Jump to content
Fabian Näf

Mobile Access Error

Recommended Posts

Hi

 

I just updated to the new Build 8000 and I checked out all these new authentication options for mobile access. It's so nice that there are so many new options available (including SAML as well!).

 

With my first test I just used "Active Directory Authentication" but I ran in an error, when I hit the "Login" button:

594add81c590d_2017-06-2122_46_47-Passwordstate.thumb.png.163c03f203ad5afdc2c8cd93c6f4d5c1.png

 

Best regards,

 

Fabian

 

Share this post


Link to post
Share on other sites

Hi Fabian,

 

For the AD error, can you please go to the screen Administration -> Passwordstate Administration -> System Settings -> Miscellaneous tab, and confirm the Base URL field here is correct for your Version 8 install. The mobile client communicates via the API for AD Authentication, and if this setting is wrong, it will not work. If this was the issue, can you also restart the site in IIS to pick up this value.

 

For the Office 365 theme, these are supplied themes from Telerik (http://www.telerik.com/kendo-ui. We actually remove a lot more themes, as they were just not very nice at all. We may need to remove this one also, as what you've found is definitely an issues.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi Fabian,

 

For the Office365 theme, can you tell us what browser/phone you are using. The theme is not black for us, and cannot reproduce this issue?

Thanks very much.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi

 

I tested this with my Samsung Note 3 with Chrome and also with Chrome-Browser on my PC.

The search field contains the text "Search Passwords..." (or "Search Password Lists...") in gray with background in black. As soon as I start to type my search-text, the whole field is black like on the screenshot.

 

Here's a screenshot:

Download Screenshot

 

Best regards,

Fabian

Share this post


Link to post
Share on other sites

I just checked out the Base URL under the System Settings.

My Base URL is correct and it's specified with https: https://passwordstate.*****.com

But I dont use a trusted certificate, propably this could have an impact.

 

Best regards,

 

Fabian

Share this post


Link to post
Share on other sites

Hi There

 

I just tried to open /winapi in my browser and I got the following error:

Server Error in '/' Application.


Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. 

Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.

Source Error: 

 
















 


Source File: c:\inetpub\Passwordstate\winapi\web.config    Line: 16 

 

Show Additional Configuration Errors:

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2053.0

 

 

================================================================================

In Windows-Event Viewer I got the following error:

 

 

 

Event code: 3008 
Event message: A configuration error has occurred. 
Event time: 22.06.2017 19:32:57 
Event time (UTC): 22.06.2017 17:32:57 
Event ID: 33fa2040c3b44e3d9cb739a5831e499c 
Event sequence: 23299 
Event occurrence: 5 
Event detail code: 0 
 
Application information: 
    Application domain: /LM/W3SVC/2/ROOT-13-131425523658406834 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: c:\inetpub\Passwordstate\ 
    Machine name: ****
 
Process information: 
    Process ID: 7028 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\NETWORK SERVICE 
 
Exception information: 
    Exception type: ConfigurationErrorsException 
    Exception message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (c:\inetpub\Passwordstate\winapi\web.config line 16)
   at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
   at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
   at System.Web.Configuration.RuntimeConfig.get_Identity()
   at System.Web.HttpContext.SetImpersonationEnabled()
   at System.Web.HttpApplication.AssignContext(HttpContext context)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)

 
 
Request information: 
    Request URL: https://passwordstate.********.com:443/winapi/ 
    Request path: /winapi/ 
    User host address: 194.230.*****.70 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
 
Thread information: 
    Thread ID: 94 
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
    Is impersonating: False 
    Stack trace:    at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
   at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
   at System.Web.Configuration.RuntimeConfig.get_Identity()
   at System.Web.HttpContext.SetImpersonationEnabled()
   at System.Web.HttpApplication.AssignContext(HttpContext context)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
 
 
Custom event details: 

 

 

================================================================================

Then I opend my IIS Manager and I browsed to the WinAPI-Folder and I tried to open the Authentication properties. I got the following error, referenced to Line 16  Error: Configuration section not allowed to be set below application

 

To resolve the issue I converted the Folder WinAPI in IIS Manager into an Application. All problems are solved now.

When I access /WinAPI with my browser I get the manual. And Active Directory-Authentication with the Mobile Interface is also working perfect now!!

 

Best regards,

 

Fabian

Share this post


Link to post
Share on other sites

Hi Fabian,

 

Once the upgrade of version 8 was complete, it instructs you of what you need to do in order to use the new API - unfortunately we cannot do this problematically, because of the level of access required. New installs are fine though.

 

If you go the the Help Menu, and User Manual, have a look at the KB Article titled 'Configure WinAPI After Version 8 Upgrade'. It sounds like you've done everything right, but can you double check?

Thanks very much.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi

 

Yes, your right, I remember this text after the upgrade... 

Quote

 

New Windows Integrated API - If you are wanting to use the new Windows Integrated API, you will need to follow the KB Article titled 'Configure WinAPI After Version 8 Upgrade' which can be found in the Help -> User Manual menu


 

I saved this text for doing this later, when I start to use the new API.... :)

 

I was not aware, that using the Mobileinterface is related to this. Probably, everybody should follow the KB Article, not only the users, who are wanted to use the WinAPI.

 

I just double checked the KB Article and I updated my configuration and created a new own AppPool for WinAPI (I was using the default "Passwordstate" App Pool).

 

Thanks a lot!!

 

Best regards,

 

Fabian

Share this post


Link to post
Share on other sites

Hi Fabian,

 

The Mobile client does not use this new Windows Integrated API - only the older standard API with the URL of /api.

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi

 

Oh, I came to this, because you wrote:

Quote

The mobile client communicates via the API for AD Authentication

 

Since I configured the WinAPI-Folder as Application Pool, AD Authentication on the Mobile Interface is working. Probably I changed something else, but I don't remember...

 

Best regards,

Fabian

 

 

Share this post


Link to post
Share on other sites

Maybe it was that Base URL field I mentioned?

 

We've have AD Authentication in version 7 as well, and sorry I should have mentioned this.

Regards

Click Studios

Share this post


Link to post
Share on other sites

No I didn't change anything in the Base URL field. 

I'm not 100% sure if I did a iisreset after the upgrade. I directly tested the mobile interface after the upgrade to build 8000. Probalby this could be the reason, but I'm not sure.

Anyway, now it's running perfect and I'm happy :-)

Thanks a lot for your support! It's highly appreciated.

 

Best regards,

Fabian

 

PS: I'll see if I find some time to test SAML authentication for the mobile interface in the next weeks.

Share this post


Link to post
Share on other sites

Thanks very much Fabian :)

With the SAML auth for mobile client, there are separate settings for this on the System Settings page, so your SAML provide can return you back to your mobile site URL, instead of your main site's URL.

Regards

Click Studios

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×