Web.Config might be “unreadable”
A bit of a Mea Culpa here, as the information that would point out the problem most obviously to potential Good Samaritans was censored by me. Why? Because I didn’t want to share the DB connectionString with world+dog.
Turns out that a default Web.Config will also include, in the DefaultConnection connectionString, the term Integrated Security=True. Why is this a problem? Because this is telling IIS to use Integrated Security when accessing the DB -- as in, ignore the Username and Password, and just use its own credentials.
Which, of course, is an Epic Fail.
Now, I am not sure how the IIS built into Visual Studio 2015 is ignoring and/or bypassing this term. Either it ignores it altogether and just uses the Username and Password in the string, or the installation of Visual Studio somehow sets up an automatic handshake between VS and MSSQL. I just don’t know.
Let’s chalk this entire clusterfuck to this being my first truly independent (no prior version) project I have worked on to date. In all other cases I had a prior version of the site (and as such, the DB) to work from, and I must have just copied over the connectionString as a whole unit from the old project instead of just editing the one in the new project.
TL;DR: Altering the connectionString to Integrated Security=False or removing it altogether solves the problem with standalone IIS (IIS not integrated into Visual Studio) not being able to access the DB despite the IIS built into Visual Studio doing just fine.
René Kåbis
I am a long-standing geek, having been working with computers since 1982, on the Internet since 1989, on the Web since 1992, and in the I.T. industry since 1998. About the only major I.T. categories I haven’t touched upon in some way are those of 3D animation and building programs for the desktop. My current specialties include website development, website design (primarily PHP 5 and ASP.NET MVC), UI patterns and usability, security and general hardware. I am also reasonably proficient in networking and systems administration. I have an uncompleted (4th year) BSc (Bachelor of Science) in Physics and Mathematics and a completed BBA (Bachelor of Business Administration) in Accounting, Strategic Management and Leadership. I am also in the process of challenging most of the courses in a BCS (Bachelor of Computer Science). I am an advocate of constant learning, and do my best to remain open to constructive criticism at all times. The saying really is true - the more I learn, the more I realize how little I know.
Updated on April 28, 2020Comments
-
René Kåbis almost 4 years
Current project:
- ASP.NET 4.5.2
- MVC 5
I am having a rather strange issue. When I debug from within VS2015, I am able to use and interact with the site without any issues, however it takes such a long time to compile every time I want to check something out by debugging. Plus, once I start debugging, files are locked and cannot be edited; and when I stop debugging the internal IIS to VS crashes (this is for any site I work with, not just this one). So using the IIS internal to VS2015 is not possible without being in debugging mode.
When I attach the local installation of IIS Express to either the directory that the project files are in, or to the directory that the compiled project is spat out into, the site works only with normal pages. Any Actions that involve database requests fail with a 500 server error. Other sites that have the same setup (installed IIS pointing toward project directory) work just fine, however this one fails on any Action that requires a DB connection:
Most likely causes:
- IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
- IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
- IIS was not able to process configuration for the Web site or application.
- The authenticated user does not have permission to use this DLL.
- The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
Things you can try:
- Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.
- Check the event logs to see if any additional information was logged.
- Verify the permissions for the DLL.
- Install the .NET Extensibility feature if the request is mapped to a managed handler.
- Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
Detailed Error Information: Module ManagedPipelineHandler Notification ExecuteRequestHandler Handler System.Web.Mvc.MvcHandler Error Code 0x00000000 Requested URL http://project.localhost:80/Home/Test Physical Path D:\Source\Repos\Project\Project\Home\Test Logon Method Anonymous Logon User AnonymousI have looked into the permissions for Web.Config, but they are all good, with both IUSR and IIS_IUSRS being given read/execute permissions. The application pool is set to Integrated, and this doesn’t seem to be an IIS issue specifically because a number of other database-driven sites on the machine work just fine (I just leave them up because I do frequent maintenance). So here I am thinking that this might be a Web.Config issue, at least in terms of how it is set up (again, permissions are identical to the other sites on the machine). And yet, the version of IIS built into Visual Studio works just fine with the site… it just dies (crashes) whenever debugging is stopped (this is with any site).
So I am looking for suggestions -- what could be making the version of IIS built into VS2015 work correctly, but the IIS in Windows fail with any DB connection in my current site? Keep in mind that the Windows IIS works with other sites and the static pages in this one, just not Actions that have DB access of any kind.
