ASP.NET Exceptions

If you are having a problem using Vault, post a message here.

Moderator: SourceGear

Post Reply
thomas62j5
Posts: 71
Joined: Tue Aug 17, 2004 7:59 pm
Location: West Coast, USA

ASP.NET Exceptions

Post by thomas62j5 » Wed Aug 18, 2004 4:33 pm

Installed Vault today, 2.0.5, on a Windows 2003 server. I'm a little confused about the username login option for the program, but I chose the second option (system) because at the time I thought it was the right choice, now I don't know. I chose the 'sa' login option for SQL Server.

First problem I experienced was that the .aspx file wouldn't run within the VaultService virtual directory. This is the first ASP.NET application we've run, that I know of. So I went into the Web Service Extensions area and added a new allowed extension which I named ASP.NET, and specified c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll as an allowed file to run for this extension.

Once the .aspx file loaded after I did that, I got an exception on that page saying the ASP.NET user did not have access to the c:\windows\system32\inetsrv directory, so I gave full access to that folder to the {machinename}\ASPNET user.

Restarted IIS and refreshed the page (http://myserver/VaultService/VaultWeb/login.aspx), and now I am seeing an error I don't understand at all:

Code: Select all

Server Error in '/VaultService' Application.

Error loading XML file c:\windows\microsoft.net\framework\v1.0.3705\Config\machine.config Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. (c:\windows\microsoft.net\framework\v1.0.3705\Config\machine.config)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Configuration.ConfigurationException: Error loading XML file c:\windows\microsoft.net\framework\v1.0.3705\Config\machine.config Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. (c:\windows\microsoft.net\framework\v1.0.3705\Config\machine.config)

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[ConfigurationException: Error loading XML file c:\windows\microsoft.net\framework\v1.0.3705\Config\machine.config Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. (c:\windows\microsoft.net\framework\v1.0.3705\Config\machine.config)]
   System.Configuration.ConfigurationSettings.GetConfig(String sectionName) +210
   System.Configuration.ConfigurationSettings.get_AppSettings() +16
   VaultServiceAPILib.VaultConfigReader.GetConfigSetting(String strSection, Boolean bEncrypted) +27
   VaultService.Global.Application_Start(Object sender, EventArgs e) +1626


Version Information: Microsoft .NET Framework Version:1.0.3705.288; ASP.NET Version:1.0.3705.288
Any ideas?

thomas62j5
Posts: 71
Joined: Tue Aug 17, 2004 7:59 pm
Location: West Coast, USA

Progress update...

Post by thomas62j5 » Wed Aug 18, 2004 5:40 pm

I made two changes and the login form is now displaying.

First, I went into the properties of my IIS website, into the Home Page tab, and the Configuration area. I altered all the .NET file extensions (like .aspx) to use the 1.1 Framework DLL. Then I added that 1.1 aspnet_isapi.dll to my ASP.NET Web Service Extension "allowed" list.

(Aside: Can anyone explain why they were all setup to use the 1.0 framework DLL on a Windows 2003 server? Is there an easier way to make IIS6 use 1.1?)

I then restarted IIS, refreshed the page, and was getting a different error about permissions in the .NET Framework temporary files folder for the ASPNET user. I did some more research on ASP.NET, and it turns out that IIS6 uses the NETWORK SERVICE as the default account for the ASP.NET worker process. So I gave that process permission to read/write in the temporary .net framework folder.

(Another aside: WHY is the NETWORK SERVICE user the default ASP.NET process user, rather than the ASPNET user?!)

Now the login page is loading at least. Though I am confused as to whether I may have screwed something up in the process of trying to figure this out. So far ASP.NET is confusing...

dan
Posts: 2448
Joined: Wed Dec 17, 2003 5:03 pm
Location: SourceGear
Contact:

Post by dan » Thu Aug 19, 2004 7:39 am

Once you are able to login as a user other than Admin, add a folder containing more than a trivial amount of data, and then get that folder, then IIS and permissions on the install have been configured well enough to run Vault :)

thomas62j5
Posts: 71
Joined: Tue Aug 17, 2004 7:59 pm
Location: West Coast, USA

Post by thomas62j5 » Thu Aug 19, 2004 1:03 pm

dan wrote:Once you are able to login as a user other than Admin, add a folder containing more than a trivial amount of data, and then get that folder, then IIS and permissions on the install have been configured well enough to run Vault :)
I read some more threads in these forums and understand how things work a bit better. This thread was particularly helpful since the guy posting it has almost the same exact server setup as I do, running two 2003 servers with vault on one and sql server on another.

http://support.sourcegear.com/viewtopic.php?t=1617

I did have the permissions setup OK since I ran the import tool from VSS and it mostly worked (just a few dozen file versions failed out of thousands imported... probably due to corruption).

However, once I understood more about how everything works together, I uninstalled Vault and reinstalled it with a slightly different configuration:

- Created a new virtual website in IIS6, named source.mydomain.com, so I can block access to this site at the firewall and only allow VPN users to have access to Vault.

- Created a new app pool specifically for Vault, and have it running as one of our AD accounts with limited rights, so that vault will be able to write files to servers across our LAN when needed.

- Told Vault to use this same account when I was installing it.

Only problem I encountered after that was one of my users could not login, I saw a "FailEncryption" error in the log, and with the help of the thread I mentioned above, I realized I needed to delete those files in the Crypto\RSA folder that were mentioned since they were created initally with other user rights. Then I restarted IIS, and was able to login.

All appears to be working so far. Now I can get to the actual testing of Vault. :-)

One thing that is interesting is the web view of Vault. It is very nice, but I don't see a way to check out files from the web view. This may be a feature you could add in the future. I wouldn't use it that often, but I could see it being handy in a pinch, when you don't have time to download, install, and setup the GUI client to fix a problem.

Post Reply