473,394 Members | 1,693 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > asp.net keeps forcing us to restart iis

Join Bytes to post your question to a community of 473,394 software developers and data experts.

ASP.NET keeps forcing us to restart IIS

Hi;

We keep having to restart IIS after ASP.NET kills it. Below is what we
have in the event log. Any idea what the problem is?

thanks - dave

Event code: 3003
Event message: A validation error has occurred.
Event time: 6/23/2008 9:07:24 AM
Event time (UTC): 6/23/2008 3:07:24 PM
Event ID: 2f03e4f296b84e55883e2451ad8be3bd
Event sequence: 28
Event occurrence: 1
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/134438206/Root-4-128587031812871768
Trust level: Full
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\store\
Machine name: SIMBA

Process information:
Process ID: 2380
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Exception information:
Exception type: HttpRequestValidationException
Exception message: A potentially dangerous Request.Form value was
detected from the client
(ctl00$ContentPlaceHolder1$formRegister$txtUsernam e="<a href=
http://effe...").

Request information:
Request URL: http://store.windward.net/register.aspx
Request path: /register.aspx
User host address: 84.16.224.91
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
Thread ID: 1
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Web.HttpRequest.ValidateString(String s,
String valueName, String collectionName)
at
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Bool ean
dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(Http Context
context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.register_aspx.ProcessRequest(HttpContext context) in
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temp orary ASP.NET
Files\root\f713f0b2\5f149ca1\App_Web_flrms-p4.18.cs:line 0
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step,
Boolean& completedSynchronously)
Custom event details:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

__________________________________________________ _______
Error: 2

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 6/22/2008 3:55:32 AM
Event time (UTC): 6/22/2008 9:55:32 AM
Event ID: 3ed9343f80c14d97a8000495dec6bd87
Event sequence: 1
Event occurrence: 1
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/Root/vote-10-128586021323611738
Trust level:
Application Virtual Path: /vote
Application Path: c:\inetpub\wwwroot\vote\
Machine name: SIMBA

Process information:
Process ID: 2764
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Exception information:
Exception type: HttpException
Exception message: Server cannot access application directory
'c:\inetpub\wwwroot\vote\'. The directory does not exist or is not
accessible because of security settings.

Request information:
Request URL: http://simba.windward.net/vote/register.aspx
Request path: /vote/register.aspx
User host address: 65.55.209.5
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
Thread ID: 7
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at
System.Web.HttpRuntime.EnsureAccessToApplicationDi rectory()
at System.Web.HttpRuntime.HostingInit(HostingEnvironm entFlags
hostingFlags)

----------------------------------------------------
Error 3:

Event code: 3003
Event message: A validation error has occurred.
Event time: 6/22/2008 11:42:27 AM
Event time (UTC): 6/22/2008 5:42:27 PM
Event ID: 9b7d368e50d7465fa0192612aa200f34
Event sequence: 55
Event occurrence: 2
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/134438206/Root-5-128585480464695927
Trust level: Full
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\store\
Machine name: SIMBA

Process information:
Process ID: 2764
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Exception information:
Exception type: HttpRequestValidationException
Exception message: A potentially dangerous Request.Form value was
detected from the client
(ctl00$ContentPlaceHolder1$formRegister$txtUsernam e="<a href=
http://psil...").

Request information:
Request URL: http://store.windward.net/register.aspx
Request path: /register.aspx
User host address: 84.16.224.91
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
Thread ID: 1
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Web.HttpRequest.ValidateString(String s,
String valueName, String collectionName)
at
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Bool ean
dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(Http Context
context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.register_aspx.ProcessRequest(HttpContext context) in
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temp orary ASP.NET
Files\root\f713f0b2\5f149ca1\App_Web_flrms-p4.18.cs:line 0
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step,
Boolean& completedSynchronously)
Custom event details:

For more information, see Help and Support Center at

---------------------------------------
Error 4:

Event code: 3003
Event message: A validation error has occurred.
Event time: 6/22/2008 12:13:47 PM
Event time (UTC): 6/22/2008 6:13:47 PM
Event ID: 67a6806ac07a46d28b25026b09d679ee
Event sequence: 477
Event occurrence: 2
Event detail code: 0

Application information:
Application domain:
/LM/W3SVC/1059338337/Root/apps-2-128585473525179216
Trust level: Full
Application Virtual Path: /apps
Application Path: C:\Inetpub\wwwroot\windwardreports\apps\
Machine name: SIMBA

Process information:
Process ID: 2764
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Exception information:
Exception type: HttpRequestValidationException
Exception message: A potentially dangerous Request.Form value was
detected from the client
(ctl00$ContentPlaceHolder1$wizConsult$cbNewRelease s="...r=215628
<a href="http://foru...").

