I can access the elmah.axd file, to view errors, when browsing using the localhost host name (i.e. http://localhost:24425/admin/elmah.axd).
I created a different host name and added it in my host file (to mirror production domain name). When I browse the site, and force an exception, the exception does get logged (SQL Server) using the prod host name. However, I am not able to view the elmah.axd file (i.e. http://www.foo.com/admin/elmah.axd). I get "HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."
When I force an exception, using the localhost url, the exception still does get logged in SQL and I am able to browse this file: http://localhost:24425/admin/elmah.axd. However, I only see exceptions that occur under the localhost url (not the www.foo.com url).
After reviewing SQL, I see errors that happen using localhost with Application "/" and User set to the account I am logged in with. The errors generated when using www.foo.com have Application set to "/LM/W3SVC/6/ROOT" and the User column is blank.
I just need to be able to access the elmah.axd file when using www.foo.com/admin/elmah.axd. I have set security allowRemoteAccess to "1" in my web.config and have also added the elmah stuff to system.web and system.webServer nodes in my web.config.
I am using Windows Server 2008R2, IIS7.5 and it is a ASP.NET site (set up as a Web Application).
Thanks for any advice given.
By default elmah.axd can only be viewed on the local machine (whicj is why using localhost works).
You need to configure the web application to allow remote access.
Related
I have created one Azure Virtual machine and installed all the IIS related roles and features.
After that I have created one Website in IIS.
I have given all the needed permissions to "Physical Path" and also configures https bindings.
The website gives "HTTP Error 503, the service is unavailable" error after few requests and responses are made on the website.
What could be the problem here? The Website works fine until any request-responses are made.
Check the event viewer, there must be an exception caught from the application. Resolve and check it must be working.
I have used the Visual Studio template for an ASP.NET Webforms app with Azure AD authentication to create a simple web app. It works 100% fine locally. I can sign in, sign out, all good. Whenever I deploy to either AWS or Azure however, the behavior changes. The sign in still comes up fine, no issues at all, but after signing in, instead of taking me to the site, the browser just thinks for ages before dumping me to this error in the browser:
Server Error in '/' Application.
Runtime Error Description: An application error occurred on the
server. The current custom error settings for this application prevent
the details of the application error from being viewed remotely (for
security reasons). It could, however, be viewed by browsers running on
the local server machine.
Details: To enable the details of this specific error message to be
viewable on remote machines, please create a tag within
a "web.config" configuration file located in the root directory of the
current web application. This tag should then have its
"mode" attribute set to "Off".
I have tried adding the web.config setting and redeploying and it makes zero difference. Because I'm using App service on Azure for instance, I can't run the site on the actual web server as I don't have access to it. I tried looking at diagnostic log streaming, and got the below? Please help? Anyone? I have no idea why this isn't working. Interestingly, although I have asked that the site be http and it runs locally as http, once uploaded the url becomes https. Not sure if that' related.
From streaming logs (Azure)
HTTP Error 500.0 - Internal Server Error The page cannot
be displayed because an internal server error has occurred.
Most likely
causes: IIS received the request; however, an internal
error occurred during the processing of the request. The root cause of
this error depends on which module handles the request and what was
happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site
or application. This can occur if the NTFS permissions are set
incorrectly. IIS was not able to process configuration for
the Web site or application. The authenticated user does not
have permission to use this DLL. The request is mapped to a
managed handler but the .NET Extensibility Feature is not
installed. Things you can try:
Ensure that the NTFS permissions for the web.config file are
correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was
logged. Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped
to a managed handler. Create a tracing rule to track failed
requests for this HTTP status code. For more information about
creating a tracing rule for failed requests, click here.
