Showing posts with label Windows 8. Show all posts
Showing posts with label Windows 8. Show all posts

Tuesday, November 10, 2015

FIPS Again - VS 2015 - An unhandled exception of type 'System.TypeInitializationException' occurred in Microsoft.CodeAnalysis.Workspaces.dll

Error Context

Recently I got my machine upgraded/re-imaged to Windows 8. Since it is re-imaging with Win 8 image, I need to install Visual Studio versions. Since I am working with VS 2013 and some research is happening around VS 2015, installed both. One main research is going on around Azure Service Fabric. So installed its SDK too. Then tried to open an existing project in VS 2015. As always the first experience was not so smooth. 

The issue is Visual Studio just restarts when I open a code file in the project.

After 3-4 restarts the below exception comes.

An unhandled exception of type 'System.TypeInitializationException' occurred in Microsoft.CodeAnalysis.Workspaces.dll

 Additional information: The type initializer for 'Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticAnalyzerLogger' threw an exception.
System.TypeInitializationException was unhandled
Message: An unhandled exception of type 'System.TypeInitializationException' occurred in Microsoft.CodeAnalysis.Workspaces.dll
Additional information: The type initializer for 'Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticAnalyzerLogger' threw an exception.

Analysis

Step 1

The problem of being a developer caught me as usual. Attached VS 2015 process to VS 2013 for debugging. But it also gives same error.

Step 2

The TypeInitializationException says the type initializer failed. kind of clearly indication that there would be some static things which are getting executed for DiagnosticAnalyzerLogger. 

Since its coming from .Net Compiler Platform and that is open sourced, thought of looking at the source code of DiagnosticsAnalyzerLogger in git.

Yes. There are some smells of static variable initialization.
private static readonly SHA256CryptoServiceProvider s_sha256CryptoServiceProvider = new SHA256CryptoServiceProvider();
Yeah. Something related to security and Win 8 is known for its FIPS. But still don't know whether that is the reason and I should disable FIPS.

Step 3

Next thing obviously is to get the stack track and inner exceptions if any. Since debugging using VS 2013 is not giving more details, started to try with an internal debugger tool to attach into VS 2015 process.

It produced 500 KB of data (exception details) after I attached to VS and opened a project and C# file. Was able to reach to the exception quickly. But getting the inner exception was little difficult. After some time I was able to figure out that as well and it was clear.
Timestamp: 
Message: Type: System.InvalidOperationException
Method: System.Security.Cryptography.SHA256Managed..ctor
Message: "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
Date Time: 

 Stack Trace:
System.Security.Cryptography.SHA256Managed..ctor

 System.Reflection.RuntimeConstructorInfo.Invoke
System.Security.Cryptography.CryptoConfig.CreateFromName
System.Security.Cryptography.SHA256.Create

 System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal
System.Reflection.RuntimeMethodInfo.Invoke
Roslyn.Utilities.SHA256CryptoServiceProvider..ctor
Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticAnalyzerLogger..cctor
As seen in the above log. Microsoft hard coded use of SHA256 Managed version and that is not part of the Windows Platform FIPS validated algorithm list. 

I am not sure whether everybody who install VS 2015 in Windows 8 facing the same issue.

