Wrox Programmer Forums
|
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 12th, 2004, 07:56 PM
Registered User
 
Join Date: Aug 2004
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default machine.config

Just loaded the samples and SQL2000. Started following the instructions in the readme.htm file that was included in the zip. Got to step 4 and then it went on to step 5 talking about other changes that need to be made. Then we get into the FAQ and it says to reboot the machine to allow the changes made to machine.config to take effect but WHAT ARE THE CHANGES? When I try and run the example I get this message

[u]Server Application Unavailable
The web application you are attempting to access on this web server is currently unavailable. Please hit the "Refresh" button in your web browser to retry your request.</u>

[u]Administrator Note: An error message detailing the cause of this specific request failure can be found in the application event log of the web server. Please review this log entry to discover what caused this error to occur.</u>

If I check the event log on the computer it has this error:

[u]aspnet_wp.exe could not be launched because the username and/or password supplied in the processModel section of the config file are invalid.</u>

A trip to microsoft revels that this is a security level error and suggests changing the username in the processModel secton of machine.config to "system".

Question is what other changes were we supposed to make in the machine.config file (or for that matter what about step 4?)



 
Old August 13th, 2004, 07:53 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Try looking through these:

http://search.support.microsoft.com/...&maxResults=25

 
Old August 14th, 2004, 08:40 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is not a wise thing to do. They are recommending that you run ASP.NET with a very high priviledge level just so you can create an event source for logging. That's like saying that a system administrator should make all users on a company network an administrator so they can load 1 small software application one time!

That's similar to using "sa" and no password for SQL Server. I know a lot of developers do this on their computer, but it's a lazy and stupid thing to do. Even if you are located behind a firewall, you can get into the habit of using "sa", and you might do this on a production box one day by accident.

You should *NEVER* run ASP.NET with the SYSTEM account! Think about it - the users of your internet application are inherantly untrusted. Would you like to give them the option of doing serious damage to your computer if they should stumble on a security flaw?

ASP.NET normally runs with a low-priviledge account called ASPNET (unless you're on Win 2003). This is a good account to use for this purpose.

If you are using the VB.NET version of the book, then you don't need to worry about event logging - they changed it to log to a file instead of the event log (a very wise move because it allows you to use a hosting company if you are careful to change the File Manager to use Forms authorization).

If you're using the C# version, you can create the event source yourself outside of the application. This is often done by a Web Setup Project, but ThePhile authors didn't make a setup project. You can do this is you have admin priviledges. Your web app must NOT run with admin priviledges!

However, I prefer the option of changing it to log to a file. I looked at the VB source and made similar changes to my C# code.

Eric
 
Old August 14th, 2004, 08:52 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

If you want to know how to create the event log yourself, check out this article:

http://Imar.Spaanjaars.Com/QuickDocID.aspx?QUICKDOC=275

It guides you through the process of creating the event log with a C# application, and explains how to log from ASP.NET to this newly created event log.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old September 4th, 2004, 07:19 PM
Authorized User
 
Join Date: Aug 2004
Posts: 82
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello Eric,

 Could you please post a new topic explaining 2 problems which we can't solve them.

1- The event Log will not work with a host company so how we can solve this?

2- Suppose that we will not implement any security identity and makes anyone browse our website. How we protect the File manager module?

Please call the topic relatively (if you have the time for that) so me and all of the guys on the forums participate.
Thanks,
Marenela

 
Old September 4th, 2004, 09:25 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

1. You're using the VB.NET version if I remember correctly, and it doesn't use the EventLog.
2. You should always require users to log in before posting messages in a forum. This avoids the SPAM robots - they don't try to register. Also, you need a way to notify people if they break the rules.

If you want a site about religion, you definitely need to enforce the rules or you'll have a lot of ugly messages. I don't think this is a good idea for a site because it's an emotional "hot button" subject, but that's up to you. I've seen some forums like this, and it gets out-of-control quickly.

By the way, if you use a hosting company you'll probably use "Copy Project" to post files to your site, and you can use FTP for any other file needs. I don't think the File Manager is very useful for this scenerio. It was intended for Intranets. I added Forms security to it, but I don't see much of a need for it in my case. I think I'll remove it from my project.

