NetworkService under IIS has empty AppData path - iis

Using IIS 8 on Windows 8, I've set up an application pool which runs with an identity of Network Service.
In the code for a page, I make calls to:
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
Both calls return null.
I've tried combinations <identity impersonate="true|false"/> as well as setting the Load User Profile setting to true|false in the application pool setting, but I always get a null result.
I would expect to get one of:
C:\Windows\ServiceProfiles\NetworkService\AppData\Local
C:\Windows\System32\config\systemprofile\AppData\Local
On another user's machine, they get the second folder as the path (IIS 7.5) even though the application pool runs as Network Service.
What could be happening with these profile folders?

In your %WINDIR%\System32\inetsrv\config\applicationHost.config look for <applicationPoolDefaults>. Under <processModel>, make sure you don't have setProfileEnvironment="false". If you do, set it to true.

I think you need the LoadUserProfile setting as well as one additional call from a console:
cd "%~dp0"
md appdata
This would create the required folder for the app pool user. I'm not sure if this will result in Environment.SpecialFolder.ApplicationData returning a correct path though.

Related

Random logouts with flask-login on IIS with FastCGI

I'm running a Dash/Flask app on Windows Server 2019 with IIS. I installed IIS with CGI, installed wfastcgi in the app's virtual environment, ran wfastcgi-enable as an administrator and specified the FastCGI application as a route handler in web.config using the virtual environment's python executable and wfastcgi.py file, etc.
That all went smoothly and the app is up and running. The app redirects to '/' to login if the user is logged out. This all works perfectly when I run the app on Flask's built-in server, but only works periodically (i.e. sometimes the user is no longer logged in, after the redirect, or refreshing the page logs out the user by chance) in this IIS/fastcgi setup. I use flask-login to login and authenticate users, following closely the example given here: https://github.com/RafaelMiquelino/dash-flask-login.
I also tried to configure flask-login's remember me functionality to persist the login after browser close, but this didn't change the mentioned issues.
Has anyone else experienced this? I'm open to any ideas on why I'm experiencing this strange (session?) behavior with IIS and FastCGI.
Thanks!
EDIT:
Moreover, I did some more tests and found that it is not only random logouts, but also some kind of "random logins":
1. User logs in at login page and is redirected to the "real" content located under /success: Message: User could not be authenticated.
2. Reloading the webpage "/success" without any further action: User is authenticated and can see the content. After repeated reloading the same user is randomly authenticated or not.
Try to increase the iis application pool recycling and ideal time out value.
increase fast cgi ideal time out:
Make sure you set app.secret_key to some secret key. yo could get key by following below code:
import os
os.urandom(24)
Use the following command to quickly generate a value for Flask.secret_key (or SECRET_KEY):
$ python -c 'import os; print(os.urandom(16))'
b'_5#y2L"F4Q8z\n\xec]/'
Refer this link for more detail:
flask-login invalidates session randomly after authentication
https://flask-login.readthedocs.io/en/latest/

azure function cannot read application setting using configurationManager or GetEnvironmentVariable

I've set some application settings in the azure function app but I'm getting null when I try to read them
System.ConfigurationManager.AppSettings[name]
System.Environment.GetEnvironmentVariable(variableKey, System.EnvironmentVariableTarget.Process)
Both of them gave me null. I can get the value fine running on local where my settings are in local.settings.json
(pulling the answers from the comments to aid in future searches)
When dealing with Appsettings, try restarting the app. (although normally the site would restart automatically when you change an appsetting)
You can use Kudu to verify the appsettings are indeed properly set on the site. (https://{app}.scm.azurewebsites.net) and click on Environment tab). They'll also show up as environment variables.

How are Applications Removed from the IIS Application Pool?

We've got a new server, and I am trying to set it up for our website.
I got a new application for the engineers set up in the Application Pools called eng_app, then added our applications to it.
Now, we have been given an external drive that these applications need to be on, but I can't seem to edit or delete the existing applications.
I tried following the Microsoft Technet Article • Remove an Application (IIS 7) but, as you can see in the screenshot, those are incorrect.
C:\Windows\System32\inetsrv>appcmd delete app "eng_app/drawing"
ERROR ( message:Cannot find APP object with identifier "eng_app/drawing". )
C:\Windows\System32\inetsrv>appcmd delete app "/eng_app/drawing"
ERROR ( message:Must specify the APP object with identifier or "APP.NAME" parameter. )
Could someone tell me what I missed here?
Using Powershell
Go to folder
cd C:\Windows\system32\inetsrv
List all applications to get the correct APP.NAME
.\appcmd list app
Delete the application using fullname for <APP.NAME>.Ex.: "Default Web Site/The.Application".I mean, you must put it with web site name including the double-quotes.
.\appcmd delete app <APP.NAME>
OK, it looks like you can't do it either through the command line or using the Application Pool interface.
After stopping the webservice, what I did was:
go down to the list of Sites and select my application from the list,
click Basic Settings...
change the Application pool with the Select... button and edit the Physical path
Afterwards, you can restart the webservice.
There might be a better way, but this is how I did it.
appcmd delete app eng_app/drawing

How do you specify the deployIisAppPath to a site root that is not DefaultWebSite?

