I built a web app for reporting in Asp.net 4.0 using Visual Studio 2010. I added some .rdlc files using the report viewer control, but recieved the following error:
An error has occurred during report processing.
Exception has been thrown by the target of an invocation.
Login failed for user 'SERVERNAME\MACHINE NAME'.
Research pointed to setting Identity Impersonate in web.config as a viable solution, so I setup web.config as follows:
<identity impersonate="true"
userName="My Domain\Username with permissions"
password="Password for username with permissions"/>
This works but I don't want to save a password with these permissions in Web.config so I downloaded
Aspnet_setreg.exe and encrypted the username & password in the registry like so: <identity impersonate="true" userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName" password="HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password"
/>
I also set permissions for ASP.net to access the registry directory as detailed in http://support.microsoft.com/kb/329290, & restarted IIS (actually I set permissions to this registry entry to "everyone")
Now i'm receiving the following server error:
Line 44: <authentication mode="Windows" />
Line 45: <!--deleted comment-->
Line 46: <identity impersonate="true" userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName" password="HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password" />
Line 47: <!--<identity impersonate="false" />-->
Line 48: <authorization>
And a login error is generated in the event logs:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 1/2/2013 10:55:42 AM
Event time (UTC): 1/2/2013 6:55:42 PM
Event ID: 3u83r83j ^inserting event id giberish^
Event sequence: 2
Event occurrence: 1
Event detail code: 0
Process information:
Process ID: 8376
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred executing the configuration section handler for system.web/identity.
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Error reading configuration information from the registry. (^path to config file here^\web.config line 46)
at System.Web.Configuration.IdentitySection.ValidateCredentials()
at System.Web.Configuration.IdentitySection.GetRuntimeObject()
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObjectWithRestrictedPermissions(ConfigurationSection section)
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObject(Object result)
So the fact that a login error occurs indicates that the the web app is reading the encryped filed correctly (It will even lock out the user with requested permissions!) but that something is still misconfigured.
Does anyone have any suggestions how to a) troubleshoot this issue or b) fix this issue or c) some other way to setup my app so read connection string info and .rdlc files can be pulled in my web app without permissions errors.
I'm not familiar with the registry feature from the config file, but it sounds as if the account that the web server is running as doesn't have access to the registry key. Did you load the user profile for the app pool? Also, in server 2012 I think there's
also a 2nd flag you need to set in the .config to tell IIS to really load the user profile.
I'm using ASP.Net version 4 in the Application Pool, but when going under Application Pool -> Advanced Setting & then setting "Load User Profile" to True then the app still errors and locks out the account.
Also - I'm using SQL Server 2008 R2.
The error: "Error reading configuration information from the registry" indicates that some process needs to access the registry but shouldn't setting the permissions for the user "Everyone" (Full control permissions, for that matter) to this registry setting
aleviate this issue?
I came across this post while looking for something else. I am working with server 2003 and IIS6. In order for mine to work, I have to grant the "NETWORK SERVICE" Read access to the "Identity" folder of the registry. It didn't work if it was set on the
ASPNET_SETREG folder. I am not sure which one you have the access set to.
From your description, your setting seems correct to use Aspnet_setreg.exe. As your error message is about reading configuration information from the registry, please make sure that the account that you just added has Read permissions and then try again.
Please check below link which is about identity Element (ASP.NET Settings Schema), it may help you.
I deleted and re-added the registry key using aspnet_setreg, then set permissions to the registry entry to “everyone” (just encrypting the username and password is good enough – this app isn’t available on the internet)
Please see attached the screenshot of my registry. (photo won't upload - nevermind...)
But Asp.net still fires the same error as detailed in the event log (see below).
I’m using a 64 bit OS (an AMD Chip) and the registry setting is created on the Wow6432Node, but I don’t believe that makes a difference, because when I set the identity path in the web.config file to something like: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MY_SECURE_APP\identity\ASPNET_SETREG
then it still fails.
Other details: I’m running IIS server 7.0 & the app is running under the Application Pool Asp.Net v4 with “Load User Profile” set to True.
Event code: 3008
Event message: A configuration error has occurred.
Event time: 1/8/2013 10:01:05 AM
Event time (UTC): 1/8/2013 6:01:05 PM
Event ID: ^blah^
Event sequence: 2
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: ^blah^
Trust level: Full
Application Virtual Path: ^blah^
Application Path: ^blah^
Machine name: ^blah^
Process information:
Process ID: 5900
Process name: w3wp.exe
Account name: IIS APPPOOL\ASP.Net v4
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred executing the configuration section handler for system.web/identity.
