapp.domain.com.
So I create a NetworkCredential with a predefined domain user and password and I attach it to the request.
This is what I get:
[Win32Exception (0x80004005): The logon attempt failed]
System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode) +1404402
System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob) +78
System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate) +560
System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials) +14
System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials credentials) +247
System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) +243
System.Net.HttpWebRequest.CheckResubmitForAuth() +232
System.Net.HttpWebRequest.CheckResubmit(Exception& e) +5299747
[WebException: The remote server returned an error: (401) Unauthorized.]
System.Net.HttpWebRequest.GetResponse() +5313085
Entropy.Envoy.Web.Corporate.ExportFilter.GetTargetReportContent(Uri targetUrl, HttpCookieCollection cookies) +521
Entropy.Envoy.Web.Corporate.ExportFilter.Page_Load(Object sender, EventArgs e) +139
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.EventHandler.Invoke(Object sender, EventArgs e) +0
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
The same code works on other servers with similar setup though.
What is going on?
Found the answer to this one.
Turned out to be as simple as adding an SPN to Active Directory like so:
setspn -a HTTP//WebServer.domain.com customDomainAccount
setspn -a HTTP//servername customDomainAccount
I have a website that I published before adding it in IIS. After that I set the published website as the default website in IIS.
I got an error that the "Object reference is not set to the instance of an object" when I inserted values through form. There is no issues when the website is running in IIS without publishing. The error occurs when values are inserted using datagrid.
The error messages is as follows:
Server Error in '/' Application.
Object reference not set to an
instance of an object.
Description: An unhandled exception
occurred during the execution of the
current web request. Please review the
stack trace for more information about
the error and where it originated in
the code.
Exception Details:
System.NullReferenceException: Object
reference not set to an instance of an
object.
Source Error:
An unhandled exception was generated
during the execution of the current
web request. Information regarding the
origin and location of the exception
can be identified using the exception
stack trace below.
Stack Trace:
[NullReferenceException: Object
reference not set to an instance of an
object.]
Admin_MasterEntries.gvwMileStoneM_RowCommand(Object
sender, GridViewCommandEventArgs e)
+447 System.Web.UI.WebControls.GridView.OnRowCommand(GridViewCommandEventArgs
e) +105
System.Web.UI.WebControls.GridView.HandleEvent(EventArgs
e, Boolean causesValidation, String
validationGroup) +76
System.Web.UI.WebControls.GridView.OnBubbleEvent(Object
source, EventArgs e) +95
System.Web.UI.Control.RaiseBubbleEvent(Object
source, EventArgs args) +35
System.Web.UI.WebControls.GridViewRow.OnBubbleEvent(Object
source, EventArgs e) +117
System.Web.UI.Control.RaiseBubbleEvent(Object
source, EventArgs args) +35
System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs
e) +115
System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String
eventArgument) +163
System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument)
+11 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection
postData) +174
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint) +5102
If any one knows please help me. Thank you.
That exception is caused by an object not being instantiated. Open the project and attach a debugger to the IIS process. A web service which is consuming the ASP.NET page is throwing the exception.
Try this:
Click your site in IIS
Open Pages and Controls section
Find ViewState group and check if ViewState is enabled.
Such solution helped me to solve null reference exception problem after publish.