InvalidProgramException in System.ServiceModel.Dispatcher.ClientRuntime after KB2742595 - iis-7.5

When ever I install the security Patch KB2742595 on my web server I'm start getting the " Exception type: InvalidProgramException
Exception message: Common Language Runtime detected an invalid program.
at System.ServiceModel.Dispatcher.ClientRuntime..ctor(String contractName, String contractNamespace)"
Stack trace: at System.ServiceModel.Dispatcher.ClientRuntime..ctor(String contractName, String contractNamespace)
at System.ServiceModel.Description.DispatcherBuilder.BuildProxyBehavior(ServiceEndpoint serviceEndpoint, BindingParameterCollection& parameters)
at System.ServiceModel.Channels.ServiceChannelFactory.BuildChannelFactory(ServiceEndpoint serviceEndpoint, Boolean useActiveAutoClose)
at System.ServiceModel.ChannelFactory.CreateFactory()
at System.ServiceModel.ChannelFactory.OnOpening()
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
The configuration is W Server 2K8 SP1 and communicating the WCF service over nettcp.
Please help.

Related

Getting error falling CreateServerCertificateAsync: Could not get server cert while using test certs at IoT Edge device(azure)

I am trying to enable certs at the IoT Edge device end I am using the demo certs but the iothub module is failing with below error
2021-04-27 02:08:48.364 +00:00 Edge Hub Main()
Unhandled exception. System.AggregateException: One or more errors occurred. (Error calling CreateServerCertificateAsync: Could not get server cert
caused by: internal error)
---> Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadCommunicationException- Message:Error calling CreateServerCertificateAsync: Could not get server cert
caused by: internal error, StatusCode:500, at: at Microsoft.Azure.Devices.Edge.Util.Edged.Version_2019_01_30.WorkloadClient.HandleException(Exception ex, String operation) in /home/vsts/work/1/s/edge-util/src/Microsoft.Azure.Devices.Edge.Util/edged/version_2019_01_30/WorkloadClient.cs:line 109
at Microsoft.Azure.Devices.Edge.Util.Edged.WorkloadClientVersioned.Execute[T](Func`1 func, String operation) in /home/vsts/work/1/s/edge-util/src/Microsoft.Azure.Devices.Edge.Util/edged/WorkloadClientVersioned.cs:line 77
at Microsoft.Azure.Devices.Edge.Util.Edged.Version_2019_01_30.WorkloadClient.CreateServerCertificateAsync(String hostname, DateTime expiration) in /home/vsts/work/1/s/edge-util/src/Microsoft.Azure.Devices.Edge.Util/edged/version_2019_01_30/WorkloadClient.cs:line 35
at Microsoft.Azure.Devices.Edge.Util.CertificateHelper.GetServerCertificatesFromEdgelet(Uri workloadUri, String workloadApiVersion, String workloadClientApiVersion, String moduleId, String moduleGenerationId, String edgeHubHostname, DateTime expiration) in /home/vsts/work/1/s/edge-util/src/Microsoft.Azure.Devices.Edge.Util/CertificateHelper.cs:line 260
at Microsoft.Azure.Devices.Edge.Hub.Service.EdgeHubCertificates.LoadAsync(IConfigurationRoot configuration, ILogger logger) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/EdgeHubCertificates.cs:line 54
at Microsoft.Azure.Devices.Edge.Hub.Service.Program.MainAsync(IConfigurationRoot configuration) in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 54
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at Microsoft.Azure.Devices.Edge.Hub.Service.Program.Main() in /home/vsts/work/1/s/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs:line 33
Please find the config in /etc/aziot/config.toml file
trust_bundle_cert = "file:///home/azureuser/cert/certs/azure-iot-test-only.root.ca.cert.pem"
[edge_ca]
cert = "file:///home/azureuser/cert/certs/iot-edge-device-ca-test-device-ca-certs-full-chain.cert.pem"
pk = "file:///home/azureuser/cert/certs/iot-edge-device-ca-test-device-ca-certs.cert.pem"
[provisioning]
source = "manual"
connection_string ="HostName=XXXXXXXXX-dev.azure-devices.net;DeviceId=test-device;SharedAccessKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
I made a mistake while mentioning the path to the root ca. The issue is resolved

