I'm playing around with the new Websites feature on Azure and trying to get an MVC site running with RavenDB in embedded mode. Everything works fine locally but running the deployed site in azure I get this error:
System.Net.NetworkInformation.NetworkInformationException: Access is denied
This happens when I create the db instance in global.asax:
Store = EmbeddableDocumentStore { ConnectionStringName = "RavenDb" };
My connection string is:
<add name="RavenDb" connectionString="DataDir=~\App_Data\Raven" />
Thanks!
When a port is not specified for RavenDb it will go out and attempt to find it's own, it does this by calling IPGlobalProperties.GetActiveTcpListeners().
RavenDb | PortUtil.cs
var activeTcpListeners = IPGlobalProperties
.GetIPGlobalProperties()
.GetActiveTcpListeners();
Calling GetActiveTcpListeners() intern calls the Win32 function GetTcpTable() which attempts to enumerate all of the possible port combinations on the host. For obvious reasons, it would not be a good scenario to allow folks to do port scanning within Windows Azure Web Sites. Which means the GetTcpTable operation fails and when something fails in the world of development we throw an exception.
In this particular case the exception is a NetworkInformationException which is raised do to the security permissions neglecting the call to GetTcpTable. This is why it results in an Access Denied message.
tl;dr
Add a default port to your web.config appsettings section:
<appSettings>
<add key="Raven/Port" value="*"/> <!-- Add real tcp port # -->
<add key="Raven/DataDir" value="~\Data"/>
<add key="Raven/AnonymousAccess" value="Get" />
</appSettings>
Related
I am trying to install Master Data Service MSD on my local machine. Theorically there are 3 steps :
pre-installation tasks
Installation tasks
post-Installation tasks
During the pre-installation tasks we verify the installation requirements.
The Master Data Services web application needs some Windows Web Server roles and role services. Among these services we have the "Windows Authentication" (under Security).
The problem is that I did not find under security node Windows Authentication. Instead I find Basic Authentication.
My OS is Windows 10.
To install (add) the the desired roles I follow the theoritical instructions:
Control panel| Programs and features| turn Windows Featues on or off. I then expand Security under World Wide Web Services but there is no Windows authentication among the check boxes, there is only basic authentication.
Also when I open IIS and double click Authentication pane there are 4 Authentication (basic, anonymous,ASP.net impersonation and formular), so again, I don't find windows Authentication.
I read some suggestions on the internet telling that we can edit the applicationHost.config file. I find 2 file on different paths.
The location of the first one is: C:\Program Files (x86)\IIS Express\AppServer
and the second location is: C:\Windows\System32\inetsrv\config
In those files I replace <windowsAuthentication /> under
<security><authentication> node by :
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
and I also add <add name="WindowsAuthenticationModule" lockItem="true" /> under <system.webServer><modules>
I did this on the 2 files because I was not sure whether it should be done only on the latter one or not (iis and not iisexpess). But even with those changes it does not work and what surprise me is that when I open iis after editing file, I also don't find windows aythentication among the authentication list in Authentication pane. So I conclude that editing did not serve at all and make no change to IIS.
Of course because I failed to enable Windows Authentication when I open MDS (to do the installation step), I get a warning error telling that IIS is not configured correctly because windows authentication is not installed on this server.
You'll find here how to add it and after that you'll be able to use it:
https://weblogs.asp.net/zroiy/missing-windows-authentication-provider-for-iis-7-on-windows-server-2008
I created a small web application using Visual Web Developer 2010 Express. After I deployed my site and go to the first page, which is the login page that provides a list of users for the app, I get this error:
Exception Details: System.Data.SqlClient.SqlException: User does not have permission to perform this action.
Source Error:
Line 22: public ActionResult LogOn()
Line 23: {
Line 24: var users = Membership.GetAllUsers().Cast<MembershipUser>().ToList();
Line 25: SelectList usernames = new SelectList(users);
Line 26: ViewBag.UserNames = usernames;
Here is my connectionStrings settings:
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
Why is this error occurring? Any help is much appreciated. I'm currently developing it on a Windows 2008 Server and testing the deployment of it on the same machine.
I found the issue with my connection string. It was set up for user instancing, which according to this Microsoft article:
Web applications running on IIS 7.5 and that rely on SQL Server
Express user instancing will fail to run using the default IIS 7.5
security configuration on both Windows 7 Client and Windows Server
2008 R2
The article also recommends avoiding usage of user instances in production. I found this post which helped me host the database in a normal .\SQLExpress instance. I changed my connection strings to:
<connectionStrings>
<add name="ApplicationServices"
connectionString="Database="app_users";Data Source=.\SQLEXPRESS;Initial Catalog=app_users;Integrated Security=SSPI;"
providerName="System.Data.SqlClient"/>
</connectionStrings>
Before changing the above connection string, I attached the aspnetdb.mdf file in SQL Server Express to a new database I created called "app_users".
