ASP.NET - 使用 WCF Web 服务绑定和 AD 组时出现 IIS7 部署错误 500 24 50

发布于 2024-11-06 08:15:47 字数 3872 浏览 4 评论 0原文

背景:在我的本地计算机上部署已编译且没有错误的应用程序后,我收到内部服务器 500 24 50 错误。部署应用程序的服务器具有很高的安全性并且正在运行 IIS 7.5,因此我需要为每个目录指定读写访问权限。该应用程序使用 Windows 身份验证和 Web 服务通过代理填充下拉框。我认为连接到 Web 服务可能存在问题,或者文件的读/写安全性存在问题,或者活动目录身份验证存在问题。

由于某种原因,Internet Explorer 只是显示无法加载网页错误。

Google Chrome 中的错误:

 500 – Internal Server Error.
 There is a problem with the resource you are looking for, and it cannot be displayed. 

日志文件详细信息:

 #Software: Microsoft Internet Information Services 7.5
 #Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

 2011-05-18 13:54:46 W3SVC1 FL-TPA-WEB-01 172.17.1.25 GET / - 80 - 
 172.17.1.25 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;
 +Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C;+.NET4.0E) - -
 invitations.myagencyservices.com 500 24 50 1380 368 15

MSDN 在 http://support.microsoft.com/kb 中定义错误/943891 as:

  500.24 - An ASP.NET impersonation configuration does not apply in Managed 
           Pipeline mode.

Web.Config 代码:

  <system.web>
  <customErrors mode="Off" ></customErrors>
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
  <trace enabled="true" pageOutput="true" />


  <authentication mode="Windows"/> 
  <identity impersonate="true"/>  

    <authorization>          
    <allow users="alg\bmccarthy, alg\phoward" />               
    <allow roles="alg\ACOMP_USER_ADMIN" />
    <allow roles="alg\ACOMP_user_AMG" />
    <allow roles="alg\ACOMP_user_BIG" />
    <allow roles="alg\ACOMP_user_NIS" />
    <allow roles="alg\ACOMP_user_GLA" />
    <allow roles="alg\ACOMP_user_PIP" />
    <allow roles="alg\ACOMP_user_PSM" />
    <allow roles="alg\ACOMP_user_PAM" />
    <allow roles="alg\ACOMP_user_ANN" />
    <allow roles="alg\ACOMP_user_AAM" />
    <allow roles="alg\ACOMP_user_MWM" /> 
    <allow roles="alg\ACOMP_user_GIM" />
    <deny users="*" />      
  </authorization> 
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <system.serviceModel>
    <bindings>
    <basicHttpBinding>
    <binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="None">
        <transport clientCredentialType="None" proxyCredentialType="None"
          realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
        </security>
      </binding>
   </basicHttpBinding>
  </bindings>

    <client>
        <endpoint address="http://63.236.108.91/aCompService.svc" binding="basicHttpBinding"
    bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
    name="BasicHttpBinding_IAcompService1" />
    </client>
  </system.serviceModel>

任何建议都会被投票! 感谢您的关注!

Background: I am getting a Internal Server 500 24 50 error after deploying an application that has compiled without errors on my local machine. The server that the application is deployed on has a ton of security and is running IIS 7.5 so I need to specify read and write access for every directory. This application uses windows authentication and a web service to populate drop down boxes via a proxy. I think there might be an issue connecting to the web service or an issue with the read/write security on the files, or an issue with the active directory authentication.

For some reason, Internet Explorer just displayed can't load webpage Error.

Error in Google Chrome:

 500 – Internal Server Error.
 There is a problem with the resource you are looking for, and it cannot be displayed. 

Log File Details:

 #Software: Microsoft Internet Information Services 7.5
 #Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

 2011-05-18 13:54:46 W3SVC1 FL-TPA-WEB-01 172.17.1.25 GET / - 80 - 
 172.17.1.25 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;
 +Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C;+.NET4.0E) - -
 invitations.myagencyservices.com 500 24 50 1380 368 15

MSDN Defines the error at http://support.microsoft.com/kb/943891 as:

  500.24 - An ASP.NET impersonation configuration does not apply in Managed 
           Pipeline mode.

Web.Config code:

  <system.web>
  <customErrors mode="Off" ></customErrors>
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
  <trace enabled="true" pageOutput="true" />


  <authentication mode="Windows"/> 
  <identity impersonate="true"/>  

    <authorization>          
    <allow users="alg\bmccarthy, alg\phoward" />               
    <allow roles="alg\ACOMP_USER_ADMIN" />
    <allow roles="alg\ACOMP_user_AMG" />
    <allow roles="alg\ACOMP_user_BIG" />
    <allow roles="alg\ACOMP_user_NIS" />
    <allow roles="alg\ACOMP_user_GLA" />
    <allow roles="alg\ACOMP_user_PIP" />
    <allow roles="alg\ACOMP_user_PSM" />
    <allow roles="alg\ACOMP_user_PAM" />
    <allow roles="alg\ACOMP_user_ANN" />
    <allow roles="alg\ACOMP_user_AAM" />
    <allow roles="alg\ACOMP_user_MWM" /> 
    <allow roles="alg\ACOMP_user_GIM" />
    <deny users="*" />      
  </authorization> 
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <system.serviceModel>
    <bindings>
    <basicHttpBinding>
    <binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="None">
        <transport clientCredentialType="None" proxyCredentialType="None"
          realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
        </security>
      </binding>
   </basicHttpBinding>
  </bindings>

