We have Kentico CMS with MVC site.
I recently upgraded Kentico 12 to 13 and started getting a "resource not found" error on doing Page Preview in the admin app. I had not uninstalled the Kentico 12 NuGet packages from MVC app before updating them to 13. After uninstalling them and reinstalling 13, the error has changed to below error. Applying 13.0.52 hotfix did not make any change.
Try reloading the administration interface. The user was not found in
the JWT token, nor in the current virtual context URL.
Here is the stacktrace:
Server Error in '/' Application. Try reloading the administration
interface. The user was not found in the JWT token, nor in the current
virtual context URL. Description: An unhandled exception occurred
during the execution of the current web request. Please review the
stack trace for more information about the error and where it
originated in the code.
Exception Details: CMS.Helpers.InvalidVirtualContextException: Try
reloading the administration interface. The user was not found in the
JWT token, nor in the current virtual context URL.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidVirtualContextException: Try reloading the administration
interface. The user was not found in the JWT token, nor in the current
virtual context URL.]
Kentico.Content.Web.Mvc.VirtualContextPrincipalRetriever.GetPrincipal(String
jwtToken) +417
Kentico.Content.Web.Mvc.VirtualContextPrincipalAssigner.SetVirtualContextPrincipal(IVirtualContextPrincipalRetriever
virtualContextPrincipalRetriever) +229
CMS.Base.AbstractHandler.CallEventHandler(EventHandler1 h, TArgs e) +115 CMS.Base.AbstractHandler.Raise(String partName, List1 list, TArgs e, Boolean important) +1028
CMS.Base.SimpleHandler2.RaiseExecute(TArgs e) +145 CMS.Base.SimpleHandler2.StartEvent(TArgs e) +236
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+223 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +220 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously) +94
Edit
My MVC site has a security related entry in web.config which is causing this.
<add name="X-Frame-Options" value="deny" />
It was added due to Page Preview's <iframe> behavior. We have always used "Preview in new tab". Not sure if it's safe to remove this.
Please see the documentation. It describes what happens when you set this header on your own: "If you manually apply the X-Frame-Options header in your MVC site's web.config file, the preview mode and all related features (such as the page builder and form builder) in the Xperience administration display a blank page instead of the previewed content."
And it also explains what needs to be done: "If you set CSP headers on your own, make sure to always whitelist the Xperience administration parent site using the frame-ancestors policy. Otherwise the preview mode and all related features will not display content."
Does your live MVC site run properly independent of the admin site? Make sure that your MVC site runs correctly and you can login to it.
Also, examine the URL that is sent to the MVC site from the Admin site if tokens are sent.
Related
I have everything set up and tried this example:
https://learn.microsoft.com/en-us/samples/azure-samples/active-directory-b2c-dotnetcore-webapp/an-aspnet-core-web-app-with-azure-ad-b2c/
When i run it with the default fabrikam setup, it allows me to sign in and everything is fine. When i change the details to match my setup (which is working on my mobile app) it stops working. As soon as I click on Sign in on the example page, i get an error404
n unhandled exception occurred while processing the request.
HttpRequestException: Response status code does not indicate success: 404 (Not Found).
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel) in HttpDocumentRetriever.cs, line 96
InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'.
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel) in ConfigurationManager.cs, line 202
I am not really sure whats happening. Is this something wrong in my B2C setup?
Is this because my API that its targetting (the REST api app which is protected by B2C) is using framework 3.1 and this app is on 2.2? does that matter?
If it is because of that, does anyone have a working example of how to do this on net 3.1? I started off with that, but I was never able to get anything working - i just hit endless errors, and couldnt find a working example on 3.1 so I just used this one from MS docs and stuck with 2.2
All i want here is to be able to get an access token from B2C that i can pass to the headers of an HttpClient so i can make requests to my REST api. SO if there is a different way to go about this im open to that too.
note I didnt post code, as the link above is the exact code im using, other than my tenant info being subbed out.