I no longer get the permissions error.
What are the pro's and con's of using the built in App Pool Identity in IIS as opposed to specifying a Windows account?
For SQL Server if you want to connect from a .Net application using Windows Authentication I presume that if I use an App Pool Identity, I must associate this with a user in SQL Server or give that App Pool Identity access to by db?
Are App Pool Identities just added as convenience so that you dont have to set up accounts for your App Pools?
The built in account used is specific to the computer. If applications inside the app pool need to connect to other resources on the network (database servers, file shares, etc) then using a (windows) domain account may be a better option. When you specify a domain account you must ensure they have the correct file permissions set on the physical folders that IIS is using. In later operating systems - you can add this account to the IIS_IUSRS group to achieve the default permissions.
We have several application running on our intranet that use windows authentication. The way we handle this in our web.config is to specify our SQL connection string as follows:
<connectionStrings>
<add name="ConnectionStringName" connectionString="Data Source=ServerName;Initial Catalog=DatabaseName;Trusted_Connection=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
Also in the web.config is the following:
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true" username="Domain\Username" password="password"/>
</system.web>
Using a domain account allows you to manage the account in the same way you manage other users accounts. Down side here is that the username and password are included in plain text in the web config.
Hope this helps.
I just published my mvc3 application that uses the default membership provider to login but it seems that the call to anything "Membership" (Membership.ValidateUser-in this case) is causing the following error on the remote server hosting my web application.
Server is 2003 SP2 IIS6.0...my mvc3 application hits sql server 2008 instance.
A network-related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found
or was not accessible. Verify that the instance name is correct and
that SQL Server is configured to allow remote connections. (provider:
SQL Network Interfaces, error: 26 - Error Locating Server/Instance
Specified)
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
SQLExpress database file auto-creation error:
How is the out of the out of the box (new mvc3 app) user/login managed with MVC3 and how can I set this user store up on my remote IIS server?
By default it creates a connection to a local SQL Express db in your App_Data folder the first time you run the mvc web app and register a user. You will then notice the aspnetdb file is created.
If you wish to use your existing db you need to create the Membership schema on an existing database.
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
Easiest way is to update the web.config connection string to point to new db and run the install scripts agaist this.
These scripts are located in the WINDIR%\Microsoft.Net\Framework\v2.0.50727\ folder with names like InstallCommon.sql, InstallMembership.sql, InstallRoles.sql, InstallProfile.sql, InstallSqlState.sql, and so on.
See this more in depth article for full overview
http://www.asp.net/security/tutorials/creating-the-membership-schema-in-sql-server-cs
What I am doing
I am building an MVC2 website with Windows Authentication using Visual Studio 2010. I want to debug the website using IIS7 and access it from a browser in a virtual machine (in order to sign in using different users with different privileges).
Problem
When I try to access my website from my virtual machine, I get the following error:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
Environment
I have visual Studio 2010 set to debug using IIS and to "Don't open a page. Wait for a request from an external application." I have created www.myWebsite.com in IIS7 on my host machine and have only Windows Authentication enabled.
I have made appropriate entries in the hosts file on both the virtual machine and my host machine so that when I type www.mywebsite.com into the browser on my virtual machine, it targets my website I set up on IIS7.
I tested my IIS7 setup process by using the same settings to set up an html website (with the same web.config security settings) and I could access that from my virtual machine. For this reason I think the problem has something to do with my application. IIS7 is set up to use .net 4.0 and Integrated Pipeline Mode.
Code
Here is my web.config file:
connectionString="metadata=res:///Models.ReportDB.csdl|res:///Models.ReportDB.ssdl|
res://*/Models.ReportDB.msl;provider=System.Data.SqlClient;provider connection string="Data Source=JDOE-
PC;Initial Catalog=ADVENTUREWORKSDB;Integrated Security=True;MultipleActiveResultSets=True""
providerName="System.Data.EntityClient" />
res:///Models.WDB.ssdl|res:///Models.WDB.msl;provider=System.Data.SqlClient;provider connection
string="Data Source=JDOE-PC;Initial Catalog=WarehouseDB;Integrated
Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />
PublicKeyToken=31BF3856AD364E35" />
PublicKeyToken=31BF3856AD364E35" />
PublicKeyToken=31BF3856AD364E35" />
PublicKeyToken=b77a5c561934e089" />
type="System.Web.Security.WindowsTokenRoleProvider"/>
type="System.Web.Security.WindowsTokenRoleProvider"/>
type="System.Web.Security.WindowsTokenRoleProvider" />
I started over and everything has been working fine. I'm curious what the problem is, but with all the settings I was messing with (was doing a lot of experimenting as this was my first MVC project) I probably hosed something.
I don't think I have enough information to really solve the problem, so I will close this question.