Event Viewer logs

If I am not a developer, may be I would directly goes to the eventvwer and got the below exception immediately.
Application: devenv.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: System.TypeInitializationException: The type initializer for 'Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticAnalyzerLogger' threw an exception. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.SHA256Managed..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
   at System.Security.Cryptography.SHA256.Create()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Roslyn.Utilities.SHA256CryptoServiceProvider..ctor()
   at Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticAnalyzerLogger..cctor()
   --- End of inner exception stack trace ---
   at Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticAnalyzerLogger.AllowsTelemetry(DiagnosticAnalyzerService service, DiagnosticAnalyzer analyzer)
   at Microsoft.CodeAnalysis.Diagnostics.Log.DiagnosticLogAggregator.UpdateAnalyzerTypeCount(DiagnosticAnalyzer analyzer, AnalyzerActions analyzerActions)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticAnalyzerDriver.<GetAnalyzerActionsAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticAnalyzerDriver.<GetAnalyzerActionsAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.CodeAnalysis.Shared.Extensions.DiagnosticAnalyzerExtensions.<GetDiagnosticAnalyzerCategoryAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.CodeAnalysis.Shared.Extensions.DiagnosticAnalyzerExtensions.<SupportsSyntaxDiagnosticAnalysisAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer.<ShouldRunAnalyzerForStateTypeAsync>d__64.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer.<ShouldRunAnalyzerForStateTypeAsync>d__63.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer.<AnalyzeSyntaxAsync>d__49.MoveNext()
Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at Microsoft.CodeAnalysis.FailFast.OnFatalException(System.Exception)
   at Microsoft.CodeAnalysis.ErrorReporting.FatalError.Report(System.Exception, System.Action`1<System.Exception>)
   at Microsoft.CodeAnalysis.ErrorReporting.FatalError.ReportUnlessCanceled(System.Exception)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer+<AnalyzeSyntaxAsync>d__49.MoveNext()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(System.Threading.Tasks.Task)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer+<AnalyzeSyntaxAsync>d__49.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetException(System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetException(System.Exception)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer+<ShouldRunAnalyzerForStateTypeAsync>d__63.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetException(System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetException(System.Exception)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticIncrementalAnalyzer+<ShouldRunAnalyzerForStateTypeAsync>d__64.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetException(System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetException(System.Exception)
   at Microsoft.CodeAnalysis.Shared.Extensions.DiagnosticAnalyzerExtensions+<SupportsSyntaxDiagnosticAnalysisAsync>d__2.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task`1[[Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticAnalyzerCategory, Microsoft.CodeAnalysis.Features, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].TrySetException(System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticAnalyzerCategory, Microsoft.CodeAnalysis.Features, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].SetException(System.Exception)
   at Microsoft.CodeAnalysis.Shared.Extensions.DiagnosticAnalyzerExtensions+<GetDiagnosticAnalyzerCategoryAsync>d__0.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetException(System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetException(System.Exception)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticAnalyzerDriver+<GetAnalyzerActionsAsync>d__39.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetException(System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetException(System.Exception)
   at Microsoft.CodeAnalysis.Diagnostics.EngineV1.DiagnosticAnalyzerDriver+<GetAnalyzerActionsAsync>d__41.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetResult(System.__Canon)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetResult(System.__Canon)
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerManager+<GetAnalyzerActionsAsync>d__8.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetResult(System.__Canon)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SetResult(System.__Canon)
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerManager+<GetCompilationAnalysisScopeAsync>d__5.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
   at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.FinishContinuations()
   at System.Threading.Tasks.Task.FinishStageThree()
   at System.Threading.Tasks.Task.FinishStageTwo()
   at System.Threading.Tasks.Task.Finish(Boolean)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.ExecuteEntry(Boolean)
   at System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Solution

The solution is same. Just disable FIPS. Earlier it was used as workaround. But now we need to consider as solution.
http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx

Posted by Joymon at 7:00 AM 1 comments
Labels:

Tuesday, August 25, 2015

How to make .Net 4.0 & 4.5 use TLS 1.2

Basics of HTTP(S)

Unless its not for fun, all the web sites need to be hosted using http(s). Is http(s) that much important? I will say yes. Otherwise, there are chances that our site will be viewed by people with different content than what we published. The web page is not directly sent from webserver to the client computer. It goes through various devices which can manipulate the content inside the site. eg: I as a free Wi-Fi provider can inject my own ads into the sites if they are simply using plain http connection. There were incidents happened as well.

