When debugging a Windows Azure website I kept getting null Sessions for my ashx pages. They worked perfectly on  IISExpress, so I thought this was a Azure flaw. It turned out that it was IIS 7.5 + Url Rewriting (I’m using the Intelligencia module) that caused the problem.

After adding this to my Web.config everything worked like expected again – also in IIS 7.5

<configuration>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" >
     ...
     ...
  </system.Webserver>
</configuration>

Also – make sure your ashx code implements IRequiresSessionState

public class ApiHandler : IHttpHandler, IRequiresSessionState
{
}

After re-installing Windows on my laptop a little while ago, I got an error when setting up Internet Information Services (IIS) which I hadn’t seen before. When I tried to start the “Default Web Site”, IIS claimed that it couldn’t start it providing the following explanation; “The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0×80070020).”

Microsoft explains that the error code 0×80070020 translates to ERROR_SHARING_VIOLATION, and that the issue may related to another service on the computer grabbing TCP port 80 and/or 443.

From the command prompt I issued the following command, “netstat –o –n –a | findstr 0.0:80”, which gave me the ID of the process that was currently listening on port 80. Using the process ID (PID) it was easy to find the program in question using the “Task Manager”. And in my case the problem was Skype (might be another program in your case).

It turns out that Skype by default tries to use port 80 and 443 as alternatives for listening to incoming connections. And since I installed (and started) Skype before I set up IIS (and tried starting my website), Skype grabbed my port 80. Shutting down Skype (or just killing the Skype process from the Task Manager) allowed me to start my website since port 80 then became available again.

You can prevent Skype from grabbing port 80 and 443 by going into Skype’s “Tools –> Options –> Advanced –> Connection” and unchecking “Use port 80 and 443 as alternatives for incoming connections”.

Having recently performed a complete wipe and OS re-install/upgrade on my work computer, I also had to get all my projects etc. up and running again. After getting the source for one of the ASP.NET applications I’m working on, I built the source and ran it using the VS Development Server, no problem at all. However, when I set everything up manually in IIS (not IIS Express, that also also worked like a charm), I got the the beautiful yellow screen of death. And since it had been a while since I set this particular project up to run in IIS on my computer, the error dumbfounded me for a while.

Visual Studio did provide me with a warning when building the solution though, which jogged my memory.

One of the project dependencies was built specifically for the x86 architecture, and when running the web app in IIS the default setting for any Application Pool is NOT to enable 32-bit applications (at least on a 64-bit computer). This is easy to fix though, open up IIS Manager, find the App Pool in question, go into “Advanced Settings” and change the value for “Enable 32-Bit Applications” to “True” (or alternatively, and perhaps even better, replace the offending reference dll with a compatible version if you can).

No more yellow screen of death!

We just discovered the Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above, which provides protection against denial of service and brute force attacks on web servers and web sites. This module is still, as of may 2012, only in “RC” version, but is absolutely worth a try.

The Dynamic IP Restrictions module includes these key features:

• Blocking of IP addresses based on number of concurrent requests – If an HTTP client exceeds the number of concurrent requests allowed, that client’s IP address gets temporarily blocked.
• Blocking of IP address based on number of requests over a period of time – If an HTTP client exceeds the number of requests made over a specified time interval, that client’s IP address gets temporarily blocked.
• Allow list of IP addresses that will not be blocked – You can add a list of the IP addresses of clients you want to exclude from being blocked by the module regardless of other configuration.
• Various deny actions – You can specify which response to return to an HTTP client for which the IP address is blocked. The module can return status codes 403 and 404 or just terminate the HTTP connection and not return any response.
• Support for web servers behind a proxy – If your web server is behind a proxy, you can configure the module to use the client IP address from an X-Forwarded-For header.
• IPv6 – the module provides full support for IPv6 addresses.

You can download the release candidates here:

• Dynamic IP Restrictions for IIS 7.0 Release Candidate – x86
• Dynamic IP Restrictions for IIS 7.0 Release Candidate – x64

”The web server process that was being debugged has been terminated by IIS”

When debugging Sharepoint components you’re likely to come across this error message. It is easily fixed by turning off the ping IIS is sending the worker process at regular intervals to keep it alive.

