locked
403 error on postback for pages having Ajax toolkit tabcontainer RRS feed

  • Question

  • User-436255812 posted

    I have deployed an ASP .NET web application on IIS8 with Forms authentication and anonymous authentication enabled. When I Access the Website from Intranet after giving in credentials via Login page, it runs without any problems. But when I Login to the application from Internet as an external user would do, Home page and other pages will load without any problem, but on postback like selected index changed or button click, then Website will throw 403 Forbidden error as follows "You don't have permission to Access page.aspx on this Server"

    I tried in IE and Chrome, both throws error. I even tried With identity impersonate = true but still it throws same error. I have IUSR having full control on the Folder.

    Later I find out that only those pages havinh ajax toolkit tabcontainer is throwing 403 error. When I remove tabcontainer it works fine.

    Any solutions or suggestions on this? 

    Web.config is as follows

    <?xml version="1.0" encoding="utf-8"?>
        <!--
        For more information on how to configure your ASP.NET application,  
        please visit
        http://go.microsoft.com/fwlink/?LinkId=169433
        -->
        <configuration>
         <configSections>
           <!-- For more information on Entity Framework configuration, visit  
           http://go.microsoft.com/fwlink/?LinkID=237468 -->
           <section name="entityFramework" 
           type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, 
           EntityFramework, Version=4.4.0.0, Culture=neutral, 
           PublicKeyToken=b77a5c561934e089" requirePermission="false" />
          <section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog" />
        </configSections>
        <connectionStrings>    
         <add name="Test" 
         connectionString="metadata=res://*/Models.xxx_DB.csdl|res://
         */Models.xxx_DB.ssdl|res://*/Models.xxx_DB.msl;provider=
         System.Data.SqlClient;provider connection string=&quot;data  
         source=xxxxxxx\xxx;initial catalog=Test;integrated 
         security=True;pooling=False;multipleactiveresultsets=True;application 
         name=EntityFramework&quot;" providerName="System.Data.EntityClient" />
        </connectionStrings>
      <system.web>
      <httpHandlers>
        <add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" validate="false" />
    </httpHandlers>
    <httpModules>
      <add name="BypassCache" type="BypassCacheModule, BypassCacheModuleAssembly" />
    </httpModules>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845DCD8080CC91" />
        <add assembly="Microsoft.ReportViewer.Common, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845DCD8080CC91" />
        <add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
      </assemblies>
      <buildProviders>
        <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
      </buildProviders>
    </compilation>
    <authentication mode="Forms">
      <forms cookieless="UseDeviceProfile" defaultUrl="~/Start.aspx" enableCrossAppRedirects="true" loginUrl="~/Login.aspx" name=".ASPXAUTH" path="/" protection="All" requireSSL="false" slidingExpiration="true" timeout="10080"/>
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <profile defaultProvider="DefaultProfileProvider">
      <providers>
        <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </profile>
    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
      </providers>
    </membership>
    <roleManager defaultProvider="DefaultRoleProvider">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </roleManager>
    <!--
            If you are deploying to a cloud environment that has multiple web server instances,
            you should change session state mode from "InProc" to "Custom". In addition,
            change the connection string named "DefaultConnection" to connect to an instance
            of SQL Server (including SQL Azure and SQL  Compact) instead of to SQL Server Express.
      -->
    <sessionState mode="InProc" customProvider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>
    <pages>
      <controls>
        <add tagPrefix="asp" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
    </pages>
    <httpRuntime requestValidationMode="2.0" shutdownTimeout="120" />    
    </system.web>
    <system.webServer>
      <modules runAllManagedModulesForAllRequests="true" />
      <defaultDocument>
        <files>
          <add value="Start.aspx" />
        </files>
      </defaultDocument>
      <validation validateIntegratedModeConfiguration="false" />
    <handlers>
        <add name="ReportViewerWebControlHandler" preCondition="integratedMode" 
        verb="*" path="Reserved.ReportViewerWebControl.axd" 
        type="Microsoft.Reporting.WebForms.HttpHandler, 
        Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, 
        PublicKeyToken=89845dcd8080cc91" />
    </handlers>
    </system.webServer>
     <runtime>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" />
        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.WindowsAzure.Storage" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-2.1.0.4" newVersion="2.1.0.4" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="HtmlAgilityPack" publicKeyToken="bd319b19eaf3b43a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.4.6.0" newVersion="1.4.6.0" />
      </dependentAssembly>
    </assemblyBinding>
    </runtime>
    <entityFramework>
     <defaultConnectionFactory 
     type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, 
     EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultConnectionFactory>
    </entityFramework>
    <nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd"  
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <targets>
       <target name="file" xsi:type="File" fileName="${basedir}/Logs/
       ${shortdate}.log" layout="${date}:${callsite}: ${level}: ${message}" />
      </targets>
      <rules>
      <logger name="*" minlevel="Info" writeTo="file" />
    </rules>
    </nlog>


