A: Follow these instructions:
Your web application will now return assembly load errors in it's error page. This is almost always sufficient, but if you need more details or can't view the page due to your usage scenario, check out the log files in the directory you specified. Alternately, copy over the Fusion Log Viewer from a machine with Visual Studio 2008 or higher, but note this sometimes fails to show the logs. It will be located in one the versioned directories under ProgramFilesx86\Microsoft SDKs\Windows, such as C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\NETFX 4.0 Tools.
A: This attribute uses the standard .NET syntax for type specification with one important variance from other parts of .NET, such as WPF: it uses a PERIOD separator between a class's namespace and the name of the class. For example, the following are valid:
Class with no namespace type="TestHandler"
Class in namespace type="TestNamespace.TestHandler"
Class in child namespace type="ParentNamespace.ChildNamespace.TestHandler"
Note that if the namespace itself uses a "+" in it's name, this must be escaped.
Q: In ASP.NET, I get the Fusion log error "WRN: Comparing the assembly name resulted in the mismatch: NAME", but the name specified in the type attribute matches the filename exactly. How do I fix this?
A: In .NET, the assembly name is not the same as the filename and is embedded within the file. Open this file in either .NET Reflector or IL Spy and select the file to view to the internal .NET name. This error can happen if, for example, you create a simple ASP.NET site, build it, and try to use it's App_Code.dll in another site by renaming it, or by changing the filename of a class library project.
There are several ways to fix this:
Edit the Assembly
Edit the Source Code of a Class Library
Q: In an ASP.NET configuration/system.web/handler/add node, is it necessary to specify the assembly name?
A: No. ASP.NET will automatically search all files located in the bin directory at the same level as the web.config.
Q: My ASP.NET application cannot find the handler I specified with the error "Could not load file or assembly", even though it is in the correct directory. Why?
A: There are several possible reasons. One of the more common causes is that the filename does not match the assembly name. The assembly name is an internal name embedded within the file. ASP.NET expects the filename to match the assembly name and will not load the assembly if they do not match. To verify this as the cause, enable Fusion logging and look for the error "WRN: Comparing the assembly name resulted in the mismatch: NAME". To fix this, open the file in .NET reflector or IL Spy, find the assembly name, and rename the file to the filename. Then make a meaning change to the web.config to force the app to reload.
Q: I am unable to view symbols when debugging an IIS HttpHandler/HttpModule, with the error "Cannot obtain the value of '<name>' as it is not available", but I'm using a debug build. How do I fix this?
A: There are many possible causes, with the basic problem being parts of, or the entire assembly, are being converted to native code with insufficient information to map back to the original IL PDB symbols.There is no single cause or definitive fix for this, although the same issue for standalone .NET EXEs is more reliably solved by [most of] these steps. To resolve this, address each of the following:
This MSDN Blog entry
A: This is a security feature to address a client-side vulnerability due to clients executing JSON results as a quick-and-easy way to deserialize them. Wrapping the result in a root-level "d" property forces the client to properly parse it before it can be used. See this link.
Q: How do I secure an ASMX web service to prevent the default method helper web page, WSDL, and make ASP.NET secure access to this page as it does other ASPX pages?
A: To address the first two issues, add the node <remove name="Documentation"/> to /configuration/system.web/webServices/protocols (IIS7+). In addition, IIS includes built-in local call functionality that is NOT disabled by this. To disable that, add <remove name="HttpPostLocalhost"/>.
To address the second issue, use a location element to deny access to the page unless the user is logged in. For example:
<deny users="?" />
A: The .NET Framework version field is incorrectly named and actually refers to the CLR version used. The NET framework 2.0-3.5 use the same CLR, so specifying 2.0 is sufficient to enable .NET frame 3.5 functionality. Courtesy this MSDN blog.
Q: In ASP.NET, I got the error "error CS0234: The type or namespace name 'Linq' does not exist in the namespace " when adding an ASPX/ASMX file to an existing web application. How do I fix this?
A: The web application domain must be configured to load the referenced assemblies - a using statement is insufficient for ASP.NET to determine the source assembly. After determining the source assembly, edit the web.config and add the reference to /configuration/compilation/assemblies via an add element. For example, to fix the above problem, add a reference to System.Data.Linq by adding a reference to it as follows:
<add assembly="System.Core, Version=220.127.116.11, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
Q: I can't call an ASMX service I added to an existing web application with error 500s. The application has a handler for ASMX files. How do I fix this?
