I have an asp.net web form application running in a web farm?
All the machine keys are configured the same in web.config according to MSDN recommendation, still, it periodically throw out "System.Web.HttpException: Invalid viewstate.", and according to the stack.
It's in this line
Request : /{applicationname}/ScriptResource.axd +92
Note:{applicationname} is my application name.
see Erratic Invalid Viewstate issue in .net application
Related
I have used the Visual Studio template for an ASP.NET Webforms app with Azure AD authentication to create a simple web app. It works 100% fine locally. I can sign in, sign out, all good. Whenever I deploy to either AWS or Azure however, the behavior changes. The sign in still comes up fine, no issues at all, but after signing in, instead of taking me to the site, the browser just thinks for ages before dumping me to this error in the browser:
Server Error in '/' Application.
Runtime Error Description: An application error occurred on the
server. The current custom error settings for this application prevent
the details of the application error from being viewed remotely (for
security reasons). It could, however, be viewed by browsers running on
the local server machine.
Details: To enable the details of this specific error message to be
viewable on remote machines, please create a tag within
a "web.config" configuration file located in the root directory of the
current web application. This tag should then have its
"mode" attribute set to "Off".
I have tried adding the web.config setting and redeploying and it makes zero difference. Because I'm using App service on Azure for instance, I can't run the site on the actual web server as I don't have access to it. I tried looking at diagnostic log streaming, and got the below? Please help? Anyone? I have no idea why this isn't working. Interestingly, although I have asked that the site be http and it runs locally as http, once uploaded the url becomes https. Not sure if that' related.
From streaming logs (Azure)
HTTP Error 500.0 - Internal Server Error The page cannot
be displayed because an internal server error has occurred.
Most likely
causes: IIS received the request; however, an internal
error occurred during the processing of the request. The root cause of
this error depends on which module handles the request and what was
happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site
or application. This can occur if the NTFS permissions are set
incorrectly. IIS was not able to process configuration for
the Web site or application. The authenticated user does not
have permission to use this DLL. The request is mapped to a
managed handler but the .NET Extensibility Feature is not
installed. Things you can try:
Ensure that the NTFS permissions for the web.config file are
correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was
logged. Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped
to a managed handler. Create a tracing rule to track failed
requests for this HTTP status code. For more information about
creating a tracing rule for failed requests, click here.
Detailed Error Information:
Module __DynamicModule_Microsoft.Owin.Host.SystemWeb.OwinHttpModule,
Microsoft.Owin.Host.SystemWeb, Version=3.0.1.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35_79846f5c-7e22-4a97-8a1c-24bc400cf7db
Notification EndRequest
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x00000000
Requested
URL https://SimpleADApp:80/
Physical
Path D:\home\site\wwwroot Logon Method Not yet
determined Logon User Not
yet determined
More Information: This error means that there was
a problem while processing the request. The request was received by
the Web server, but during processing a fatal error occurred, causing
the 500 error. View
more information » Microsoft Knowledge Base
Articles:
I tried this:
runas /user: domain\user cmd with no luck
This seems to only occur now when IIS is reset and I try to resume my browsing session. So I am logged into the application, I reset IIS on the server, refresh the page and see the error.
I am building an application in .NET 4.0 MVC with a Secure Token Service that is using WIF 4.0. Everything works as expected, except this case. I even tried to use a custom error page, but the error is happening there as well. Because of that, I can't get the custom page to show either. Also, This is using a certificate that is located on both load balanced servers. This happens in my dev environment whihc consists of only one server (app, wfe, db operated there)
One thing I noticed is that if I switch my IIS APP Pool user back to Network Service account it doesn't throw the error any more. We have some restrictions (mostly network related) in the application that we need to use an account in our AD for the app pool sections
Anybody have any experience with this issue?
Key not valid for use in specified state.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details:
System.Security.Cryptography.CryptographicException: Key not valid for
use in specified state.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: Key not valid for use in specified state. ]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[]
encryptedData, Byte[] optionalEntropy, DataProtectionScope scope) +428
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +54
[InvalidOperationException: ID1073: A CryptographicException occurred
when attempting to decrypt the cookie using the ProtectedData API (see
inner exception for details). If you are using IIS 7.5, this could be
due to the loadUserProfile setting on the Application Pool being set
to false. ]
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +146
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[]
cookie, Boolean outbound) +113
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader
reader, SecurityTokenResolver tokenResolver) +647
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[]
token, SecurityTokenResolver tokenResolver) +105
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[]
sessionCookie) +262
Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken&
sessionToken) +76
Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object
sender, EventArgs eventArgs) +53
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+148 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
This issue is related to session cookies.
WIF protects session cookies using Data Protection API (DPAPI) by default, and the DPAPI is closely related to machine keys.
If the keys used to encrypt the session cookies change, it throws this exception.
