I have 3 sites :
media.lmenaria.com -> Hosting Images
webservice.lmenaria.com -> Sending images url from database.
www.lmenaria.com -> Host Silverlight application and display images.
When I run page "http://www.lmenaria.com/silverlight.aspx". I am getting below exception. So what shpould I do ?
System.Security.SecurityException: Security error.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<EndGetResponse>b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass2.<BeginOnUI>b__0(Object sendState) at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.OpenReadAsyncCallback(IAsyncResult result)
I think, my all sites runing at same domain, so I don't need crossdomain xmls. Please let me know how Can I fix it.
I have tried to put corssdoamin xml media.lmenaria.com,webservice.lmenaria.com both, and working fine, but only at
www.lmenaria.com not working.
We are downloading images using WebClient.
Thanks in advance,
Laxmilal Menaria
Subdomains on the same domains are considered diffrent domain.
Consider the following scenario: http://www.myBank.com and http://api.myBank.com.
In that scenario you want to enable cross domain calls to http://api.myBank.com and strictly block those off to http://www.myBank.com.
You will need to add a ClientAccessPolicy.xml to allow access to the subdomain that hosts the services from the other subdomains (even the WWW subdomain).
Sincerely,
-- Justin Angel
Related
Our hosting company MijnHostingPartner.nl got hit badly by a cyber attack and most of their client's website have been down for weeks. I am a complete noob in coding, just working my way around it by using DNN to build a website. I've set up all the MSSQL DB's correctly and it's running smoothly for over a year now.
Since it's used daily by a small community of ten pin league bowlers - all results and news are displayed here - I'm getting quite the amount of complaints since it's down!
This is the error I get on both top-level as sub-level domains:
Server Error in '/' Application.
No http handler was found for request type 'GET'
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: No http handler was found for request type 'GET'
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): No http handler was found for request type 'GET']
System.Web.HttpApplication.MapIntegratedHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig, Boolean convertNativeStaticFileModule) +748
System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm) +589
[HttpException (0x80004005): Error executing child request for ~/ErrorPage.aspx.]
System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm) +1295
System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) +72
System.Web.HttpServerUtility.Transfer(String path) +45
DotNetNuke.Common.Initialize.CheckVersion(HttpApplication app) +845
DotNetNuke.Common.Initialize.InitializeApp(HttpApplication app, Boolean& initialized) +154
DotNetNuke.Common.Initialize.Init(HttpApplication app) +157
DotNetNuke.HttpModules.RequestFilter.RequestFilterModule.FilterRequest(Object sender, EventArgs e) +258
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +195
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +88
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3282.0
Does anyone have a clue what I'm talking about? 'Cause I sure don't. Please, if you explain it to me, explain in a way your dog would understand, if that's even possible.
Many thanks,
Robbe
If you are using a third-party hosting solution I would guess that you don't have the ability to change the values referenced in the comments section.
This error appears to be a very low-level issue with the server not being configured for ASP.NET hosting. (The underlying technology used by DNN.)
I'm not confident that you will have the ability to fix this without them. However, you have a few options.
Get the information on this error to the hosting provider. The key will be to determine if ANY services work A great check is to see if you can get the DNN Keep Alive to work. You can get to that via http://yoursite.com/keepalive.aspx
Extract a copy of the site files & database and move to another host. This is typically an easy option, but I would caution you that it would be prudent to have the site scanned for any potential malicious impacts PRIOR to moving to a new hosting provider unless you know for sure what the impact was to your hosting provider.
This is never a good situation, but one that you should be able to get past. If needed, this could be a time to reach out to someone that knows this stuff well, as there are a lot of little risks associated with a potentially compromised solution.
I am seeing a strange problem where my Silverlight application is failing to load due to an "Load operation failed for query.." and the reason is "Denied Access at System.ServiceModel.DomainServices.Server.DomainService.ValidateMethodPermissions"
If I browse to exactly the same page using IE 9 the request goes through and the silverlight application loads! This is happening on more than one server and their IIS and SQL Server have been configured the same as all other systems we set up.
