Registry access for Asp.net web service in IIS 7.5 - asp.net

HI,
I am getting "Requested registry access is not allowed." exception when trying to read a registry key in Windows Server 2008 r2 64 bit edition.
I have added the IIS application pool to Administrator group but still getting same error.
So far the solution on web din't work for me.
Thanks.

This issue has to do with granting the necessary authorization to the user account the application runs on. To read a similar situation and a detailed response for the correct solution, as documented by Microsoft, feel free to visit this post: http://rambletech.wordpress.com/2011/10/17/requested-registry-access-is-not-allowed/
(from above, to prevent link rot)
Find key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog”
Right-click and choose “Permissions”.
Put in the desired account
also see http://support.microsoft.com/kb/842795

<system.web>
Added this line under <system.Web>
--> Commented This Line
</system.Web>
Now it's working for me in the Sharepoint 2019 Environment

Related

How to enable Windows Authentication for Asp web app?

Windows Authentication seems super simple, but I am still having trouble. So I decided to create a brand new Asp web app project with the Windows Authentication template. Of course, this works. In the designer, <asp:LoginName runat="server" /> works, and in code-behind User.Identity.Name works.
The only setting I can find is in web.config: <authentication mode="Windows"/>.
Back to my own web app project, I verified that I have the same web.config setting. However, the asp.LoginName tag and the User.Identity property have a blank string, i.e., no user name. Also, when using <deny users="?"/>
the page returns a 401.2 Access Denied response.
As I am testing both projects on the same dev machine, both in VS2015, the problem cannot be in settings of IIS Express or VS2015. Also using the same Firefox browser, although I also tried IE.
Is there a project setting in VS2015 that I overlooked?
Update:
I kind of solved this issue by copying all project source files to the brand new Asp web app project. In fact, I was in the process of converting a Web Site project to a Web Application project. I still do not know why I could not get Windows Authentication to work by configuration, but at least I can get going with further development.
However, I am still hoping for an answer . . . :-)
On your Web.config you must add:
<authentication mode="Windows" />
Your server must be a member of AD.
Check:
https://support.microsoft.com/en-us/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net
You can write whatever you want in web.config, but if the desired mode of authentication is not enabled in [solution]/.vs/config/applicationhost.config , it will not work. Because the leading dot makes this a hidden path, this config is hard to find. No idea if this is a bug or a feature ...
See also my other question on another test case of this problem: https://stackoverflow.com/a/48806942/1845672

ASP.NET Publish FTP Issues

I am going round and round with my ASP.NET hosting company. I have created a simple web app using Visual Studio 2012 .NET Framework 4.5
At first I tried to use web deploy to publish my website, not even with their documentation could I get this accomplished. Then they had me use the FTP option to publish. That worked good, I could publish to the root of my domain. But when I tried to publish to a different folder domain.com/apps/root/thisapp, Visual Studio would publish without error, but when I navigated to the URL, I recived an 500 server error.
Now I was asked to just use an FTP program and copy all my files to the directory that I want the site in, so I did and now I get an "Configuration Error" on my web.config file:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error:
Line 21: </namespaces>
Line 22: <controls><add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" /></controls></pages>
Line 23: <authentication mode="Forms">
Line 24: <forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/" />
Line 25: </authentication>
I don't get this error locally, nor when the site was published at the root of my domain. I am running out of ideas, and seems my host is too. Does anyone know how you publish your site to any directory you want on an ASP.NET server?
Also could someone help me with narrowing down what is causing this error? The hosting support, says it is the code or my project. However I don't think this is so, since it works fine locally and at the root of domain. I think there is an issue with IIS or permissions on my folder(s).
Web.config has certain sections that are only allowable at specific levels in the IIS hierarchy. The basic levels are Machine, Application, and Everywhere (for specific definitions, see here).
The issue is that your web.config contains some sections that are only allowed in the Machine or Application levels. Machine is pretty much off limits (unless you own the machine, but you have a hosting provider). Application requires that your folder be either the root of your IIS site, or a subdirectory marked as an Application in IIS (possibly relevant link).
Try asking your provider how you can specify a directory to be marked as an Application. If they don't allow this, you'll have to dig around the web.config and find which settings have this level of security set.
Not sure if by "web deploy" you mean Web Matrix 3 or not. If not, it should solve your problem. I was having that problem by hosting company and I was using an ASP.NET MVC 4 internet App. http://www.microsoft.com/web/webmatrix/
Hope this helps,
Rock
You should disable web.config inheritance:
You could read more at http://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.inheritinchildapplications(v=vs.110).aspx

