How to configure Glimpse to work with virtual directories? - iis

My application has a virtual directory that points to a shared folder of images on a remote file server. When trying to access the images via the browser (like http://webserver/app/VD-alias/image.png) I get a "configuration error":
An error occurred loading a configuration file: Failed to start monitoring changes to '\\fileserver\sharedfolder\web.config'.
After a lot of investigating I suspect this is a security issue. However:
The AppPool uses Integrated pipeline identity is NETWORK SERVICE.
The file server only allows user domain access not machine account access (which is what the web server would use for this AppPool identity).
But in IIS, the virtual directory is configured to use specific domain account credentials to access the shared folder, so everything should be fine regarding access.
After a lot of investigation I realized that this had to do with the Glimpse defaultRuntimePolicy being On. When I turn it off, everything works fine. At the moment this is my Glimpse settings in web.config:
<glimpse defaultRuntimePolicy="On" endpointBaseUri="~/Glimpse.axd">
<runtimePolicies>
<ignoredTypes>
<add type="Glimpse.AspNet.Policy.LocalPolicy, Glimpse.AspNet" />
</ignoredTypes>
</runtimePolicies>
</glimpse>
So I'm wondering if Glimpse is not using the virtual directory credentials set by IIS? Or what else could Glimpse be doing differently that would prevent access to the images?
In any case, I was wondering if there was a way to prevent glimpse from interfering with that specific path or with images in general?
I've tried using:
<uris>
<add regex=".*uploads.*" />
</uris>
and
<uris>
<add regex=".*/.*\.png" />
</uris>
and
<contentTypes>
<add contentType="image/png" />
</contentTypes>
I've also tried changing the runAllManagedModulesForAllRequests. I've tried different IIS versions and the latest Glimpse version.
But none of them seem to make any difference except when I turn off Glimpse.
Has anyone faced this issue? I'm pretty sure it's reproduceable. How can I get Glimpse and my virtual directory to play nice?
Thanks in advance.

Related

How do I deploy Blazor WebAssembly Core Hosted Self-Contained App to IIS [duplicate]

This question already has an answer here:
asp.net core web api published in IIS after moved to different IIS server pc gives error 500.19 (0x8007000d)
(1 answer)
Closed 2 years ago.
I have developed a Blazor WebAssembly App that will be used on a Server running Windows 2012 on our Intranet. This is targeting .Net 5.0 Core Hosted and Self-Contained. I need to deploy to IIS 8.5 and have some questions.
When I add the website in IIS, do I point to the root deploy directory with the executable and web.config?
Is there anything else I need to do so that IIS will find the index file in the wwwroot sub-directory?
Is is appropriate to put the deploy directory for this app directly under inetpub?
The publish task created a rather large BlaorDebugProxy directory. This is for release so I don't understand why this was created. Is there a way to prevent this from happening?
I want to access the app using ServerName\AppName. If I create the site with 'AppName' for the host name, will that work or is there something else I need to do?
When I try to browse to the site from IIS, I get a 500.19 'The requested page cannot be accessed because the related configuration data for the page is invalid.' I have not made changes to the file as it was created by the publish process. It is:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\AppName.Server.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
<!--ProjectGuid: 60862cf1-bea8-48f4-8ae9-270f2f537927-->
Any ideas why this is not working?
PLEASE NOTE that this is using the SELF-CONTAINED model.
Also, I have made sure that the directory has granted full permissions to the App Pool Identity for this App.
The answer below and the supposed duplicate all refer to installing the framework. However, I thought that the whole point of the self-contained model is that it does not rely on an installed framework.
I have searched extensively and see many references that touch on these issues but nothing that says specifically how to get IIS (especially an older version) to host the self-contained model. The Microsoft pages talk about advantages and disadvantages and how to create the files but no details about how to host them or the other questions I listed above.
Has anyone done this successfully who can provide some guidance?
Thanks !
Firstly, please ensure that the Asp.net Core IIS Hosting Bundle installer has been installed on the server.
https://dotnet.microsoft.com/download/dotnet/5.0
Besides, the identity under where your web application runs in IIS should have full access to the root folder of your website. Try to grant the IUSR account full control to that physical path.
Last, please refer to the below link to hosting Core-based web application in IIS.
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-3.1
Feel free to let me know if the problem still exists.