iOS xamarin - Crash on first launch while In app purchase

We have used Azure SDK in our xamarin app.
When we are login using google or Facebook using Azure in our app and then go for the subscription using In app purchase, app is crashing in iOS.
As soon as the In app purchase dialog is open, app is getting crashed.
Also, it is crashing while making subscription for the first time after app install. Then everything is working fine.
Please have a look below detailed error log.
2019-02-08 17:19:59.065 EarnieJr.iOS[4133:1596190] [AppCenterCrashes] ERROR: +[MSWrapperLogger MSWrapperLog:tag:level:]/7 Unhandled Exception:
UIKit.UIKitThreadAccessException: UIKit Consistency error: you are calling a UIKit method that can only be invoked from the UI thread.
at UIKit.UIApplication.EnsureUIThread () [0x00020] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIApplication.cs:89
at UIKit.UIControl.RemoveTarget (Foundation.NSObject target, System.IntPtr sel, UIKit.UIControlEvent events) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIControl.g.cs:235
at UIKit.UIControl.RemoveTarget (System.EventHandler notification, UIKit.UIControlEvent events) [0x00048] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIControl.cs:116
at UIKit.UIControl.remove_TouchUpInside (System.EventHandler value) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIControl.cs:182
at Xamarin.Forms.Platform.iOS.ButtonRenderer.Dispose (System.Boolean disposing) [0x00017] in <55e20ffeeae44e4d8fcf262393127192>:0
at Foundation.NSObject.Finalize () [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/Foundation/NSObject2.cs:143
2019-02-08 17:19:59.072 EarnieJr.iOS[4133:1596190] [AppCenterCrashes] WARNING: +[MSWrapperLogger MSWrapperLog:tag:level:]/7 Cannot serialize UIKit.UIKitThreadAccessException exception for client side inspection. If you want to have access to the exception in the callbacks, please add a Serializable attribute and a deserialization constructor to the exception class.
2019-02-08 17:19:59.082 EarnieJr.iOS[4133:1596190] Unhandled managed exception:
UIKit Consistency error: you are calling a UIKit method that can only be invoked from the UI thread. (UIKit.UIKitThreadAccessException)
at UIKit.UIApplication.EnsureUIThread () [0x00020] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIApplication.cs:89
at UIKit.UIControl.RemoveTarget (Foundation.NSObject target, System.IntPtr sel, UIKit.UIControlEvent events) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIControl.g.cs:235
at UIKit.UIControl.RemoveTarget (System.EventHandler notification, UIKit.UIControlEvent events) [0x00048] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIControl.cs:116
at UIKit.UIControl.remove_TouchUpInside (System.EventHandler value) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/UIKit/UIControl.cs:182
at Xamarin.Forms.Platform.iOS.ButtonRenderer.Dispose (System.Boolean disposing) [0x00017] in <55e20ffeeae44e4d8fcf262393127192>:0
at Foundation.NSObject.Finalize () [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/12.2.1.13/src/Xamarin.iOS/Foundation/NSObject2.cs:143
Version details are as below for used packages,
"Microsoft.Azure.Mobile.Client" Version="4.1.1"
"Plugin.InAppBilling" Version="2.0.0"
"Xamarin.Forms" Version="3.5.0.129452"
var billing = CrossInAppBilling.Current;
var purchase = await billing.PurchaseAsync("ProductId here", ItemType.Subscription, "devId");