ASP.NET Windows Authentication Not Working/Not Accepting Credentials

I've been trying to resolve this question for a couple weeks now via Google and reading SO, and not had much luck, so I thought I'd finally try asking myself.
I'm setting up a very, very simple ASP.NET site on our intranet to generate some information for internal users. I'm using Windows authentication, rather than anonymous access, because based on what user hits the site I will be generating different information.
Long story short, this works perfectly in testing on my local Windows 7 machine where I developed the application. However, from the Windows 2008 R2 server where I want it to reside, when I hit the site I get a pop-up asking for my credentials, and even if I enter them it asks me for them again and again. This happens regardless if I'm hitting the site remotely or locally. If I try using anonymous access I can reach the site both ways but as I cannot identify the user I cannot generate the information I would like to provide.
Notes:
In IIS, I have Windows Authentication and ASP.NET Impersonation
enabled for the site. Everything else is disabled.
For the sake of figuring it out, I currently have the web.config set to allow all users and am not denying any.
The host/URL I'm using for it is toolName.organization.local
I was concerned that it was an issue of the 2008 R2 server admin user residing in a different domain then my remote user that I was testing with but again it does not work locally either.
In the AppHost file, I currently have windowsAuthentication enabled.
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
Admittedly, I typically use forms authentication on this server for all of our other internal sites so I'm a bit new to windows authentication and this issue. At this point I'm just not sure what to try or check next, so any advice would be helpful. Thanks.
I know this is a slightly old topic, but I had this exact same problem. Turns out I had the AppPool using Identity: ApplicationPoolIdentity instead of NetworkService. Once I switched that (under Advanced Settings in IIS7.5) I no longer got the server prompting for additional credentials and the pass-through worked perfectly.
Hope that helps!
First, you should realize that Windows passthrough authentication only works with Internet Explorer, and then only if the site is in the trusted sites, or intranet sites security group. Firefox, Chrome, etc.. will always prompt for credentials.
Having said that, you have a couple of issues.
You should have an <authentication mode="Windows" /> element in your web.config
You should decide if you want the app to run in the context of the user, in which case you would also need an <identity impersonate="true"/> tag. If not it should be false (although this is the default).
You do not need to have any authorization rules in your web.config if the site itself is completely guarded by windows authentication.
Just in case it's helpful, the problem for me was that I had left my application pool in Classic mode, in order to try to use NTFS permissions. I never got that to work, but once I switched it back to Integrated mode, I could use <allow> and <deny> tags to configure specific users' access.

Has anyone encountered 'Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster..'error

