I’ve been asked to make changes to an existing MVC website, unfortunately the original developer of this site is no longer at the company, there isn’t any documentation and nobody actually knows much about it other than it current runs in our test & live environments. groan
Anyway when I set the project as the starting project and run it I get the following lovely white error page:
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
Not a massive amount for me to go on (for me at least).
So I checked in the web.config file and the authorization is set as:
<authorization>
<deny users=”?” />
</authorization>
If I change this to the code below I get a page saying it couldn’t be loaded, but it is a step further as I can at least get into the code a little.
<authorization>
<allow users="*"/>
</authorization>
The code does do some validation against Active Directory, which works, and I can get around that pesky security code by setting a break point and moving past the functionality. The code itself doesn’t do anything but return true if the user is valid (I move the breakpoint to this), or false if they are invalid. This is the only way I have been able to catch a breakpoint within my controller to see if anything happens, but nothing sticks out.
The code, as partial as it may be, is in a class which will use LINQ to get the right information.
public ReadOnlyCollection<Application> GetApplicationStatus()
{
using (ApplicationDBEntities context = new ApplicationDBEntities())
{
var results = (from parameters in context.Parameters
join application in context.ApplicationIds on parameters.ApplicationId equals application.ApplicationId1
where parameters.ParameterName.Equals("DateTime", StringComparison.OrdinalIgnoreCase) &&
!parameters.Application.Equals(0)
select new Application
{
ApplicationId = parameters.ServiceId,
ApplicationStatus = application.Status,
DateAdded = parameters.ParameterValue
}).ToList();
return new ReadOnlyCollection<Application>(results);
}
}
In the above code it will throw an EntityException when getting the results, the message in the exception is “The underlying provider failed on Open.” The specific line highlighted is var results = (from parameters in context.Parameters
With this I figured that either the code current live isn’t the same as what I have (hopefully not the case) or something else was up, which is when I spotted the Inner Exception message: Login failed for user 'NT AUTHORITY\\ANONYMOUS LOGON'.
The connection string is as follows:
<connectionStrings>
<add name="ApplicationDBEntities" connectionString="metadata=res://*/ApplicationDBModel.csdl|res://*/ApplicationDBModel.ssdl|res://*/ApplicationDBModel.msl;provider=System.Data.SqlClient;provider connection string="data source=MyServer;initial catalog=MyDB;integrated security=True;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
The SQL database that it is trying to get the information from is one that I have direct access to. Could this be that the IIS account doesn’t have access or something? Are there any tips or hints to try and find the root cause of this problem?
In your connection string there is intergated security = true, that means that your site try to get data from sql with authentication as user that runs application pool of IIS.
So you should run your iis application pool by user that have rights on db and, may be, on on other resources of your site.
Another possibility is that there is sql user to go to db an you should change connection string in config file.
Related
I have been developing Standard Logic Apps with SQL Server successfully for some time, but suddenly can no longer connect. I'm using Azure AD Integrated as my Authentication Type, which I know is OK as I use the same credentials in SSMS. If I try to create a new credential, it is apparently successful but on save the Logic App says "The API connection reference XXX is missing or not valid". Something has changed, but I don't know what ... help!
per above, this was submitted to M/S and has been resolved as follows: the root cause is if a Logic App Parameter name includes an embedded space the problem with SQL connections is triggered. This is a pernicious problem, as the error message is quite unrelated to the root cause. Further, since embedded spaces are supported in Logic Apps e.g. in Step Names, it is easy to assume the same applies across the board.
I have a SL navigation application, that currently runs on a shared hosting package with a 3rd party ISP. I can login, and register using the ASP.NET membership and role providers.
I have now setup a dedicated server, on which only my app will run. It does not yet have a domain name that points to it... I access it via an IP address.
I've copied the entire site (including the ClientBin and all the XAP's) to the new server, but the Authentication and Registration services don't work... they just return NotFound.
When I check Fiddler on the working site, this service is called :
www.myaddress.com/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
which of course succeeds. However, on the other site, the fiddler trace looks the same (because I just copied the site) :
123.123.123.123/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
but, the call fails with NotFound. Fiddler reports it as HTTP/1.1 500 Internal Server Error. When I open
http://localhost/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
on the server, I get the HTTP/1.1 500, as well as this description :
Handler "svc-Integrated" has a bad module "ManagedPipelineHandler" in its module list
Which leads me to believe that there is something wrong with my IIS config, as the exact same code is working on another system.
What is a "bad module"? How do I fix it?
Normally this type of error is that ASP.Net is not activated or that a handler for svc is not registered or registered correctly.
In your case is looks a bit different. It could be that you have .net framework 4.0 code that you are trying to run in a .net framework 2.0 application pool.
IIS 500 errors often show up with more information in the Windows Event log - if you can somehow get access to that?
Also I've noticed that often the server will actually send debugging output back to the client that everything seems to ignore. Have you checked the entire raw response that is coming back from the server to see if there are any clues there?
I followed the installation guide for an Apache Web Policy Agent, but it always results in an endless redirect loop between web and application server. Firefox says "The page isn't redirecting properly" and Chrome thinks that "This webpage has a redirect loop". The setup is an Apache 2 on port 80 with a small demo app and a Web Policy Agent, and a Tomcat 7 server on port 8080 with an OpenAM server (the former OpenSSO from Sun):
App URL http://hostname.example.com:80/ (App and Agent, running on Apache 2.2.16)
OpenAM Server URL http://hostname.example.com:8080/openam (running on Tomcat 7.0.12)
The Live HTTP Header Firefox plugin shows that the policy agent and the OpenAM server (i.e. the Apache and Tomcat servers) redirect to each other, although the server sets the SSO Token Cookie correctly. The name of the SSO Token Cookie has the default value "iPlanetDirectoryPro". Any idea how to solve the problem?