MVC5 IIS7.5 Win7 routes return 404

I have been searching for a solution and have had no luck. I have seen plenty of questions on here where it is suggested to install KB980368, however I have the extensionless handlers in IIS so it did not need to install. I tried <modules runAllManagedModulesForAllRequests="true"> and no luck so then I tried <modules">
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules> and still no luck. I have my app pool running 4.0 integrated and am at a loss. All of the controllers/views follow the default route mapping yet no matter what I do I get a 404 not found on every view other than my default Home.
This is running on Win7 IIS 7.5 all updates applied. Deploying the same code to Server 2012 R2 IIS all the routes work and everything works.
Well after more head banging on the desk I found the issue is a virtual path in SSRS. This virtual path conflicts with the name of a view folder and it appears SSRS is intercepting the call. Disable SSRS service and now I get a 503. I updated my views and controller and now all works. What a shitty job of MS notifying you that SSRS is stealing the traffic before it even hits IIS.

Visiting an Azure Website while Publishing displays IIS Errors

I have an MVC app hosted on an Azure Website.
I have custom errors enabled and working (when not publishing):
<customErrors mode="On" defaultRedirect="~/Error/NotFound" xdt:Transform="Replace">
<error redirect="~/Error/NotFound" statusCode="404" />
<error redirect="~/Error/NotFound" statusCode="403" />
</customErrors>
When I publish the website from Visual Studio, if I try to visit the site while the dlls are being updated, I get a nasty IIS error.
I'm surprised that Azure doesn't wait to "tie down" the new version until the publication is complete, to avoid this scenario. Is there a way to achieve this "instantaneous switch" behavior?
And/Or - How can I prevent this error from being displayed?
I can't say this would be unusual. Depending on size of the deployment it may take a while for IIS to restart and reload leading to 503 Service Unavailable or similar errors in the meantime. CustomErrors won't help you here as the ASP.Net pipeline isn't even being reached at this point. What Azure Website level are you running on (Free, Shared or Standard?) If you can up the size of the instance to try and get things moving again more quickly.
I think you deployment is too slow. IIS detects changes in dll files and restart the app-pool automatically without waiting for the other dll files.
Try to set custom values in waitChangeNotification and maxWaitChangeNotification in web.config. Doing so you can ask IIS to wait for some seconds before restarting app-pool. I'm not sure if it works on Azure. On my on-premises IIS I use custom values that allow me to do a long deploy (about 5 seconds).
Documentation: http://msdn.microsoft.com/en-us/library/e1f13641(v=vs.85).aspx

Problems Deploying web application to iis

Built a web application with webmatrix, try to deploy locally to iis 5.1 for testing purposes so i added it to my wwwroot folder didnt work then i created a virtual directory. the home page works with this but my login created with web helper doesnt work...when i click login all i see is the browser sending login? and nothing happens....and my web deploy that i installed doesnt work either so i can deploy the site with dependencies to iis... also can it be deployed to windows server2003....any hints would be appreciated...
.
I am using Webmatrix3 and my web server is Windows Server 2008 R2 with IIS7. I just copy and paste my entire project directory from my local machine up to the IIS inetpub/wwroot directory. Then from within IIS7 I right click that directory (which is now in the tree under sites) and select "Convert to Application". Works every time.
I also had to add this to my Web.config to make it work in I.E. because of the forced compatibility mode issue:
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=edge" />
</customHeaders>
</httpProtocol>
</system.webServer>
I hope this helps!