Request information:
Request URL: http://www.windwardreports.com/apps/consult.aspx
Request path: /apps/consult.aspx
User host address: 12.150.97.253
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
Thread ID: 13
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Web.HttpRequest.ValidateString(String s,
String valueName, String collectionName)
at
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Bool ean
dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(Http Context
context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.consult_aspx.ProcessRequest(HttpContext context) in
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temp orary ASP.NET
Files\apps\8ac7d19f\a7c0441c\App_Web_yaqibenw.14.c s:line 0
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step,
Boolean& completedSynchronously)
Custom event details:

For more information, see Help and Support Center at

------------------------------------------
Error: 5

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 6/22/2008 4:40:46 PM
Event time (UTC): 6/22/2008 10:40:46 PM
Event ID: a4d63ab5eb104510b3096559d9a27f53
Event sequence: 27
Event occurrence: 2
Event detail code: 0

Application information:
Application domain:
/LM/W3SVC/1059338337/Root/vote-6-128585510226679682
Trust level: Full
Application Virtual Path: /vote
Application Path: C:\Inetpub\wwwroot\windwardreports\vote\
Machine name: SIMBA

Process information:
Process ID: 2764
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Exception information:
Exception type: NullReferenceException
Exception message: Object reference not set to an instance of an
object.

Request information:
Request URL: http://www.windwardreports.com/vote/captcha.aspx
Request path: /vote/captcha.aspx
User host address: 65.55.235.201
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
Thread ID: 1
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at JpegImage.ProcessRequest(HttpContext context)
in c:\Inetpub\wwwroot\windwardreports\vote\App_Code\J pegImage.cs:line
32
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step,
Boolean& completedSynchronously)
Custom event details:

For more information, see Help and Support Center at

--------------------------------------
Error: 6

Windows cannot unload your classes registry file - it is still in use
by other applications or services. The file will be unloaded when it
is no longer in use.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
david@at******@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm
Jun 27 '08 #1
5 3216
Thanks for your reply Dave,

I think the fact is that the validation is more restricted on input data
from end user since that's the biggest surface for external
attack(malicious code maybe injected within data input). For Label
control, since it display data from our internal data, generally it will
expect those data to be valid or depend on our application's validatio
policy(whether we'll encode all output or not...). Label control is
supportting direct html output. For output that need to be restricted, the
Literal control provide more flexible settings.

Sincerely,

Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: David Thielen <th*****@nospam.nospam>
Subject: Re: ASP.NET keeps forcing us to restart IIS
Date: Fri, 27 Jun 2008 10:03:27 -0600
>
Hi;

A follow-up question. Why doesn't the Label control have a property
where it will HtmlEncode all text making the control safe?

thanks - dave
On Fri, 27 Jun 2008 06:18:58 GMT, st*****@online.microsoft.com (Steven
Cheng [MSFT]) wrote:
>>Hi Dave,

Yes, as Bruce has mentioned, the error entry indicate that the posted
form
>>data contains illegal characters(such as markup...) which should be
prevented in html form input. Is such input really expected for your
ASP.NET page? If so, you can try turn off request in @page directive:

#ASP.NET Request Validation and Cross-Site Scripting
http://weblogs.asp.net/shankun/archi.../02/82534.aspx

#Request Validation - Preventing Script Attacks
http://www.asp.net/learn/whitepapers...st-validation/

Or if you do want to prevent this in page, as Bruce suggested, the best
place is validate the input at client-side.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


david@at******@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm
Jun 30 '08 #2
Anyone with a suggested regexp that will allow any common text
including CJK, hebrew, & arabic?

On Fri, 27 Jun 2008 09:55:45 -0600, David Thielen
<th*****@nospam.nospamwrote:
>Hi;

Thank you guys - I just assumed everyone handled this properly in the
code behind so I never thought that a page level check was needed. But
according to the posts, this is needed.

So... to keep life simple and have a nicer error message, does anyone
know what regexp to use to disallow the characters this tests for?
I'll just put that against our text fields like name, etc - because a
name can be in Chinese and therefore [A-Z] won't cut it. I figure the
safe way is to say anything except the disallowed letters.

thanks - dave

david@at******@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm
Jun 30 '08 #3
That makes sense - thanks
On Mon, 30 Jun 2008 03:47:54 GMT, st*****@online.microsoft.com (Steven
Cheng [MSFT]) wrote:
>Thanks for your reply Dave,

I think the fact is that the validation is more restricted on input data
from end user since that's the biggest surface for external
attack(malicious code maybe injected within data input). For Label
control, since it display data from our internal data, generally it will
expect those data to be valid or depend on our application's validatio
policy(whether we'll encode all output or not...). Label control is
supportting direct html output. For output that need to be restricted, the
Literal control provide more flexible settings.