After a whole week I finally figured it out, with the help of Stackoverflow and the OpenAM Mailing list. There were two main problems: missing log files and missing cookie domains. Installing the OpenAM server and the Web Policy Agent is difficult, there are a lot of log files and many different configuration options. If you select the wrong options, it won't work. It is impossible to make it work without knowing what is going on, which can only be determined by a suitable log file.
Missing Log for Web Policy Agent : The log level must be set in the "Java properties" files. There are two "Java Properties" files for the Web Policy Agent, OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties. The log and debug level which is named com.sun.identity.agents.config.debug.level can and must be defined in both (!) files, and it should be set to the high level, all:4 or all:5. The format is important. Even if you do this, the AgentConfiguration.properties file is only used when the agent is not working in centralized config mode. The profile must be set to "local".
Missing Cookie Domain: Do not forget to enter the right Cookie Domain during the setup of the OpenAM server in the beginning, or add it afterwards if it is missing. On the OpenAM server, go to Configuration > System > Platform and change the Cookie Domain Value to your domain (for instace .example.com) if it is missing. Otherwise the browser will lose your cookie during the redirect process. Somehow I had an empty entry for the cookie domain at the OpenAM server, I guess a forgot a dot (example.com instead of .example.com) so that it was invalid (or something like that).
This troubleshooting site was helpful to locate the problem.
#0x4a6f4672, Your post was absolutely helpful . Some more to add to your answer. The following changes is what i had to do in the config to make it running, at-least getting it running it for alfresco.
com.sun.identity.agents.config.user.mapping.mode=USER_ID(Dont use HTTP_HEADER)
com.sun.identity.agents.config.user.attribute.name=uid
com.sun.identity.agents.config.user.principal=true(Dont use false)
com.sun.identity.agents.config.user.token=SsoUserHeader(Keep it as per what is specified in you application- in my case alfresco)
Now you are not running the Agent in centralised mode but in local mode the setting which is specified for profile attribute can be only set via property file so add the following.
com.sun.identity.agents.config.profile.attribute.fetch.mode=HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid]=SsoUserHeader(whatever you want the header to come in browser as)
As told by 0x4a6f4672, it is difficult to debug and unless you are in local mode , so switch to local mode immediately and start tracing the logs and make the property changes accordingly.
I've developed a DNN5 site for customer locally on my laptop and I am having problem moving it to a production server. Server is running Windows 2008 R2 (IIS 7.5). I've copied all the files, copied db, modified web.config to see the new db, checked to make sure dnn can see the db via connection string, made sure the directory permissions are correct (appdomain user has RW access to whole virtual directory) .. and it's failing me with following error message taken out of the portals/_default/logs directory:
<log LogGUID="a3f8aab9-36b6-4d95-a605-53b4b0b02c34" LogFileID="" LogTypeKey="APPLICATION_SHUTTING_DOWN" LogUserID="-1" LogUserName="" LogPortalID="-1" LogPortalName="" LogCreateDate="2/4/2011 11:52:57 AM" LogCreateDateNum="0" BypassBuffering="True" LogServerName="SERVER01" LogConfigID="">
<LogProperties>
<LogProperty>
<PropertyName>Shutdown Details</PropertyName>
<PropertyValue>The AppDomain shut down because of a change to the application level configuration.</PropertyValue>
</LogProperty>
</LogProperties>
</log>
I've been stuck on this for the last 3h .. so any hint's or advice is very appreciated.
Thanks!
Filip
Can you look in the EventLog table? I don't think that the log file there is going to be an accurate place to get all of your error messages. In particular, this isn't even an error, just a notification that a few days ago your application was restarted because of a change to the web.config file.
There may be multiple events logged at the same time, so try to take a look at the LogCreateDate attribute, and see if there are other events logged around the same time that might give more information.
Does the process running the website have access to the web.config? Can you double/triple-check, since it seems like the web.config file is being touched every time you try to hit the website? Could an upgrade routine be trying to update that on first run of the site?
I am using SQL Server 2008 Reporting Services and set mode remotely. All is going fine and reports running on my machine. I am not using report viewer control, but switch to browser.
Problem is that when I access the report from any other system in browser by providing required url. I m getting the following premission error:
Server Error in /ReportServer Application. Access is denied:
Description: An error is occured while
accessing the resources required to
serve for this request. You might have
not premission to view the requested
resources. Error message: 401.3 : You
dont have the premission to view this
directory or page using the
creditinals you supplied.
I have go through all step of this article "http://msdn.microsoft.com/en-us/library/ms365170.aspx" and set remotly premession but after all changes no success and getting same error.
Please some one can tell me or provide step list, that how can I set the premession? that the report can run from other machine. Quick and detail response will
This link should give you some more steps to follow to set up the permissions as this sounds like a permissions error.
http://technet.microsoft.com/en-us/library/aa337491.aspx
Also .... does it prompt for a username and password when you visit the site from another machine? if not you may need to add the required authentication methods into IIS (just an idea)
Then create a local (or domain) account for people to use to browse reports and use the properties tab on the report server home page to add them as 'Browser' type members.
When you visit the reports site from another PC it should prompt for sign in details (may not on a domain - not sure), if it errors before showing the home page then it is a security config issue, once you get in you may have a bit more tinkering to do to get the reports to run, but you tend to get slightly more verbose descriptions then so its not too hard to figure out and it normally database security permissions related.
Best of luck.
CB