Yes, it is important to have our web site served via http(s) to make sure our customers are seeing what we are sending them. How http(s) is solving this. Simply saying, it uses encryption when the web page contents are transmitted. So no one can see the content who has access to the intermediate devices. Even if they inject some content, it won't get displayed in our browser as the browser will not be able to decrypt the modified contents.

People who are curious about internal will have many questions by now. If our browser for example Chrome can decrypt the content why can't someone who has Chrome browser source code decrypt the same to see the contents?

Welcome to the world of security!!! There are concepts of encryption keys. Only people with the key can decrypt the encrypted content. Ok in this case if we have the key to decrypt the contents why can the attacker obtain the same key from the webserver by accessing the same site from the browser? That is solved with key exchange and usage of asymmetric and symmetric encryptions wisely. What is the key exchange? It is a sequence of steps involved to establish communication between 2 parties and here its web server and the client browser. This process is called the secure HTTP protocol.

Its enough and getting more complicated. Interested readers can please go through the links below to understand it more. 

Others just continue on the assumption that http(s) is the silver bullet to make sure what our viewers seeing is what we sent from the server.

Versions of http(secure)

Ensuring security is always a continuous process. There are chances that there may be a new flaw in the protocol in the future and we need to fix that issue. It becomes the next version of the protocol. When the issue is fixed by specs the existing web servers and browsers also needs to be fixed and it leads to their next version or patch. 

But can we expect all the people in the world update their browser as soon as the new fixed version or patch is released? Can the new fixed browsers assume that all the web servers its communicated are updated with the latest protocol version? Absolutely no. This requires different versions of this communication protocol to be live side by side in the internet. It is the duty of the communicators to settle in what protocol to be used. When we say protocol it includes the encryption details, key exchange details, etc...

Wiki will give more details on secure HTTP versions and the latest as of today is TLS 1.2 and TLS 1.3 is in the draft.

Fallbacks

As we saw earlier, https is a protocol before starting both parties involved in communication needs to agree on the method. It is not much complicated. Obviously, one party needs to tell that what it is supported and the server selects the latest technique. Though one party is capable of using the latest protocol, it may not use that as the other end doesn't know and this is called fallback.

Check what is our client browser is using

We saw that http(s) will solve a big security issue. It needs a server-side webserver software and client-side browser software who understands the encryption algorithms. Also, it is versioned

Is our browser capable of working with latest http(s) which is TLS 1.2? Just browse to the below URL to see what is the protocols supported in our browser.

https://www.howsmyssl.com/

They provide API as well which our application can call and understand what it can support. We will be seeing how an application can check this shortly

https://www.howsmyssl.com/a/check

Check whether the web site is using SSL/TLS?

Similarly, if we want to check whether a particular site is using secure HTTP go to below URL and enter the web site URL.

https://www.ssllabs.com/ssltest/

Tools to inspect the network communication

If we want to ensure the protocol at the low levels of the system, we can use tools such as Wireshark and all. Those tools help us to inspect the messages in the byte level.

How to host a web site in https

Whatever we discussed above was all general and nothing related to software development. Let's see how a web site can be hosted with a secure HTTP protocol.

The basic need for this is a certificate which is used as a key in encryption. We can create a self sighed certificate or buy from the certificate-issuing authority. Once we have the certificate, it can be associated with our web site via the web server. How to associate the certificate with web site changes from technology to technology.  Below is a link which explains how a site can be hosted securely using https protocol in IIS web server.

How to access SSL site from .Net

We can write applications which can request web sites for web pages as well as data in the same way browser application is requesting data. In Microsoft .Net there are many ways such as WebClient, WCF etc...

Below is the code which can be used to access https://www.howsmyssl.com API from C#.Net application.

var response = WebRequest.Create("https://www.howsmyssl.com/a/check").GetResponse();
var responseData = new StreamReader(response.GetResponseStream()).ReadToEnd();
Console.WriteLine(responseData);










On console we can see response similar to this.









