I have an asp.net mvc project. I installed imageresizing nuget packages. It's working in local.
When I published to my hosting then it's not working.
I set IIS situation integrated and classic but still didn't work.
I couldn't solve, can you help please? Thanks.
The following definitions are exist in web.config
<resizer>
<plugins>
<add name="MvcRoutingShim" />
<add name="DiskCache" />
<add name="SimpleFilters" />
<add name="PrettyGifs" />
</plugins>
</resizer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ImageResizingModule" type="ImageResizer.InterceptModule" />
</modules>
The self-diagnostics page at /resizer.debug explains the configuration issues present on your hosting environment
Image resizer diagnostic sheet 24.11.2014 22:15:04
2 Issues detected:
(Critical): Grant the website SecurityPermission to call UrlAuthorizationModule.CheckUrlAccessForPrincipal
Without this permission, it may be possible for users to bypass UrlAuthorization rules you have defined for your website, and access images that would otherwise be protected. If you do not use UrlAuthorization rules, this should not be a concern. You may also re-implement your security rules by handling the Config.Current.Pipeline.AuthorizeImage event.
DiskCache(ConfigurationError): Not working: Your NTFS Security permissions are preventing the application from writing to the disk cache
Please give user read and write access to directory "D:\inetpub\adafirin.com\www\imagecache" to correct the problem. You can access NTFS security settings by right-clicking the aformentioned folder and choosing Properties, then Security.
Related
I'm configuring the Active Directory Module 1.2 for CMS 7.2-8.0 and despite the fact that everything works great, I prefer to use integrated security (following the customer's policy). However, the manual does not say anything about using integrated security for the role provider. The LightLDAP.SitecoreADRoleProvider has username and password properties and doesn't use a connectionstring for this:
<roleManager defaultProvider="switcher" enabled="true" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add name="ad" xdt:Transform="Insert" xdt:Locator="Match(name)"
type="LightLDAP.SitecoreADRoleProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
attributeMapUsername="sAMAccountName" cacheSize="2MB" />
</providers>
</roleManager>
<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add xdt:Transform="Insert" xdt:Locator="Match(name)" name="ad" type="LightLDAP.SitecoreADProfileProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
sitecoreMapDomainName="ad" />
</providers>
</profile>
looking this question up in Google is quite hard, because of course, Integrated Security is part of the functionality the AD module delivers, so each hit is about integrated security as well, but I'm looking for the provider to configure with integrated security (my app pool user is a service account that has been logged in via the app pool and that user has the correct rights on AD and databases).
Just finished setting up AD integration without username and password.
From my experience, if the server is joined to the domain or a domain that has trust with the users domain it should not require a username and password. I just omitted the connectionUsername and connectionPassword attributes from the config.
However, we do not allow changing username and passwords (that writes back to AD) in our setup, so your mileage may vary based on your setup.
I'm trying to add Azure Authentication to an existing website with Visual Studio 2013. It looks like this used to be a bit easier in 2012 but seems the recommended path for 2013 is to set this up when creating the project.
I created a new project with AAD (which works) to compare to the changes being made to the project I need to add authentication to. I copied the authentication classes and config settings but it still seems like there is something wrong in web.config:
For AppSettings I have:
<add key="ida:FederationMetadataLocation" value="https://login.windows.net/_____/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://AADPath/Application" />
<add key="ida:AudienceUri" value="https://AADPath/Application" />
For System.identityModel I have:
<system.identityModel>
<identityConfiguration>
<issuerNameRegistry type="RegistryClassPath, ProjectName" />
<audienceUris>
<add value="https://AADPath/Application"/>
</audienceUris>
<securityTokenHandlers>
For system.identityModel.services I have:
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://login.windows.net/AADPath/wsfed"
realm="https://AADPath/Application"
requireHttps="true" />
When I run the site, I'm redirected to the login page as I expect but after logging in I'm presented with the WIF10201: No valid key mapping found for securityToken error.
It was not the configuration but rather I didn't copy the data from the embedded database to the existing project. All seems to be working now.
I am launching my first website. I have published it and I am getting this error.
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
What trustlevel should I use now the site is online?
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
</system.web>
are there any other web.config settings I must be aware of now I am putting the site online? Like changing the connectionstring?
Fixed it by using
<trust level="Full" />
inside <system.web>
Depending on your host provider, you may need to take out the compilers as well.
In my experience with GoDaddy I had to comment out my compilers and put trust level="Full".
Set your custom errors to On or RemoteOnly so end users do not see any error messages a.k.a "the yellow screen of death".
<system.web>
<trust level="Full" />
<customErrors mode="On" />
..... other settings in system.web ...
</system.web>
<system.codedom>
<compilers>
<!-- <compiler language="..." /> -->
<!-- <compiler language="..." /> -->
</compilers>
</system.codedom>
I have a problem and I think a proper answer will help a lot of people which is having same problem.Because it is a common and not well answered problem.
The problem is about "Medium trust level" configuration in IIS.A few months ago I coded my website with "Full trust level" configuration on my local machine and when I uploaded it to host that was working fine.
But my hosting company have a new rule about trust level,now they only allows "Medium trust level".
My web page doesn't work now.I tried to adapt my website but I have no idea how to do that.And that's sure a lot of people don't know either..
So I will tell what I have done so far, can you help me?
First I tried to changed my local configuration by going here,
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
and opened my webconfig file,and changed
<trust level="Full" originUrl="" />
to
<trust level="Medium" originUrl="" />
After that just for testing I created a new website with ASP Default template.It was working.Then I add Mysql.dll as references to connect to Mysql database.But it throwed Security Exception with that stack:
[SecurityException: Request for the permission of type
'System.Security.Permissions.SecurityPermission, mscorlib,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.] MySql.Data.MySqlClient.MySqlTrace..cctor() +0
So what now? Can't we connect to mysql database anymore? Or is there a solution?I never changed my webconfig file in website project folder do I need to change something here?