I did some research on this and have tried out inserting:
<machineKey decryptionKey="A4B12CCDD50E95F8GB9GFH6JKAT4Y0U0I2OF2DF2AAFE5AB46189C,IsolateApps" validation="AES" validationKey="480CDF2AS9S9AS5CFDGF0GHFH9JJH4KHKAKLJ2L9F3SAS82A6C16911A29EF48903783F94529C21570AACB72766FB38CD4CE7B85B0ACE3149DC5FC1CCF1AA1CECE3579659996593B06,IsolateApps"/>
as a solution to this error:
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
This time I get an error.
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Then it marks out the line in Config source:
<add name="DemographicDBEntities" connectionString="metadata=res://*/DemoGraph.csdl|res://*/DemoGraph.ssdl|res://*/DemoGraph.msl;provider=System.Data.SqlClient;provider connection string="data source=207.27.57.76,1433;initial catalog=DemographicDB;persist security info=False;user id=west;pwd=westhouseit;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
<machineKey decryptionKey="A4B12CCDD50E95F8GB9GFH6JKAT4Y0U0I2OF2DF2AAFE5AB46189C,IsolateApps" validation="AES" validationKey="480CDF2AS9S9AS5CFDGF0GHFH9JJH4KHKAKLJ2L9F3SAS82A6C16911A29EF48903783F94529C21570AACB72766FB38CD4CE7B85B0ACE3149DC5FC1CCF1AA1CECE3579659996593B06,IsolateApps"/>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
Is the machine key tag well constructed? I put it in a tag all by itself.
I am hosting the application on an online host so I cannot generate any machine code with IIS 7.0. I have raised several tickets to no avail. Thanks for the assistance.
I don't think you can manually specify the key and include the IsolateApps option. It must be Autogenerate,IsolateApps or a specific value without the IsolateApps option.
See the MSDN documentation for details.
I believe what the issue is that IIS doesnt have access to your webconfig file.
Try this out, if it doesnt work take a look at the link below to see if you can try and error your issue.
1.Open control panel
2.Click on” program” link (not uninstall programs)
3.Click” turn windows features on/off” link
4.locate” Internet Information services IIS” in the pop up window and expand its node
5.Expand the” World Wide Web Service” node
6.Expand “Application Development Features” node
7.check the check box of”ASP.NET”
8.Then click ok button
Below is a very interesting link that would help you:
http://support.microsoft.com/kb/942055
Below is a link to a bug report that references Windows 2003 and .Net framework 3.5 and a web garden setup.
Nothing says that the problem is restricted to Win 2003 or even framework 3.5. In a web garden situation, one can imagine that the viewstate errors would happen VERY frequently, not just when the pool recycles (as we experienced).
http://connect.microsoft.com/VisualStudio/feedback/details/412881/net-3-5-installer-breaks-web-gardens-when-used-with-custom-application-pool-identity
To fix the metabase and registry permissions issues, we simply executed the following on our web server:
\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ga domain\useraccount
We then recycled the app pool one more time to regenerate the viewstate validation key.
Whether or not this works in your situation will depend on specific details of your situation.

403 forbidden after publishing asp.net MVC

I know this has been answered a few times but none of the solutions worked for me. I published my ASP.NET MVC 3 application (It was just the internet template without any changes to it) to see if I could get it to work publically. However, when I visit the site it shows up with a 403 error. Coming from a php/linux background, I'm confused and have no clue where to look. I've only been learning .NET for about 8-9 months and everything I've been testing on before was on the local development server through VS2010. It almost appears like the server doesnt know it should be an MVC application or I have to change my routing.
Anyway, I checked to make sure that the server setting is .NET 4. Any help would be greatly appreciated.
ALSO, It's a shared hosting environment using arvixe.
For me this did the trick (Original Answer by Mmerrell at Getting 404.0 error for ASP.NET MVC 3 app on IIS 7.0 / Windows Server 2008 )
You actually just reminded me that I needed to fix this issue in an
enviroment here. If your situation is the same as mine then it's a
simple fix.
Just add the following to your web config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
Make sure your have choosen the "ASP.Net 4.0" App-Pool and not the App-Pool created for your application.
Make sure your App Pool uses the "ApplicationPoolIdentity" and NOT NetworkService. Remove the NetworkService permission from your root folder. You dont need it. IIS has an built-in identity (IIS_IUSRS).
403 is a forbidden error. Try checking the NTFS permissions of the folder where you deployed, ensure the Network Service user has read permission
Additionally, check the Authentication and Authorization mechanism in the IIS application:
Edited:
.Net Authorization rules
I had this same issue after publishing an MVC 4 WebSite to a remote server using FTP Publishing. What ended up working for me was after publishing through Visual Studio, log onto IIS on the remote server, locate the published directory -> right click -> Convert to Application.
Not sure if there is a way to specify this in the web.config/properties, if you don't have access to the server?
1- verify that your application is running under .NET 4.0 (you did so)
2- check with the hosting company that it supports the MVC 3 framework on their hosting plan.
3- (works) Bin-Deploy your MVC run-time libraries so you may overcome any requirements on the server.
More bout bin-deploy your ASP.NET MVC can be found here: http://haacked.com/archive/2011/05/25/bin-deploying-asp-net-mvc-3.aspx
4- check that "Network Service" has proper access rights to your folder. it basically should have "Read" permission.
Don't forget about aspnet_regiis.exe -ir.
<handlers>
<add name="rewrite" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv4.0,bitness32" />
</handlers>
Ask your hosting provider to add this handlers into webconfig
Try changing the Managed Pipeline Mode of the Application Pool to 'Classic' instead of 'Integrated'.
Whilst it may not be the final result that you're after (there can be real advantages in using Integrated mode), at least it will point you in the right direction... if it works.

Resources