Eric
 
Old September 5th, 2004, 03:45 AM
Authorized User
 
Join Date: Aug 2004
Posts: 82
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Eric,

1-I’m using the C# Version. What happened to the event log in the VB.NET? I think that the hosting company will not permit me to write to the event log? What I can do then?

2-I will not launch the forums in the first few months of the website life so I want anyone to just view what’s inside the website. So I don’t need any authentications.

3-I think that I will need the File manager because I will be able to edit my files while they are on the server. Anyway, the problem now is that I will let the users log into my website without any password or authentication but HOW TO PROTECT THE FILEMANAGER.

4-I’m using the SYSTEM account on my machine (like most of the readers) and you said that it’s dangerous (not in our PC it will be dangerous when we host the website). Now the FileManager uses SYSTEM account (not ASPNET) and I think that I can’t do that with any hosting company. What to do?

Thanks for your help Eric
Marenela

 
Old September 7th, 2004, 04:25 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

1. The VB.NET version changed the logging code to log to a file instead of the Event Log. This is mandatory if you want to use a hosted site.
2. You don't need ThePhile in general if you don't want forums :-) Seriously, most of the work in this web site is for the forums, and user athentication in general.
3. I guess you're not familiar with FTP, and the COPY PROJECT option in Visual Studio? It's never wise to edit files directly on the server. You can't compile them there, anyway! (this changes in VS 2005 because you don't ever need to compile projects in 2005 - you can just deploy source code to the server). I always edit source code files on my computer, and do a build, and then I use COPY PROJECT to deploy the changes. For non-source-code changes, I always use FTP to copy them to the web site. It's generally safer to pull the plug on the FileManager unless you are pretty smart about security. If you insist on keeping it, then you need to add Forms security to ALL of it's pages. You can't use Windows security on a hosted site.
4. This problem goes away if you do #1 above (change from Event Log to file logging). Your hosting company would definitely not allow you to run with the SYSTEM account (they wouldn't be in business long if they let you do this). I'm unhappy with this advice in the Readme file - this is one of the real bad practices that makes security people cringe.

Eric
 
Old September 8th, 2004, 07:06 AM
Authorized User
 
Join Date: Aug 2004
Posts: 82
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello Eric,

 No I don't know what's FTP and also COPY PROJECT option in Visual Studio but I can guess that it's an option to let you copy changes that you made to your source code files on your machine to the server hosting right??????????

But I don't understand what you have said "It's never wise to edit files directly on the server. You can't compile them there". I know that when I edit any file in the project it will know that and the assemblies will recompile and build so if I'm right I will not need to compile my project at all in the server when I do any changes right?

i'm confused now because you said "For non-source-code changes, I always use FTP to copy them to the web site".
That means there are source-code files and non-scource code files???????? I'm really confused.
Thanks
Marenela

 
Old September 8th, 2004, 07:18 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

FTP is the File Transfer Protocol - do some web searches for "ftp tutorial".

Copy Project is the way to copy all essential runtime files for your project to another computer who's acting as the web server. I am assuming your computer is the development computer, but your site will be hosted by another computer. This other computer may be run by a web hosting company. They don't have Visual Studio on their servers - they only have the .NET runtime.

Your computer will be the "home" of all of your files, and you develop and compile on your computer. When you are ready to send the runtime files to a web server, you can use either Copy Project or FTP. Copy Project lives on the Project menu in Visual Studio - you only see this when you have an ASP.NET project open.

You should not deploy source code files to the webserver (.cs and .vb). You only need to deploy the compiled DLLs, and all of the .aspx and .ascx files, and the config files, xml, etc.

To change a file, you make the change on your computer and test it. Then you deploy it to the web server. The "master" source for all the files should always be your computer.

Eric





Similar Threads
Thread Thread Starter Forum Replies Last Post
Config error--machine.config sunithavasudevan ASP.NET 1.0 and 1.1 Professional 2 October 10th, 2006 07:14 AM
machine.config sillygiu@hotmail.com BOOK: ASP.NET Website Programming Problem-Design-Solution 7 August 24th, 2004 07:21 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.