I have recently seen a web application throwing System.UriFormatException error with this message: Invalid URI: The format of the URI could not be determined. It is one of the errors that is almost always related to code, not IIS or other components.
Anti-forgery token prevents CSRF (Cross-Site Request Forgery) attacks. The server associates this token with current user’s identity and sends it to the client. In the next request from client, the server expects to see this token. If the token is missing or it is different, then the server rejects the request (Reference).
I have recently worked on some anti-forgery related errors. These are the error messages I saw in Event Viewer:
The provided anti-forgery token was meant for a different claims-based user than the current user.
The provided anti-forgery token was meant for user “”, but the current user is “X”.
The anti-forgery cookie token and form field token do not match.
The required anti-forgery cookie “__RequestVerificationToken” is not present.
Developers use SameSite cookie attribute to prevent CSRF (Cross-site Request Forgery) attacks. This attribute instructs browsers not to send cookies along with cross-site requests (Reference).
I needed to turn of SameSite cookie attribute for Safari as part of a fix to the issue mentioned here. A simple solution is below.
I came across “System.BadImageFormatException” error while trying to migrate an application from Windows Server 2008 R2 to Windows Server 2012 R2. I will list possible root cause and solution for this issue in this post.
Error message:
Attempt to load Oracle client libraries threw BadImageFormatException. This problem will occur when running in 64 bit mode with the 32 bit Oracle client components installed.
If your web application is crashing with OutOfMemoryException, check Event Viewer for more details. In the stack trace, you should see which function is throwing this exception. In my case, a variable in StringBuilder type was the root cause.
There are different ways of getting data from Active Directory. One of them is that using PrincipalContext class which is a member of System.DirectoryServices namespace (Reference).
Here is a code sample to connect to Active Directory and query a user by using PrincipalContext.
I have recently had to deal with a legacy Visual Basic application that writes data to Excel. It suddenly started malfunctioning (It was writing data only to the first row instead of all across the worksheet).
We solved the issue by installing the latest version of Access 2010 Database Engine. I am adding the source code here in case someone needs it.
Web applications use connection strings to find out what database to interact with which credentials and other configuration. For example, you can instruct your web application to use X database at the server with 192.168.1.100 IP address by using Z username and Y password.
For most applications, the connection strings are stored in web.config files. It means your IP address, database name, username, and password are stored as a clear text in a file. It may not be a problem for your Development server but it is definitely a security concern for your Production servers. This is where we need to encrypt these connection strings.
A web application (or SharePoint web part in my case) may throw System.UnauthorizedAccessException error below if the file you are trying to access is not available. The file may not exist or you may not have permissions to access it.
An exception of type “System.UnauthorizedAccessException” occurred in mscorlib.dll but was not handled in user code. Additional information: Access to the path ‘\networkshare\filename.ext’ is denied.”