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Error reading configuration information from the registry. (C:\Users\^blah^\web.config line 46)
at System.Web.Configuration.IdentitySection.ValidateCredentials()
at System.Web.Configuration.IdentitySection.GetRuntimeObject()
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObjectWithRestrictedPermissions(ConfigurationSection section)
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObject(Object result)
Request information:
Request URL: http:// ^blah^
Request path: /^blah^
User host address: ^blah^
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\ASP.Net v4
Thread information:
Thread ID: 5
Thread account name: IIS APPPOOL\ASP.Net v4
Is impersonating: False
Stack trace: at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Does anybody have an additional suggestion on how to fix this so I don’t have to store my username and password in clear text in the web.config file of my application? Thanks
Well I have a work-around - I'm using the aspnet_regiis utility to encrypt sensitive portions of the web.config file. It doesn't appear as secure as aspnet_setreg.exe, but it works!
Marked as answer by Chen Yu - MSFT on Jan 17, 2013 09:25 AM
Well I have a work-around - I'm using the aspnet_regiis utility to encrypt sensitive portions of the web.config file. It doesn't appear as secure as aspnet_setreg.exe, but it works!
Hi,
Thanks for sharing your workaround, it will be very beneficial for other community members who have similar questions.
Best Regards,
Please mark the replies as answers if they help or unmark if not.
Feedback to us
app_builder_...
0 Points
4 Posts
Aspnet_setreg.exe isn't decrypting password properly.
Jan 02, 2013 06:24 PM|LINK
Hey Everyone -
I built a web app for reporting in Asp.net 4.0 using Visual Studio 2010. I added some .rdlc files using the report viewer control, but recieved the following error:
Research pointed to setting Identity Impersonate in web.config as a viable solution, so I setup web.config as follows:
<identity impersonate="true" userName="My Domain\Username with permissions" password="Password for username with permissions"/>This works but I don't want to save a password with these permissions in Web.config so I downloaded Aspnet_setreg.exe and encrypted the username & password in the registry like so: <identity impersonate="true" userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName" password="HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password" />
I also set permissions for ASP.net to access the registry directory as detailed in http://support.microsoft.com/kb/329290, & restarted IIS (actually I set permissions to this registry entry to "everyone")
Line 44: <authentication mode="Windows" />
Line 45: <!--deleted comment-->
Line 46: <identity impersonate="true" userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName" password="HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password" />
Line 47: <!--<identity impersonate="false" />-->
Line 48: <authorization>
Event code: 3008
Event message: A configuration error has occurred.
Event time: 1/2/2013 10:55:42 AM
Event time (UTC): 1/2/2013 6:55:42 PM
Event ID: 3u83r83j ^inserting event id giberish^
Event sequence: 2
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: ^domain info^
Trust level: Full
Application Virtual Path: ^blah^
Application Path: ^blah^
Machine name: ^blah^
Process information:
Process ID: 8376
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred executing the configuration section handler for system.web/identity.
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Error reading configuration information from the registry. (^path to config file here^\web.config line 46)
at System.Web.Configuration.IdentitySection.ValidateCredentials()
at System.Web.Configuration.IdentitySection.GetRuntimeObject()
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObjectWithRestrictedPermissions(ConfigurationSection section)
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObject(Object result)
So the fact that a login error occurs indicates that the the web app is reading the encryped filed correctly (It will even lock out the user with requested permissions!) but that something is still misconfigured.
Does anyone have any suggestions how to a) troubleshoot this issue or b) fix this issue or c) some other way to setup my app so read connection string info and .rdlc files can be pulled in my web app without permissions errors.
Thanks in Advance and Happy 2013 to everyone!
BrockAllen
All-Star
27522 Points
4901 Posts
MVP
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 02, 2013 06:36 PM|LINK
I'm not familiar with the registry feature from the config file, but it sounds as if the account that the web server is running as doesn't have access to the registry key. Did you load the user profile for the app pool? Also, in server 2012 I think there's also a 2nd flag you need to set in the .config to tell IIS to really load the user profile.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
app_builder_...
0 Points
4 Posts
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 02, 2013 08:29 PM|LINK
I'm using ASP.Net version 4 in the Application Pool, but when going under Application Pool -> Advanced Setting & then setting "Load User Profile" to True then the app still errors and locks out the account.
Also - I'm using SQL Server 2008 R2.
