I am developing a remote control application where a client (aspx page in a browser) can request a server to "launch a notepad" (for testing purpose, for real life, turning off a light bulb, etc). So I created a dll with a simple function for launching the notepad (on the server side) and dropped this dll in the root bin folder.
It worked fine when the aspx page is running under ASP.NET development server (launched from Visual Studio). But when I tested the same aspx page under a FireFox browser, it did not work (launch the notepad) even though it did call for the same function (I stepped through in debugger).
Is this a permission issue? How do I set this up in IIS manager, or even better in web.config?
Please help.
Yes, it sounds like a permission issue.
The application pool in IIS 7 that your site is running under is probably using the default identity, which is the most restrictive. You can change the identity in IIS Manager by right-clicking on the app pool (probably called DefaultAppPool) and selecting Advanced Settings. From there change the Identity value to Local Service or Network Service. If neither of those work, making it Local System should allow your page to work.
I assume the Visual Studio integrated web server runs under the context of the account you are logged in with on the machine, which likely has a lot more rights.
When you say:
it did not work (launch the notepad)
Did you mean it through an exception or you didn't see a notepad window open. If it was a permissions issue I would expect you that you would get an exception. Chris is right on when he says:
The application pool in IIS 7 that
your site is running under is probably
using the default identity, which is
the most restrictive.
and
I assume the Visual Studio integrated
web server runs under the context of
the account you are logged in with on
the machine, which likely has a lot
more rights.
and if this is a permissions issue he is right on. However, the user your running under (when not debugging in Visual Studio) most likely cannot access the desktop of the logged in user. Maybe you should try your test with an app that doesn't need to interact with the desktop.
Related
It seems like the View in Browser option doesn't really require IIS and it seems to process ASP pages fine. So how does it really work without a web server?
They used to have a developer web server (Cassini) which is dead long time back so is there some kind of built in capability in visual studio? Who processes the requests by asp pages if it doesn't require IIS?
I already have IIS installed so I am not sure if is servicing the pages but seems like it will work without IIS because I don't configure anything in IIS and new ASP.NET projects work out of the box as well View in Browser option for an asp page option which just directly executes that page.
Actually this is what occurs:
Your web web.config is copied.
Then VS spools up a WHOLE running copy of IIS (it is the express version - but it is the same for the most part as the full edition of II).
Once VS spools up and starts and configures that running copy of IIS?
Then your web page and web application can run. If you look at your system try, you see this:
So in above that 2nd from the left in the tray shows that blue thing icon. I have right clicked on it to show the options you see.
So now you have a running copy of IIS on your computer. So you ARE running a full web server here. (well, ok IIS express - but the base parts and what that means is much the same as the full edition).
Around about VS version 2010, they USED to have a smaller built in web server as part of VS. The problem of course was for Microsoft to maintain 100% compatibility was VERY hard. So while for a considerable time frame and history of VS? Yes, they had a built in web server as part of VS. But they dropped it a number of versions ago in VS, and as noted now use IIS express.
So Now? Well, when you install VS, they also install a working copy of IIS. (the express version). The express version is quite much the same as the full pop edition of IIS. What is removed is "most" if not "all" of the IIS management screens and setup. (and sometimes I wish they would just install that part too!).
Your experience thus that a copy of IIS is launched. Once launched IIS does keep running during your development process (depends on your VS config and setup). But, if you go file->close solution, then you find that IIS express then also shuts down.
So, to view that web page? Yes, VS does config, and then does spool up and start internet services and that web server. So this running of IIS on your computer is what allows those web pages to work and run correctly. As noted, while this is a copy of IIS, it is for the most part the same as the full edition - just with most of the management tools removed. As noted, you SHOULD see that new icon appear in the system tray.
And as noted, I believe around VS 2010, they made that switch from the VS built in IIS to that of now using IIS express edition. As noted, this change was made to ensure a greater probability that when coding and debugging your web site in VS, that the end result will be much the same when running a full edition.
I do find that over time, the production (web hosted site) does get so many config and tweaks and changes, that I now can't include my web.config file in the publish (can't risk overwriting the server production web.config). So, over time, we added things like https security certificates and installed them, and set them up for the production web site. I don't have those same security certificates setup on my local machine. And of course there are some virtual folders and few more things that exist on the production web site as opposed to the dev copy I use. So, it somewhat my fault to let the production web.config over time to become "different" then what I run local when coding and debugging the web site. So now, when I publish - I remove the web.config file before I actually copy the new updated web application to the final production server (which of course is running the full edition of IIS).
