I've started hardening the physical folder configurations of our existing ASP.NET Core/ASP.NET 5.0 apps and I was wondering if anyone can point me to some official documentation from MS on this topic.
After some tests, I've noticed that the app pool account has to have read and execute permissions on the folder where the site is hosted. A simple read won't cut it.
After some trial and error, these are the minimum permissions under which a simple ASP.NET 5.0 can run:
Can anyone explain why all these permissions are required? For instance, why is "read extended attributes" required?
Thanks.
If you want to give the application pool permission to read or execute the folder where the application is located, you can follow the steps below.
Right click the site and click Edit Permissions...
Select Security, Edit, Add. Type in application pool's name.
Click OK. Then check the permission for application pool.
Related
We've been finalizing NopCommerce .Net Core web app which has been running great on a test server. I'm now trying to transfer the app to our production server, which did not have .Net Core. I installed the latest .Net Core hosting bundle and rebooted the server. I also have Web Deploy running on both the host and the client. I exported the app from the test machine and imported it into a newly created IIS site. After setting up the bindings - and enabling stdoutlogging, I try to see what's working, and get indication that "An error occurred while starting the application". No indication what the error is. Logs is not being written to. The event viewer tells me that:
Application 'MACHINE/WEBROOT/APPHOST/NOPCOMMERCE' started process '6980' successfully and is listening on port '41573', which is a random port not binded to.
One interesting thing I noticed on the test server is a "user" called nopCommerce which has full rights to the nopCommerce folder in inetpub/wwwroot. However this user does not show when I look at local users and groups. I am not sure therefore what this "user" is and if/how I should create it. Based on some advice from somewhere I temporarily gave everyone full rights to the nopCommerce folder, but that didn't work either.
Can anybody please aim me in the right direction?
Problem was a bad setup - access rights to subfolders of nopCommerce was one, which I solved by giving the users group modify rights. This might be a bad idea and I will do some more research. The other fault was a bad database login in the connectionString.
Ultimately I had to learn that instead of starting the app via IIS, it can be run from the command-line, and then messages and errors will be displayed in the DOS box. What to run is determined from the
I still don't know where the nopCommerce user comes from on the staging server.
Dashboard designer error:
The url is not available,does not reference a sharepoint site, or you
do not have permission to connect
This is happening to the site collections under one web application only in the whole Farm. Other web applications are working fine and I can open site collections through dashboard designer.
Any suggestions????
Unattended acc is all set, Site feature is activated, site collection is added to trusted location. On database side, app pool acc has db owner access to web app db. PPS is db owner there as well.
I think this indicates to a deployment issue on this app. Maybe something went wrong when deploying webparts, the assemblies couldnt be registered or were not copied correctly. It could also be a specific access restriction issue in SharePoint or in the file system that SharePoint relies on.
Without any log information it is hard to say what is really the problem - but - have a look at windows event log for any further indications, the general log files that sharepoint/asp.net write or also consider using monitoring tools that can tell you more details on what is happening here.
I recently wrote a blog on top deployment mistakes in SharePoint. I highlight exactly these deployment mistakes in more details: Link
Andi
I'm implementing a BlackBerry 10 Cascade application. There I have given following permissions in the bar-descriptor.xml.
<permission>run_when_backgrounded</permission>
<permission>access_internet</permission>
Then I clean, build and run the application using QNX Momentics IDE. Next go to the System Settings -> Security and Privacy -> Application Permissions and select "Permissions All" from the drop-down. But I cannot see my application listed there. I am using Dev Alpha device for my testing. I have used even Device-Release for Build Configuration.
What could be the mistake I have done?
I got a response from BlackBerry Forum. The place I've mentioned in the question lists applications that needs user permissions only. Other applications, whose permissions listed in the bar-descriptor.xml don't need user confirmation, aren't listed there. You can see the answer given by peter9477 in BB forum from here.
developed a win. form vb.net db app that uses an access.accdb backend. I am struggling to find the best deployment strategy. In the past, I have distributed the .exe and access.accdb from the /bin/debug folder. This works, but Im not sure if it's the best method.
this db app. will be used by 5-10 ppl, non-simultaneous
my current plan is to put the .exe and access.accdb on a network share drive, users will launch from network share
users do not have admin privs, the computers have strict security settings
I have noticed that when launching the .exe from network share, you get the unknown publisher warning; this message does not appear when launching from local drive. Due to users security restrictions, I know that simply hitting 'continue/run' on the publisher warning is NOT an option. There is no 'continue/run' button.
So, I assume I have to buy a code signing cert and strong name sign the assembly?
I also read here http://msdn.microsoft.com/en-us/library/142dbbz4%28v=vs.80%29.aspx that clickonce deployment does not require admin privs, and can be launched from network share and ran from cache.
In this case, I buy Authenticode cert and sign the clickonce manifest?
Any advice?
edit
I left out a key function of the app that will affect deployment.
Users can select files and upload them. The basePath/filename is stored in the db. uploading and retrieving the file via openFileDialog and datagridview.cellContentClick is all relative to where the .exe is launched from (application.startupPath). I didn't want to hard code full paths into the db, because I'm sure it will be moved, (both app and files) over time to a new location.
ClickOnce deployment is the way to go here.
You do not have to buy anything, you can self sign your assembly with a strong name.
This should be fine for an internal application
I am attempting to write a small, lightweight client, using vb.net winforms, that can install without needing elevated privileges. Before I ask my questions, let me give you a bit of an idea of what it is supposed to do.
The app will start when Windows loads, set like this from the install, with a system/notification tray icon that can be clicked on to load up specific functionality. The application install from a website, or possibly a file share, haven't quite decided yet. This client will initially request user credentials for one of our web programs, and it will talk to an already built web service to determine what functionalities of our services they have licensed access to. After this, credentials will be encrypted and saved to the users pc locally. Every five minutes, the client will pass the credentials to the websites they have access to and check to see the status of jobs that are being processed, and download available reports if needed.
So, here is what I am trying to understand. If I configure this app as a ClickOnce application, once it installs from the url or shared drive, the user will not need to do anything else, correct? Or do they have to visit that url every time they boot up to reinstall/run the client?
Another thing, I wanted to get some opinions on the best ways to do some of the things this app will be doing. I have a good idea of where I am going with it, but I have no idea of which solution to go with yet.
For instance, what is the best way to store user passed credentials on their system for a "remember me"?
Also, is the best way to have the client install with automatically starting on windows startup to configure it to create a shortcut of itself in the windows startup folder?
I am trying to keep this as lightweight as possible, and using a very small GUI, so it shouldn't be too intrusive, so any ideas on how to ensure that, while keeping it from needing admin privs to install, will also help.
If I configure this app as a ClickOnce application, once it installs
from the url or shared drive, the user will not need to do anything
else, correct? Or do they have to visit that url every time they boot
up to reinstall/run the client?
Well if they need to reinstall it, they would have to download the setup.exe file again, but why would users need to do that? CilckOnce supports automatic updates. Visiting url is certainly not needed for running the program.
what is the best way to store user passed credentials on their system
for a "remember me"?
Probably storing them as application settings. Haven't used visual studio 2012, but in visual studio 2010 you have to right-click on project in solutions explorer, go to project propeties and then create variables in Settings tab. Then you can access those variables in code using My.Settings.variableName. Not sure about security though, if you need any.
As for privileges, I think you just need a privilege to install a program. Maybe you should publish a primitive clickOnce application and experiment with it and that will answer all your other questions about clickOnce.