Hosting WCF Service using http(s)



Hosting WCF using http(s) is not much different than hosting a web site using https. Differences mainly include changes in the web.config file to use Transport security. Below is a link which explains how we can host a WCF web service via http(s)










Accessing HTTP(s) WCF Service from .Net client





Similarly when we are consuming WCF service hosted via https, we need to make sure the service client is configured to use Transport security. Below link explains how a .Net client can access http WCF service. Just change the binding security to Transport in web.config


















Why TLS 1.2





Let's come to TLS 1.2. As we have seen above, the latest version of the secure HTTP protocol is TLS 1.2. It means there were problems in earlier versions and its fixed in 1.2. So we need to make sure that as a security-conscious user our browsers need to be upgraded to support TLS 1.2. Will upgrading browser make sure all the connections are using TLS 1.2 protocol? 







No, if we are accessing a web site which is hosted in an environment without TLS 1.2, our browser will fall back to an older protocol version. If we want to avoid falling back to TLS 1.2, we can change the settings in all modern browsers such as ChromeFirefox and IE to always use TLS 1.2 and that is recommended.







More interested readers can google and see what are the changes happened in TLS 1.2 which is based on TLS 1.1.








Obviously, as a responsive software engineer, we should make sure all our web applications must be supporting TLS 1.2 which is the latest at this moment. Need to use proper web servers and technologies to support the same. If we are not moving with the crowd it is very difficult to sustain in the market.







Enable TLS 1.2 at OS level



Not every windows operating system is equipped with TLS 1.2 by default. Below is a link explains how to enable TLS 1.2 in Windows 2008R2, Windows 7 and IIS 7.5. I believe people are still using these versions. 





http://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html

http://tecadmin.net/enable-tls-on-windows-server-and-iis/



In Windows Server 2012 & Windows 8.1 TLS 1.2 is enabled by default.



Not that this will make sure the TLS 1.2 is enabled at the OS level. Also, the default apps such as IIS web server and IE browser will also follow the same protocol by default. Basically, there is a system-level dll called schannel.dll which is responsible for this secure communication and applications are calling the API provided by it to have secure communication. Obviously, there are applications which are not replying on schannel to do communication. eg: Chrome and Firefox are not using this schannel so they can use TLS 1.2 even when they are running inside Windows Vista.



Similarly, when we say Windows Vista, 2008 and below are not supporting TLS 1.2, we should understand that their schannel.dll doesn't have support for the protocol.



















TLS 1.2 and Microsoft.Net



Now let's focus on using TLS 1.2 in the .Net world. We need to make sure that the web sites are served via TLS 1.2 protocol and client apps which are consuming the same need to support TLS 1.2. .Net is running on top of the operating system and mostly its windows. If host windows support TLS 1.2 .Net can also support TLS 1.2 as it relies on schannel.dll1







The first task here is to make sure we are using the right tools and technologies.







TLS 1.2 and .Net Framework 4.5







.Net is also versioned. Versions below 4.5 don't know how to communicate via TLS 1.2.In .Net 4.5 the TLS 1.2 is enabled by default. Simply compile our applications in, Net 4.5 and we will get TLS 1.2 communication for our applications.





How to make .Net 4.0 app talk using TLS 1.2



Technically speaking just recompile the existing older application to .Net 4.5 to get TLS 1.2 support. It sounds simple as everybody expecting that there are no breaking changes in .Net 4.5 and our application will function as is. But if we are serious about delivering quality software we also need to test the entire app in 4.5 before shipping. It really adds cost.



Let's see if there are any ways to use TLS 1.2 by .Net 4.0 apps.



System.dll overwrite



When we install .Net 4.5 its basically adding changes on top of .Net 4.0. In other words, the System.dll used for 4.0 apps will be overwritten to 4.5 version of System.dll. So there are possibilities that .Net 4.0 apps will execute 4.5 code when they access functions in System.dll. Which means if we have .Net 4.5 installed in the machine where our .Net 4.0 is running it can take advantage of TLS1.2. All our solutions below are depending on this factor.