Thanks!
I solved my issue... somehow I missed updating the file AzureADB2COptions
public AzureAdB2COptions()
{
AzureAdB2CInstance = "https://<tenant>.b2clogin.com/tfp";
}
I didn't update this to my tenant
Explanation
In production and locally, the 404 page for my site works fine for the most part. A URL such as http://localhost:43424/gibberish_r3hjjnwef will return the well designed 404 HTML page that is in the website folder, and pointed to by IIS.
However when I change the this URL to http://localhost:43424/gibberish_r3hjjnwef... it gives the following "hard" error, whilst still claiming to be a 404.
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /gibberish_r3hjjnwef...
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2110.0
I'd rather it still gave the 404 HTML page.
I thought maybe it was an outright invalid URL, but both http://www.bbc.co.uk/news/fdisdhfdu and http://www.bbc.co.uk/news/fdisdhfdu... give the BBC's nice 404 page.
Question
Is there anything I can do to improve this?
Relevant Information (happy to provide more if necessary)
Microsoft .NET Framework Version: 4.0.30319
ASP.NET Version: 4.7.2110.0
Language/Framework:C#/Classic .ASP
I'm not sure whether this is what you are referring to, but maybe try this out:
Go to IIS Manager -> Site -> IIS Error pages. On the right hand panel, there's a setting "Edit Feature Settings...".
The options there mean:
Custom error pages: Use the 'IIS error pages' as fallback for all failed requests (e.g. your 404 page set up the list behind)
Detailed error pages: In case of an Asp.Net error, shows the 'Asp.Net error page' ("Server Error in '/' Application." etc.)
Detailed errors for local requests etc.: Show the 'IIS error page' for remote requests, for local requests show the 'Asp.net error page' ("Server error in '/' etc.)
This is in place to effectively hide the detailed Asp.net error page (with the stack trace etc.) from external callers as you may not want to give them the details of your application. This is the default setting, where you should only see the 'Asp.net error page' when you call the invalid URL on 'localhost', but the 'IIS error page' (404) when you call the page from a different computer.
So, what you may want to try is to select the "Custom error pages" option ('IIS error pages' for all failed requests).
I've got a bill payment web application that I've got communicating with Authorize.net (AIM) and the application its self uses session variables to gather and store data for submission and then applies those same variables to store data entries in SQL.
Initially the application worked fine when I compiled and tested in Visual Studio but when I threw it on the production IIS server (7.0), I get exceptions every time..."Object reference not set to an instance of an object". Now I realize that the error I'm getting on IIS is session variable related but get this..when I don't force https or type it in the address bar, it works just fine.
Obviously I'll need SSL processing transactions but forcing https seems to be messing with my session variables. I'm using the URL rewrite function but to force https but I removed it and then manually went to https in the address bar but still the same problem.
Any ideas or way to fix the issue?
Testing both live an on a local IIS (Self-Signed Security Cert) I get the following...
[NullReferenceException: Object reference not set to an instance of an object.]
deco.mgobilling.com.controls.Confirmation.Page_Load(Object sender, EventArgs e) +47
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive() +54
System.Web.UI.Control.LoadRecursive() +145
System.Web.UI.Control.LoadRecursive() +145
System.Web.UI.Control.LoadRecursive() +145
System.Web.UI.Control.LoadRecursive() +145
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772
The page_load even calls session variables that were assigned on a previous page but seem to be null or lost when the site is under https. This is not the case however when the site is set to the normal http protocol.
IIS > Session State > Cookie Settings > Use URI
The issue is defiantly related to Session variables so I tried using Cookieless session IDs and was able to solve the issue this way. I applied the above setting without changing my Web.Config file but Web.Config settings are an option of course.
More on Session State here...
ASP.NET Session State Overview
UPDATE
So after changing my IIS config to use cookieless (URI), i was able to fill out a form and go to another page to confirm what I had filled in. A new problem arose when I came back to the same form and input different data. When I input different data and press submit to confirm my entry, the data is just erased.