    <client>
        <endpoint address="http://63.236.108.91/aCompService.svc" binding="basicHttpBinding"
    bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
    name="BasicHttpBinding_IAcompService1" />
    </client>
  </system.serviceModel>

Any suggestions will be up-voted!
Thanks for looking!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

飘过的浮云 2024-11-13 08:15:47

出现 500.24.50 错误的原因是 ASP.NET 集成模式无法模拟 BeginRequest 和 AuthenticateRequest 管道阶段中的请求标识。如果您的应用程序在集成模式下运行,未声明 validateIntegratedModeConfiguration 或将其设置为 true,并且您的应用程序将 Identity impersonate 设置为 true,则会抛出 500.24。

解决方法

A. 如果您的应用程序不依赖于在 BeginRequest 和 AuthenticateRequest 阶段(集成模式下无法模拟的唯一阶段)模拟请求用户,请通过将以下内容添加到应用程序的 web.config 来忽略此错误:

  <system.webServer>
          <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>

B.如果您的应用程序确实依赖于 BeginRequest 和 AuthenticateRequest 中的模拟,或者您不确定,请转至经典模式。

C. 从 web.config 中删除,这在集成模式下不会有效

阅读更多内容 来自 LEARN.IIS.NET 的 IIS 7 重大更改

The 500.24.50 Error occurs because ASP.NET Integrated mode is unable to impersonate the request identity in the BeginRequest and AuthenticateRequest pipeline stages. 500.24 is thrown if your application is running in integrated mode, validateIntegratedModeConfiguration is not declared or set to true, and your application has identity impersonate set to true.

Workaround

A. If your application does not rely on impersonating the requesting user in the BeginRequest and AuthenticateRequest stages (the only stages where impersonation is not possible in Integrated mode), ignore this error by adding the following to your application’s web.config:

  <system.webServer>
          <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>

B. If your application does rely on impersonation in BeginRequest and AuthenticateRequest, or you are not sure, move to Classic mode.

C. remove from web.config which won't be effective in integrated mode anyway

Read more on Breaking Changes in IIS 7 from LEARN.IIS.NET

幸福不弃 2024-11-13 08:15:47

更新:

做了更多的挖掘,你实际上已经错误配置了服务。这篇 MSDN 文章介绍了如何配置 basicHttpBinding 以进行 Windows 身份验证。基本上, basicHttpBinding 元素需要如下所示:

  <basicHttpBinding>
    <binding name="BasicHttpEndpointBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>

原始答案:

下面是从信息 在本文中。 由于您的服务使用模拟进行授权,因此您似乎需要使用 ASP.NET 此服务的 AppPool 的经典模式管道配置。您可能想要研究新的集成模式管道中如何支持模拟,并了解为什么您的服务无法遵守它,因为集成模式是首选。

您将收到 500 - 内部
服务器错误。这是 HTTP 错误
500.24:检测到 ASP.NET 设置不适用于
集成管理管道模式。
发生这种情况是因为 ASP.NET 集成
模式无法模拟
BeginRequest 中的请求身份
和 AuthenticateRequest 管道
阶段。解决方法

B.如果你的
应用程序确实依赖于模拟
在开始请求和
AuthenticateRequest,否则您不是
当然,转到经典模式。

UPDATE:

Did a little more digging and you actually have the service mis-configured. This MSDN article explains how to configure basicHttpBinding for Windows authentication. Basically, the basicHttpBinding element needs to look like this:

  <basicHttpBinding>
    <binding name="BasicHttpEndpointBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>

Original answer:

Below is something to try from the information in this article. Since your service uses impersonation for authorization it looks like you'll need to use the ASP.NET classic mode pipeline configuration of the AppPool for this service. You may want to research how impersonation is supported in the new Integrated mode pipeline and see why your service is failing to comply with it since Integrated mode is prefered.

You will receive a 500 - Internal
Server Error. This is HTTP Error
500.24: An ASP.NET setting has been detected that does not apply in
Integrated managed pipeline mode.
This occurs because ASP.NET Integrated
mode is unable to impersonate the
request identity in the BeginRequest
and AuthenticateRequest pipeline
stages. Workaround

B. If your
application does rely on impersonation
in BeginRequest and
AuthenticateRequest, or you are not
sure, move to Classic mode.

兲鉂ぱ嘚淚 2024-11-13 08:15:47

重要提示:请确保您的计算机上已安装 ASP.NET;如果没有或有疑问,请运行以下命令:

> c:\Windows\Microsoft.NET\Framework\vX.X.XXXXX\aspnet_regiis.exe /i

Important: Make sure that you have installed ASP.NET on your machine; if not or if in doubt, run the following command:

> c:\Windows\Microsoft.NET\Framework\vX.X.XXXXX\aspnet_regiis.exe /i
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文