We have sites running in two separate domains, one is a secured API the other is a frontend website. We want to be able to do an ajax request from the website to the API using the currently logged in users credentials.
To do this I did all the necessary CORS bits to be able to pass our cookie to the API, however when the API tries to process the cookie it cant decrypt it. My understanding is that this is because the realm doesn't match correctly.
The error I get when I try and do this is as follows:
InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false.
If I manually make the same request with a cookie with the :1444 realm everything works correctly (so I think the loadUserProfile stuff is a red herring).
I think the issue is that I cant reuse this cookie for another realm. but if this is the case how can I perform this delegation in javascript? Is it actually even possible without actually redirecting the user to STS to get a cookie for the other realm? Is there a better way to approach this javascript delegation?
Useful Supporting data:
The configuration of WIF for our API end:
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
...
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sessionTokenRequirement lifetime="1:00" />
</add>
</securityTokenHandlers>
<audienceUris>
<add value="http://localhost:1444/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost:1339/account/sign-in" realm="http://localhost:1444/" requireHttps="false" persistentCookiesOnPassiveRedirects="false" />
<cookieHandler requireSsl="false" path="/" name="TheCookieMonster" persistentSessionLifetime="60" />
</federatedAuthentication>
<applicationService>
<claimTypeRequired>
<!--This claim gets mapped to the User.Identity.Name-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="false" />
<!--Some Other Custom claims-->
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="a_thumbprint_key_for_our_cert" name="http://localhost:1339/" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
The config of WIF at the website end:
(Same but with :1337)
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
...
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sessionTokenRequirement lifetime="1:00" />
</add>
</securityTokenHandlers>
<audienceUris>
<add value="http://localhost:1337/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost:1339/account/sign-in" realm="http://localhost:1337/" requireHttps="false" persistentCookiesOnPassiveRedirects="false" />
<cookieHandler requireSsl="false" path="/" name="TheCookieMonster" persistentSessionLifetime="60" />
</federatedAuthentication>
<applicationService>
<claimTypeRequired>
<!--This claim gets mapped to the User.Identity.Name-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="false" />
<!--Some Custom claims-->
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="a_thumbprint_key_for_our_cert" name="http://localhost:1339/" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
What the net tab looks like:
I think this is cancelled as JS has detected some kind of security nonsense going on.
Machine key is shared across both sites
Both are running WIF 3.5
We did manage to sort this out by upgrading to WIF 4.5 which worked perfectly with no special modifications. I'm not too sure what the root cause in 3.5 was but this has closed the issue off for me. If someone wants it I can post a sample with this working to GitHub
Related
There is an existing WebService that connects to the proxy server and I need to add a Kerberos authentication policy into it.
I know there existing topics about Kerberos authentication but can anyone share some code snippets on how to add Kerberos authentication on a WebService?
Almost all Kerberos topics just discuss how the Kerberos authentication works. Thanks in advance.
Start with enabling WSE 3, and enably the policy. Do this in the web.config file
<configSections>
<section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<webServices>
<soapExtensionImporterTypes>
<add type="Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</soapExtensionImporterTypes>
<soapServerProtocolFactory
type="Microsoft.Web.Services3.WseProtocolFactory,Microsoft.Web.Services3,
Version=3.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</webServices>
</system.web>
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<tokenIssuer>
<statefulSecurityContextToken enabled="false" />
</tokenIssuer>
</microsoft.web.services3>
Add the Policy file and configure the Policy: add a config file to your project, ‘FileName.config’, then add the following tags to it:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<policy name="KerberosService">
<authorization>
<allow user="Mawhiba\Akram" />
<deny role="*" />
</authorization>
<kerberosSecurity establishSecurityContext="true"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
requireDerivedKeys="true" ttlInSeconds="300">
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
Apply the policy on the web service: by adding the following code before the service class:
[Policy("KerberosService")]
Credit for this goes to Akrumooz.
https://www.codeproject.com/Articles/27554/Authentication-in-web-services-using-C-and-Kerbero
Check the link for more info.
attempting to get the sampleapp (a claims aware web forms application) available from mircosoft https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachements/01/8598/00/00/03/64/54/88/SampApp%20and%20Rules.zip to run on our web server.