Go to IIS Manager, select the Application Pool used by your Sharepoint app, choose advanced settings and turn the “Ping Enabled” setting under “Process Model” to FALSE:

As Webstep guru Thor Halvor explained in the this excellent blogpost – there are security restrictions to prevent/limit cross domain access of XMLHttpRequest’s – the cornerstone of AJAX.

Flash and silverlight has the same restrictions – and solves this by using crossdomain.xml and clientaccesspolicy.xml. These files are placed on the server you want to communicate with – and must contain * or the domain you want to contact the server from.

Anyways – there is a similar mechanism that XMLHttpRequest supports. This mechanism is called CORS – Cross-origin resource sharing. It is a newer(2004) and preferred alternative to JSONP – and works more or less like the xml files mentioned above. The only difference is that it isn’t implemented as a file – it’s part of the HTTP Header. This makes it a bit more difficult to set up than the others.

When a javascript on siteA wants to make a request to siteB – then the script first makes an initial OPTIONS request to site B – and looks at the HTTP Header it receives.

Access-Control-Allow-Origin: *

If the value is * – then it means that XmlHttpRequests can communicate with that site – from any other server – and a regular XMLHttpRequest can be made just like you were communication with your own server. You can of course type in domain names here to prevent everybody from using your API.

Here’s how to configure this on an Microsoft IIS Server – Web.Config – under the <configuration> node

<system.webServer>
  <httpProtocol>
    <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

So to sum it up: use CORS whenever possible, instead of hacking your way around with JSONP. You’ll have prettier code, better error handling and it’s safer to use with regard to XSS Attacks as far as I have understood. Also – CORS supports all types of HTTP requests (Get/Post/Put,Delete), while JSONP only supports Get.

Read more about CORS here:
http://my.opera.com/core/blog/2011/10/28/cors-goes-mainline

A third (and the newest) alternative is UMP – I might blog more about this some other time.

Alternate way of dumping logs

Here’s a simple but very handy method that lists out all relevant data for a Asp.net web request. Posted Parameters, Query String, Http Headers, Cookies and Session variables are returned – and can be logged out to file/console etc.

Note that this static method can be called anywhere from your code – it does not have to be inside a aspx/ashx etc. The only requirement is that the code must run inside IIS and a web request must be assosiated with the current thread.

public static string DumpRequest()
{
    StringBuilder sb = new StringBuilder();
    sb.AppendLine("");
    sb.AppendLine("-------------  PostedParameters --------------");
    foreach (string key in HttpContext.Current.Request.Form.Keys.Cast<string>().OrderBy(f => f))
    {
        sb.AppendLine(key.PadLeft(40, ' ') + " : " + HttpContext.Current.Request.Params[key]);
    }

    sb.AppendLine("");
    sb.AppendLine("-------------  Query String ------------------");
    foreach (string key in HttpContext.Current.Request.QueryString.Keys.Cast<string>().OrderBy(f => f))
    {
        sb.AppendLine(key.PadLeft(40, ' ') + " : " + HttpContext.Current.Request.QueryString[key]);
    }

    sb.AppendLine("");
    sb.AppendLine("-------------  Http Headers -------------------");
    foreach (string key in HttpContext.Current.Request.Headers.Keys.Cast<string>().OrderBy(f => f))
    {
        sb.AppendLine(key.PadLeft(40, ' ') + " : " + HttpContext.Current.Request.Headers[key]);
    }

    sb.AppendLine("");
    sb.AppendLine("--------------  Cookies -------------------------");
    foreach (string key in HttpContext.Current.Request.Cookies.Keys.Cast<string>().OrderBy(f => f))
    {
        sb.AppendLine(key.PadLeft(40, ' ') + " : " + HttpContext.Current.Request.Cookies[key].Value + " - ExpireDate: " +  HttpContext.Current.Request.Cookies[key].Expires);
    }

    sb.AppendLine("");
    sb.AppendLine("---------------  Session ------------------------");
    foreach (string key in HttpContext.Current.Session.Keys.Cast<string>().OrderBy(f => f))
    {
        sb.AppendLine(key.PadLeft(40, ' ') + " : " + HttpContext.Current.Session[key]);
    }
            
    return sb.ToString();
}

The result looks like this::

