How to make EF code first work under `IIS AppPool\MySiteName`? - entity-framework-4

I am learning MVC 3 from asp.net site.
My MVC 3 application already has been tested under IIS AppPool\MySiteName and it works well.
Using Sql Server Management Studio, I created a new account for IIS AppPool\MySiteName.
I followed this tutorial "creating db on the fly" and I got an error as follows:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Cannot open database "Movies" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\Getting Started'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Well that error is saying that the user IIS APPPOOL\Getting Started doesn't have the proper login credentials, either your username or password is incorrect. Why not show us what the connection string looks like in your web.config file

The following things is all you should have to do imo:
Create and configure a new AppPool,
say AppPoolFoo, running under the
identity of a local user account,
say User1
Configure your site in IIS to run
under AppPoolFoo
Grant User1 appropriate rights with
SQL Server Management Studio
It's unclear to me whether you followed these steps, or have a different scenario.

Set Load User Profile to True on the application pool GettingStarted.

Related

Asp .net MVC is working when I run it locally but I get internal network error when I deploy to azure web apps?

I am having an internal server error immediately when I deploy my code to Azure web apps even though it runs perfectly fine on my own machine. My code is from a tutorial and close to this example:
https://github.com/elishnevsky/OdeToFood/tree/master/src/OdeToFood
However I do not have a web.config or an OdeToFood.xproj since they are not included in the tutorial. I tried including the ones that are in this git project but the error doesn't change. I ensured the permissions were configured to allow everyone to have full control.
My project is connected to a remote database that I can successfully connect to and manipulate from my local machine.
I have gone into the azure diagnostic tools and turned all the logging options on, however the error message being shown in the log stream doesn't change.
The error can be seen below.
I have tried including a random image to counter the favicon.ico error but that did not change anything.
Can anyone advise on some debugging tips, I think I need an idea on how to get a verbose error message.
IIS Detailed Error - 500.0 - Internal Server Error
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.
Most likely causes:
IIS received the request; however, an internal error occurred during
the processing of the request.
The root cause of this error depends on which module handles the
request and what was happening in the worker process when this error
occurred.
IIS was not able to access the web.config file for the Web site or
application. This can occur if the NTFS permissions are set
incorrectly.
IIS was not able to process configuration for the Web site or
application. The authenticated user does not have permission to use
this DLL.
The request is mapped to a managed handler but the .NET Extensibility
Feature is not installed.
Things you can try:
Ensure that the NTFS permissions for the web.config file are correct
and allow access to the Web server's machine account.
Check the event logs to see if any additional information was logged.
Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped to a
managed handler.
Create a tracing rule to track failed requests for this HTTP status
code. For more information about creating a tracing rule for failed
requests, click here.
Detailed Error Information: Module AspNetCoreModule Notification ExecuteRequestHandler Handler aspNetCore Error Code 0x00000000 Requested URL http://OdeToFood20170518102616:80/ Physical Path D:\home\site\wwwroot Logon Method Anonymous Logon User Anonymous
More Information: This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.
Microsoft Knowledge Base Articles:
IIS Detailed Error - 500.0 - Internal Server Error
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.
Most likely causes:
IIS received the request; however, an internal error occurred during the processing of the request.
The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
Things you can try:
Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was logged.
Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped to a managed handler.
Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click.
Detailed Error Information: Module AspNetCoreModule Notification ExecuteRequestHandler Handler aspNetCore Error Code 0x00000000 Requested URL OdeToFood20170518102616:80/favicon.ico Physical Path D:\home\site\wwwroot\favicon.ico Logon Method Anonymous Logon User Anonymous
More Information: This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.
Microsoft Knowledge Base Articles:
According to your github project, I have crate a test demo on my computer. I found this project has define a custom Physical File Provider (You could find
the it in the Middleware folder: UseNodeModules).
By cloning the project to the local, VS will automatic download the js file into the node_modules folder.
When publishing the project to azure web app service, the VS will not copy the node_modules folder to the azure web app. So the application will how 500 error.
I suggest you could find the UseNodeModules folder in the local and copy it to the azure web application.
More details, you could refer to below steps.
1.Open the KUDU console in your web app.
2.CLick CMD console and local the wwwrot folder
3.Add new folder and upload the node_modules folder.
Restart the application, them your project will work well.
Since your project isn't as same as the github projects, if you still get the mistake.
I suggest you could change the application setting as below to see the details error message.
1.Open application setting in your web service portal.
2.Add Hosting:Environment as below:
Besides, I suggest you could check your web application's connection string. Azure web app couldn't connect to the local server if you don't use Hybrid connections.
I suggest you could create a azure sql server and change the connection string as azure sql server's connection string.