Config Error: This configuration section cannot be used at this path

I've encountered an error deploying a site to a server. When trying to load the home page, or access authentication on the new site in IIS, I get the error:
Config Error: This configuration section cannot be used at this path.
This happens when the section is locked at a parent level. Locking is
either by default (overrideModeDefault="Deny"), or set explicitly by a
location tag with overrideMode="Deny" or the legacy
allowOverride="false".
More detail can be found here, in Scenario 7 matches my hex error code.
The solution given on the linked site above is to set Allow for overrideModeDefault in the section mentioned in my error, in the applicationHost.config file. In my case, under Security in system.webServer. But if I look at the applicationHost.config on my local computer, where the site is properly deployed already, that section is set to Deny.
If this solution is correct, how is my local instance running just fine with the same web.config? According to my applicationHost.config, that section should be locked, but it's not. I'd prefer to not change the applicationHost.config file, because there are many other sites running on that server. Is there another solution?
I had the same problem. Don't remember where I found it on the web, but here is what I did:
Click "Start button"
in the search box, enter "Turn windows features on or off"
in the features window, Click: "Internet Information Services"
Click: "World Wide Web Services"
Click: "Application Development Features"
Check (enable) the features. I checked all but CGI.
btw, I'm using Windows 7. Many comments over the years have certified this works all the way up to Windows 10 and Server 2019, as well.
You could also use the IIS Manager to edit those settings.
Care of this Learn IIS article:
Using the Feature Delegation from the root of IIS:
You can then control each of machine-level read/write permissions, which will otherwise give you the overrideMode="Deny" errors.
For Windows Server 2012 and IIS 8, the procedure is similar.
The Web Server (IIS) and Application Server should be installed, and you should also have the optional Web Server (IIS) Support under Application Server.
Browse to “C:\Windows\System32\inetsrv\config” (you will need administrator rights here)
Open applicationHost.config
Note: In IISExpress and Visual Studio 2015 the applicationHost.config is stored in $(solutionDir).vs\config\applicationhost.config
Find the section that showed up in the “config source” part of the error message page. For me this has typically been “modules” or “handlers”
Change the overrideModeDefault attribute to be Allow
So the whole line now looks like:
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Allow" />
After saving the file, the page loaded up fine in my browser.
Warning:
Editing applicationHost.config on 64-bit Windows
You need to unlock handlers. This can be done using following cmd command:
%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/handlers
Maybe another info for people that are getting this error on IIS 8, in my case was on Microsoft Server 2012 platform. I had spend couple of hours battling with other errors that bubbled up after executing appcmd. In the end I was able to fix it by removing Web Server Role and installing it again.
1. Open "Turn windows features on or off" by: WinKey+ R => "optionalfeatures" => OK
Enable those features under "Application Development Features"
Tested on Win 10 - But probably will work on other windows versions as well.
I ran these two commands from an elevated command prompt:
%windir%/system32/inetsrv/appcmd unlock config /section:anonymousAuthentication
%windir%/system32/inetsrv/appcmd unlock config /section:windowsAuthentication
As per my answer to this similar issue;
Try unlocking the relevant IIS configuration settings at server level, as follows:
Open IIS Manager
Select the server in the Connections pane
Open Configuration Editor in the main pane
In the Sections drop down, select the section to unlock, e.g. system.webServer > defaultPath
Click Unlock Attribute in the right pane
Repeat for any other settings which you need to unlock
Restart IIS (optional) - Select the server in the Conncetions pane, click Restart in the Actions pane
This Did the trick for me, for IIS 8 Windows server 2012 R2
Go to "Turn on Features"
Then go to all default setting , Next, Next, Next etc..
Then, select as shown below,
Then reset IIS (optional) but do it safer side.
This is an additional solution as its a generic problem everyone have different of problem and thus different solution. Cheers!
The best option is to Change Application Settings from the Custom Site Delegation
