Security :: Aspnet_regiis With The "-pa" Switch For "NTAUTHORITYNETWORK SERVICE" Throwing Exception 0x080070534
Mar 17, 2011
The environment:
Development:
Windows 7 64bit running microsoft visual studio to develop an ASP.NET web application in C#.
Production:
Windows Server 2003 : Microsoft.Net V3.5 : IIS
Application:ASP.NET web application with forms authentication using an Active Directory provider to authenticate against our domain controller. Once authenticated users can select reports which populate a gridview with data from an SQL database.
Background:The web app works flawlessly on development and production. Users can navigate to, authenticate, and access all information on the web app.
Due to sensitive connectionString and active directory provider information in my web.config file we have decided to encrypt those parts.
After researching different methods we chose to do a machine level RSA encryption.
The method which we are following in CMD:
1. cd c:windowsmicrosoft.netframework"version"
2. aspnet_regiis -pc "containerName" //this creates the key container
3. aspnet_regiis -pa "containerName" "NTAUTHORITYNETWORK SERVICE" //this creates an ACL for the NETWORK SERVICE user to be able to access the
container and decrypt the web.config file
4. aspnet_regiis -pef "connectionStrings" "C:inetpubwebsiterootdir" -prov "provider" (where provider is the name of the encryption provider in
web.config) //this uses the encryption provider to encrypt the data then storing the key in the container that we created in step 2.
5. Repeat this process for any other sections of web.config with sensitive info.
What is the point of throwing an exception? It it anyways going to be caught in the Global.asax Application_Error method.
Lets say in the following code we throw an exception.
try { using (var dc = GetDataContext()) { // We are doing some data inserts here. } catch ( Exception ex) { throw ex; }
My Question: Even if we do not use try catch and throw here, any exception which will be raised here will be caught inside Application_Error method in Global.asax. Then what is the point of try, catch and throw in this case?
I'm getting this exception randomly in one webservice, it used to happen in the first call only, and in the second calls and so on it works fine ... and after a while without use the webservice it happens again. It seems to be that when the AppDomain is not loaded, the first time fails... and subsequent calls are ok; when IIS shutdown the AppDomain... the next call will fail again.
I have added a service from a Win2003 server to my Visual Studio project on WinXP machine. Create an oject for this service went OK. But when I tried to run a method in the service I get "401 web exception while accessing a service.".
I have an asp.net application with separate classes for business logic and database interaction and then of course the UI. I am building a form to add a widget to a widget list table in the database. My UI collects the information and submits it to the business class. I'm going to write the business class to first double check that the widget has a name (I know I should do this in UI with validation, and I will, but this is just in case validation is forgotten) and if it does, go ahead and send the information to the database class. The database class will then attempt to write the info to the correct table using a try catch finally block. Any errors caught here are logged and then rethrown so I can inform the user. So, knowing that my database class may rethrow an error, my business class code will also be written in a try catch finally block.
So at this point I have a number of possible outcomes that I want to inform the user via the UI:
1) Everything was fine and the widget was added.
2) Something happened with the database write and the user should try again later.
3) The user forgot to name the widget.
My question is: should I write my UI in a try catch block and then throw a custom Exception with an Exception.Message in the business layer if anything goes wrong, or just have my business logic return a string that is the message? I'll want to know if the process was successful or not, because I'll want to format the actual message differently, so I'd have to use if...elseif to determine if the message was bad or not.
It seems like throwing a custom Exception in the business layer may be a good way to tell the UI something bad happened. If the UI doesn't catch anything then of course the operation was successful. Then again throwing an exception for missing data seems a bit hefty.
I am using AjaxToolkit 4.0 which suggests to use ToolkitScriptManager in place of ScriptManager. But when I am using ToolkitScriptManager, it throws javascript exception when Page_ClientValidate() in called from javascript. However, this error is not coming when ScriptManager is used. Can anybody tell me how to make Page_ClientValidate() run when using ToolkitScriptManager?
Now it doesn't throw any exception, it executes fine but receiver does not receive any mail in his inbox. How can I fix this? Edit - This is the stack trace im getting.................
I am having this strange case, at first time when the page loades, everything goes fine. But as soon as I click on any link which makes any ajax request, after that, I get this error while trying to read the configuration."System.Configuration.ConfigurationManager.ConnectionStrings' threw an exception of type 'System.Web.HttpException"I am using asp.net mvc 1.0
i have created a bat file to run the aspnet_regiis exe to encrypt the connectionStrings of web.config file on the remote machine. the same is working when i ran the file on remote machine itself. but is it not working when i call it from another bat file from my local machine which is shared with remote machine. my code loos like:
then i insert an item to the top of list (at zero index):
Code:
protected void Title_DataBound(object sender, EventArgs e) { var item = (RadComboBox)sender; item.Items.Insert(0, new RadComboBoxItem("Select title...", "0")); }
It works perfect but, IF the Title field is zero and you Click EDIT LinkButton it throws an exception: Selection out of range Parameter name: value I would say that it's expected as zero index does not exist at the moment when i click edit button. I bind the combo from within RadGrid1_ItemCreated event.
