ASP.NET gone FUBAR on a production machine - asp.net

Today we tried to put an ASP.NET application I helped to develop on yet another production machine. But this time we got a very weird error.
First of all, from all the ASP.NET pages, only Login.aspx was working. The rest just show a blank screen when they should have redirected to Login.aspx. The HTTP response is 200, but no content.
Even worse - when I try to enter the address of some inexistent ASPX page, I also get HTTP 200! Or, when I enter gibberish in some existing ASPX page code (which should have been accessible without login) I also get HTTP 200.
If I enter the name of some inexistent resource (like asdasd.jpg), I get the expected 404.
The redirect to login page is written manually in Global.asax. That's because the application has to use some alternate methods of authentication as well, so I can't just use Forms Authentication. I would suspect that Global.asax is failing, if not for the working Login page.
Noteworthy facts are also that this machine is both a Domain Controller and has SharePoint installed on it. Although the website in question is listed in SharePoint's exception list.

I would check the following:
Is the application within a virtual application or its own site and not just a virtual directory?
Does the application have it's own App Pool? If it does not then is the app pool shared by apps in a different .net version.
Is the .net version of the application the correct one? 1.1 or 2.0?
Do the files in the file system have the correct permissions to be accessed via IIS?
Have you performed an IIS Reset?
Create a stand alone test.aspx page within your folder that just displays the date/time and check it works.
Make this single test.aspx page perform an exception (eg. divide by zero) and see what the outcome is.

More information required.
What Op Sys?
What mode IIS running under?
What version of .Net?
What version of SharePoint?
(Why are you using your DC as a web host?)
Does it work on the other production machines you've deployed to?
If so what is different between this machine and the working ones?
Did you deploy the same way?
Are you sure your hitting the right machine?
Are you sure your hitting the right web site?
What ISAPI components are installed globally and for the web site?
Is .aspx mapped to the ASP.Net ISAPI filter?
Do you have any HTTP Modules or HTTP Handlers configured?
Can you change the global aspx to write out some messages so you can be sure the piece of code you interested in is reaching?
Anything coming up on the IIS log or the event logs?
Addition:
What version of .Net?
By the sounds of it the .jpg request is being dealt with by IIS directly which is why you get the 404, but the .aspx request is being dealt with by something else which except for you login page, is always returning 200.
Assuming .aspx is wired correctly to .Net the the order of processing is based on ISAPI filters (high to low then global before site), then the ASP.Net ISAPI Extension (sorry I said this was a filter earlier but it's actually an extension). Then we get into the ASP.Net pipeline based on your .Net configs, and calls the HTTP Application (which includes your global.asax code), any HTTP Modules followed finally by a HTTP Handler. Your ASP.Net web forms are just fancy HTTP Handlers.
However, the request can be responded to and terminated from any point.
Since your code works on other machines though, I'm tempted to point a finger at SharePoint if it isn't installed on the working machines. Is this SharePoint 2007? That is also an ASP.Net application (I don't think 2003 was).

Related

URL Rewriting in Global.asax - IIS7

I have a fairly detailed problem with which I hope someone can help. Basically, I have a .NET 4.0 website hosted on IIS7 that has some pages that necessitate URL rewriting. In order to implement these features, I have added a method to my global.asax that maps the extension-less URLs to their proper ASPX pages, and then performs a context.RewritePath in order to display the correct page.
Initially, I called this method from application_BeginRequest. However, we have some business necessary logging that occurs when Session_Start is called, and it appears that this logging is not always happening since the implementation of the URL rewriting in application_BeginRequest - Basically, every session gets logged in the DB, and after initial deployment of the URL rewriting, our session logs have dropped by about 20%, with no corresponding errors in the application log. At the same time, our IIS logs seem to be showing a relatively unchanged amount of traffic, so to my eyes, it appears that the sessions are not instantiating properly.
As a workaround for this issue, I moved the URL rewriting from application_BeginRequest to application_AcquireRequestState, so that this code won't fire until after I'm (mostly) sure that the Session has started. This works in my local dev environment and on our staging server (Windows Server 2008 - IIS 7 - .NET 4.5 Framework installed). In the Production environment (Windows Server 2008 - IIS 7 - .NET 4.5 Framework), I get 404 errors when trying to browse to the extension-less URL to be re-written.
I'm completely stumped - I've verified that I'm using the Integrated app pool, my web.config has the "runAllManagedModulesForAllRequests=true" attribute, my IIS features include HTTP redirection and static file compression, but nothing appears to be working. There's a hack that I found for using the Classic app pool, and creating extra script map handlers to handle wildcard URLs with no extensions, but I'm hesitant to put that in place in production.
Any help you can provide would be greatly appreciated. Thank you!
I would concentrate on why there was a 20% drop in session logs. Are you sure there wasn't also a drop in traffic? Are you using redirects for people coming to your site using the old .aspx Urls? Perhaps you received more 404 traffic that would not trigger the Session_Start? Did Google Analytics confirm that traffic maintained normal levels after the UrlRewite was put into place? You could also use IIS Log Parser to filter out static files and query 200 vs 404s from the log files to get a better sense of actual traffic.