But to make a long story short?
Yes, a whole copy of IIS web server is configured for you, and that whole copy of IIS is spooled up, launched, and once that occurs, then your web page option "view in browser" can run. But make no mistake here - IIS services is setup, is started, and is running for that web page preview to occur.
Every time the ASP.NET application in question throws an error the Global.asax writes to an error file: logs\error.log. The ASP.NET applications works using Windows authentication.
I am able to write to the log file when debugging using Visual Studio, however it does not work when the application is deployed in the live environment. How do I find out what user account I need to give access to: logs/error.log?
The application is deployed on a Windows 2003 Server with IIS6. Microsoft.NET 3.5.
You would have to give the required permissions to the network service account. This link might be able to help you out.
Windows Server 2003 defaults to the "Network Service" account.
This can be verified by opening IIS (expand the computer if needed), expand the "Application Pools" folder, right click on the pool used by your web app, and go to the Identity tab.
FYI: Windows Server 2008 uses the IIS_IUSER instead of Network Services.
I hope that logs folder is a virtual directory setup outside the web site directory.
Otherwise every time you deploy the entire solution you will overwrite the logs folder and its content.
Microsoft has a tool for monitoring file access that can be useful for troubleshooting permission issues.
Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645
You will also want to check if your application is using windows authentication & identity impersonation since that can change the identity the application is executing with when enabled.
I have an ASP.NET application on Windows 2008 R2 (.NET Framework 4.0, IIS 7.5) and I want to run a console application when I click a button on a web page. Here is the code:
protected void btnUpdate_Click(object sender, EventArgs e)
{
string fileLocation = #"D:\DTDocs\App_Code\LoadDTDocsXML.exe";
ProcessStartInfo oStartInfo = new ProcessStartInfo();
oStartInfo.FileName = fileLocation;
oStartInfo.UseShellExecute = false;
Process.Start(oStartInfo);
}
When I run ASP.NET application from within Visual Studio 2010 (with its internal IIS), the console application run Ok. But when I run the ASP.NET application outside the VS 2010, I haven't an error but the console application doesn't make his job (it must create an xml file on the disk).
I think the problem is the configuration of IIS 7.5, I don't know exact to which account I must give access rights to the folders involved in my console application.
In IIS 7.5, I set Physical Path Credential for Specific User = my windows account, but that not solve the problem.
Thanks.
Just to add to the other 2 answers - Do you really need to run an exe from your webserver?
I've had to do it in the past and it's almost always the option of last resort - It weakens your security considerably (Now all someone has to do to run executables on your system is find a single flaw in your code) and has a whole host of other problems (the webserver isn't "logged on" to the server so it doesn't have a desktop, impersonation is a real pain in the a$$ to get working properly (assuming you're going to run the executable with different permissions to the webserver), etc.
If there's any other way to accomplish your goal, it'll almost certainly be simpler.
An option we went for was to have a new app with a WCF endpoint that the webserver can communicate with. So, when someone pushes the button, the WS call's our app via WCF and tells it to run various commands. This way, you've got:
Clean seperation between web and console code.
A dodgy console app won't take down the webserver & vice-versa
If the console app is long-running, this allows you to stagger your releases for website/console app so that you don't kill the app mid-execution just because you need up upodate some CSS and publish.
Huge security benefits - web server can't run executables even if compromised.
The WCF app will be able to closely examine requests to decide if they're valid before execution.
Be aware that however you do it, if someone malicious works out what's going on and can kick off the process, they could probably DoS you with almost zero effort - Make sure that this method is locked down TIGHT.
Edit: having read your comments above, I think you're hitting the "desktop" issue. When launching an executable from the server, the app will never be visible to the logged on user as the logged on user's desktop isn't accessible from IIS and vice-versa. This is very similar to the issue of having a GUI on a windows service.
This may also be of interest.
the first problem I see is security/file access. when running from within VS the server and client are the same machine under your credentials. when run in testing/production environment the server and client are physically different machines and IIS will run the website under restricted permissions. therefore there is a very good chance that IIS cannot access the file at D:... because of security.
the next issue is running a console app from the website. console is another form of UI just like html and a WPF. personally I wouldn't execute the console from the web (unless there was no other choice). I would integrate the API into the web application. 2 UIs sharing the same logic.