I would like to encrypt the connectionstrings section in my web.config file using the : ASPNET_REGIIS utility However I'm running Windows 7 pro, that is without any IIS.
Is it possible for me to do it.
The path (on my local pc) to the website containing the web.config file is like this:
C:UsersmyUserDocumentsVisual Studio 2010ProjectsmyWebsitemyWebsiteWeb.config
In our application we have to access session objects in business class. We are using HttpContext.Current.Session to get the session value. In some cases it returns the value but mostly its throwing a null reference exception(Object reference not set to an instance of an object). We have the following code Try
If HttpContext.Current.Session("Username") IsNot Nothing then ' Statements to be executed End If Catch ex As Exception 'Log to db End Try
Here HttpContext.Current.Session("Username") is mostly throwing an exception "Object reference not set to an instance of an object" While debugging we found that HttpContext.Current itself is nothing.
I have a static dictionary object which hold some Key and Value pairs in our site.We are getting Indexoutofrange exception some times and we couldn't figureout the problem why it is causing.This error is logged several times in the log file and site went down.Do you have any idea why this is happend?Please provide your advice ASAP as we are facing this issue in live server.
A dataview is throwing an out of range exception when a page submit button is clicked. The strange part is if you change the data in the dataview by selecting a different person in the DDL the page works fine. Its only when the page loads and the default person in the DDL is when the DataView throws the exception.
The exception is thrown on the last line when I add DV.Rows(0).Cells(1).Text to the id_num parameter. I know there is a value in the dataview because it is displayed on the page. I can refresh the dataview with another person's information and the code works fine. This really has me confused. Here is a bit of the code behind.
Dim dashDataSource As New SqlDataSource() dashDataSource.ConnectionString = ConfigurationManager.ConnectionStrings("SSSConnectionString2").ToString() dashDataSource.InsertCommandType = SqlDataSourceCommandType.Text dashDataSource.InsertCommand = "INSERT INTO tblAcadReferrals(all columns and parameter info here)" dashDataSourceInsertParameters.Add("id_num", DV.Rows(0).Cells(1).Text)
I m uploading file to a directory inside my website root directory like this-
[Code]....
I m getting exception-
System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:Documents and SettingsAdminMy DocumentsVisual Studio 2008WebSitesElcomponics Sales-BDsamples�50841010_sd113201031833.pdf'.
Why so?
When i deployed my app on server and accessed it from client system. It is not throwing exception.What is the difference?
Still i want to confirm will it throw the same exception in case i deployed it to server and access it from client.
when a user enters a bad email I am doing a check on this and throwing an exception message as follows, this works fine on the test site but for some reason the same code on the live site gives a "internal server error" (http code 500). The code below:
[Code]....
not certain why this is happening, I assume that it's some server or config difference between the test and live sites. has anyone seen this before? For a quick fix i'm registering javascript alert and showing the same text so it works but I would like to figure out why the code above is not working.
I am using Server.Transfer("axpx page", True) in my page.aspx.vb code. This line of code is there in the Try block. The exception "error : canot obtain value" is occurred when this line is executed. This is started all of sudden in the production.I have temporarily fixed this by keeping this line after try - catch block. But I'm not sure why is this problem occurred?
I'm developing a asp.net website, i having a problem in one page i using ModalPopupExtender to show a asp:Panel, this panel have a updatePanel with e FormView and nested ListView and ataPager when this was done the Microsoft.Ajax js file throw exception"element is null or non object" at Sys.UI.DomEvent.addHandler.
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
I have an ASP.NET application that was working fine on my server up until last night when I installed a bunch of windows updates, now it's throwing this exception : System.Security.SecurityException: Requested registry access is not allowed.Unfortunately there is some things that makes this hard to debug. I added the debug="true" attribute to the web.config file to get the line where the exception is lauched. The line identified in my code is an End If and the code just before seems benign :
I got a loginview located on the master page hen i have a registering functionWhat I want to do is upon registration successful, I wish to directly switch to loginview template to assigned role which is member How do i do that using codebehind?
I'm creating a LoginView in a class file rather than at design time.
The equivalent LoginView created in a .aspx page and used the same way works fine, and User.Identity.IsAuthenticated is switching from false to true once I log in as a user so the problem must not be there.
But even once logged in, the programmatic version of this LoginView is not switching from the Anonymous template to the LoggedIn and the output is always "You are not logged in".
Anyone have ideas? thanks.
here is my code to create the loginview
private void BuildAddCommentView(HtmlTextWriter htmlTextWriter) { LoginView commentsLoginView = new LoginView();
commentsLoginView.AnonymousTemplate = new LoginViewTemplate("AnonymousTemplate"); commentsLoginView.LoggedInTemplate = new LoginViewTemplate("LoggedInTemplate");
class LoginViewTemplate:ITemplate { string _templateType;
public LoginViewTemplate(String templateType) { _templateType = templateType; }
public void InstantiateIn(Control container) {
Label label = new Label();
switch (_templateType) { case "AnonymousTemplate": label.Text = "You are not logged in."; container.Controls.Add(label); break; case "LoggedInTemplate": label.Text = "YOU ARE LOGGED IN."; container.Controls.Add(label); break; }