-----------------------------------------  PostedParameters -----------------------------------------

-----------------------------------------  Query String ---------------------------------------------
                                username : ted@example.com

-----------------------------------------  Http Headers ---------------------------------------------
                                  Accept : text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                          Accept-Charset : ISO-8859-1,utf-8;q=0.7,*;q=0.3
                         Accept-Encoding : gzip,deflate,sdch
                         Accept-Language : en-US,en;q=0.8
                           Cache-Control : max-age=0
                              Connection : keep-alive
                                  Cookie : timeOffset=-120; gs_u=1746198188:22843:26224:1320393450549; LANG=en; USER=a33f8…
                                    Host : dev.filemail.com
                              User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome..

-----------------------------------------  Cookies --------------------------------------------------
                                  __utma : 155161261.1943841533.1313506820.1324476330.1325070578.60 - ExpireDate: 01.01.0001 00:00:00
                                  __utma : 155161261.1943841533.1313506820.1324476330.1325070578.60 - ExpireDate: 01.01.0001 00:00:00
                                  __utmc : 260895642 - ExpireDate: 01.01.0001 00:00:00
                                  __utmz : 155161261.1313506820.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - ExpireDate: 
                                  __utmz : 155161261.1313506820.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - ExpireDate: 
                       ASP.NET_SessionId : a2xlln05ibzzd2ajywhpizc0 - ExpireDate: 01.01.0001 00:00:00
                                    gs_u : 1746198188:22843:26224:1320393450549 - ExpireDate: 01.01.0001 00:00:00
                                    LANG : en - ExpireDate: 01.01.0001 00:00:00
                              timeOffset : -120 - ExpireDate: 01.01.0001 00:00:00
                                    USER : a33f8a58568f430e8a0d48115ac7b13c - ExpireDate: 01.01.0001 00:00:00

-----------------------------------------  Session --------------------------------------------------
                                       - : -
                              UserObject : 

I recently had some problams emptying the Recycle Bin in Umbraco 4.6.1.  I clicked Empty Recycle Bin – but after a few items got removed the progress suddenly stopped showing 201 items remaining. Crap.

Internet Explorer displayed a Javascript Error msg (with a stacktrace):

No Document exists with Version '00000000-0000-0000-0000-000000000000'

Waiting, restarting IIS and trying to empty the recycle bin again did not help. Time to Google.

I found part of the solution here:

The sql

SELECT * FROM umbracoNode, cmsContent -- return nodes
WHERE
nodeObjectType = 'C66BA18E-EAF3-4CFF-8A22-41B16D66A972' -- that are of type 'Content'
AND
umbracoNode.id NOT IN (SELECT nodeId FROM cmsContent) -- but are not in the 'Content' table

helped me identidy orphan nodes that should be removed.

For each unique umbracoNode.Id in the result (you will get a lot of rows with the same id using the sql above) i ran the sql below to remove these nodes.

DECLARE @TEMPID INT
SET @TEMPID= 1843 -- TYPE IN ID HERE - e.g. 1843

DELETE
FROM         cmsContent
WHERE     (nodeId IN (Select id from umbracoNode where parentID = @TEMPID))

DELETE
FROM         cmsPropertyData
WHERE     (contentNodeId IN (Select Id from umbracoNode where parentID = @TEMPID))

DELETE
FROM         umbracoNode
WHERE     (id IN (Select id from umbracoNode where parentID = @TEMPID))

DELETE
FROM         umbracoNode
WHERE     (ID = @TEMPID)

Then I tried emptying the recycle bin again. Now it deleted 10 more items before it stopped.

I repeated the steps above again – first I ran the select sql to find the new orphan nodes, and then I ran the delete sql’s. I was able to remove 43 more items from the recycle bin this way.

I repeated this procedure until my Recycle Bin was empty (I had to do it 6-7 times or so).

Make sure to backup your database before trying this approach.