Session transfer between asp.net and asp works in soome cases and in some cases not

I transfer session from asp.net to classic asp.
I use MSSQL DB for it.
I have
SomeWebPage.aspx - this page is asp.net which save sesion, after it, it call by redirect
SessionTransfer.aspx -this page save sessions to DB and call by redirect
SessionTransfer.asp - this page load session from DB and cal by redirect
SomeWebPage.asp - this page doesn't need now about other pages, it just use session.
Problem is, that it works only if SomeWebPage.aspx, SessionTransfer.aspx, SessionTransfer.asp and SomeWebPage.asp are in same folder, or in same "web pages" folder on iis.
How can i do it if SomeWebPage.asp will be in other web folder. On same IIS server, but it will be specific web?
I use IIS 5.1 for developing and finished program will run on IIS 6.0.
Problem was that it was different applications.
SessionTransfer.asp must be it same application like SomeWebPage.asp (it wasn't)
and
SessionTransfer.aspx must be it same application (pool) like SomeWebPage.aspx (it was)
It ws teddy-bear problem. When we start discus about this, i realized where is problem :-D
thanks amit_g

Webresource.axd doesn't load on my asp.net application running on my web farm

I'm working on an ASP.net web application. I'm getting errors on some of my pages where I get runtime JavaScript errors.
I've narrowed the problem down to a single ASP Menu control on the master page. I created a blank page with just the ASP Menu control. The ASP Menu control is bound to Web.sitemap. The page intermittently gives runtime errors.
However, if I refresh the page, the error may or may not appear on any given page load. Sometimes, it works; sometimes, the browser throws runtime errors when loading the page or when I mouse over the ASP Menu control.
When I catch the error in Visual Studio, the message is "microsoft jscript runtime error 'sys' is undefined". When I Google for this message, I find that it is usually associated with AJAX. However, the ONLY thing on the page is a single ASP control.
There is absolutely no Javascript on the page except for what gets generated by the .net framework.
What could be causing this problem?
UPDATE I've found out that my environment actually has load balancing with a web farm of three servers servicing the URL. When I access the application on any one of the servers individually by IP address, everything works fine.
To clarify, I understand that when a user hits the public-facing URL, it resolves to x.x.x.1. x.x.x.1 is the address for a switch which routes the request to either x.x.x.2, x.x.x.3, or x.x.x.4.
When I use the public-facing URL, I find that some of the axd file requests are intermittently rerouted to Error.aspx! WTF!?!?!?!?!?
I'm told that this is the result of a security feature that is meant to protect me from cross-site scripting and other assorted bad stuff. What can I do?
Update After taking out some error page auto-redirects, I get a more meaningful error message: ASP.NET Ajax client-side framework failed to load.
Make sure all the servers have the same asp.net version. Something that could affect it, is partially applying the recent Microsoft patch for the padding oracle vulnerability (to some servers, instead of All)
Make sure all the servers use the same machine key. When doing so either use protected sections or configure it at the machine level web.config / learn from the recent vulnerability to protect sensitive information in the web.config.

IIS 5 & ASP.NET MVC Directory Browsing Problem

We configured IIS 5 by mappping * to asp.net handler so that ASP.NET MVC works. After configuring this, directory browsing is not working.
Also uploadify jquery plugin is not working. Showing IO error 2038.
Can someone please suggest us how to enable directory browsig with ASP.NET MVC configurations on IIS 5?
I don't think that you'll be able to get directory browsing to work with ASP.NET MVC in the same application. When you added the wildcard mapping, you told ASP to handle every request. If the request doesn't map to an actual file, it will try to match a route in MVC. If there isn't a matching controller with an index (assuming that's your default) action, then it will fail.
My suggestion is to split your web site into "application" and "content". Set up the application as a separate web site and apply the wildcard mapping there. Leave your content with the original configuration. I don't use IIS5 any more -- with one exception on an old XP development box -- I'm afraid that can't really be of more help.
If I were you, though, I'd upgrade to a more recent OS and web server. Expecting new technology to work on a decade-old platform is very optimistic.

