I have a web application developed in VS2013
ASP.NET MVC 5
NInject for IoC
Sql Server 2008 R2 for a backing store (ADO, not Entity Framework, for DAL)
IIS 7.5 (Not a web garden, max processes = 1)
PostSharp 3.1.46.0
I have been developing and deploying on my local machine this application to a development server for months with not too many issues.
App Pool is .Net 4.0 Integrated, using the ApplicationPoolIdentity
Anonymous and Forms authentication are enabled. Anonymous is set to use the App Pool identity
File permissions are set for the application folder to give IIS AppPool\[mypool] read, list, execute access. (I tried full access, once, and it didn't help)
Last week, the development server reports a 401 (sc-status:401 sc-substatus:0 sc-win32-status:0) instead of showing me any forms from a remote connection. Local connections, that is, when I access the app on the sandbox, or if I log on to the development server and access it locally, work as expected. Any request from a remote machine fails.
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
I tried recreating the app pool and re-assigning the app to it. I tried aspnet_iisreg -ir. I went through most of the "Similar Questions" to the right of this edit box, trying to find something close to my issue. I erased the application from the server and redeployed to a new app, with new name and a new physical folder. KB2545850 hotfix didn't help.
My deployment strategy is an xcopy of everything but the web.config(s) I maintain the web.config separately. Please help diagnose.
In ASP.NET MVC Deploying an app with forms authentication to IIS 7.5 it says:
If you have a path leading to an eventual [Authorize] attribute, that will cause this -
removing the RenderAction or allowing that action to render without [Authorize] fixes it.
That was similar to my issue. I have a global filter to Authorize. I recently added a partial view in a controller to display a serial number. I added that partial to the _Layout, without the AllowAnonymous. Since the login form used the layout, which used this partial, I couldn't log in until I logged in.
Adding an [AllowAnonymous] to the action resolved this issue. I am thinking about how to more easily detect this for when it happens to me again.
Related
After a company forced Windows 10 update today, the Application Pool required by a local web application keeps stopping/crashing displaying the message
Service Unavailable
HTTP Error 503. The service is unavailable.
I have checked the the below similar posts and followed the solutions provided with no luck.
#1 - https://stackoverflow.com/questions/47338226/iis-10-0-apppool-crashing-causing-503-error
For hosting .Net Core applications in IIS, .Net CLR Version of
application pool should be No Managed Code as shown in below
screenshot.
#2 - https://stackoverflow.com/questions/50244861/iis-10-app-pool-keeps-stopping-due-to-aspnetcore-dll-failed-to-load
Go to the drive your IIS is installed on, eg. C:\inetpub\temp\appPools\
Delete the directory (or virtual directory) with the same name as your app pool.
Recycle/Start your app pool again.
I have also followed the Microsoft instructions. Made sure to first follow the steps in "Turn Windows features on/off) and then installing the ASP.NET Core hosting bundle as instructed.
#3 - https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-2.1&tabs=aspnetcore2x
I'm not having any luck.
Here's my setup App Pool
Here's my setup Site
I've done everything I know. Does anyone have this same experience and can share a solution?
As always, a big thank you to the experts out there!
UPDATE:
I created a new AppPool with Identity "ApplicationPoolIdentity" setting. The page will run however I need to connect to a SQL Server instance with my own credentials because we use Windows authentication on most of the pages. When I create a new AppPool with my credentials it will not stay running.
I want to use ASP.Net Directives in a TXT file. Typically, I would add a handler mapper for that. But how can I do that in Azure App Service? Adding the following handler (D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll):
generates the following exception:
Most likely causes: IIS received the
request; however, an internal error occurred during the processing of
the request. The root cause of this error depends on which module
handles the request and what was happening in the worker process when
this error occurred. IIS was not able to access the
web.config file for the Web site or application. This can occur if the
NTFS permissions are set incorrectly. IIS was not able to
process configuration for the Web site or application. The
authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET
Extensibility Feature is not installed.
Things you can
try: Ensure that the NTFS permissions for the
web.config file are correct and allow access to the Web server's
machine account. Check the event logs to see if any
additional information was logged. Verify the permissions
for the DLL. Install the .NET Extensibility feature if the
request is mapped to a managed handler. Create a tracing
rule to track failed requests for this HTTP status code. For more
information about creating a tracing rule for failed requests, click
here.
and I don't think there is much I can do with the suggestions.
So what's the right way to map static file to ASP.Net pipeline in Azure App Services?
