There is a problem with the resource you are looking for, and it cannot be displayed

Topics: ASP.NET 2.0, Business Logic Layer
Aug 9, 2010 at 9:07 PM

Hi,

I'm having that common problem "500 - Internal server error" and "There is a problem with the resource you are looking for, and it cannot be displayed". This happens most of the time when I try to update almost anything through the admin page.

Things I have tried:

*) All files and folders under "App_Data" are not read-only.
*) The App_Data folder and descendants have the following permissions: {Modify, Read & Execute, List folder Contents, Read, and Write} for the following users and groups: {IUSR, NETWORK SERVICE, Users (mynetwork\Users), and IIS_IUSRS (mynetwork\IIS_IUSRS)}
*) I have set the application pool to "classic"

I am running IIS version 7.5 on Windows Server 2008 R2 Enterprise version 6.1 x64 using framework 4.0.

Any ideas?

Thanks,
Dogulas

Coordinator
Aug 9, 2010 at 9:38 PM

IIS might use different identity for classic application pool. Check out this post for details.

Aug 10, 2010 at 1:02 PM

rtur,

Thanks for the quick reply.  That is a good article and changing the identity used by the default classic pool is something that I had not tried.  I am using a separate app pool for BE which was already set to classic, so I changed both the BE app pool identity and the default classic identity to NetworkService.  I made sure Network Service has full access to the App_Data directory tree.

Unfortunately, this has no effect.  I noticed that the name of the identity in IIS is "NetworkService" and in the security tab of the dirctory it is listed as "Network Service".  Is there an issue with the space?

Can you think of anything else I could try?

Thanks,

Dogulas

 

Aug 10, 2010 at 1:22 PM

Hi,

OK, here is a little more information:

I went into global.asax > Application_Error() and added the following first line:

    return;

I then went into a page I was starting and went into the edit mode.  I changed the "[no text]" in the body to "text", an action that has guaranteed the error in the past.  This is the message that I get when I hit the save page button:

"A potentially dangerous Request.Form value was detected from the client (ctl00$cphAdmin$txtContent$TinyMCE1$txtContent="<p>text</p>")."

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$cphAdmin$txtContent$TinyMCE1$txtContent="<p>text</p>").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
   System.Web.HttpRequest.get_Form() +114
   System.Web.HttpRequest.get_Item(String key) +40
   BlogEngine.Core.Web.HttpModules.CompressionModule.context_PostReleaseRequestState(Object sender, EventArgs e) in D:\Projects\Be-1610\BlogEngine\DotNetSlave.BusinessLogic\Web\HttpModules\CompressionModule.cs:62
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 

Thanks,
Dogulas

Aug 11, 2010 at 12:31 PM

Ok, answer time!


in this thread:

    http://blogengine.codeplex.com/Thread/View.aspx?ThreadId=21124

Attilah posed a solution for those of us using Framework 4.0.  Basically, we have to add the property 'requestValidationMode="2.0"' to the httpruntime element inside the system.web section.

I would like to further request that the good folks that are maintaining BE add this in the next release, or at least handle the security issue in some other way.

Thanks,
Dogulas