Occasional 500s using Faces plugin - Delegates cannot be marshalled

We're using 3.4.3 of ImageResizer, and the elite plugins. It seems any trouble we’ve had have been related to the Faces plugin. Images will not show up, and upon looking at the network response, the stacktrace shows "Delegates cannot be marshaled from native code into a domain other than their home domain". Full trace is here
[NotSupportedException: Delegates cannot be marshaled from native code into a domain other than their home domain.]
System.Runtime.InteropServices.Marshal.GetDelegateForFunctionPointerInternal(IntPtr ptr, Type t) +0
System.Runtime.InteropServices.Marshal.GetDelegateForFunctionPointer(IntPtr ptr, Type t) +267
OpenCvSharp.CvInvoke..cctor() +328
[TypeInitializationException: The type initializer for 'OpenCvSharp.CvInvoke' threw an exception.]
OpenCvSharp.Cv.Load(String filename, CvMemStorage memstorage, String name, String& real_name) +222
ImageResizer.Plugins.Faces.FeatureDetectionBase`1.LoadFiles() +621
ImageResizer.Plugins.Faces.FeatureDetectionBase`1.DetectFeatures(Bitmap b) +82
ImageResizer.Plugins.Faces.FacesPlugin.PostPrepareSourceBitmap(ImageState s) +341
ImageResizer.Resizing.AbstractImageProcessor.PostPrepareSourceBitmap(ImageState s) +99
ImageResizer.ImageBuilder.Process(ImageState s) +60
ImageResizer.ImageBuilder.buildToBitmap(Bitmap source, ResizeSettings settings, Boolean transparencySupported) +276
ImageResizer.ImageBuilder.buildToStream(Bitmap source, Stream dest, ResizeSettings settings) +149
ImageResizer.ImageBuilder.BuildJob(ImageJob job) +1353
ImageResizer.ImageBuilder.Build(ImageJob job) +268
ImageResizer.ImageBuilder.Build(Object source, Object dest, ResizeSettings settings, Boolean disposeSource, Boolean addFileExtension) +124
ImageResizer.ImageBuilder.Build(Object source, Object dest, ResizeSettings settings, Boolean disposeSource) +36
ImageResizer.ImageBuilder.Build(Object source, Object dest, ResizeSettings settings) +23
ImageResizer.<>c__DisplayClass3.<HandleRequest>b__2(Stream stream) +287
ImageResizer.Plugins.DiskCache.<>c__DisplayClasse.<TryWriteFile>b__d() +593
ImageResizer.Plugins.DiskCache.LockProvider.TryExecute(String key, Int32 timeoutMs, LockCallback success) +424
ImageResizer.Plugins.DiskCache.CustomDiskCache.TryWriteFile(CacheResult result, String physicalPath, String relativePath, ResizeImageDelegate writeCallback, DateTime sourceModifiedUtc, Int32 timeoutMs, Boolean recheckFS) +517
ImageResizer.Plugins.DiskCache.CustomDiskCache.GetCachedFile(String keyBasis, String extension, ResizeImageDelegate writeCallback, DateTime sourceModifiedUtc, Int32 timeoutMs, Boolean asynchronous) +819
ImageResizer.Plugins.DiskCache.DiskCache.Process(IResponseArgs e) +209
ImageResizer.Plugins.DiskCache.DiskCache.Process(HttpContext context, IResponseArgs e) +47
ImageResizer.InterceptModule.HandleRequest(HttpContext context, String virtualPath, NameValueCollection queryString, IVirtualFile vf) +1687
ImageResizer.InterceptModule.CheckRequest_PostAuthorizeRequest(Object sender, EventArgs e) +1163
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
I found this page and ensured we weren't using overlapped recycling. I tried upgrading to 4.1.7, but it was a bit of a nightmare trying to get all the opencv versions/bitness to line up. The app would crash often and hold the rest of the sites depending on it hostage, so we rolled back to 3.4.3 which at least works, then doesn't. Our regular issues go away temporarily when we restart the IR app pool.
We have our web apps hosted on two VMS load-balanced by BigIP. Each VM has two web apps, and they share a single image resizer hosted on the same server as them which and utilizes the URL API to make resize requests, face detection + cropping, etc.
One other bit of info I was able to obtain was from DebugDiag. I grabbed a crash of the app with the following message:
In w3wp__ImageResizer__PID__5284__Date__06_14_2017__Time_08_23_10AM__122__First chance exception 0XE0434352.dmp the assembly instruction at KERNELBASE!RaiseException in C:\Windows\System32\KERNELBASE.dll from Microsoft Corporation has caused a CLR Exception on thread 28 with the following error information:
Type: ImageResizer.Plugins.Faces.AlternateResponseException
Message: Resizing was canceled as JSON data was requested instead
This exception originated from ImageResizer.Plugins.Faces.FacesPlugin.Render(ImageResizer.Resizing.ImageState).
Debug page can be found here