In Azure web service, we don't have to use aspnet_isapi.dll to use ASP.Net pipeline because the built-in server is IIS. We can see below screenshot, i published a ASP.NET Core to Azure web app, and we can see the Microsoft.Owin.Host.SystemWeb.dll under the root folder, this means that my ASP.NET Core application is hosted in IIS. (Besides IIS, are there any other better servers to support OWIN?).
Thus, if you are using ASP.NET Core and you want to use IIS pipeline, i think it is impossible because the IIS is just a reverse proxy server in this situation. You need to delete the Microsoft.Owin.Host.SystemWeb.dll and modify the web.config file (I tried and worked) but doing this will cause your ASP.NET Core application crashing.
If you are using ASP.NET Framework or just a simple static web, we can do it with our code and web.config.
can anyone please tell me whether a asp.net mvc 5 web application can be hosted on IIS 7.5?seems has this issue:HTTP Error 503.
and the IIS application pool was stopped when request this web.
it's very strange,when I change website application pool named "A" to another named "B"("B" is an app pool for an asp.net mvc4 web application), then the site run well."A" is the same setting as "B".not really know what had happened.is related section of the web.config ?please help.
I had the same problem and found it was caused by permission problems creating the user profile in C:\Users. I gave ApplicationPoolIdentity full permissions to the C:\Users folder, started the site and everything worked, the profile must have been created properly, and my site worked as it should. I then removed access to C:\Users from ApplicationPoolIdentity.
Site wont start on local using ApplicationPoolIdentity, only when using NetworkService: "HTTP Error 503. The service is unavailable."
I have a web role that hosts 4 MVC 4 sites. One of the sites (let's call it the API site from now on) uses both MVC and Web API. When I upgrade the web role, the Web API controllers from the API Site returns a 500 Internal Server Error to all requests. The MVC controllers work as expected and I know the request is getting at least as far as the Application_BeginRequest method of the global.asax. I'm not seeing anything logged in my Elmah log. The only hint I have of anything being wrong is the following in the event log:
The application '/' belonging to site '1' has an invalid AppPoolId 'DefaultAppPool' set. Therefore, the application will be ignored.
As web roles use App Pools with guids as identifiers I don't know where this is coming from.
What is most confusing is that once I recycle the app pool for the API site (which is a guid) everything starts working correctly.
I've tried recyling the app pools as part of a startup task on the role, but that doesn't seem to make any difference.
Any suggestions about what I can do to get Web API to start correctly?
I never did find what was causing this issue.
It got to a point where I could deploy from my machine and not get the problem, but my colleague could not.
We tried comparing the contents of the .cspkg files that were produced, but didn't find any differences.
We are now both able to deploy the project with no problems.
My suspicion is that this was resolved when we upgraded the Azure SDK and tools on our machines.
My Setup: W2K8-R2 IIS7.5 x64bit servers (app pool is running in 32bit, though)
We have a (.net 4.0) web application that runs under the "ApplicationPoolIdentity". It has "Windows Authentication" enabled. The web app calls a web service on different (older - W2K3 II6) web server (same domain). The web service requires Windows Authentication as well.
On some of our web servers, this works well and I can see that the Web App calls the web service and identifies itself as the machine name for the web server it is running on (as expected). However on other web servers the application will not identify itself when it calls the web service and thus gets a 403 error (this is confirmed by looking at the IIS logs for the web service).
I've compared the web servers that work versus those that don't and I can't find any significant differences. (I compared the ApplicationHost.Config files from both sites and with the exception of a few encryption keys they are identical).
Any thoughts on what could be causing the App Pool Identity on the bad machines to forgo identifying itself? Did we set something up on one web server and miss it on the other?
If not, can someone recommend tools that could be used to track down what's going on?
Thanks for any help.
For anyone else who find this question, it is answered is several places :
Granting write permissions to a networked UNC folder for ASP.NET under IIS 7.5 and Windows Server 2008 R2
IIS application using application pool identity loses primary token?
DirectoryServicesCOMException 80072020 From IIS 7.5 Site Running Under ApplicationPoolIdentity
ApplicationPoolIdentity cannot access network resources
https://serverfault.com/questions/217547/applicationpoolidentity-iis-7-5-to-sql-server-2008-r2-not-working
Summary: Install MS HotFix KB2545850 and learn the details about this bug in KB2672809 which also shows how to reproduce this issue.
An update in case anyone runs into this... We realized that the common thread between servers that worked was that they had been rebooted recently. After rebooting the problem servers, they too started working.
At this point I can't explain what the issue was, but it appears a reboot solved it. I will update if the problem reoccurs.