I am hoping that someone might be able to tell me if something is wrong with my Web.Config or not:
<?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> <sectionGroup name="nwebsec"> <section name="httpHeaderSecurityModule" type="NWebsec.Modules.Configuration.HttpHeaderSecurityConfigurationSection, NWebsec, Version=4.2.0.0, Culture=neutral, PublicKeyToken=3613da5f958908a1" requirePermission="false" /> </sectionGroup> <sectionGroup name="elmah"> <section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" /> <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" /> <section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" /> <section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" /> </sectionGroup> </configSections> <connectionStrings> <add name="DefaultConnection" connectionString="censored" providerName="System.Data.SqlClient" /> <add name="Elmah" connectionString="censored" providerName="System.Data.SqlClient" /> </connectionStrings> <appSettings> <add key="webpages:Version" value="3.0.0.0" /> <add key="webpages:Enabled" value="false" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> <add key="elmah.mvc.disableHandler" value="false" /> <add key="elmah.mvc.disableHandleErrorFilter" value="false" /> <add key="elmah.mvc.requiresAuthentication" value="false" /> <add key="elmah.mvc.IgnoreDefaultRoute" value="false" /> <add key="elmah.mvc.allowedRoles" value="*" /> <add key="elmah.mvc.allowedUsers" value="*" /> <add key="elmah.mvc.route" value="elmah" /> <add key="elmah.mvc.UserAuthCaseSensitive" value="true" /> <add key="recaptchaPublicKey" value="censored" /> <add key="recaptchaPrivateKey" value="censored" /> <add key="recaptchaApiVersion" value="2" /> </appSettings> <system.web> <authentication mode="None" /> <compilation debug="true" targetFramework="4.5.2" /> <httpRuntime targetFramework="4.5.2" enableVersionHeader="false" /> <roleManager enabled="true" /> <pages> <controls> <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" /> </controls> </pages> <httpModules> <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" /> <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" /> </httpModules> <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/Error/Index"> <error statusCode="401" redirect="/Error/Unauthorized" /> <error statusCode="404" redirect="/Error/NotFound" /> <error statusCode="403" redirect="/Error/Forbidden" /> </customErrors> </system.web> <system.webServer> <modules> <remove name="FormsAuthentication" /> <remove name="RoleManager" /> <add name="NWebsecHttpHeaderSecurityModule" type="NWebsec.Modules.HttpHeaderSecurityModule, NWebsec, Version=4.2.0.0, Culture=neutral, PublicKeyToken=3613da5f958908a1" /> <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" /> <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" /> </modules> <handlers> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <remove name="OPTIONSVerbHandler" /> <remove name="TRACEVerbHandler" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> <add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" /> </handlers> <httpProtocol> <customHeaders> <clear /> <add name="X-Frame-Options" value="SAMEORIGIN" /> </customHeaders> </httpProtocol> <httpErrors errorMode="Detailed" existingResponse="Replace"> <remove statusCode="403" /> <error statusCode="403" responseMode="ExecuteURL" path="/Error/Forbidden" /> </httpErrors> <security> <requestFiltering> <hiddenSegments> <add segment="NWebsecConfig" /> </hiddenSegments> </requestFiltering> </security> <validation validateIntegratedModeConfiguration="false" /> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" /> <bindingRedirect oldVersion="0.0.0.0-9.0.0.0" newVersion="9.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="AngleSharp" publicKeyToken="e83494dcdc6d31ea" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-0.9.6.41832" newVersion="0.9.6.41832" /> </dependentAssembly> </assemblyBinding> </runtime> <entityFramework> <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework"> <parameters> <parameter value="mssqllocaldb" /> </parameters> </defaultConnectionFactory> <providers> <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" /> </providers> </entityFramework> <system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" /> <!--<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />--> </compilers> </system.codedom> <system.net> <mailSettings> <smtp from="[email protected]"> <network host="" port="587" userName="" password="" enableSsl="false" /> </smtp> </mailSettings> </system.net> <nwebsec> <httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd"> <redirectValidation enabled="true" /> <securityHttpHeaders> <x-Frame-Options policy="Deny" /> <x-Content-Type-Options enabled="true" /> </securityHttpHeaders> </httpHeaderSecurityModule> </nwebsec> <elmah xmlns="http://Elmah.Configuration"> <!-- See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for more information on remote access and securing ELMAH. --> <security allowRemoteAccess="false" /> <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="Elmah" /> </elmah> <location path="elmah.axd" inheritInChildApplications="false"> <system.web> <httpHandlers> <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" /> </httpHandlers> <!-- See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for more information on using ASP.NET authorization securing ELMAH. <authorization> <allow roles="admin" /> <deny users="*" /> </authorization> --> </system.web> </location> </configuration> -
Lex Li almost 8 yearsYou don't need to change it in root web.config. Simply override it in your own web.config. Study the hierarchical design and how to properly override. -
René Kåbis almost 8 yearsI am talking about the Web.Config in the root of the project folder. You know, the one that will sit at the root of the website’s httpdocs once the site is uploaded. No need to override anything, this is where everything goes anyhow. I am not talking about Web.Config files in subfolders.