I develop ASP.Net Web Application and host on IIS with http protocol, everything working fine.
When I change from http to https, web page never finish loading and the browser was died (The problem only occurs in some page. If I logged with Normal User role, page would work. If I logged with Manager role, the problem would occur.).
Please help me to find the root cause of the problem.
I test on chrome, and capture the screen as below
Here is my web.config
Related
I am working on an ASP.NET webforms application that is being deployed to one of our internal IIS servers.
When I run the website on my machine using IISExpress it runs fine, can access the admin directory, however whenever I deploy to the server I can no longer access the admin directory and it just redirects me to the login page.
I have no code anywhere that should redirect me to the login page, even going so far as to delete the directory and it still redirecting, which would lead me to believe its a browser caching issue. After clearing the browser cache same thing happens, redirects you to the login page.
Another weird thing is that it only does it based on your website login account, when I log in using my actual account it allows me in, but whenever I use a test account with different roles it then redirects me.
I have checked all the usual culprits, HTTP Redirect, Output caching, temp ASP.NET files, master config and the sites own web.config to no avail. I have tried restarting the website and the application pool to no avail, and I can't restart the actual server/iis instance since there are other websites running that cannot be shutoff.
EDIT - Upon renaming the admin folder to admin2 it is now working without issue, so its definitely something to do with IIS. There be ghosts.
I have a curious problem with a legacy ASP.NET web application using Windows Authentication. A particular page is crashing, and an inspection of the page and the site logs indicates the page is crashing because the request is not properly authenticated - no Windows identity is being requested by IIS or supplied by IE 11.
The page has a curious path; it took a few minutes to decode how it was originally assembled. The initial request is not for a specific page, but is merely a folder-only URL that is routed to Default.aspx. The handler checks the query string and redirects to specific pages accordingly.
The initial request to the site is authenticated, as evidenced by the IIS site logs. The page to which the request is redirected (Response.Redirect) does not authenticate. The absence of the Windows authentication challenge leaves the site with no automatic identity to the targeted page, leading to the page crash (code depending on the identity fails). The sequence goes this way:
Original URL: /sitename/folder/?parameter1=value¶meter2=value
IIS issues the authentication challenge, and the authenticated user is shown in the logs - eg, domain\user
The request is then handled by folder/Default.aspx (default page as defined in IIS)
Default.aspx.cs inspects the query string, and routes the request to (eg) OtherPage.aspx via Response.Redirect.
OtherPage.aspx is requested, and the request is logged - with no authentication, and no challenge
OtherPage.aspx.cs crashes (no user credential)
I am trying to theorize how or why ASP.NET is even permitting the unauthenticated file request. I have tried to reproduce the behavior in a test environment, and have been unable to do so. I have suspected that "Automatic logon in Intranet zone" might have been disabled, or that stored local credentials may be present but somehow causing a conflict, but neither of those scenarios panned out. The former did result in a failed authentication attempt and a proper 401 response from the server (the target page was not fired in a test environment).
Further research into this question has led to a solution if not a 100% dissection of the cause.
The users experiencing the problem were accessing the target site via a link in an email message. The link, for some unknown reason, inhibited the credential exchange between IE and IIS until the site URL was placed in the "Local Intranet" sites list of IE. This allowed the "Automatic logon in Intranet sites only" option to apply which, in turn, allowed the authentication to work.
The reason this is not a "100% dissection" is because these users were accessing the site previously, wherein authentication worked when the site was accessed conventionally. Exactly how the email message link inhibited the authentication exchange is not known. At the moment, I theorize that some security setting inhibits authentication when originating from an email link unless the specific site URL is explicitly qualified as a trusted or Intranet site.
Thanks for your consideration.
I have created a blank, new ASP.NET MVC site.
I have set up an application endpoint at https://account.live.com/developers/ as follows:
API Settings: http://i.imgur.com/bIoV3x9.png
App Settings and Code-Behind: http://i.imgur.com/P3KFyhV.png
I have tried launching my site, connecting to https://localhost:44300/, clicking "Log in", then "Microsoft" and I get a page that says the following:
Microsoft account
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later.
But the URL it redirects me to is:
https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The%20provided%20value%20for%20the%20input%20parameter%20'redirect_uri'%20is%20not%20valid.%20The%20expected%20value%20is%20'https://login.live.com/oauth20_desktop.srf'%20or%20a%20URL%20which%20matches%20the%20redirect%20URI%20registered%20for%20this%20client%20application
I am to believe that the redirect_uri is not valid. The expected value is some URI to oauth20_desktop.srf. I don't know what in the world is going on/what the problem is. Can anyone shed some light as to what I must do to test Microsoft Account logins to my localhost-running MVC site?
Your findings are correct, Microsoft doesn't allow for localhost as redirect_uri and it is explain in the ASP.NET Documentations...
When registering your site with Facebook, you can provide "localhost" for the site domain and "http ://localhost/" for the URL, as shown in the image below. Using localhost works with most providers, but currently does not work with the Microsoft provider. For the Microsoft provider, you must include a valid web site URL.
If you want to get it working you will need to set up an IIS site with custom host headers, this will require you to modify the hosts files in your machine...assuming you are developing on a Windows machine of course
Setting up your environment
Open the IIS Management Console and create a new site
Enter the site name, app pool, physical path and most importantly the host headers....see screenshot below
Click OK, to create the site and then make sure both the site and the app pool are running
Enter the following system path in the "Run command" utility %SystemRoot%\system32\drivers\etc to open the path where the hosts file is located...usually C:\Windows\system32\drivers\etc
Open the hosts file as Administrator and add an entry that matches your set up host headers...
127.0.0.1 www.testsite.com
Once saved you can open a browser window to test the set up by type in http://www.testsite.com
If it works, then you can use that url for testing purposes with Microsoft OAuth API or any other provider such as Google, Facebook, LinkedIn, etc
I want to prevent my asp.net page from browser caching.
I apply tricks available on internet,So browser stop caching my page and every time request to server for page.
But problem is when i access my site through mobile like blackberry it cache my page and on back button press page access from its cache without ping to server.
I searched a lot but found nothing special.
One solution i found which said that mobile browser only stop caching when https request is made
Is that true or not?
Please help.
Here is a suggested method which works with mobile and desktop browser: Prevent browser caching of web pages in asp.net which works in all browsers (IE/Firefox..)
When you created a wcf service, hosted it in IIS and then opened service page in browser you will see a default wcf help page. This page says 'You've created a service'.
What do u do with page? Do u hide it? Or replace it with your own?
Thanks
I'm not even sure you CAN hide them; you have to be able to access the URL in order to invoke the service properly, and the .svc markups don't allow ASP content to be displayed instead of the basic metadata pages. I think the only way you could do it is with a service in front of IIS, evaluating requests and redirecting "naked" service requests to a catcher page.
Being able to browse to the page is a useful diagnostic and DIY tool. If you can see the page from the browser of the computer with the client software, then you should be able to connect to that service using the client software. So, unless you can think of a security or aesthetic reason why the page cannot be exposed in your production site, I'd just leave it be.