I am using Sitefinity 5.1 and RadGrid in this example.
I have been troubleshooting one of our pages on development server this morning and I have confirmed that it behaves differently on the page with the styling (template) than on the barebones page (no styling, no scripts etc):
The page does not work in Chrome but does work in IE and Firefox
The page on a bare-bones page (no template, header, or anything else) works in IE, Firefox and Chrome
Code used:
Response.Redirect(String.Format("~/services/separation-by-code/managesbyc?id={0}", DateTime.Now.Ticks.ToString()));
I am using ticks to refresh the page before I get there.
Here are some results:
Firefox:
seabass.ptagis.org/services/separation-by-code/managesbyc?id=634854696522350585 -> works
Chrome on the bare-bones Sitefinity page:
seabass.ptagis.org/services/separation-by-code/managesbyc?id=634854701574768045 -> works
Chrome on the styled page (CSS, Scritps, etc):
seabass.ptagis.org/services/%2fservices%2fseparation-by-code%2fmanagesbyc%3fid%3d634854699444302751 -> nope
I get the server error attached below.
I did go through all the steps of setting web.config httprequests = 2.0 and page validations = false. That did not help.
Any help is appreciated.
Server Error in '/' Application. A potentially dangerous
Request.Path value was detected from the client (?). Description: An
unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the
error and where it originated in the code. Exception Details:
System.Web.HttpException: A potentially dangerous Request.Path value
was detected from the client (?). Source Error: An unhandled
exception was generated during the execution of the current web
request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (?).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +11494475
System.Web.PipelineStepManager.ValidateHelper(HttpContext context)
+184 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
If you're using .NET 4.0, you should be able to allow the url containing a question-mark (?) via the web.config
<system.web>
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\" />
</system.web>
Note, I've just removed the question-mark (?), the original default string is:
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
Related
We have Kentico CMS with MVC site.
I recently upgraded Kentico 12 to 13 and started getting a "resource not found" error on doing Page Preview in the admin app. I had not uninstalled the Kentico 12 NuGet packages from MVC app before updating them to 13. After uninstalling them and reinstalling 13, the error has changed to below error. Applying 13.0.52 hotfix did not make any change.
Try reloading the administration interface. The user was not found in
the JWT token, nor in the current virtual context URL.
Here is the stacktrace:
Server Error in '/' Application. Try reloading the administration
interface. The user was not found in the JWT token, nor in the current
virtual context URL. Description: An unhandled exception occurred
during the execution of the current web request. Please review the
stack trace for more information about the error and where it
originated in the code.
Exception Details: CMS.Helpers.InvalidVirtualContextException: Try
reloading the administration interface. The user was not found in the
JWT token, nor in the current virtual context URL.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidVirtualContextException: Try reloading the administration
interface. The user was not found in the JWT token, nor in the current
virtual context URL.]
Kentico.Content.Web.Mvc.VirtualContextPrincipalRetriever.GetPrincipal(String
jwtToken) +417
Kentico.Content.Web.Mvc.VirtualContextPrincipalAssigner.SetVirtualContextPrincipal(IVirtualContextPrincipalRetriever
virtualContextPrincipalRetriever) +229
CMS.Base.AbstractHandler.CallEventHandler(EventHandler1 h, TArgs e) +115 CMS.Base.AbstractHandler.Raise(String partName, List1 list, TArgs e, Boolean important) +1028
CMS.Base.SimpleHandler2.RaiseExecute(TArgs e) +145 CMS.Base.SimpleHandler2.StartEvent(TArgs e) +236
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+223 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +220 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously) +94
Edit
My MVC site has a security related entry in web.config which is causing this.
<add name="X-Frame-Options" value="deny" />
It was added due to Page Preview's <iframe> behavior. We have always used "Preview in new tab". Not sure if it's safe to remove this.
Please see the documentation. It describes what happens when you set this header on your own: "If you manually apply the X-Frame-Options header in your MVC site's web.config file, the preview mode and all related features (such as the page builder and form builder) in the Xperience administration display a blank page instead of the previewed content."
And it also explains what needs to be done: "If you set CSP headers on your own, make sure to always whitelist the Xperience administration parent site using the frame-ancestors policy. Otherwise the preview mode and all related features will not display content."
Does your live MVC site run properly independent of the admin site? Make sure that your MVC site runs correctly and you can login to it.
Also, examine the URL that is sent to the MVC site from the Admin site if tokens are sent.