With custom errors turned off I see the following stacktrace in Fiddler -
Denied Access#Detail#DomainServiceFaultDomainServices i)http://www.w3.org/2001/XMLSchema-instance# ErrorCode��#ErrorMessage�
Denied Access#IsDomainException�#
StackTrace�r at System.ServiceModel.DomainServices.Server.DomainService.ValidateMethodPermissions(DomainOperationEntry domainOperationEntry, Object entity)
at System.ServiceModel.DomainServices.Server.DomainService.ValidateMethodCall(DomainOperationEntry domainOperationEntry, Object[] parameters, List1 validationResults)
at System.ServiceModel.DomainServices.Server.DomainService.Query(QueryDescription queryDescription, IEnumerable1& validationErrors, Int32& totalCount)
at System.ServiceModel.DomainServices.Hosting.QueryProcessor.Process[TEntity](DomainService domainService, DomainOperationEntry queryOperation, Object[] parameters, ServiceQuery serviceQuery, IEnumerable1& validationErrors, Int32& totalCount)
at System.ServiceModel.DomainServices.Hosting.QueryOperationBehavior1.QueryOperationInvoker.InvokeCore(Object instance, Object[] inputs, Object[]& outputs)
The site is in my trusted sites.
When I attach to the silverlight application and debug the authentication process it seems to go through fine and the user is validated. But then when it actually tries to run the queries against the service subsequent to this they fail with access denied!
I'm lost as to why this would be any different in IE 10, any ideas would be appreciated! Thanks.
Not 100% proved this yet, but appears the hotfix suggested in this post - IE10 User-Agent causes ASP.Net to not send back Set-Cookie (IE10 not setting cookies) fixes the issue.
It seems there was a problem with IIS not handling IE10 cookies properly and so the authentication cookie was being set initially then subsequently ignored.
I'm guessing our machine was out of date, windows update-wise, as I presume this fix must have been distributed by now. But have yet to confirm.
(Updated)
I've built a simple Silverlight 4 Bing Maps app using the VS2010 template.
Within the same solution I've got an ASP.NET project with a simple Web Service: ContentService.asmx.
I'm running both from my local machine for now.
I can invoke the Web Service from within an ASP.NET page with no problems.
However, try as I might, I can't get Silverlight to talk to it.
I try to invoke the Web Service from Silverlight as follows:
public BingMapAppPanel()
{
InitializeComponent();
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.None);
EndpointAddress endPoint = new EndpointAddress("http://localhost:49501/ContentService.asmx");
ContentServiceSoapClient contentService = new ContentServiceSoapClient(binding, endPoint);
contentService.GetAllCategoriesCompleted += new EventHandler<GetAllCategoriesCompletedEventArgs>(contentService_GetAllCategoriesCompleted);
contentService.GetAllCategoriesAsync();
}
void contentService_GetAllCategoriesCompleted(object sender, GetAllCategoriesCompletedEventArgs e)
{
MessageBox.Show(e.Result.Count.ToString());
}
It should output the count of the returned List object but instead it throws the following exception:
Bing Maps has encountered an exception. Please press CTRL+C to copy the error message text.
ErrorSource: Unhandled Exception.
ErrorType: System.Reflection.TargetInvocationException
ErrorMessage: An exception occurred during the operation, making the result invalid. Check InnerException for exception details.