Below links explains the .Net versioning and overwriting.





1. Code change in 4.0 to use TLS 1.2

Now its the matter of changing the default protocol used by 4.0 to TLS 1.2. This can be done by forcefully changing the protocol as below.




ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;//SecurityProtocolType.Tls1.2;










If we look at the SecurityProtocolType enum for .Net 4.0, we will not be able to see the TLS1.2. But in 4.5 we can see that. So .Net 4.0 will not compile if we use TLS1.2 enum value. But if we use the TLS1.2 enum number it will compile and at runtime since the .Net 4.0's System.dll is replaced with 4.5 the cast will work. 






Please note that this will fail if we are running the same app in a machine which don't have 4.5 installed. Recommended only for servers where its easy to manage the .Net version.



2. Registry change to force .Net 4.0 to use TLS 1.2

If we inspect the .Net 4.5 ServicePointManager source code we can see that the default protocol is depending on the below registry entry.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319: SchUseStrongCrypto to DWORD 1



The default value will be 0. Simply change this to 1 to get .Net 4.5 System.dll use TLS 1.2. Since our 4.0 application uses 4.5 System.dll 4.0 gets TLS 1.2 support.



http://stackoverflow.com/questions/28286086/default-securityprotocol-in-net-4-5



Update 22May2019

Below is the Microsoft official link on .Net and TLS. It talks about .Net 4.7 as well.

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls





References

https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Client_.28Browser.29_Configuration

https://www.simple-talk.com/dotnet/.net-framework/tlsssl-and-.net-framework-4.0/

https://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx

https://istlsfastyet.com/

http://blogs.msdn.com/b/benjaminperkins/archive/2014/11/04/using-tls-1-2-with-wcf.aspx

http://blogs.msdn.com/b/benjaminperkins/archive/2011/10/07/secure-channel-compatibility-support-with-ssl-and-tls.aspx

http://www.dotnetnoob.com/2013/10/hardening-windows-server-20082012-and.html





1 - This is as of my understanding. Was not able to get any authentic links.


*-As far as my understanding TLS 1.2 support came from .Net 4.5. I am using 4.5.2 currently.









Posted by
Joymon


at
7:00 AM


18
comments












Labels:





















          

        

          

        

Tuesday, April 21, 2015


          

        







Determining health of system in distributed queueing system to dequeue next message










Recently we are in to the business of building a distributed system where the long running operations to be offloaded to processing machines. Processing machines are pulling the messages from the queue instead of having a manager allocating tasks. 





Initially we were assigning throttling numbers to each of the processing machines according to their configuration such as number of processors, RAM etc...But soon we could see that the machines are either not utilized or over utilized. So decided to introduce a mechanism where the real time machine load needs to considered before taking new message from the queue.





We considered some techniques for sensing the load but those were not feeling better than analyzing the Windows performance counters. So decided to go with looking at the appropriate performance counters before dequeue a new message from the queue.



What are the appropriate performance counters? Its always debatable. We are in the initial stages of the implementation. Hopefully can update soon.



Another challenge we faced was how the performance counter data is translated to a boolean value saying system is healthy or not. We evaluated PAL which reads the .blg files and produces report. But finally reached to a conclusion of saving the performance counter values into database and running own rule engine there which replaces PAL.



Some links on how to work with performance counters from perfmon.exe below



https://technet.microsoft.com/en-us/library/cc722414.aspx

http://www.windowsnetworking.com/articles-tutorials/netgeneral/Scripted-Networt-Defense-Part2.html









Posted by
Joymon


at
7:30 AM


0
comments












Labels:




















          

        

          

        

Monday, July 14, 2014


          

        







Hosting ASP.Net MVC app in Windows 8 IIS 8 - HTTP Error 403.14 - Forbidden








Recently I was trying to run an ASP.Net MVC application in my new Windows 8 environment. When I run the application from visual studio, I got the below error.