Back to the drawing board, I changed the "Cookie Settings" in IIS to "Use Device Profile" and tested again. So far it has work and with different sets of data and on different browsers. Hopefully this will finally take are of the issue.
FINAL UPDATE
Still yet we face the issue. It seems intermittent and happens in one web browser but not the next. After some painstaking troubleshooting, I figure that my sessions are being lost because I am communicating with another website as part of the process. The Sessions are kept between my web forms but as soon as the second web form initiates communication with another website, "plop", their gone.
This is a payment process and it communicates with Authorize.Net. This may be a security thing on certain browsers and I can understand. Query Strings aren't an option and I didn't have time to set IIS to save session stated else ware but I've just got a feeling that it has something to do with browser behavior.
My final solution was to use the Control.FindControl method and grab input values from a previous page (or web user control in my case.). When I grab input values and assign them to local variables within the second page, all is well and I can then use those variables to fulfill my Authorize.Net POST, SQL storage, Email and so on.
I hope this can help someone if the future. I spend hours on Google trying to figure this one out.
I am using Sitefinity 5.1 and RadGrid in this example.
I have been troubleshooting one of our pages on development server this morning and I have confirmed that it behaves differently on the page with the styling (template) than on the barebones page (no styling, no scripts etc):
The page does not work in Chrome but does work in IE and Firefox
The page on a bare-bones page (no template, header, or anything else) works in IE, Firefox and Chrome
Code used:
Response.Redirect(String.Format("~/services/separation-by-code/managesbyc?id={0}", DateTime.Now.Ticks.ToString()));
I am using ticks to refresh the page before I get there.
Here are some results:
Firefox:
seabass.ptagis.org/services/separation-by-code/managesbyc?id=634854696522350585 -> works
Chrome on the bare-bones Sitefinity page:
seabass.ptagis.org/services/separation-by-code/managesbyc?id=634854701574768045 -> works
Chrome on the styled page (CSS, Scritps, etc):
seabass.ptagis.org/services/%2fservices%2fseparation-by-code%2fmanagesbyc%3fid%3d634854699444302751 -> nope
I get the server error attached below.
I did go through all the steps of setting web.config httprequests = 2.0 and page validations = false. That did not help.
Any help is appreciated.
Server Error in '/' Application. A potentially dangerous
Request.Path value was detected from the client (?). Description: An
unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the
error and where it originated in the code. Exception Details:
System.Web.HttpException: A potentially dangerous Request.Path value
was detected from the client (?). Source Error: An unhandled
exception was generated during the execution of the current web
request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (?).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +11494475
System.Web.PipelineStepManager.ValidateHelper(HttpContext context)
+184 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
If you're using .NET 4.0, you should be able to allow the url containing a question-mark (?) via the web.config
<system.web>
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\" />
</system.web>
Note, I've just removed the question-mark (?), the original default string is:
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
I have an ASP.NET application all things are working fine but after some minutes when I click on a button it gives me this error :
Validation of viewstate MAC failed. If this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies
the same validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster. Description: An
unhandled exception occurred during
the execution of the current web
request. Please review the stack trace
for more information about the error
and where it originated in the code.
Exception Details:
System.Web.HttpException: Validation
of viewstate MAC failed. If this
application is hosted by a Web Farm or
cluster, ensure that
configuration specifies the same
validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.
How I can resolve this ?
This blog post covers this in quite a bit of detail:
http://www.eukhost.com/forums/f15/fix-validation-viewstate-mac-failed-6085/
In the past i've used this method:
<system.web>
<pages enableViewStateMac="false" />
</system.web>
setting enableviewstatemac to false means if the encoded view state changes your view state won't be replaced with the older one, this can be a security issues. instead of this, after seeing your error put a persistence machine key in web.config if you are in web farm scenario because dynamically generated machine key tends to view_state error.