ErrorCallStack:
at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at BingMapApp.Content.GetAllCategoriesCompletedEventArgs.get_Result()
at BingMapApp.BingMapAppPanel.contentService_GetAllCategoriesCompleted(Object sender, GetAllCategoriesCompletedEventArgs e)
at BingMapApp.Content.ContentServiceSoapClient.OnGetAllCategoriesCompleted(Object state)
InnerType: System.ServiceModel.CommunicationException
InnerMessage:
InnerCallStack:
at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
at System.ServiceModel.ClientBase`1.ChannelBase`1.EndInvoke(String methodName, Object[] args, IAsyncResult result)
at BingMapApp.Content.ContentServiceSoapClient.ContentServiceSoapClientChannel.EndGetAllCategories(IAsyncResult result)
at BingMapApp.Content.ContentServiceSoapClient.BingMapApp.Content.ContentServiceSoap.EndGetAllCategories(IAsyncResult result)
at BingMapApp.Content.ContentServiceSoapClient.EndGetAllCategories(IAsyncResult result)
at BingMapApp.Content.ContentServiceSoapClient.OnEndGetAllCategories(IAsyncResult result)
at System.ServiceModel.ClientBase`1.OnAsyncCallCompleted(IAsyncResult result)
I've tried various crossdomain.xml and clientaccesspolicy.xml files, nothing works.
Any suggestions much appreciated - thanks.
Update
I changed the endpoint address to 127.0.0.1 instead of localhost and it worked!
EndpointAddress endPoint = new EndpointAddress("http://127.0.0.1:49501/ContentService.asmx");
Anyone know why?
I'm guessing you've added another Web project to your solution to host this WCF service? If so, it most likely is a cross domain issue, where the Silverlight application is attempting to communicate with a service on another domain than the one from which it originated (even though it's only the port number that differs. If possible, host the WCF service in the project that was created when you created the Silverlight application, and this will likely solve your problem. If you're still having trouble (or this wasn't the case), try using Fiddler to see what's happening behind the scenes. To get Fiddler to pick up the traffic however (it ignores localhost traffic), replace references to localhost in your URIs with ipv4.fiddler.
Hope this helps...
Chris Anderson
Note: I didn't see your edit before I posted this. That's a weird one!
Issue:
An issue exists whereby I cannot access my Self Hosted ADO.NET Data Services from my RIA applications.
My services are hosted separately to the web projects with the Rich Internet Applications (RIA)s.
I need to enable access from separate Silverlight (and Flash) client apps.
From Silverlight I get an exception (see below) when I try to make a call to the ADO.NET Data Service (which is Self Hosted separately). This I believe to due to Silverlight forbidding the cross domain call.
System.InvalidOperationException: An error occurred while saving changes. See the inner exception for details. --->
System.Data.Services.Http.WebException: Internal error at 'HttpWebResponse.NormalizeResponseStatus'.
at System.Data.Services.Http.HttpWebResponse.NormalizeResponseStatus(Int32& statusCode)
at System.Data.Services.Http.HttpWebResponse..ctor(HttpWebRequest request, Int32 statusCode, String responseHeaders)
at System.Data.Services.Http.HttpWebRequest.CreateResponse()
at System.Data.Services.Http.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Data.Services.Client.QueryAsyncResult.AsyncEndGetResponse(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Data.Services.Client.BaseAsyncResult.EndExecute[T](Object source, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.QueryAsyncResult.EndExecute[TElement](Object source, IAsyncResult asyncResult)
at System.Data.Services.Client.DataServiceQuery`1.EndExecute(IAsyncResult asyncResult)
at Curo.Silverlight.MainPage.<>c__DisplayClass1.<.ctor>b__0(IAsyncResult ar)
at System.Data.Services.Client.BaseAsyncResult.HandleCompleted()
at System.Data.Services.Client.QueryAsyncResult.AsyncEndGetResponse(IAsyncResult asyncResult)
at System.Data.Services.Http.HttpWebRequest.ReadyStateChanged()
System.Data.Services.Http.WebException: Internal error at 'HttpWebResponse.NormalizeResponseStatus'.
at System.Data.Services.Http.HttpWebResponse.NormalizeResponseStatus(Int32& statusCode)
at System.Data.Services.Http.HttpWebResponse..ctor(HttpWebRequest request, Int32 statusCode, String responseHeaders)
at System.Data.Services.Http.HttpWebRequest.CreateResponse()
at System.Data.Services.Http.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Data.Services.Client.QueryAsyncResult.AsyncEndGetResponse(IAsyncResult asyncResult)
Notes:
From what I have read, it appears that cross domain access is forbidden with regards to ADO.NET Data Services, which may result in my having to take another approach to the data access e.g. using a pure REST Framework..?