Open IIS and from the root select Feature Delegation and then select Application Settings and from the right sidebar select Read/Write
On Windows Server 2012 with IIS 8 I have solved this by enabling ASP.NET 4.5 feature:
and then following ken's answer.
To fix this open up the IIS Express applicationhost.config. This file is stored at C:\Users[your user name]\Documents\IISExpress\config\applicationhost.config
Update for VS2015+: config file location is $(solutionDir).vs\config\applicationhost.config
Look for the following lines
<section name="windowsAuthentication" overrideModeDefault="Deny" />
<section name="anonymousAuthentication" overrideModeDefault="Deny" />
<add name="WindowsAuthenticationModule" lockItem="true" />
<add name="AnonymousAuthenticationModule" lockItem="true" />
Change those lines to
<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<add name="WindowsAuthenticationModule" lockItem="false" />
<add name="AnonymousAuthenticationModule" lockItem="false" />
Save it and refresh Asp.net Page.
In our case on IIS 8 we found the error was produced when attempting to view Authentication" for a site, when:
The server Feature Delegation marked as "Authentication - Windows" = "Read Only"
The site had a web.config that explicitly referenced windows authentication; e.g.,
Marking the site Feature Delegation "Authentication - Windows" = "Read/Write", the error went away. It appears that, with the feature marked "Read Only", the web.config is not allowed to reference it at all even to disable it, as this apparently constitutes a write.
Seems that with IIS Express and VS 2015, there's a copy of the applicationHost.config file at $(solutionDir).vs\config\applicationhost.config so you'll need to make changes there. See this link: http://digitaldrummerj.me/iis-express-windows-authentication/
Make sure these lines are changed per below:
<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<add name="WindowsAuthenticationModule" lockItem="false" />
<add name="AnonymousAuthenticationModule" lockItem="false" />
In my case it was that on server was not enabled "HTTP Activation" under .NET Framework Features. So for Windows Server 2012 the solution which worked for me was:
Server Manager -> Add roles and features -> Features -> make sure that under .NET Framework of version you want to use is checked "HTTP Activation"
The Powershell way of enabling the features (Windows Server 2012 +) - trim as needed:
Install-WindowsFeature NET-Framework-Core
Install-WindowsFeature Web-Server -IncludeAllSubFeature
Install-WindowsFeature NET-Framework-Features -IncludeAllSubFeature
Install-WindowsFeature NET-Framework-45-ASPNET -IncludeAllSubFeature
Install-WindowsFeature Application-Server -IncludeAllSubFeature
Install-WindowsFeature MSMQ -IncludeAllSubFeature
Install-WindowsFeature WAS -IncludeAllSubFeature
The error says that the configuration section is locked at the parent level.
So it will not be directly 1 config file which will resolve the issue,
we need to go through the hierarchy of the config files to see the inheritance
Check the below link to go through the File hierarchy and inheritance in IIS
https://msdn.microsoft.com/en-us/library/ms178685.aspx
So you need to check for the app config settings in the below order
ApplicationHost.config in C:windows\system32\inetsrv\config. Change the overrideModeDefault attribute to be Allow.
ApplicationName.config or web.config in the applications directory
Web.config in the root directory.
Web.config in the specific website (My issue was found at this place).
Web.config of the root web (server's configuration)
machine.config of the machine (Root's web.config and machine.config can be found at - systemroot\MicrosoftNET\Framework\versionNumber\CONFIG\Machine.config)
Go carefully through all these configs in the order of 1 to 6 and you should find it.
I noticed one answer that was similar, but in my case I used the IIS Configured Editor to find the section I wanted to "unlock".
Then I copied the path and used it in my automation to unlock it prior to changing the sections I wanted to edit.
. "$($env:windir)\system32\inetsrv\appcmd" unlock config -section:system.webServer/security/authentication/windowsAuthentication
. "$($env:windir)\system32\inetsrv\appcmd" unlock config -section:system.webServer/security/authentication/anonymousAuthentication
I needed to change the SSL settings on a subfolder when i got this nice message. In my case following action helped me out.
Opened C:\Windows\System32\inetsrv\config\applicationHost.config
And changed the value from overrideModeDefault="Deny" to "Allow"
<sectionGroup name="system.webServer">
...
<sectionGroup name="security">
<section name="access" overrideModeDefault="Allow" />
</sectionGroup>
In my case, I got this error because I was operating on the wrong configuration file.