TLS on Windows Phone 7 - send client certificate in Bouncy Castle

I have problem with sending client certificate to server on Window Phone 7 by using Bouncy Castle.
I created my own TlsAuthentication and TlsCredential class inherited from interfaces. But in method
public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
return this.TlsCredentials;
}
an exception occurs.
Below is my exception:
An exception of type 'Org.BouncyCastle.Crypto.Tls.TlsFatalAlert' occurred in bouncywp71.DLL and wasn't handled before a managed/native boundary
A first chance exception of type 'System.IO.IOException' occurred in bouncywp71.DLL
An exception of type 'System.IO.IOException' occurred in bouncywp71.DLL and wasn't handled before a managed/native boundary
Internal TLS error, this could be an attack
at Org.BouncyCastle.Crypto.Tls.TlsProtocolHandler.FailWithError(AlertLevel alertLevel, AlertDescription alertDescription)
at Org.BouncyCastle.Crypto.Tls.TlsProtocolHandler.SafeReadData()
at Org.BouncyCastle.Crypto.Tls.TlsProtocolHandler.Connect(TlsClient tlsClient)
at MYAPP.MyTest2.Network.Security.MyTestSecureClient.HandleConnectionReady()
at SocketEx.TcpClient.InnerConnect(EndPoint myEndpoint)
at MYAPP.MyTest2.Network.Security.MyTestSecureClient..ctor(String host, Int32 port, TlsClient tlsClient)
at MYAPP.MyTest2.Network.Security.MyTestSecureClient..ctor(String host, Int32 port)
at MYAPP.MyTest2.Network.ConnectionManager.CreateConnection(String host, Int32 port)
at MYAPP.MyTest2.Network.ConnectionManager..ctor(String host, Int32 port)
at MYAPP.MyTest2.Network.MyTestService.CreateConnectionManager(String host, Int32 port)
at MYAPP.MyTest2.Network.MyTestService.Login(LoginRequestModel request)
at MYAPP.MyTest2.ViewModel.LoginViewModel.<Login>b__1()
at MYAPP.MyTest2.Common.Helpers.ThreadHandler.<>c__DisplayClass3`1.<Execute>b__0(Object x)
If anyone know how to fix this, please help me !
Regards,
Artur

.NET 4.0 client certificate validation error

I have the following code
var factory = new ChannelFactory<INewsClient>();
factory.Credentials.ClientCertificate.Certificate = GetCertificate();
factory.Endpoint.Address = new EndpointAddress("https://blabla.com/myservice/");
var binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
factory.Endpoint.Binding = binding;
var channel = factory.CreateChannel();
channel.GetNews();
It works in .NET 3.5, but not in .NET4.0. Bizzare huh?
The Certificate I am using doesn't validate on the local machine (no chain). In 3.5, the client cert's validity is irrelevant to establishing SSL, but when migrating to 4.0, the certificate is validated before being used for SSL. (I can see errors in the CAPI2 Event logs). Resulting in an ugly SecurityNegotiationException...
Stack Trace:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'pep.uat.dialectpayments.com'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ConsoleApplication2.Program.INewsClient.Get()
at ConsoleApplication2.Program.Main(String[] args) in d:\dev\ConsoleApplication2\Program.cs:line 44
In our security architecture, certs are validated against an LDAP directory on the server, therefore no need for clients to know the full chain.
Question is, how do I disable this new behaviour?
Ok, I'll provide my own answer here...
In a nutshell: It seems you cannot use a non-persistent CSP with .NET 4 for X509. I.e. Your CSP must have a KeyContainerName for it to work.
My GetCertificate() method was doing the following: (i.e. Non-Persistent)
var certificate = new X509Certificate2(#"C:\public.cer");
var rsa = RSA.Create();
rsa.FromXmlString("<RSAKeyValue>......</RSAKeyValue>");
certificate.PrivateKey = rsa;
return certificate;
Changing it to this makes my sample work in 3.5 and 4.0: (Setting KeyContainerName will create a physical entry in your crypto folders)
var certificate = new X509Certificate2(#"C:\public.cer");
CspParameters parameters = new CspParameters { KeyContainerName = "KeyContainer" };
var rsa = new RSACryptoServiceProvider(parameters);
rsa.FromXmlString("<RSAKeyValue>......</RSAKeyValue>");
certificate.PrivateKey = rsa;
return certificate;
For simplicity, I was trying to export the private key into a .pfx file, but couldn't using the first approach in .NET 4.0, but could using .NET 3.5. Somwhow, the private key is not exportable in .NET 4.0.
This link helped me fix it.
Still, would be nice to know what's changed between 3.5 and 4.0 here.

Resources