I have a ASP.NET MVC web application project that I want to deploy to my IIS webserver. The site tree is set up thusly:
SERVERNAME(myDomain\Username)
Application Pools
Sites
Default Web Site
MyProjectSite
bin
Content
...
Views
I am trying to deploy to the MyProject site. See below settings that I am using versus the errors I am returning. I am apparently not specifying my site path correctly, but for the life of me, I can't figure out what it should be.
The following settings stay the same between iterations:
/p:DeployOnBuild=True /p:DeployTarget=MsDeployPublish /p:CreatePackageOnPublish=False /p:MSDeployPublishMethod=WMSvc /p:AuthType=Basic /p:Username="myUserName" /p:Password="MyPassword" /p:AllowUntrustedCertificate=True
Specify SiteName/ as IISAppPath:
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd?Site=MyProjectSite" /p:DeployIisAppPath="MyProjectSite/"
Error:
Could not complete an operation with the specified provider ("createApp") when connecting using the Web Management Service - I don't want to create a new site. I want to sync the content that is already there.
Specify IISAppPath as Root (supposing that the sitename in the URL is used)
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd?Site=MyProjectSite" /p:DeployIisAppPath="/"
Error:
Could not complete an operation with the specified provider ("iisApp") when connecting using the Web Management Service - Looks like it is trying to access the Default WebSite or something (to which I have purposefully NOT given myself rights).
Specify IISAppPath as empty string(supposing that the sitename in the URL is used)
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd?Site=MyProjectSite" /p:DeployIisAppPath=""
Error:
The "ConcatFullServiceUrlWithSiteName" task was not given a value for the required parameter "SiteAppName" - So it interprets "" as actually a null value thus breaking an attempt to concatenate it.
Specify no site attribute in the URL but SiteName/ as IISAppPath
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd" /p:DeployIisAppPath="MyProjectSite/"
Error:
Could not complete an operation with the specified provider ("createApp") when connecting using the Web Management Service
Specify no site attribute in URL but SiteName as IISAppPath
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd" /p:DeployIisAppPath="MyProjectSite"
Error:
Could not complete an operation with the specified provider ("createApp") when connecting using the Web Management Service
Now given that it is running a concatenate on the SiteAppName, it must be combining it with the Site name, yes? What are you supposed to put there to get the site to sync to the root of a site?
Update
In an attempt to figure out the proper path scheme, I have tried to publish using the Visual Studio 2012 Publish dialog. In this case, I am returned an error saying that The request timed out (testing the connection works almost instantly and previewing the changes works but takes a few seconds). I checked the event log, and the tracelog for wmsvc to no avail. Even with trace set to verbose, nothing shows up in the tracelog. I have tried disabling the firewalls on both computers, and nothing seems to work on that front either.
Figured this one out.
The problem stemmed from two settings in the Web Deploy page of the project properties. I had previously set this project up (in the Debug configuration) to copy only the files necessary to run the application, and NOT build a zip package. I neglected however to do anything to those settings for the release configuration.
The reason (confidence level 75%) it was trying to use createApp was because it was deploying from the Zip package it had created. So my IISAppPath settings in those cases were fine, I was just deploying the wrong thing.
I set the Create deployment package as a zip file setting to false, and the Items to deploy dropdown to Only files needed to run this application and everything went off without a hitch.
Incidentally I found out (as referred above) that you can use the Publish Profiles outputted by the Web Publish dialog in Visual Studio (2012 only unfortunately; 2010 you have to do some massaging that I am unsure of). I named mine with no spaces, and supplied the password as an argument as well as the Untrusted Certificate setting. Now MSBuild Arguments in the build definition for TFS look like this:
/p:DeployOnBuild=True;PublishProfile=NameOfPublishProfile /p:AllowUntrustedCertificate=True /p:Password=PleaseVerifyMe

Setting NTAuthenticationProviders at an Application level in IIS 6

I have the following structure in IIS.
Internet Information Services
(local computer)
Web Sites
Default Web Site
MyApplication
MyApplication is a Application in IIS.
Integrated Windows authentication is NOT set on the Default Web Site.
However I want to set Integrated Windows authentication on MyApplication. (Its an intranet app).
This can be done via the GUI: Right click on the Default Web Site and choose Properties. Select the Directory Security tab, and click Edit on the Anonymous access and authentication control.
I want to include this in a setup script. I have other setup commands, using adsutil.vbs but I'm struggling to set up the Integrated windows authentication.
Running:
cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET /W3SVC/1/NTAuthenticationProviders
Returns
NTAuthenticationProviders : (STRING) "NTLM"
However, i exepcted to be able to run
cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET /W3SVC/1/ROOT/MyApplication/NTAuthenticationProviders
But this returns
Error Trying To GET the property: (Get Method Failed)
NTAuthenticationProviders (This property is probably not allowed at this node)
Is it not possible to set NTAuthenticationProviders Metabase property on an appliction level?
The metabase property that controls the Authenticated Access property values on the IIS Directory Security -> Authentication Methods dialogue is actually called AuthFlags.
The value is a flag and is documented here:
AuthFlags Metabase Property (IIS 6.0) (TechNet)
To set this value to Integrated Windows Authentication (AuthNTLM) use the following command (take care because this command operates on the Default Website, IISNumber:1) -
adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 4
If you want to set, say, both NTLM and Basic authentication then you would boolean OR the values together, e.g. MD_AUTH_BASIC | AuthNTLM. This would product an integer result of 6:
:: Set both NTLM and Basic authentication
adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 6
If you inspect the metabase file (C:\WINDOWS\system32\inetsrv\MetaBase.xml) and search for:
Location="/LM/W3SVC/1/ROOT/MyApplication"
...you will see the attribute that controls this setting (after setting to 6 as above):
AuthFlags="AuthBasic | AuthNTLM"
It may take some time before this value updates in the metabase because changes such as this aren't immediately flushed to the file (although IISRESET will cause it to update immediately).

Resources