Sincerely,

Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

================================================= =
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

================================================= =
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>>From: David Thielen <th*****@nospam.nospam>
Subject: Re: ASP.NET keeps forcing us to restart IIS
Date: Fri, 27 Jun 2008 10:03:27 -0600
>>
Hi;

A follow-up question. Why doesn't the Label control have a property
where it will HtmlEncode all text making the control safe?

thanks - dave
On Fri, 27 Jun 2008 06:18:58 GMT, st*****@online.microsoft.com (Steven
Cheng [MSFT]) wrote:
>>>Hi Dave,

Yes, as Bruce has mentioned, the error entry indicate that the posted
form
>>>data contains illegal characters(such as markup...) which should be
prevented in html form input. Is such input really expected for your
ASP.NET page? If so, you can try turn off request in @page directive:

#ASP.NET Request Validation and Cross-Site Scripting
http://weblogs.asp.net/shankun/archi.../02/82534.aspx

#Request Validation - Preventing Script Attacks
http://www.asp.net/learn/whitepapers...st-validation/

Or if you do want to prevent this in page, as Bruce suggested, the best
place is validate the input at client-side.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


david@at******@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm

david@at******@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm
Jun 30 '08 #4
On Jun 30, 9:17*am, David Thielen <thie...@nospam.nospamwrote:
Anyone with a suggested regexp that will allow any common text
including CJK, hebrew, & arabic?

On Fri, 27 Jun 2008 09:55:45 -0600, David Thielen

<thie...@nospam.nospamwrote:
Hi;
Thank you guys - I just assumed everyone handled this properly in the
code behind so I never thought that a page level check was needed. But
according to the posts, this is needed.
So... to keep life simple and have a nicer error message, does anyone
know what regexp to use to disallow the characters this tests for?
I'll just put that against our text fields like name, etc - because a
name can be in Chinese and therefore [A-Z] won't cut it. I figure the
safe way is to say anything except the disallowed letters.
thanks - dave

david@at-at...@windward.dot.dot.net
Windward Reports --http://www.WindwardReports.com
me --http://dave.thielen.com

Cubicle Wars -http://www.windwardreports.com/film.htm
"[^><]*" should work. (Just off the top of my head so test,test,test!)

Also, the HttpRequestValidationException only accounts for half of the
errors in that list. Having to restart IIS is a separate issue. Quick
guess: Rapid-fail settings on the application pool.
Jun 30 '08 #5
that worked great - thanks - dave

On Mon, 30 Jun 2008 10:08:05 -0700 (PDT), Norm <ne*****@gmail.com>
wrote:

....
>"[^><]*" should work. (Just off the top of my head so test,test,test!)

david@at******@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm
Jul 1 '08 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Add-in hell .. keeps disappearing from TOOL menu ...
by: Bernavich2004 | last post by:
Thank you in advance for your help. I create an Add-in in .NET by using the wizard ( language is C#). Once my core project is created I F5 the add-in and it shows up just fine in my TOOL menu,...
.NET Framework
2
Forcing Explorer to close open windows in C#
by: Paul Steele | last post by:
Is there any way to check for open Explorer windows and if any are found, tell Windows Explorer to close them. I don't want a brute force method of killing Explorer and letting it restart. I'd...
C# / C Sharp
0
Slow site? ASP.NET application keeps restarting?
by: Bosh | last post by:
My site doesn't always get a visitor every 20 minutes, and, as a result, my visitors must sometimes endure the slow restart process. I tried various recommended solutions, such as Paul Wilson's...
ASP.NET
3
web-app restart on file replacement
by: John A Grandy | last post by:
In ASP.NET 1.1 and/or 2.0 ..... Is it possible to configure a web-app so that replacement of an .xml file ( physically located under the virtual dir root ) with a newer version of the file...
ASP.NET
6
restart windows service (itself)
by: Leonardo Curros | last post by:
Hello, I would like to know what's the best way to restart one service. I would like to do it from the service itself. Is this possible? I try it with ServiceController.stop()...
Visual Basic .NET
8
restart webservice
by: kenneth fleckenstein nielsen | last post by:
hi guru's I want to restart my webservice when ever it throws an exception that isn't cought. can i do that by web.config or iss or how ??
.NET Framework
3
forcing code to run - httpmodule etc.
by: cisco | last post by:
Let's say i have something, that will eat up a lot of cpu cycles, that i want to run for the whole webpage( asp.net application and all subfolders underneath). What's the best way to accomplish...
ASP.NET
2
IIS forcing app to use .Net 2.0 when 1.1 is specified
by: kmsuzuki | last post by:
I have a Windows Server 2003 + IIS6 with both .Net 1.1 and 2.0 installed. In the past, I've had no problems using the ASP.NET tab in the IIS Manager to specify which framework version a given...
ASP.NET
1
forcing an application, unable to force, create index statement justgot stuck
by: Rahul Babbar | last post by:
Hi, I am having a difficult situation in here... Seems there is a query to create an index on a table and has just got stuck..... It is showing that it is in UOW executing status (in DB2...
DB2 Database
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!