"The problem of Cross Domain ADO.NET
Data Services is more complex than it
sounds and it hasn't been solved.
I've discussed it with Microsoft for a
while now and the reason that it
doesn't work has to do with its using
a browser level transport and that
transport doesn't allow cross-site
scripting."
See:
http://forums.silverlight.net/forums/p/70925/170703.aspx#170703
I understand that I need may need to expose a ClientAccessPolicy.xml file which will define the access rules whilst restricting cross site scripting.
It is also noteworthy to mention that the RIA applications will be running on the same LAN.
Questions:
Is there a viable means for me to access the services from my RIA clients considering they will be running behind the same firewall? If so how?
How do I expose ClientAccessPolicy.xml from a Self Hosted ADO.NET Data Service exactly?
What way would you recommend proceeding in order to allow external access to my services?
- Different REST Framework?
- Host Services within same web project at the cost of separation?
- Any other advice...
Thanks.
I'm not sure I understand the full breadth of your problem, but at the very least, I would make sure I had a clientaccesspolicy.xml file and a crossdomain.xml file in the root folder of the service. It's important for the xml policy files to be in the root folder of the domain. For example, if your service is hosted in mycompany.com/services, the xml files need to be in the mycompany.com folder, not the services folder.
Here's an example of the ClientAccessPolicy.xml:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
And here's an example of the crossdomain.xml:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
I would recommend using both files for both flash and silverlight. Both files above will allow open access from all flash and silverlight apps, but that shouldn't be a problem if you're behind a firewall.
I had this exact problem in one of my behind-the-firewall silverlight apps and putting these files in place seemed to fix the problem. I would start with these files and go from there.
"The problem of Cross Domain ADO.NET Data Services is more complex than it sounds and it hasn't been solved. I've discussed it with Microsoft for a while now and the reason that it doesn't work has to do with its using a browser level transport and that transport doesn't allow cross-site scripting."
See: http://forums.silverlight.net/forums/p/70925/170703.aspx#170703
The cross domain policy is required by (as shown in the answer by Ben McCormack above).
By utilizing Yahoo pipes which is set up to allow cross domain access to aggregated feeds, you may be able to consume and external ADO.NET Data Services (formerly Astoria, now OData) from within a Silverlight application.
You will most likely lose the fidelity of querying the dataset that Odata gives you, but this could be recreated in the yahoo pipes.
The issue was not with the ADO.NET data services (OData), its was with Silverlight as does not allow cross domain calls.
I'm downloaded the code from John Papa's book here: http://silverlight-data.com/
and am sucessfully running the Chapter 7 example which allows you to press
a button and it reads RSS from digg.com and then displays it.
So, then I replaced the digg URL
http://services.digg.com/stories/topic/microsoft/?appkey=http%3A%2F%2Fwww.silverlight-data.com&count=20]
with my RSS feed:
http://tanguay.info/web/rss
but I get this error on the DownloadStringCompleted event:
Result 'e.Result' threw an exception of type 'System.Reflection.TargetInvocationException'
Error = {System.Security.SecurityException ---> System.Security.SecurityException: Security Error
bei System.Net.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
bei System.Net.BrowserHttpWebRequest.<>c__DisplayClass5.
I tried other RSS feeds, e.g.:
http://news.google.com/nwshp?hl=en&tab=wn&output=rss
and I get the same security error.
What can I do to avoid getting these errors so that I can consume these feeds from Silverlight?
If you try to access a website/url that differs from the url your silverlight application is run under you will need to set up a cross site policy file or access a site that has one allowing access.
Silverlight Cross Domain Policy File Checker
Silverlight cross domain policy file helpers
[edit added Tim Heuer's links]
HOW TO USE CROSS DOMAIN POLICY FILES WITH SILVERLIGHT
WORKING WITH SYNDICATED DATA
Also please see http://silverlight.net/learn/learnvideo.aspx?video=65672 and http://silverlight.net/learn/learnvideo.aspx?video=47174