    And HTML Markup for the page is below

    <asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
    <asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server" EnableScriptLocalization ="true" EnableScriptGlobalization="true">
    </asp:ToolkitScriptManager>
    <br />
    <table class="auto-style1">
            <tr>
                <td class="col-style11">&nbsp;</td>
                <td>
                     <asp:TabContainer ID="TabContainer" runat="server" BorderStyle="None">
                        <asp:TabPanel ID ="TabPanel_xx" runat="server" HeaderText="xxxxx" BorderStyle="None" Font-Size="Medium">                            
                            <ContentTemplate>
                               <table class="auto-style1">
                                   <tr>
                                      <td colspan="3">
                                          <asp:Label ID="Lbl_Heading" runat="server" Text="xxxxxx." Font-Bold="True" Font-Size="Medium" Font-Names="Arial"></asp:Label>        
                                      </td>
                                   </tr>
                                   <tr>
                                       <td class="col-style1">
                                            <asp:Label ID="Lbl_xxxx" runat="server" Text="xxxxx" Font-Size="Medium" Font-Names="Arial"></asp:Label>   
                                       </td>
                                       <td class="col-style2">
                                           <asp:DropDownList ID="Dl_xxxx" runat="server" width="50%" style="text-align:right" AutoPostBack="true"></asp:DropDownList>
                                       </td>
                                       <td class="col-style3">
                                       </td>
                                   </tr>
                                   <tr>
                                       <td class="col-style1" style="height:15px"></td>
                                       <td class="col-style2" style="height:15px"></td>
                                       <td class="col-style3" style="height:15px"></td>
                                   </tr>
                               </table>
                                <br />
                               <table class="auto-style1">
                                    <tr>
                                        <td>
                                            <asp:FormView ID="FV_xxxx" runat="server" DataSourceID="xxxx" DataKeyNames="xx_Id" Width="53%" Font-Names="Arial">                                                         
                                                <ItemTemplate>
                                                    <hr />
                                                    <h4>Project Name: <%# Eval("xx_Name") %></h4>
                                                    <table class="auto-style1" >
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="LBl_xx" runat="server" Text='<%# Bind("xxxxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxxx:</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="Lbl_xxx" runat="server" Text='<%# Bind("xxxxxxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="Lbl_xxxx" runat="server" Text='<%# Bind("xxxxxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="Lbl_xxxx" runat="server" Text='<%# Bind("xxxxxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="Lbl_xxxx" runat="server" Text='<%# Bind("xxxxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr> 
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="xxxxx" runat="server" Text='<%# Bind("xxxxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr> 
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:Label ID="xxxxx" runat="server" Text='<%# Bind("xxxx") %>'>
                                                                </asp:Label>
                                                            </td>
                                                        </tr> 
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1"></td>
                                                            <td class="form-style2">
                                                                <asp:LinkButton ID="EditButton" runat="server" Text="Edit" CommandName="Edit">Edit</asp:LinkButton>
                                                            </td>
                                                        </tr>                                                      
                                                    </table>                            
                                                </ItemTemplate> 
                                                <EditItemTemplate>
                                                    <hr />
                                                    <h4>xxxx: <%# Eval("xxxxx") %></h4>
                                                    <table class="auto-style1" >
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:TextBox ID="xxxx" runat="server" Text='<%# Bind("xxxxx") %>' ></asp:TextBox>                                                             
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:TextBox ID="xxxx" runat="server" Text='<%# Bind("xxxxx") %>' ></asp:TextBox>                                                             
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx:</td>
                                                            <td class="form-style2">
                                                                <asp:TextBox ID="xxxx" runat="server" Text='<%# Bind("xxxxx") %>' ></asp:TextBox>
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:TextBox ID="xxxxx" runat="server" Text='<%# Bind("xxxxxx") %>' ></asp:TextBox>
                                                            </td>
                                                        </tr>
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1">xxxxx :</td>
                                                            <td class="form-style2">
                                                                <asp:TextBox ID="xxx" runat="server" Text='<%# Bind("xxxxxx") %>' ></asp:TextBox>                                                               
                                                            </td>
                                                        </tr> 
                                                        <tr><td></td></tr>
                                                        <tr>
                                                            <td class="form-style1"></td>
                                                            <td class="form-style2">
                                                                <asp:LinkButton ID="LinkButton1" runat="server" CausesValidation="True" CommandName="Update" Text="Update"/>
                                                                &nbsp;<asp:LinkButton ID="LinkButton2" runat="server" CausesValidation="False" CommandName="Cancel" Text="Cancel" />
                                                            </td>
                                                        </tr>                                                                                                         
                                                    </table>                            
                                                </EditItemTemplate>                                               
                                            </asp:FormView>
                                            <asp:EntityDataSource ID="xxxxx" runat="server" ConnectionString="name=Test" DefaultContainerName="Test" 
                                                 EnableFlattening="False" EnableUpdate="True" EntitySetName="xxxxx" Where="it.xxx_Id == @xx_Id">
                                                 <WhereParameters>
                                                    <asp:ControlParameter ControlID="Dl_xxx" Name="xx_Id" PropertyName="SelectedValue" Type="Int32" />
                                                </WhereParameters>
                                            </asp:EntityDataSource>
                                        </td>
                                    </tr>
                               </table>   
                            </ContentTemplate>
                        </asp:TabPanel>

    Wednesday, January 20, 2016 3:09 PM

All replies

  • User61956409 posted

    Hi srjthms,

    Website will throw 403 Forbidden error as follows "You don't have permission to Access page.aspx on this Server"

    Later I find out that only those pages havinh ajax toolkit tabcontainer is throwing 403 error. When I remove tabcontainer it works fine.

    Any solutions or suggestions on this? 

    If the page is using TabContainer control, the AjaxControlToolkit.dll file will be required. Please make sure whether you have permission to Access AjaxControlToolkit.dll.

    Best Regards,

    Fei Han

    Thursday, January 21, 2016 6:29 AM
  • User-436255812 posted

    Hello Han,

    Thanks a lot for the reply.

    But AjaxControlToolkit.dll have Modify. Read, Write and Execute permission for all users as is there for all other dlls in the bin file and even to the entire deployed Folder. 

    Following users have These permissions:- IUSR, Network Service, IIS_WPG, IIS_IUSRS and also Webserver Users.

    Thank you.

    Thursday, January 21, 2016 6:46 AM