Please help me guys?
Hi everyone I finnally find solution to my problem, so I will try to help that people having same problem.Partial trust and Medium Trust level are same thing note that out.
My first step at the question is absolutely necessary.Don't forget to change your trust level to "Medium". After that you need to get right .Net Connector version from
The Oficial Website
Be careful to choose version that your hosting provider using. For example my Hosting company is using Mysql Connector Net 6.5.4
Secondly you need to configure your projects webconfig file that will use your .dll files and get the necessary permisson under Medium Trust Level.
You need to add under your <configuration> something like this;
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.6.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"/>
</SecurityClasses>
</PolicyLevel>
</policy>
</security>
</mscorlib>
And if your system doesn't add it automatically under your <system.web> you need to add;
<assemblies>
<add assembly="MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
<add assembly="MySql.Data.Entity, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
<add assembly="MySql.Web, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
</assemblies>
Sometimes this steps may not be enough and you need to edit your web_mediumtrust.config under the
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
You need to add this lines under the
<SecurityClasses>
<securityclass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
and
<NamedPermissionSets>
<iPermission class = "MysqlClientPermission" version = "1">
<add connectionString = "Server =; Database =;" restrictions = "User =; User Id =; Password =; Port =; Pooling =;" KeyRestrictionBehavior = "(Prevent Usage | Allow Only)" />
</iPermission>
Be careful about version you are using dont forget to change lines according to that. If still you can't figure that out there is a pretty useful link for you
Trust Level Under the Partial Trust
Here is how I solved a similar issue with trying to get MySql to work in a medium trust environment.
We tried everything to the ‘book’ and simply could not get it to work!
Turns out the MySql connecter version is the key. Ask you web hosting company what version of the MySqlClient they have installed on their server in GAC.
(GAC simply means the library is installed on the server so that it can be referenced directly and without you having to upload the MySql.Data.dll to your bin folder. The latest installable version is available here: http://dev.mysql.com/downloads/connector/net/).
Once the driver is installed on the server in GAC you just need to reference it in your web.config like this, but replace Version=6.6.5.0 with your web hosting companies version:
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="MySql.Data, Version=6.6.5.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
</assemblies>
</compilation>
I have written a site that uses ASP.NET MVC Web API and everything is working nicely until I put it on the staging server. The site works fine on my local machine and on the dev web server. Both dev and staging servers are Windows Server 2008 R2.
The problem is this: basically the site works, but there are some API calls that use the HTTP PUT method. These fail on staging returning a 404, but work fine elsewhere.
The first problem that I came across and fixed was in Request Filtering. But still getting the 404.
I have turned on tracing in IIS and get the following problem.
168. -MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName IIS Web Core
Notification 16
HttpStatus 404
HttpReason Not Found
HttpSubStatus 0
ErrorCode 2147942402
ConfigExceptionInfo
Notification MAP_REQUEST_HANDLER
ErrorCode The system cannot find the file specified. (0x80070002)
The configs are the same on dev and staging, matter of fact the whole site is a direct copy.
Why would the GETs and POSTs work, but not the PUTs?
For those of you who do not have WebDAV enabled but are still running into this issue using MVC 4's Web API's...
Steve Michelotti documented a solution that worked for me here.
At the end of the day, I enabled all verbs (verb="*") to the ExtensionlessUrlHandler-Integrated-4.0 handler in my web config.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Those IIS servers have web-dav module installed on them and i bet it is not needed and it was installed because the person installing ticked all boxes.
Just remove web-dav from iis.
Alternatively use web.config to remove web dav module:
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
...
It seems there are a number of reasons that this occurs. None of the above quite worked for me. I already had the ExtensionlessUrlHandler settings in web.config with all the required HTTP verbs. In the end I had to make the following changes in IIS:
In IIS select your website and double-click Handler Mappings
Find ExtensionlessUrlHandler-ISAPI-4.0_32bit and double-click
In the dialog that appears, click Request Restrictions
On the Verbs tab add the missing HTTP verbs separated by commas (in my case it was PUT and DELETE
Click Ok where required and answer Yes in the Edit Script Map dialog that pops up.
Repeat for ExtensionlessUrlHandler-ISAPI-4.0_64bit
Hope this helps somebody :)
My hosting provider could NOT uninstall WebDAV as this would affect everyone.
This, runAllManagedModulesForAllRequests="true" , worked but was not recommended.
Many fixes included removing the module for WebDAVModule but that still didn't work. I removed the handler also, and finally I could use all verbs POST GET PUT DELETE.
Remove WebDAVModule and WebDAV in modules and handlers.
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
I fixed this removing the UrlScan ISAPI filter
In my case, none of these solutions applied.
I fixed it by changing my app pool to Integrated instead of Classic.
The handler:
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
is not going to work with a Classic app pool, since its preCondition is integratedMode.
Rick Strahl from West-Wind recommended the following:
< handlers>
< remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
< add name="ExtensionlessUrlHandler-Integrated-4.0"
path="*."
verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0"
/>
< /handlers>
Which Worked very well for me.
Hi For me none of the solutions worked. I finally got it working doing this :
1) In IIS select you application.
2) Go to Request Filtering
3) Then select the HTTP Verbs tab
4) I found the PUT and other verbs to have allowed to false but wasn't able to just edit so I removed the verb then either in the pane on the right select allow verb or right click on the list and select it. Enter the verb you're having troubles with and voilà !
Hope this will help someone !
I resolved this by changing my application pool for the website to Integrated mode when it was previously on Classic mode.