Microsoft Sign-In for ASP.NET MVC 5 web role

I have created Azure cloud service and in this cloud service I have a web role serving as a MVC web application. I followed this tutorial to use Microsoft account as the external authentication. When I try with the localhost it works perfectly. However, after I deploy the cloud service, I changed the redirect URL to the site url which is http://109e199cf5864b50ab25ac839f8c151d.cloudapp.net/. But this doesn't work. I can reach the authorization part, but after I login with the Microsoft account I got Error Message: An error occurred while processing your request. What should I do to make it work?
UPDATE:
I tried to remove the [Authorize] tag in my controller so that I don't need to login to see the view. After I deployed again, I got the Error Message directly!!
I didn't login at all! I checked the code this Error Message is actually the Error view from the template in the Shared folder. But there is no change of the code to return me this Error view! What I am missing with the deployment here?
In the comments of the blog post you referenced, the author (Ben Day) said there was an update to the redirect URI.
With the latest version of the ASP.NET Identity code, the redirect uri is a different value. So on account.live.com, the redirect url value for your app is now going to be “http://myapp-url/signin-microsoft”.
You may want to check that you have the correct values here.

AspNet Identity Framework writing to master database on SQL Azure

I'm running into an issue when trying to deploy a simple MVC website to Azure. I am using 1 azure website and 1 Azure SQL database.
The boilerplate MVC template in VS2013 uses the Microsoft.AspNet.Identity.EntityFramework provider for the AccountController.cs default controller. When I use this to create the database locally, everything works just fine. However, when I deploy to Azure Websites and update the connection string, the site throws this error:
Cannot open database "master" requested by the login. The login failed.
Login failed for user 'vanillawebsite'.
See full stack trace here: http://pastebin.com/r9jvXgyW (it's massive)
Obviously, on SQL Azure there's no master database, so the default implementation of AspNet Identity Eneity Framework seems to need it though. Manually scripting out the schema to the database doesn't help either (it still attempts to access master for some reason)
Why is it trying to access master database, and how can I work around this?
As said before, SQL Azure has master database and usually when you see this message means that SQL user used in connection string does not have a right to access to the DB in question. Or the DB does not exist, i.e. misspelled name.

ASP.NET MVC Windows Azure organization authentication

I'm trying to configure the organization authentication in an ASP.NET MVC project in Visual Studio 2013 RC.
After filling the data in the create project dialog, like Microsoft instructed in their tutorials, I'm getting an error which says that the configure failed.
I've tried to do so as well in Visual Studio 2012 using the identity addon.
Maybe it's related to Windows Azure AD?
Here is the error that I'm getting:
Hopes that someone knows how to fix that issue. Thanks for any help and suggestion!
This question is old, but today I found a workaround that I'd like to share.
It seems like we can't use Microsoft Account when we're using WAAD.
So:
Create a WAAD.
Add an administrator
Choose local directory account, not Microsoft Account.
Grant this account Global Administrator permissions.
Open Visual Studio and create a new web based project.
Choose in authentication the "Organization Accounts".
Specify your WAAD URL (e.g. "foo#onmicrosoft.com").
When you're required to insert your user and password, use the local account username and password. for example ("oz#foo.onmicrosoft.com").
This will allow you to pass the error.
Edit:
Microsoft published a post that referred to this problem and show the solution (the one I described above). http://www.cloudidentity.com/blog/2013/12/11/setting-up-an-asp-net-project-with-organizational-authentication-requires-an-organizational-account/
I would check for two things:
The account used to login to Windows Azure while has Global Admin role in AAD
App ID URI specified in the project creation dialog is valid. Valid App ID URI for domain mydomain.onmicrosoft.com has format https://mydomain.onmicrosoft.com/uniqueUri. Note that you can leave this field blank and the tool will automatically pick the correct App ID URI for you.
If these two things don't help, I would encourage you to run DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx) in the background while trying to create a similar project and you can see the actual error message in the trace in DebugView.
In follow up to OzB:
Once you've setup the user in AAD as per OzB's account,
note that you must also then go to "Settings" in Azure and add that account as an administrator of the Azure subscription, otherwise you can't upload the website itself.