The error: "Error reading configuration information from the registry" indicates that some process needs to access the registry but shouldn't setting the permissions for the user "Everyone" (Full control permissions, for that matter) to this registry setting aleviate this issue?
garyanj
Member
2 Points
1 Post
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 04, 2013 05:57 PM|LINK
I came across this post while looking for something else. I am working with server 2003 and IIS6. In order for mine to work, I have to grant the "NETWORK SERVICE" Read access to the "Identity" folder of the registry. It didn't work if it was set on the ASPNET_SETREG folder. I am not sure which one you have the access set to.
Chen Yu - MS...
All-Star
21584 Points
2493 Posts
Microsoft
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 07, 2013 06:34 AM|LINK
Hi,
From your description, your setting seems correct to use Aspnet_setreg.exe. As your error message is about reading configuration information from the registry, please make sure that the account that you just added has Read permissions and then try again. Please check below link which is about identity Element (ASP.NET Settings Schema), it may help you.
More information about Identity: http://msdn.microsoft.com/en-us/library/72wdk8cc(v=vs.100).aspx
Thanks.
Feedback to us
Develop and promote your apps in Windows Store
app_builder_...
0 Points
4 Posts
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 08, 2013 05:45 PM|LINK
Drat – I’m still receiving an error:
I deleted and re-added the registry key using aspnet_setreg, then set permissions to the registry entry to “everyone” (just encrypting the username and password is good enough – this app isn’t available on the internet)
Please see attached the screenshot of my registry. (photo won't upload - nevermind...)
But Asp.net still fires the same error as detailed in the event log (see below).
I’m using a 64 bit OS (an AMD Chip) and the registry setting is created on the Wow6432Node, but I don’t believe that makes a difference, because when I set the identity path in the web.config file to something like: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MY_SECURE_APP\identity\ASPNET_SETREG then it still fails.
Other details: I’m running IIS server 7.0 & the app is running under the Application Pool Asp.Net v4 with “Load User Profile” set to True.
Event code: 3008
Event message: A configuration error has occurred.
Event time: 1/8/2013 10:01:05 AM
Event time (UTC): 1/8/2013 6:01:05 PM
Event ID: ^blah^
Event sequence: 2
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: ^blah^
Trust level: Full
Application Virtual Path: ^blah^
Application Path: ^blah^
Machine name: ^blah^
Process information:
Process ID: 5900
Process name: w3wp.exe
Account name: IIS APPPOOL\ASP.Net v4
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred executing the configuration section handler for system.web/identity.
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Error reading configuration information from the registry. (C:\Users\^blah^\web.config line 46)
at System.Web.Configuration.IdentitySection.ValidateCredentials()
at System.Web.Configuration.IdentitySection.GetRuntimeObject()
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObjectWithRestrictedPermissions(ConfigurationSection section)
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObject(Object result)
Request information:
Request URL: http:// ^blah^
Request path: /^blah^
User host address: ^blah^
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\ASP.Net v4
Thread information:
Thread ID: 5
Thread account name: IIS APPPOOL\ASP.Net v4
Is impersonating: False
Stack trace: at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Does anybody have an additional suggestion on how to fix this so I don’t have to store my username and password in clear text in the web.config file of my application? Thanks
molly_c
Participant
1590 Points
401 Posts
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 10, 2013 02:16 AM|LINK
Looks weird..., you have already used \Wow6432Node\ in your path, it should be succeeded...
Molly
It's time to start living the life you are imagined.
jeevajsb
Member
159 Points
377 Posts
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 10, 2013 11:10 AM|LINK
advance concepts security,internationalization,performance,deployment
<div>Give me short notes about advanced concepts in asp.net that
Security
Internationalization
performance
Deployment
and suggest some website to understand that concepts in easy way....
Thankx in Advance
</div>Jeeva Jsb.
[Mark as Answer on the post that helps you]
app_builder_...
0 Points
4 Posts
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 17, 2013 12:24 AM|LINK
Well I have a work-around - I'm using the aspnet_regiis utility to encrypt sensitive portions of the web.config file. It doesn't appear as secure as aspnet_setreg.exe, but it works!
Chen Yu - MS...
All-Star
21584 Points
2493 Posts
Microsoft
Re: Aspnet_setreg.exe isn't decrypting password properly.
Jan 17, 2013 09:25 AM|LINK
Hi,
Thanks for sharing your workaround, it will be very beneficial for other community members who have similar questions.
Best Regards,
Feedback to us
Develop and promote your apps in Windows Store