It could be also related to your app hosting infrastructure.
if your app is running in an Network Load Balancer (NLB) environment
if you change the app pool settings (e.g., change the pool’s user)
More details about this scenario on the MSDN blog entry:
WIF 1.0 – ID1073 A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API Archive.Today Shortlink
Todd Foust (October 29, 2012)
So, if your app runs in NLB environment, you could :
Configure your load balancer to use sticky sessions. This means that your user will be directed to the same server during the session duration. (I’m not very fond of that one)
Use a certificate to encrypt the session cookies
set all web.config files to use the same machine key in system.web
If you are not running the app in a NLB env, you could try:
set the machinekey in your web.config to use a pre-defined value instead of auto-generated values
Regarding auto-generated machinekey setting, please see:
How unique is your machine key?Archive.Today Shortlink
I'm attempting to share .ASPXAUTH cookies between an ASP.NET MVC 4 application (in IIS 7.5) and a service using HttpListener on the same host.
The browser presents the cookies to both correctly, but my service receives System.Web.HttpException: Unable to validate data. at FormsAuthentication.Decrypt, which I would expect if the two applications were using different machine keys.
So: how do I find out if my machine is configured to use different machine keys?
the default setting of IIS is autogenerate machine-key and isolate per application
you can change this setting globaly in your machine.config or localy (per application) in your web.config
for details please see
http://technet.microsoft.com/en-us/library/cc772287(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc754909(v=ws.10).aspx
You can see the current setting for machine-key in IIS manager. For details, see http://blogs.msdn.com/b/amb/archive/2012/07/31/easiest-way-to-generate-machinekey.aspx
We're using the Jasig .NET CAS Client to interface with our organization's CAS SSO server.
However, we've noticed that in ASP.NET MVC 3 (and I would assume this affects ASP.NET WebForms as well) applications, when users log out, we see the following error in our error log:
System.Web.HttpRequestValidationException (0x80004005):
A potentially dangerous Request.Form value was detected from the client
(logoutRequest="<samlp:LogoutRequest...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.FillInParamsCollection()
at System.Web.HttpRequest.GetParams()
at DotNetCasClient.Utils.RequestEvaluator.GetRequestIsCasSingleSignOut() in C:\Projects\Jasig\CAS\dotnet-client\trunk\DotNetCasClient\Utils\RequestEvaluator.cs:line 292
at DotNetCasClient.CasAuthenticationModule.OnBeginRequest(Object sender, EventArgs e) in C:\Projects\Jasig\CAS\dotnet-client\trunk\DotNetCasClient\CasAuthenticationModule.cs:line 93
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I don't believe this is an error message users are receiving -- it seems to only be seen by the server. As far as the users are concerned, log out is successful.
Is there any way I can get ASP.NET MVC to stop trying to validate these types of requests? I know I can disable request validation completely, but that's out of the question. The site with a hyphen has a good question on this, but not really an acceptable answer:
add the following setting to the web.config:
<httpRuntime requestValidationMode="2.0" />
After setting this value, U can disable request validation by setting validateRequest="false"
So, is there any way to disable ASP.NET validation for this request without turning it off completely?
Edit: This is also tricky to debug because this request is coming from the CAS server, NOT from the user's browser. I think this is the CAS server attempting to notify all running applications that the user has signed out (single sign out). So we're only receiving this error in production, not when testing locally.
The dotnetcas client gets access to the request before it gets to an MVC controller action, so it is not possible to simply set the validation attribute on an MVC controller or action.
The target of this request seems to be the last URL that was validated, so it is not possible to disable validation for a specific path in your application by using this method either: http://erikbra.wordpress.com/2012/04/17/wif-saml-token-post-and-requestvalidationmode2-0/
From what I see you have a couple of options:
Disable this validation:
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
or
.Net 4.5 allows you to access a request before it goes through validation. If you have access to this you can re-compile the client from source, fixing the relevant issue.
I am not familar with Jasig .NET CAS but ASP.NET MVC allows you to disable request validation at the page level.
Add the following attribute to your controller action:
[ValidateInput(false)]
We have a simple piece of code here that recently stopped working and I have tried many 'things' to try and resolve the error.
The code
Application outLook = new Application(); :)
The error
Retrieving the COM class factory for component with CLSID
{0006F03A-0000-0000-C000-000000000046} failed due to the following
error: 80070005. Description: An unhandled exception occurred during
the execution of the current web request. Please review the stack
trace for more information about the error and where it originated in
the code.
Exception Details: System.UnauthorizedAccessException: Retrieving the
COM class factory for component with CLSID
{0006F03A-0000-0000-C000-000000000046} failed due to the following
error: 80070005.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.
To grant ASP.NET access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add
the appropriate user or group. Highlight the ASP.NET account, and
check the boxes for the desired access.
Now whilst the error is quite obvious I cannot resolve it.
The application is a .net 2.0 web application and the server is windows 2008 r2 standard using IIS 7.0
Thanks
Using Client appliactions on a server is always going to be problematic - there are other ways to access mailboxes.
That said, this might help:
http://technoblogy.net/retrieving-the-com-class-factory-for-component-with-clsid-00024500-0000-0000-c000-000000000046-failed-due-to-the-following-error-80040154/