our adfs server is www.fedsvc3copa.beta.pa.gov
the sample app is hosted at application is https://costa.beta.pa.gov/
our federation metadata is https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml
unfortunately believe I have something/s incorrect in my web config and struggling to find it. when I browse to https://costa.beta.pa.gov/ I receive
WIF10201: No valid key mapping found for securityToken:
'System.IdentityModel.Tokens.X509SecurityToken' and issuer:
'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'. Description:
An unhandled exception occurred during the execution of the current
web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details:
System.IdentityModel.Tokens.SecurityTokenValidationException:
WIF10201: No valid key mapping found for securityToken:
'System.IdentityModel.Tokens.X509SecurityToken' and issuer:
'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityTokenValidationException: WIF10201: No valid key mapping
found for securityToken:
'System.IdentityModel.Tokens.X509SecurityToken' and issuer:
'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'.]
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken
token) +1461
System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken
token, Boolean ensureBearerToken, String endpointUri) +135
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase
request) +666
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object
sender, EventArgs args) +467
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +195 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously) +88
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.7.3163.0
I have included my web config below if anyone notices anything that is incorrect.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
<machineKey decryptionKey="5D497CFB20EB5927CB3FC44F65DBD3C6D6C366ACFCF20DC5" validationKey="80546F84BEDD8B38A995CCDD44E01C1794861685E605ECBFB5A231EAA7EAD9A99977312362EBDD2B9727F9357AF9A161F97AD49DD6E34E7CFC22D572BD4B90FD" />
</system.web>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Issuer" value="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" />
<add key="ida:ProviderSelection" value="productionSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://costa.beta.pa.gov/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="?I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust">
<keys>
<add thumbprint="I put my thumbrint here " />
</keys>
<validIssuers>
<add name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" realm="https://costa.beta.pa.gov/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
From memory, it's because that certificate that matches that thumbprint isn't in the certificate store - local computer.
I have set-up IMS with WIF 4.5 on an MVC website. Every couple months the administrators are changing the IMS token signing certificate. They mentioned that I should be able to enable automatic certificate rotation in order to not have to update my thumbprint every time the cert is changed, but I cannot seem to figure out how that is done. Below is a sample of code from my current configuration in the web.config.
<system.identityModel xdt:Transform="Replace">
<identityConfiguration>
<audienceUris>
<add value="http://tools.mycompany.com/myapp/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://ims.mycompany.com/">
<keys>
<!-- Expires on 10/23/2017 -->
<add thumbprint="************" />
<!-- Begins working on 10/16/2017 -->
<add thumbprint="************" />
</keys>
<validIssuers>
<add name="https://ims.mycompany.com/" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</securityTokenHandlers>
</identityConfiguration>
There's a full description of this here.
e.g. if you use the older VS versions, you could use:
protected void Application_Start() { AreaRegistration.RegisterAllAreas(); ... RefreshValidationSettings(); }
I copied a 3 layer ASP.NET project from a system running Visual Studio 2010 to my system which is also running Visual Studio 2010. When I right click and select view in browser on a file inside a folder located under the UI layer, I get the error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Attached is a screen shot of the error page
Below is the Web.config file inside the folder under UI layer
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="user,admin"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
</system.web>
<location path="fixdashboard.aspx">
<system.web>
<authorization>
<allow roles="user,client,admin"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="ws/__ws_eq.asmx">
<system.web>
<authorization>
<allow roles="user,client,admin"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Below is the root Web.config settings
