I have implemented azure keyvault in my application and when I disable the Anonymous authentication and Enable te windows authentication in IIS I get the following error.
Server Error in '/' Application. Keyset does not exist Description: An
unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the
error and where it originated in the code. Exception Details:
System.Security.Cryptography.CryptographicException: Keyset does not
exist Source Error: An unhandled exception was generated during the
execution of the current web request. Information regarding the origin
and location of the exception can be identified using the exception
stack trace below.
Please help me to solve this.I am trying this in IIS express and published my application as a new website in IIS.
Related
I am getting this issue while publishing my .net core 3.1 app to azure app service.
I am able to publish the application but while hitting a url i am getting this error
Below are error details that i have found out in Event Viewer
" Login failed for user 'NT Service\SSISScaleOutMaster150'. Reason: Could not find a login matching the name provided. [CLIENT: ]"
NT Service\SSISScaleOutMaster150
Reason: Could not find a login matching the name provided.
[CLIENT: ]
I am also getting this icon when i am trying to publish it
denoting there are some warning in this section : Dependencies remote.
Other Details:
I am able to run application locally, I have a azure sql database which is connected to this, angular app as frontend and .net core 3.1 app as backend.
I have also tried creating a simple hello world app in .net core 3.1 and tried to deployed it. I am able to publish it and also able to run the url.
Kindly help me in this.
" Login failed for user 'NT Service\SSISScaleOutMaster150'. Reason: Could not find a login matching the name provided. [CLIENT: ]"
Judging from your error message, I think that when connecting to azure sql database, it may be filled in some places incorrectly.
Generally speaking, as long as the azure sql server can be used, the connection information is correct, and the yellow exclamation mark will not appear when adding Service Dependencies.
Troubleshooting steps:
1. Check login user NT Service\SSISScaleOutMaster150, whether you have the permission to log in to the database.
(I think there is a problem with this login user name, please check carefully. In Azure SQL, it is generally not in this format.)
① Use other tools such as SSMS to see if you can log in.
② If not, use the administrator to log in to azure sql server to check if the user name NT Service\SSISScaleOutMaster150 is in the user group.
2. Please check the azure sql server connection information, string, etc. To be consistent with the portal, local user name and password cannot be used, and the login information of azure sql server must be used.
I am able to authenticate a user when working locally, using the line
AuthenticationResult result = context.AcquireToken(resource,clientID, returnURI, PromptBehavior.Always);
Locally, I get the signin screen and the UserInfo.
When I publish the web app to Azure, the code above fails with this error
"Error HRESULT E_FAIL has been returned from a call to a COM component"
[COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component.]
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask(Task`1 task) +89
What causes this? I am publishing to the shared site (eg xxx.azurewebsites.net) -- so I don't have access to the server machine to make any changes --- beyond using the portal.
The code works as expected locally.
Also the javascript version (ADAL.js) works using the same tenant, clientID and returnURI
The token acquisition flow you are performing is meant to be ran on a desktop application, not a web one. The dialog that comes out on your desktop is driven by your local process and the existence of a local windows session. It cannot work within one web application, given that there is no windows session and the process is running elsewhere on a server machine.
Please refer to our samples to understand how to acquire tokens from a web app, anything with "openid" or "oauth" from https://github.com/AzureADsamples will work.
I have created a simple WebAPI application, I am able to "GET", "POST" without any problems.
Whenever I use a "PUT" I keep getting "IIS 7.5 Detailed Error - 500.0 - Internal Server Error".
This works OK on my local machine but not on our hosted web site (through an external provider).
This is the error that i am getting :
Server Error in Application "PORTAL.XXXXX.COM"
Internet Information Services 7.5
Error Summary
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred
Detailed Error Information
Module LiveStreamingHandler
Notification MapRequestHandler
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x80070585
Requested URL http://portal.XXXXXXXX.com:80/api/Organisation/4/
Physical Path C:\Inetpub\vhosts\hostingsite\httpdocs\Portal\api\Organisation\4\
Logon Method Bearer
Logon User Administrator
Most likely causes:
IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
Things you can try:
Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was logged.
Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped to a managed handler.
Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click http://go.microsoft.com/fwlink/?LinkID=66439
Links and More Information
This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.