Asp.net mvc application deployment / security issues

I'll start with appologies; I wasn't sure if this was best posted here of Server Fault so if its in the wrong place then please move :-)
Basic information
I have written the first module of a new application at work. This is written using Visual Studio 2010, targetting .net 3.5 (at the moment) and asp.net mvc 2. This has been working fine during development running on the built in Development server from VS but however does not work once deployed to IIS 7/7.5.
To deploy the application, I have built it in release mode and created a deployment package by right clicking on the project in the solution explorer (this will be done with an automated build in tfs once upgrade from the beta). This has then been imported into IIS on the server.
The application is using windows/domain authentication.
Issue #1
I can fire up internet explorer and browse to the application from a client computer as well as on a remote desktop connection. I can execute the code which reads/stores data in Session fine from the IE instance on the remote desktop but if I browse to it from the client pc it seems to lose the session state. I click on the form submit and the page refreshes and doesn't execute the required code. I've tried setting with; InProc, SQLServer and StateServer. but with no luck :-(
Issue #2
As part of the application it views PDF and Tiff documents on the fly which are on a network share on the office network and creates thumbnails if the document hasn't been viewed before. This works if running on the machine the application is deployed to; however when browsing from a client pc I get an error saying:
Access to the path '\\fileserver\folder\file.tif' is denied
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path '\\fileserver\folder\file.TIF' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
As this is on a different server the user is not accessible. To get round this I have tried:
1 - setting the application pool to run as domain administrator (I know this is a security risk, but I'm just trying to get it to work at the moment!)
2 - to set the log on account for World Wide Web Publishing service to be the domain admin . When trying to restart the service I get ...
Windows could not start the World Wide Web Publishing Service service on the Local Computer.
Error 1079: The account specified for this service is different from the account specified fro the other services running in the same process.
Any pointers/help would be much appriciated as I'm pulling my hair out (of what little I have left).
Update
I've been using this funky little tool I found -
DelegConfig v2 beta (Delegation / Kerberos Configuration Tool). This has been really usefull. So I've got the accessing of the file share working (there is a test page which will read the files) so now I've just got the issue of passing through the users credentials through to the SQL Server (wans't my choice to do it this way!!) to execute the queries etc. but I can't get it to log on as the user. It tries to access it as "NT Authority\Network Service" which doesn't have a sql login (as should be the logged on user).
My connection string is:
<add name="User" connectionString="Data Source=.;Integrated Security=True" providerName="System.Data.SqlClient" />
No initial catalog is specified as the system is over multiple dbs (also wasn't my choice!!).
I really appriciate all the help so far! :-)
Any further hints?!
Issue #2 - Your options are:
Configure delegation (double-hop authentication) - I haven't done this on IIS7 and it's a bit different to 6, but I believe you will need to enable the web server machine account for delegation in AD, and create an SPN for the web server (eg setspn -A http/<Web Server FQDN> <Domain>\<Machine Name>). Troubleshooting Kerberos can be fairly painful.
Grant access to the network resources to the (domain) application pool account and make sure anonymous authentication is turned on ( <anonymousAuthentication enabled="true" userName="" defaultLogonDomain="" /> )
Response to Update:
You will need to make sure Kerberos authentication is working for SQL Server. Run the query select auth_scheme from sys.dm_exec_connections where session_id=##spid; it will return NTLM or KERBEROS. If it's NTLM, you'll need to do some work configuring SQL Server to use Kerberos. Set an SPN in AD for the SQL service account: setspn -A MSSQLSvc/<SQL Server FQDN>:1433 <Domain>\<Sql Service Account>, restart SQL Server and try the query again. You must use TCP/IP as the connection mechanism (this is the default).
If you don't have an initial catalog, you'll need to make sure that all of the user logins have a default database that they have access to. I would personally pick one database to be the initial catalog as you may get different behaviour depending on how the login is configured.
With this small part of information I could only give some hints:
Issue #1:
Maybe you have a misleading URL as action for the form? Or an caught&ignored exception? Do you have an onError-event in your global.asax.vb?
Sub Application_Error()
Dim ex As Exception = Server.GetLastError
' NOW HANDLE THE EXCEPTION --> REPORTING :-)
End Sub
Issue #2:
I recently had the same exception - I had to check the access-rights for users for this folder and set the appPool-identity to "NETWORKSERVICE". In your case you even try to access a network-folder - check the accessrights on the server and try to use the IP instead of the name - it could be a name-resolution-problem?!
Sorry for this small portion of information... This looks like problems only solveable with direct debug-options on the running server.
Finally last thing on Friday I got it working ...
As I said in the update, the tool for sorting out the delegation of credentials was very handy and helped no end to setting the correct SPN records.
I found I also had to set it up for SQL as I was passing through the credentials into the server. The other thing I found stopping the connections was some of the inbound windows firewall settings where causing problems.
For the connection string; I had to update to:
<add name="ConnectionStringName" connectionString="Data Source=.;Integrated Security=SSPI;Trusted_Connection=True" providerName="System.Data.SqlClient" />
Links I found useful:
Kerberos Authentication and SQL Server
DelegConfig
And even tho it mainly talks about Sharepoint ... this was also useful.
Hope this helps people in the future.

Resources