A: There are many possible causes. One cause is that the GUI may show that a handler is mapped when it actually is not. All handler mappings are filtered by a "precondition" attribute, permitting the developer to declare multiple mappings for different application configurations: managed vs unmanaged, 32-bit vs 64-bit, CLR version, and .NET Framework version. However, the IIS Admin GUI does NOT display the preCondition attribute. If the ASMX class is bound to the .NET 3.5 System.Web.Script.Services.ScriptHandlerFactory but the web app is configured for CLR v2, then the web service will fail because the default mappings on newer machines are preconditioned to only work on .NET 4.0 web applications. To fix this, either change the app pool to use CLR 4 and modify the ASMX class to bind to .NET 4, or change the app to map the 3.5-version of this handler to ASMX by adding the following to /configuration/system.webServer/handlers in the application's web.config:
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=18.104.22.168, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
Sources: this stack overflow question, Blog on preCondition attribute, MSDN blog.
A: This appears to be %system32%\inetsrv\config\applicationHost.config.
Q: I can't place a breakpoint in an ASP.NET application after updating the backing assembly and source code. Visual Studio only places empty-circle breakpoints.
A: The application domain has been invalidated, but not yet reloaded, so Visual Studio is reporting the mismatch between the new source and old, loaded binary. To force the reload, make any request of the web application, then the break point indicator should refresh to a solid red dot.
A: The API exists, but isn't in the System.Security.Principal namespace. Use System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity. Courtesy this TechNet article.
Q: I get an error 500 Unknown web method when calling an ASMX WebMethod via JSON where the remoting contract is specified using an interface. It worked fine before using the interface. How do I fix this?
A: Change the interface method implementations from explicit interface implementation to virtual methods. For example, given the following (simplified) interface:
public interface IDuoRDSingleSignOn
Result<AuthorizedRdpFile> GetDuoAuthorizedRdpFile( string fileNodeName );
This must be implemented in the class as a virtual function, as shown below:
public class DuoRDSingleSignOnCallReceiver : System.Web.Services.WebService, IDuoRDSingleSignOn
[System.Web.Script.Services.ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Json, UseHttpGet = false, XmlSerializeString = false)]
public virtual Result<AuthorizedRdpFile> GetDuoAuthorizedRdpFile( string fileNodeName )
Also note that the [WebMethod] and associated attributes must mark the concrete class methods, not the interface methods.
Q: WinHttpCert fails to grant rights to an AppPool virtual account reporting "No account information was found". How do I fix this?
A: Do not use the FQDN of the server in the account name (-a) parameter - use the machine name only. For example:
winhttpcertcfg -g -c LOCAL_MACHINE\My -s Server2008Delta.Delta.local -a "Server2008Delta\IIS APPPOOL\RDWebAccess"
Q: I modified a few ASPX files, then when IIS 7.5 (Server 2008) serves them they appear to have no content. For example, RDWeb's default.aspx. How do I get the pages to work again?
A: The Unicode BOM was removed from the files when they were saved. Restore it by editing the files in an editor that can write the BOM, then the pages will render again. Notepad by do this by default, so opening, touching, and saving it notepad will fix the problem.
Q: I can't debug an ASPX file that lives in a virtual directory: breakpoints won't set and are never triggered. How do I fix this?
A: Attach the debugger to the default AppPool for the web site/app that CONTAINS the app being debugged. For example, in the case of RDWeb, attach the debugger to the process for DefaultAppPool instead. ASPX files in virtual directories are not served from AppPool of their associated web application regardless of where they exist. Also, be sure to edit the ASPX file and set debug=true on the Page directive.
A: There are several tricks to doing this:
The code will look something like this:
A: There are several ways to do so. Note this is only supported in Server 2008 R2 and above as lower versions of Windows do not support virtual accounts. From the Security tab GUI:
Q: What is the proper syntax for Microsoft.Web.Administration.Configuration.GetSection's locationPath argument?
A: The syntax is an IIS path relative to the host. In IIS, the base path for this API is MACHINE/WEBROOT/APPHOST. To specify a web application, use the relative syntax <SiteName>/<VirtualPath>. This is similar to, but unlike, the IIS WMI syntax of W3SVC/1/ROOT. For more information, see this page.
Q: In IIS, how do I configure a feature setting, such as IP Security, for an individual file in an application via IIS manager?
A: Do the following:
Q: When configuring IIS via the C# Microsoft.Web.Administration API, how do I configure an IIS feature for a specific folder?
A: Use these steps:
There are two different ways to get the web configuration object: from the app or from IIS. Consequently, either of the following are valid:
Q: When configuring IIS via the C# Microsoft.Web.Administration API, how do I configure a feature setting for an individual file, for example, set via the location element?