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="dbcloudintegraConnectionStringb" connectionString="Data Source=PROGRAMOS-PC\INST1;Initial Catalog=dbcloudintegra;Persist Security Info=True;User ID=sa;Password=p#ssw0rd" providerName="System.Data.SqlClient" />
<add name="dbcloudintegraConnectionString" connectionString="Data Source=PROGRAMOS-PC\INST1;Initial Catalog=prom_temprary;Persist Security Info=True;User ID=sa;Password=p#ssw0rd" providerName="System.Data.SqlClient" />
</connectionStrings>
<location path="default.aspx">
<system.web>
<authorization>
<allow roles="user,admin"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="__upload.aspx">
<system.web>
<authorization>
<allow roles="user,admin"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
<appSettings>
<add key="_cs" value="dbcloudintegraConnectionString"/>
<add key="fileuploads" value="D:\Users\Chibuzo\Documents\prog_fileuploads\"/>
<add key="errorlogs" value="D:\Users\Chibuzo\Documents\prog_errorlogs\"/>
<add key="enableLogOn" value="true"/>
<add key="enableRecaptcha" value="false"/>
<add key="domainAdminDays" value="5000"/>
<add key="domainPath" value="http://www.prominentetrade.com/"/>
<add key="recaptchaPublicKey" value="6LcZkvESAAAAAOWvWUtykUEoIGnU_qLiJlAvUN9e"/>
<add key="recaptchaPrivateKey" value="6LcZkvESAAAAAIBTKFXnqZHe_bqFLkwjtZfcgqoV"/>
</appSettings>
<system.web>
<sessionState cookieName="__CIP.SSID" timeout="20"/>
<customErrors mode="Off" defaultRedirect="~/500.aspx">
<error statusCode="404" redirect="~/404.aspx"/>
</customErrors>
<pages>
<controls>
<add tagPrefix="cloudintegra" src="~/controls/datepicker.ascx" tagName="datepicker"/>
<add tagPrefix="cloudintegra" src="~/controls/customersearch.ascx" tagName="customersearch"/>
<add tagPrefix="cloudintegra" src="~/controls/generalledgersearch.ascx" tagName="generalledgersearch"/>
<add tagPrefix="cloudintegra" src="~/controls/staffsearch.ascx" tagName="staffsearch"/>
<add tagPrefix="cloudintegra" src="~/controls/securitysearch.ascx" tagName="securitysearch"/>
<add tagPrefix="cloudintegra" src="~/controls/alert.ascx" tagName="alert"/>
<add tagPrefix="cloudintegra" src="~/controls/sidebar.ascx" tagName="sidebar"/>
<add tagPrefix="cloudintegra" src="~/controls/tools.ascx" tagName="tools"/>
<add tagPrefix="cloudintegra" src="~/controls/equitytrader.ascx" tagName="equitytrader"/>
<add tagPrefix="cloudintegra" src="~/controls/marketdata.ascx" tagName="marketdata"/>
</controls>
</pages>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304"/>
<add assembly="CrystalDecisions.Shared, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304"/>
<add assembly="CrystalDecisions.ReportSource, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304"/>
<add assembly="CrystalDecisions.ReportAppServer.Controllers, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304"/>
<add assembly="CrystalDecisions.ReportAppServer.DataDefModel, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304"/>
<add assembly="CrystalDecisions.CrystalReports.Engine, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304"/>
<add assembly="CrystalDecisions.ReportAppServer.ClientDoc, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
<codeSubDirectories>
<add directoryName="VB"/>
</codeSubDirectories>
</compilation>
<authentication mode="Forms">
<forms name="__AUTH.PCI" loginUrl="~/login.aspx" slidingExpiration="true" timeout="20"/>
</authentication>
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="dbcloudintegraConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="cloudintegra" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="dbcloudintegraConnectionString" applicationName="cloudintegra"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear/>
<add connectionStringName="dbcloudintegraConnectionString" applicationName="cloudintegra" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"/>
<add applicationName="cloudintegra" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
</providers>
</roleManager>
<webServices>
<protocols>
<!--<add name="HttpGet"/>-->
<add name="HttpPost"/>
</protocols>
</webServices>
<httpHandlers>
<add verb="GET" path="CrystalImageHandler.aspx" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>
</httpHandlers>
<!--<httpModules>
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
</httpModules>-->
<httpRuntime requestValidationMode="2.0"/>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483647"></jsonSerialization>
</webServices>
</scripting>
</system.web.extensions>
<system.webServer>
<handlers>
<add name="CrystalImageHandler.aspx_GET" verb="GET" path="CrystalImageHandler.aspx" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" preCondition="integratedMode"/>
</handlers>
<validation validateIntegratedModeConfiguration="false"/>
<staticContent>
<mimeMap fileExtension=".woff" mimeType="application/octet-stream"/>
</staticContent>
</system.webServer>
<system.net>
</system.net>
</configuration>
How can I solve this problem?