Detailed Error Information:
Module __DynamicModule_Microsoft.Owin.Host.SystemWeb.OwinHttpModule,
Microsoft.Owin.Host.SystemWeb, Version=3.0.1.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35_79846f5c-7e22-4a97-8a1c-24bc400cf7db
Notification EndRequest
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x00000000
Requested
URL https://SimpleADApp:80/
Physical
Path D:\home\site\wwwroot Logon Method Not yet
determined Logon User Not
yet determined
More Information: This error means that there was
a problem while processing the request. The request was received by
the Web server, but during processing a fatal error occurred, causing
the 500 error. View
more information ยป Microsoft Knowledge Base
Articles:
I have the following setup:
IIS 8.0
a web handler call it test.ashx
Impersonation & Windows Authentication are both configured. Kerberos is showing as the authentication type.
test.ashx uses the unmanaged API: CreateProcessAsUser() method to run "cmd.exe /c myScript.cmd"
I put statements in myScript.cmd and see that it is running as the requesting user as I need it to. The problem I am experiencing is that the script cannot reference network files (either mapped drives or UNC path)
I need myScript.cmd to run as the requesting user and to be able to access network file resources. How do I get this to work?
I found one item that made a big difference on getting kerberos authentication to work, which is required to do impersonation and delegation. In IIS Manager I had to choose the web site, then run the Configuration Editor. Once it opened I had to choose the as from: DefaultWebSiteWeb.Config, and as the section: system.webServer/security/authentication/windowsAuthentication. Then set: useAppPoolCredentials = True. Note: useKernelMode was already set to true.
Additionally, for the web site I have the following set for Authentication:
ASP.NET: Enabled
Windows Authentication: Enabled, Provider: Negotiate, Kernel mode enabled.
Now my ASHX web handler (in C#) can start a process as the user, run a .cmd file that accesses network resources.
We use "Process Monitor" (ProcMon) to monitor the w3wc.exe process on a Windows Server 2008 running IIS7 . We have noticed that requests to perfectly legal urls still results in a "PATH NOT FOUND" entry in ProcMon.
For example, we have configured a handler in web.config like:
<add name="ImageVaultHandler.aspx_*" path="ImageVaultHandler.aspx" verb="*" type="ImageStoreNET.Classes.Handlers.ImageHandler, ImageStoreNET" preCondition="integratedMode,runtimeVersionv2.0">
Requests to this handler eg. "http://localhost/id_123/ImageVaultHandler.aspx" will return an image as expected, but when you analyze the request in ProcMon the w3wc.exe process looks to have unsuccessfully searched for a physical file with the same path in my web directory.
Is this behaviour by design? Or have we missed something, the application pool used is configured to run in "Integrated Mode".
This sounds reasonable to me - what IIS is probably doing is checking to see whether or not the file exists in order to determine what handler to use when processing that request:
It looks like the logic in IIS doesn't bother to check first whether there is an applicable handler that can be used even when the file doesn't exist.
I have an ASP.NET application that executes a WMI call to a remote system. The application Web.config contains <identity impersonate="true"> and <authentication mode="Windows"> options which, as I understand, should force the application code to be executed on behalf of the application user.
The problem is that I get "Access is denied" error, despite the fact I can successfully execute the my WMI request from PowerShell console on the same host under the same user to the remote server in question.
// this doesn't work
ManagementScope scope = new ManagementScope();
scope.Path.NamespacePath = "root\\virtualization";
scope.Path.Server = "vs01";
scope.Connect(); // <-- here comes exception
# this works just fine
Get-WmiObject -Namespace 'root\virtualization' -Class Msvm_ComputerSystem -ComputerName vs01
Dumping HttpContext.Current.User.Identity.Name, System.Security.Principal.WindowsIdentity.GetCurrent().Name, System.Threading.Thread.CurrentPrincipal.Identity.Name properties suggest that impersonation works as expected.
Ideas? Could the issue be some kind of .NET or IIS security?
You need to have a domain administrator enable Delegation for your web server machine. This is a security feature of Kerberos. By default an intermediate server (in this case your web server) is not allowed to pass the impersonation context of a client to the remote server unless it has been given Delegation permission. If you don't do this the remote target server will see the request coming in as Anonymous User... which if its properly secured will be denied access.
Note its a common policy to only allow an intermediate server to delegate to specific target servers (called constrained delegation), so if your web app needs to be able to call WMI on any server in your network you may have problem. Talk to your domain admin.