A: This is not obvious and does not work via several API approaches. The only way is to get the IIS (host) configuration object and get the config section from it, specifying the full path to the file on this instance of IIS. For example, assume the target is the IP Security settings section for the file dlux.php in the admin folder of the web application simplesaml installed on the default web site. Use the following code to get the system.webServer/security/ipSecurity settings for this file:
A: This cannot be done for a handler mapping, but can be done by defining a new FastCGI application and redirecting the handler mapping to it. In the FastCGI object model, while the web app specifies a pathname to an application, the handler mapping is not the root definition for that CGI entity. Instead, the authoritative CGI definition exists at machine level. The pathname to the EXE is actually a formatted argument used to link to the machine level definition. It consists of two fields, the file pathname and the command line arguments, separated by a | symbol.
To define a new FastCGI application via the GUI:
Q: I get a 403 Forbidden error when trying to access files on a CGI (PHP) web site served by the StaticFileHandler, after reducing the web app file rights to the AppPool+Administrators only. Why?
A: The static file handler checks for file access using the Internet User identity by default, which fails since rights to the IUSRS group were specifically revoked here. To reconfigure it to use the process identity instead, change system.webServer/serverRuntime/authenticatedUserOverride=UseWorkerProcessUser. Reference the end of this article.
Q: I get a "Provider load failure" when using the IIS WMI provider (root\WebAdministration) as an administrator but not elevated. It works if I elevate. How do I make this work non-elevated?
A: To fix this, specify Impersonation Level of Impersonate and authentication of Packet integrity during the WMI connection AND login as Administrator, not just a member of the local Administrators group, or you as a local admin and elevated. Windows has special elevation rules for the built-in Administrator account, and each WMI provider implements security in their own way. The IIS provider won't allow read access without elevation, unfortunately, while some do or provide limited information - see this link for more information. The syntax to specify these varies from interface to interface.
In PowerShell, specify -Authentication 5 -Impersonation 3 for Get-WmiObject. For example:
Get-WmiObject -Class Application -Namespace "root\WebAdministration" -Authentication 5 -Impersonation 3
Q: I get a "Configuration Error: An error occured creating the configuration section handler" for my custom ASP configuration section.
A: There are several possible causes:
1. The ConfigurationSection implementation backing this may not have a public default constructor. This error may not occur until a value is specified for an attribute or element child of the section.
2. If the section has a collection, the ConfigurationElementCollection implementation CreateNewElement or GetElementKey may be throwing, as in their default implementations.
Q: When using a NET runtime class type as a property, like System.Net.IPAddress, I get the error "The value of the property 'IP' cannot be parsed. The error is: Unable to find a converter that supports conversion to/from string for the property 'IP' of type 'IPAddress'."
A: You must implement a TypeConverter and decorate the property with the TypeConverter attribute to use any non-primitive types, except enums, as ConfigurationProperties. For example, to use System.Net.IPAddress, use the following code:
A: Call System.Web.Configuration.WebConfigurationManager.GetWebApplicationSection(<name of section>) and cast it to the ConfigurationSection derrived class type.
Q: When I call Microsoft.Web.Administration.Application.GetWebConfiguration().GetSection() from outside IIS, such as in an install, I get an exception "The configuration section cannot be read because it is missing schema declaration".
A: Outside of the web application using the module, call System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(webAppVirtualPath, siteName), then call GetSection on the result.
Q: When I call Microsoft.Web.Administration.Application.GetWebConfiguration().GetSection() from outside IIS, such as in an install, I get an exception "System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for DuoIpSecurity: Could not load type '<Your type here>' from assembly 'System.Web, Version=22.214.171.124...
A: The Type attribute of the configSection element is not fully qualified. It must contain the name of the assembly as well as the class, or IIS will return this error. For example, the string "Duo.Iis.IpSecurityModule.ConfigurationSection, DuoIisIpSecurity, Version=126.96.36.199, Culture=neutral, PublicKeyToken=d84208eddb8532b3" is fully qualified, resolving this error. This is necessary even if another element maps in the host assembly.
Q: I've declared a custom configuration section, but when trying to get it's object via OpenWebConfiguration/GetSection, I get an error System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for DuoIpSecurity: Could not load type.
A: In the section declaration, the Type must include the assembly reference. For example, under /configuration/configSections, the declarations should look like this:
<section name="DuoIpSecurity" type="Duo.Iis.IpSecurityModule.ConfigurationSection, DuoIisIpSecurity, Version=188.8.131.52, Culture=neutral, PublicKeyToken=d84208eddb8532b3" />
Q: In an install, WebConfigurationManager.GetSection() returns NULL, but my code is creating a correct configSections/section element.
A: The web application must be configured to use the backing assembly in a prior Microsoft.Web.Administration.ServerManager transaction. To fix this, relocate the code that references the backing assembly into a prior Microsoft.Web.Administration.ServerManager transaction. After calling CommitChanges on that, the next Microsoft.Web.Administration.ServerManager instance will provide the configuration section.
A: An HttpModule may be throwing during Init, or an event handler could be generating a runtime exception such as StackOverflow.