ASP.NET Dev Server runs under credentials of current user (it's you).
IIS 7.5 runs ASP.NET applications under user specified in application pool settings -- usually ApplicationPoolIdentity (to which you can refer as user "IIS AppPool\[ApplicationPoolName]", when configuring file permissions). You can also change it to "Network Service" (Default value in IIS 7.0).
Please check, which identity is configured for your application pool, and give this user required permissions.
I have a web project which works fine on my local development machine.
I copied the project to our UAT server, setup a virtual directory pointing to the project and configured it to run on .NET Framework 4.0. I even added the Default.aspx page to the Documents tab. I configured Directory Security to use Windows Authentication.
When i try to access any web page within this application, IIS responds with a blank page. I looked through the event logs and don't see any errors anywhere.
Can someone please help me understand what's going on and how to remedy this?
Thanks in advance!
If you're just seeing a white page with no errors in the event log, it sounds like it could be a problem with the application rather than the hosting environment.
However, there are a few things you could try to doing to troubleshoot this.
Check folder permissions. Try allowing "Everyone" access on your webroot folder and see if that makes any difference.
Confirm that the IIS path is set up correctly but putting a text file in your webroot folder, and then browsing to it and verifying that it's contents are displayed.
Create a basic test.aspx page without any script, just a "Hello World" bit of text, and try browsing to it. Confirm that it displays the correct content.
Edit web.config and turn off custom errors
Try re-registering the ASP.NET extensions with IIS using aspnet_iis (details here)
Hopefully, one of these tests will be able to give you some kind of detailed error message or more insight into the cause of the problem.
For IIS 6.0 on Windows Server 2003, after the install of .NET Framework 4.0, the process of creating Web Sites or Virtual Directories that run under .NET Framework 4.0 is as follows:
Create a new application pool.
Applications running under different
frameworks can't be hosted in the
same application pool, i.e. create
an application pool perf framework.
Next, if you are creating a local
intranet site or virtual directory,
ensure that you don't have "dots" in
the application name. Browsers
confuse the dots to be external web
sites, forcing them to run under
internet zone as appose to the
intranet zone.
Once you create your web site or
virtual directory, make sure that it
runs under an application pool
dedicated for .NET 4.0 applications.
Ensure that when creating your
website or virtual directory, you
click on the ASP.NET tab and select
version 4.0 from the drop down.
Then you may configure as per
normal, with any other additional
settings you may require.
Hope this helps someone experiencing similar issues. Took a while to figure out.
I created a Virtual Application in IIS 7 to host my app so I could test it on other machines on the local network, since the development web server will not respond to requests from machines other than the local machine. I had to allow IIS to login as me to get into My Documents, and enabled ASP.NET impersonation through the IIS. That worked fine, but...
Now the ASP.NET Development Webserver won't serve anything at all. I hit debug in VS2008, the dev webserver starts up seemingly fine, but then the IDE launches Chrome and the browser just sits there twiddling its thumbs. It never fails, but never loads. Nothing.
There are no errors from ASP.NET Development Webserver or Visual Studio or Chrome that I can find. I even looked in the Event Log. Nothing.
What did I just stupidly do?
I haven't got Chrome installed at the moment so i can't confirm for sure before i answer this, but IIRC i have seen this before and the VS debugger cannot correctly launch Chrome and serve it pages from Cassini (the VS development webserver).
The way i got round this previously is to just create a virtual directory in the local (dev machine) instance of IIS, and point it to the folder containing your web project. Then you can use Chrome to browse it just like a normal web site. You can then manually attach the VS debugger to the right worker process.
Alternatively, you could start up the debugger as you are now, and when Chrome sits there, you could manually enter the url for the page you want to start with (it will be http://localhost:<some port>/default.aspx or similar). VS won't be able to debug the script in the page, but it should still debug the compiled code just fine (like it does for Firefox).
Holy crap, I know what it was. When I changed the IIS settings to have ASP.NET impersonate me to get into the My Documents folder, it modified the web.config file. Now you're probably thinking, well duh, of course it did. I honestly thought that IIS 7 had some new way of dealing with impersonation other than the web.config setting. Turns out it's just built into the MMC snap-in to manage it now, but it does it in the same way.
Once I reverted back to the original version of the web.config file, ASP.NET Development Server happily worked exactly as intended again. I suppose ASP.NET Development Server craps out if there are impersonation settings in the web.config.