I was doing this:
Configuration config = serverManager.GetWebConfiguration(websiteName);
ConfigurationSection serverRuntimeSection = config.GetSection("system.webServer/serverRuntime");
serverRuntimeSection["alternateHostName"] = hostname;
instead of the correct code:
Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection serverRuntimeSection = configApp.GetSection("system.webServer/serverRuntime", websiteName);
serverRuntimeSection["alternateHostName"] = hostname;
in other words, I was trying to operate on the website's web.config instead of the global file C:\Windows\System32\inetsrv\config\applicationHost.config, which has a section (or can have a section) for the website. The setting I was trying to change exists only in the applicationHost.config file.
In my case, it was something else.
When I loaded the solution in a new version of Visual Studio, VS apparently created a new project-specific applicationhost.config file:
MySolutionDir\.vs\config\applicationhost.config
It started using the settings from the new config, instead of my already customized global IIS Express settings.
(\Users\%USER%\Documents\IISExpress\config\applicationhost.config)
In my case this was the setting that needed to be set. Of course it could be something else for you:
<section name="ipSecurity" overrideModeDefault="Allow" />
Received this same issue after installing IIS 7 on Vista Home Premium. To correct error I changed the following values located in the applicationHost.config file located in Windows\system32\inetsrv.
Change all of the following values located in section -->
<div mce_keep="true"><section name="handlers" overrideModeDefault="Deny" /> change this value from "Deny" to "Allow"</div>
<div mce_keep="true"><section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" /> change this value from "Deny" to "Allow"</div>
Can You try this:
Go to application path where you're getting deny error, right click
Properties->Security tab
In that, change the permissions and check the checkbox read and write. Then it will work without any error hopefully.
For Windows Server 2008 and IIS 7, the procedure is similar.
please refer to this:
http://msdn.microsoft.com/en-us/library/vstudio/bb763178(v=vs.100).aspx
in add role service, u will see "Application Development Features"
Check (enable) the features. I checked all.
In my case I was getting this error when attempting to update the authentication settings in IIS also in addition to browsing. I was able to remove this error by removing the authentication setting from the web.config itself. Removing a problematic configuration section may be less invasive and preferable in some cases than changing the server roles and features too much:
Section Removed:
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
I had the similar issue, but I used the following powershell script which helped me to achieve above steps in on button click.
#Install IIS
Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-Asp-Net45, Web-Mgmt-Console, Web-Scripting-Tools, NET-WCF-HTTP-Activation45, Web-Windows-Auth
the list of features can be added or removed based on the requirement.
I had an issue where I was putting in the override = "Allow" values (mentioned here already)......but on a x64 bit system.......my 32 notepad++ was phantom saving them. Switching to Notepad (which is a 64bit application on a x64 bit O/S) allowed me to save the settings.
See :
http://dpotter.net/technical/2009/11/editing-applicationhostconfig-on-64-bit-windows/
The relevant text:
One of the problems I’m running down required that I view and possibly edit applicationHost.config. This file is located at %SystemRoot%\System32\inetsrv\config. Seems simple enough. I was able to find it from the command line easily, but when I went to load it in my favorite editor (Notepad++) I got a file not found error. Turns out that the System32 folder is redirected for 32-bit applications to SysWOW64. There appears to be no way to view the System32 folder using a 32-bit app. Go figure.
Fortunately, 64-bit versions of Windows ship with a 64-bit version of Notepad. As much as I dislike it, at least it works.
I had the same issue.
Resolved it by enabling Application Server feature. Restarted iis
after that.
This worked for me
Also in IIS 8 you can solve this problem by changing the server to IIS Express. Goto debug->Properties
In the Web select the server as IIS Express from the dropdown and then rebuild the solution
To make a change at Application Level (Web.Config):
Please remove the Trust Level from the web.config:
Actually I was getting this error when I was trying to host my Website on the Hosting Server where I don't have control on their Server. Removing the above line from my Application web.config solved my issue.

Resources