HTTP Error 403.14 - Forbidden



The Web server is configured to not list the contents of this directory.







It was silly as the Windows 8 by default don't support pre .Net 4.0 versions also we need enable programming support explicitly.



First We need to enable it in

Control panel -> Turn windows features -> .Net framework 3.5(includes .Net 2.0 and 3.0) in case the project is targeting older version.



Also we need to enable ASP.Net development support too. Go to  Control panel -> Turn windows features -> Internet Information Services-> World wide web services -> Application development features and enable ASP.Net 3.5 and 4.5 based on the project target.



http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-using-aspnet-35-and-aspnet-45











Posted by
Joymon


at
7:00 PM


0
comments












Labels:
















          

        

          

        

Monday, June 17, 2013


          

        







IIS 8 in Windows 8  - HTTP Error 500.19 - Internal Server Error when hosting ASP.Net and WCF










Upgrading our .Net applications from one environment to another is always painful. Even if its a upgrade from the Windows operating system version or the upgrade of .Net framework version. Basically it should be done in the development environment first and then in the QA environment. Also before performing upgrade in the development environment the developers should be having enough knowledge about the differences between existing plan form and new plat form. Also they need to cross verify what all features will be affected by the changes and should plan the mitigation.





Being said all those theories, its not practical always to do upgrade after all these analysis in tight scheduled projects. Recently I had to look into such a plan less upgrade of a .net application from Windows 7 to Windows 8 and below is the error which I got when browsing WCF services hosted in IIS8 . The upgrade was done first in QA environment ie they simply installed the MSIs in Windows 8 environment and the dev team is informed when error happened.






HTTP Error 500.19 - Internal Server Error



The requested page cannot be accessed because the
related configuration data for the page is invalid.



Detailed Error Information:





 


  

Module


  

   IIS
  Web Core


 



  

Notification


  

   BeginRequest


 



  

Handler


  

   Not
  yet determined


 



  

Error Code


  

   0x80070021


 



  

Config Error


  

   This
  configuration section cannot be used at this path. This happens when the
  section is locked at a parent level. Locking is either by default
  (overrideModeDefault="Deny"), or set explicitly by a location tag
  with overrideMode="Deny" or the legacy
  allowOverride="false". 


 



  

Config File


  

   \\?\C:\Program Files
  (x86)\...\web.config


 









 


  

Requested URL


  

   http://localhost:80/.../dataservice.svc


 



  

Physical Path


  

   C:\Program
  Files (x86)\...\dataservice.svc


 



  

Logon Method


  

   Not
  yet determined


 



  

Logon User


  

   Not
  yet determined


 







Config Source:



 
835:     <validation
validateIntegratedModeConfiguration="false" />

  836:    
<handlers>

  837:       <add
name="ReportViewerWebControlHandler"
preCondition="integratedMode" verb="*"
path="Reserved.ReportViewerWebControl.axd"
type="Microsoft.Reporting.WebForms.HttpHandler,
Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />





More Information:



This error occurs
when there is a problem reading the configuration file for the Web server or
Web application. In some cases, the event logs may contain more information
about what caused this error. 








Normally this application is installed in pre configured OS images as it requires so many prerequisites. In this case the image for Windows 8 was not created which means all the prerequisites and settings needs to be done manually.



Resolution



This specific error routes to the locked HttpHandlers. To get more idea about locking features we should know about IIS feature delegation. We need to go IIS8 manager and point the sever node and select feature delegation.There we could see that the http handerls are locked. Allowing edit option will solve this issue. 



It didn't actually solved our issue instead it showed subsequent issue. In that Win 8machine ASP.Net and WCF was not registered with IIS 8 :-(









Posted by
Joymon


at
7:51 PM


0
comments












Labels:















        

      









Subscribe to:
Posts (Atom)