I'm writing a script in powershell to lockdown a cloud environment website application. I have installed SSL, created groups/users in AD, disabled users, disabled app pools and and created app pools to summarize the script. Win 2008 r2 / iis7. When testing the site, I am getting a "403 Forbidden: Access is denied" When I check the system logs, I see the following three messages:
Level: Error
Source: WAS
Event ID: 5059
Application pool RiskChecker has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
Level: Warning
Source: WAS
Event ID: 5057
Application pool RiskChecker has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.
Level: Warning
Source: WAS
Event ID: 5021
The identity of application pool XYZAppPool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
What do these messages mean, and can anyone point me in the direction of how to resolve this? Thank you.
as monojlds says it's a credential issue - the error means the credentials you have entered for the app pool are incorrect or not in the right group.
is it a local user or a domain user? maybe the box can't authenticate against the domain being used? could the account be locked out? (that last one used to get me a lot)
on the IIS server you can test the credentials using runas on the command prompt.
runas /user:<username> cmd
it'll ask for you password and either launch another cmd or provide an error message. That'll help troubleshoot the user credentials.
Matt
I would recommend you to read here: http://technet.microsoft.com/en-us/library/cc735179(WS.10).aspx
Emphasis on the line quoted below:
If you set the application pool identity to a custom account, you will
have to ensure that the user credentials are valid and that the user
is a member of the IIS_USRS group.
I am hosting my web application on windows server 2008 with IIS 7.5,
I have 2 web applications:
1. the first one is the core sso (Single Sign-on) service with a login page.
2. another web application is hosted on the same web server which use the first app for sso.
I am using the WIF RTM to implementation the sso,
usually, it is running good without any problem, the user can login throw the sso and redirect back the start page.
but when I login throw the sso first, then restart the IIS, if I come back to the second application and refresh the page, I got the following error:
Server Error in '/' Application.
Key not valid for use in specified state.
Description: An unhandled
exception occurred during the
execution of the current web request.
Please review the stack trace for more
information about the error and where
it originated in the code.
Exception Details:
System.Security.Cryptography.CryptographicException:
Key not valid for use in specified
state.
Source Error: An unhandled exception
was generated during the execution of
the current web request. Information
regarding the origin and location of
the exception can be identified using
the exception stack trace below.
Stack Trace:
[CryptographicException: Key not valid
for use in specified state. ]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[]
encryptedData, Byte[] optionalEntropy,
DataProtectionScope scope) +425
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +59
[InvalidOperationException: ID1073: A
CryptographicException occurred when
attempting to decrypt the cookie using
the ProtectedData API (see inner
exception for details). If you are
using IIS 7.5, this could be due to
the loadUserProfile setting on the
Application Pool being set to false. ]
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[]
encoded) +151
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[]
cookie, Boolean outbound) +109
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader
reader, SecurityTokenResolver
tokenResolver) +634
Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[]
token, SecurityTokenResolver
tokenResolver) +105
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[]
sessionCookie) +239
Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken&
sessionToken) +59
Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object
sender, EventArgs eventArgs) +52
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+68 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously)
+75
________________________________________ Version Information: Microsoft .NET
Framework Version:2.0.50727.4927;
ASP.NET Version:2.0.50727.4927
the user session are stored by using SQLServer session mode, I am using a special database for this.
I have tried a lot and I cannot re-procedure this problem on my local computer (Windows7).
did anyone have similar experience? can you tell me how to solve this problem?
I finally solve this problem by change the application pool user to a local user.
the problem is probably caused by the sso is hosted on a 64bit OS, this problem does not exist if I host the sso on a 32bit computer (even I use a domain user for the application pool).
Now I use ApplicationPoolIdentity or NetWork Service, the exception disappeared after I restart IIS.
Thanks all you guys and I am so glad to share my solution with you.
There seems to be some kind of security issue when you have several apps sharing the same domain on Win Server 2008 with IIS 7.5
If you have urls http://ourdomain.com/app1 and http://ourdomain.com/app2 you can sign in on one app with WIF but when you access the other app you get this error. This is because the Cookie is for the domain but if it´s created by app1 then app2 can't access it.
So the solution is to either do as Aaron and use a specific user that has access rights or as we did, separate the apps on two different domains ie http://app1domain.com/ and http://app2domain.com/.
This could well be because your application pool user has no persistent user profile. To rectify this you can just run something as that user:
runas /user:<domain>\<user> cmd
And this will create the profile. Subsequently the data should be decryptable after restarting IIS.