Photo: A more traditional way of logging.

The first thing I do when creating a new .NET website/app is to add Log4net. I usually find some old code, and

1. copy the log4net.dll,
2. copy the log4net.config
3. copy the c# code that loads the config file

For a lot of the smaller projects/solutions I am working on – there is no need at all to change log levels / appenders etc. during run time – so I configure log4net directly from my c# code. This means that I can drop the log4net.config file.

Here is a piece of code that creates a simple FileAppender. It can easily be modified to handle RollingFileAppenders etc..


Hierarchy hierarchy = (Hierarchy)LogManager.GetRepository();
hierarchy.Root.RemoveAllAppenders(); /*Remove any other appenders*/

FileAppender fileAppender = new FileAppender();
fileAppender.AppendToFile = true;
fileAppender.LockingModel = new FileAppender.MinimalLock();
fileAppender.File = Server.MapPath(“/”) + “log.txt”;
PatternLayout pl = new PatternLayout();
pl.ConversionPattern = “%d [%2%t] %-5p [%-10c] %m%n%n”;
pl.ActivateOptions();
fileAppender.Layout = pl;
fileAppender.ActivateOptions();

log4net.Config.BasicConfigurator.Configure(fileAppender);

//Test logger
ILog log =LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
log.Debug(“Testing!”);

The result of the log test is:
2010-11-13 14:52:46,611 [20] DEBUG [_Default ] Testing!
A good place to put this code is in the entrypoint of your App (the Main(string[] args) method), or in the Global.asax if you are creating a web app (remember to grant the NETWORK SERVICE user write access to the folder you are logging to).

Happy logging!

-N

Umbraco is a Content Management System (CMS) developed in Microsoft .NET.

Some of its advantages is that it offers full design freedom, it’s free to use, and perhaps most importantly – you can write your own user controls using the allmighty .NET Framework. A disadvantage with Umbraco (and a lof of other open-source solutions) is the hassle with upgrading to newer versions.

When attempting to upgrade a Umbraco 4.5.1 to 4.5.2 I followed this generic upgrade guide – which basically told me to overwrite some files and folder.The first thing I did was to do a full backup of the site (files + MS SQL database). Then, I copied the files, and opened the site in my browser.

A upgrade page was displayed – so far so good. I finished the different steps in the guide – it told me the upgrade had gone perfect!I tried to enter the site again to make sure the content was being displayed ok. But I was redirected to the Upgrade page again…where I tried to log in..



Problem: Admin can not log in after upgrading Umbraco
Possible Cause:  Earlier versions of Umbraco handled password in clear text, current version uses hashing.
Possible Solution: Open web.config file – remove the passwordFormat=”Hashed”

<add name=”UsersMembershipProvider” type=”umbraco.providers.UsersMembershipProvider” enablePasswordRetrieval=”false” enablePasswordReset=”false” requiresQuestionAndAnswer=”false” passwordFormat=”Hashed” />

Problem: Site is not displayed at all after upgrade
Possible Cause:  Upgrade bug?
Possible Solution: Log into Admin and republish entire site

Problem: XSLT is not working at all/behaving weird after upgrade
Possible Cause:  New XSLT Schema! Data elements with Alias Attributes are no longer used!
Possible Solution 1: Set <UseLegacyXmlSchema>true</UseLegacyXmlSchema> in config/umbracoSettings.config
Possible Solution 2 (better): Replace XSLT code looking like this
$currentPage/descendant-or-self::node[string(data[@alias='umbracoNaviHide']) != '1']
with this
$currentPage/descendant-or-self::*[umbracoNaviHide != '1']

Tip: If you are unsure what the data(document/node) that you are trying to process with XSLT looks like – then insert this:
<textbox><xsl:copy-of select=”$currentPage”/></textbox>

Problem: Umbraco installation contains different sites (hostnames), but only one of them works after upgrade
Possible Cause:  Wrong setting in config/umbraco.config which got owerwritten during upgrade
Possible Solution: Set <ensureUniqueNaming>True</ensureUniqueNaming> in config/umbracoSettings.config

Thats about it I think – good luck upgrading!