Re-publishing an ASP.NET Web Application While Site is Live

I am trying to get a grasp on how to handle updates to a live, functioning ASP.NET (2.0 or greater) Application while there are users on the site.
For example, suppose SO is an ASP.NET Web Application project. The project code compiles down to the single .DLL in the BIN folder. Now, there are constantly users on SO, so what would happen to users' actions/sessions if you would use the Visual Studio .NET "Publish" feature (or just FTP everything again manually) while they are using the site?
Would creating an ASP.NET Web Site, instead, alleviate any problems that may or may not exist with the scenario above? I am beginning to develop a web site as a user-driven Web Application, and I want to make sure that my inexperience with this would not potentially annoy the [potentially] many users that I [want to] have 24/7.
EDIT: Sorry, I should have put this in a more exact context. Assume that this site is being hosted by a web hosting service with monthly fees. I won't be managing the server itself, just what the web host allows as a user of their services.
I create two Web sites in IIS. One is the production Web site, and the other is a static Web site with an HttpHandler that sends all requests to a single static "We're updating" HTML page served with an HTTP 503 Service Unavailable. Typically the update Web site is turned off. When it's time to update, we stop the production Web site, start the update Web site, and now we can fiddle with the production Web site all we want without worrying about DLLs being locked or worker processes needing to be spun down.
I started doing this because
App_Offline.htm really does not work well in Web Gardens, which we use.
App_Offline.htm serves its page as 404, which is bad if you're down for a meaningful period of time.
We can start the upgraded production Web site with modified settings (only listening on localhost), where we can do a last-minute acceptance/verification that everything is working before we flip the switch, turning off the update Web site and re-enabling the production Web site.
Things this does not solve include
Any maintenance that requires a restart of the server--you still have downtime where no page is served.
Any maintenance that diddles with the .NET runtime, like upgrading to the latest service pack.
Other approaches I've seen include
Having two servers. Send all load balancing requests to one server, upgrade the other one; then rinse and repeat. Most of us don't have this luxury.
Creating multiple bin directories, like bin-1.0.0.0 and bin-1.1.0.0 and telling ASP.NET which bin directory to use in the web.config file. (One advantage of this is that reverting to a previous binary is just editing a config file. A disadvantage is that it's harder to revert resources that don't end up in your binaries, like templates and images and such.) I don't remember how this actually worked--I think the application did some late assembly loading in its Global.asax based on its own web.config section (since you touched the web.config, the app had restarted, so it was okay).
If you find a better way, let me know!
Changing to the asp.net web site model won't have any effect, as the recycle will also happen, some of changes that trigger it for sure: web.config, global.asax, app_code.
After the recycle, user will still be logged in because asp.net will just validate the syntax. That is given you use a fixed machine key, otherwise it will change on each recycle. This is something you want to do anyway as other stuff can break if the key change across requests i.e. viewstate validation, embedded resources (decryption of the url fails).
If you can put the session out of process, like in sql server, you will avoid loosing the session. If you can't, your code will have to consider that. There are plenty of scenarios where you can avoid using session, and others were you can wrap it and re-retrieve the info if the session was cleaned. This should leave you with a handful specific cases that you know can give trouble to the users, so for those you do some of the suggestions others have already made.
One solution could be to deploy your application into a load balanced environment (web farm).
When deploying a new version you would use the load balancer to redirect requests to the server you are not deploying to.
App_offline.htm is great solution for this I think.
in SO we see application currently unavailable page when a deployment begins.
I am not sure how SO handles it.. But we usually put a holding page. So what ever the user has done (adding question or answering questions) does not get updated. As soon as he updates something he will see a holding page asking him to try after sometime.
And if I am the user I usually press the back button to make sure what I entered is saved in the browser history so that I can post later.
Some site use use are in clustered environment so I take one server offline and inform the load balancer that she will not be available and once I make sure that the new version is working fine I make it live.. I do the same thing for the next server.
Do we have any other option?
It is not a technical solution, but set up a scheduled maintenance window. You can annoucement in advance giving your user base fair warning that there is a possiblity that the application will not be available during that time frame.

Resources