EDIT:
From Andrew's answer, I found out that my IIS pool was set to .NET 2.0, so I changed it to 4.0. I still get internal Server Error, but it has changed.
Error Code 0x80070021
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Below is the screen shoot of the current error
Adding this as answer since its a bit longer to comment
<configuration> <configSections> <section name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup" /> </configSections> </configuration>
Try adding this to applicationHost.config
Also check your others paths are local in all config files
One reason this error can occur is if the Application was developed for .Net 4.0 but is running on an IIS Application pool set to .Net 3.5. Check the settings for your application pool and/or verify that .Net 4.0 is installed on the machine you moved the application to.
Also note, the HTTP error code 500.19 can have many different causes, and the IIS error code 0x80070032 is the more specific cause of the issue. There is a fairly lengthy discussion of error 0x80070032 at http://forums.iis.net/t/1166889.aspx
As a quick Workaround you could add the following to your root web.config:
<configuration>
<!-- add the missing section definitions as stated in the error message -->
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"/>
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
...
But that's just a workaround. Usually these sections should be already declared in your machine.config. That file's located here: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
Edit:
It's surprising me, that adding these lines to your root web.config doesn't make any differences and you still get that error message...
But as Andrew already said in his answer this error can have many causes.
I faced a similar situation when I worked on a web application that was hosted as a separate application inside a site.
The structure was like the following:
theSite
├subDir1
├subDir2
└─seperateApplication
theSite had its own web.config with some special configscetions within and so on, and my seperateApplication had issues because being in a sub-directory of theSite led to inherting all those web.config-settings.
To cut a long story short, make sure that your application doesn't inherit some odd settings from another site which possibly removed those sections via <remove name="system.web.extensions" /> or something like that.
I had the same thing, but the fix was straightforward. I had to make two adjustments that had been saved in the solution and didn't match to the new location I moved it to. The adjustments were as follows:
1.) After transferring to the new local drive location I opened the solution in VS. In the top nav. clicked Tools -> Options -> See a popup. On the left of that "Option" popup, go to "Project and Solutions" -> "General" -> on the right, see 3 text input fields, update the "Projects location" by browsing to the folder where the solution placed when moved. (note, I did not update the two template locations) Save and Close
2.)(Optional) My solution had 2 projects, a project as a ui layer using the localhost and another as a business layer made as a class library; the ui layer being a web app, needed its virtual directory to be recreated. I did the following: Right click the project that was the ui layer --> click projects properties to see the properties tab -> On the left of that tab is a nav list-> Click "Web"-> On the right under the section titled "Server", click "Create Virtual Directory" to rebuild it. Save, exit
Then all was good and no errors and everything was running again
The only catch I had was in regards to saved breakpoints. I had to remove all saved breakpoints and re-establish.
I am trying to make an access role in my system. I have these two roles ; Admin and user. In my login page, I put this line of code:
if (Roles.IsUserInRole(Login1.UserName, "Administrator"))
Response.Redirect("~/4_Admin/Page1.aspx");
else if (Roles.IsUserInRole(Login1.UserName, "Users"))
Response.Redirect("~/3_User/Expense.aspx");
When user role logged in, they are directed to the correct page but for the admin, it gives me this error,
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Self_studies/login.aspx
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="Connection" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" applicationName="SampleApplication"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="Connection" applicationName="SampleApplication"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="Connection" applicationName="SampleApplication"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<compilation debug="false">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms" />
I think I have checked the name and went through all the coding for so many times. Is there anything that I can do to fix this? Thank you.
Reference this- Examining ASP.NET's Membership, Roles, and Profile
try to configure your role manager as:
<roleManager enabled="true"
defaultProvider="CustomizedRoleProvider">
<providers>
<add name="CustomizedRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="MyDB"
applicationName="/" />
</providers>
</roleManager>
and at login button check user role as: Ref: Validation on current user
if (HttpContext.Current.User.IsInRole("Administrators"))
Response.Redirect("~/PageA.aspx");
else
Response.Redirect("~/PageB.aspx");