Explanation
In production and locally, the 404 page for my site works fine for the most part. A URL such as http://localhost:43424/gibberish_r3hjjnwef will return the well designed 404 HTML page that is in the website folder, and pointed to by IIS.
However when I change the this URL to http://localhost:43424/gibberish_r3hjjnwef... it gives the following "hard" error, whilst still claiming to be a 404.
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /gibberish_r3hjjnwef...
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2110.0
I'd rather it still gave the 404 HTML page.
I thought maybe it was an outright invalid URL, but both http://www.bbc.co.uk/news/fdisdhfdu and http://www.bbc.co.uk/news/fdisdhfdu... give the BBC's nice 404 page.
Question
Is there anything I can do to improve this?
Relevant Information (happy to provide more if necessary)
Microsoft .NET Framework Version: 4.0.30319
ASP.NET Version: 4.7.2110.0
Language/Framework:C#/Classic .ASP
I'm not sure whether this is what you are referring to, but maybe try this out:
Go to IIS Manager -> Site -> IIS Error pages. On the right hand panel, there's a setting "Edit Feature Settings...".
The options there mean:
Custom error pages: Use the 'IIS error pages' as fallback for all failed requests (e.g. your 404 page set up the list behind)
Detailed error pages: In case of an Asp.Net error, shows the 'Asp.Net error page' ("Server Error in '/' Application." etc.)
Detailed errors for local requests etc.: Show the 'IIS error page' for remote requests, for local requests show the 'Asp.net error page' ("Server error in '/' etc.)
This is in place to effectively hide the detailed Asp.net error page (with the stack trace etc.) from external callers as you may not want to give them the details of your application. This is the default setting, where you should only see the 'Asp.net error page' when you call the invalid URL on 'localhost', but the 'IIS error page' (404) when you call the page from a different computer.
So, what you may want to try is to select the "Custom error pages" option ('IIS error pages' for all failed requests).
I am using VS2010.
I log my exception in Application_Error and then get automatically redirected to Custom Error page.
On Custom Error page, I would like to display stack track of the error.
I can not implement the approach in following article because I am
using ajax controls in all the pages and I get ajax errors if I use
the solution in following article.
I updated the web.config as follows:
<customErrors defaultRedirect="~/CustomError.aspx" mode="On" redirectMode="ResponseRewrite" />
The ajax error for the web.config is as follows:
Microsoft JScript runtime error: Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server could not be parsed. Common causes for this error are when the response is modified by calls to Response.Write(), response filters, HttpModules, or server trace is enabled.
Details: Error parsing near '
ASP.NET custom error page - Server.GetLastError() is null
I can not use the following approach because I am being told to stay
away from session and application level storage.
Asp.net 4.0 : How to get exception details in custom error page?
So what are my options?? is there any other way to store Error information in Application_Error and recover the error stack trace on Custom Error page? This page is automatically being rerouted by asp.net engine.
I have an ASP.NET application all things are working fine but after some minutes when I click on a button it gives me this error :
Validation of viewstate MAC failed. If this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies
the same validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster. Description: An
unhandled exception occurred during
the execution of the current web
request. Please review the stack trace
for more information about the error
and where it originated in the code.
Exception Details:
System.Web.HttpException: Validation
of viewstate MAC failed. If this
application is hosted by a Web Farm or
cluster, ensure that
configuration specifies the same
validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.
How I can resolve this ?
This blog post covers this in quite a bit of detail:
http://www.eukhost.com/forums/f15/fix-validation-viewstate-mac-failed-6085/
In the past i've used this method:
<system.web>
<pages enableViewStateMac="false" />
</system.web>
setting enableviewstatemac to false means if the encoded view state changes your view state won't be replaced with the older one, this can be a security issues. instead of this, after seeing your error put a persistence machine key in web.config if you are in web farm scenario because dynamically generated machine key tends to view_state error.
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.
That is the default generic error message in ASP.NET.
Re the more specific "what kind of error"; impossible for us to say; it could be a configuration error in web.config, it could be problems talking to the database, it could simply need a hug and some quiet time. Like the message says, either enable remote debug output, or look at the site from the server, and it'll tell you what is actually happening. Or look in the error log (event-viewer by default), which is perhaps more useful.
Note you can replace the error page with something more... user friendly if you like. Like the lolcatz on stackoverflow.com.
Edit the web.config file to have this
<system.web>
<customErrors mode="RemoteOnly"/>
</system.web>