Following the instructions provided by NopCommerce for installing on Windows, I encountered a 500 error. There was no mention of any additional steps being required. I was able to find the cause, and feel this should be added to the documentation.
The default web.config attempts to modify modules, but IIS by default has Modules set to read only for sites. Changing this is simple, but you might have trouble finding out how by searching for the error message. I found no mention whatsoever of this error on this forum.
The solution is to go to IIS Manager, and edit the top level IIS Server (Not the individual websites.)
Click on Feature Delegation, find the Modules entry, and change it from Read Only to Read/Write.
The error was:
0x80070021
Config Error
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
This error is only visible if you show detailed error messages, which IIS won't do by default.
500 error on new install on Windows with IIS due to feature delegation
- 13
- 65
- 7/11/2015
- Australia
I have tried 4.6 and 4.5 and still get error 500.
I have two other instances of nopCommece 4.5 working on the same server (different URLs and associated sites), and they work fine.
I already have Modules set to read/write, so I'm not sure what else I can do here.
If I navigate to https://<web_address>/install I can see the structure, but the CSS hasn't loaded and I can't do anything.
Her is my stdout:
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Production
info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - - - 302 - - 43.3817ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - - - 302 - - 3.5391ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 7570.3293ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 7795.2601ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 8567.1671ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 9.2283ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 196.1024ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 480.5229ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - -
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2]
Sending file. Request path: '/css/install/images/install-synchronizing.gif'. Physical path: 'C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\wwwroot\css\install\images\install-synchronizing.gif'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - - - 200 1178 image/gif 20.1110ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 15.4247ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 216.6324ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 468.9024ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - -
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2]
Sending file. Request path: '/css/install/images/install-synchronizing.gif'. Physical path: 'C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\wwwroot\css\install\images\install-synchronizing.gif'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - - - 200 1178 image/gif 11.2001ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 6.5409ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 44.739ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 314.8675ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - -
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2]
Sending file. Request path: '/css/install/images/install-synchronizing.gif'. Physical path: 'C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\wwwroot\css\install\images\install-synchronizing.gif'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - - - 200 1178 image/gif 2.7372ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - -
I have two other instances of nopCommece 4.5 working on the same server (different URLs and associated sites), and they work fine.
I already have Modules set to read/write, so I'm not sure what else I can do here.
If I navigate to https://<web_address>/install I can see the structure, but the CSS hasn't loaded and I can't do anything.
Her is my stdout:
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Production
info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - - - 302 - - 43.3817ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - - - 302 - - 3.5391ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 7570.3293ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 7795.2601ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 8567.1671ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 9.2283ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 196.1024ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 480.5229ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - -
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2]
Sending file. Request path: '/css/install/images/install-synchronizing.gif'. Physical path: 'C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\wwwroot\css\install\images\install-synchronizing.gif'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - - - 200 1178 image/gif 20.1110ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 15.4247ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 216.6324ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 468.9024ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - -
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2]
Sending file. Request path: '/css/install/images/install-synchronizing.gif'. Physical path: 'C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\wwwroot\css\install\images\install-synchronizing.gif'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - - - 200 1178 image/gif 11.2001ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Route matched with {action = "Index", controller = "Install", area = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.InstallController (Nop.Web).
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Index.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Index executed in 6.5409ms.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Nop.Web.Controllers.InstallController.Index (Nop.Web) in 44.739ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Nop.Web.Controllers.InstallController.Index (Nop.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/install - - - 200 - text/html;+charset=utf-8 314.8675ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - -
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2]
Sending file. Request path: '/css/install/images/install-synchronizing.gif'. Physical path: 'C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\wwwroot\css\install\images\install-synchronizing.gif'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://redtailblackcockatoofeathers.com/css/install/images/install-synchronizing.gif - - - 200 1178 image/gif 2.7372ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://redtailblackcockatoofeathers.com/ - -
MVP
Certified Developer
- 3947
- 35242
- 2/8/2010
- Australia
This is the error I see
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module ProtocolSupportModule
Notification SendResponse
Handler aspNetCore
Error Code 0x800700b7
Config Error Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'Strict-Transport-Security'
Config File \\?\C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\web.config
Requested URL http://redtailblackcockatoofeathers.com:80/
Physical Path C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs
Logon Method Not yet determined
Logon User Not yet determined
Config Source:
24: <!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
25: <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
26: <!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module ProtocolSupportModule
Notification SendResponse
Handler aspNetCore
Error Code 0x800700b7
Config Error Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'Strict-Transport-Security'
Config File \\?\C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs\web.config
Requested URL http://redtailblackcockatoofeathers.com:80/
Physical Path C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\httpdocs
Logon Method Not yet determined
Logon User Not yet determined
Config Source:
24: <!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
25: <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
26: <!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
- 13
- 65
- 7/11/2015
- Australia
Hi Yidna,
I have tried commenting that line out but get a too many resets error.
I have left that section as-is in web.config.
As I've previously done ( a couple of years back) I added IUSR with full permissions, but no luck.
I have two operating instances of nopCommerce, but I can't get this one to work. I logged into the server and managed to get localhost:5000 working and have added the database with tables etc.
I have tried commenting that line out but get a too many resets error.
I have left that section as-is in web.config.
As I've previously done ( a couple of years back) I added IUSR with full permissions, but no luck.
I have two operating instances of nopCommerce, but I can't get this one to work. I logged into the server and managed to get localhost:5000 working and have added the database with tables etc.
- 13
- 65
- 7/11/2015
- Australia
This is the sites web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<modules>
<!-- Remove WebDAV module so that we can make DELETE requests -->
<remove name="WebDAVModule" />
</modules>
<handlers>
<!-- Remove WebDAV module so that we can make DELETE requests -->
<remove name="WebDAV" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<!-- When deploying on Azure, make sure that "dotnet" is installed and the path to it is registered in the PATH environment variable or specify the full path to it -->
<aspNetCore requestTimeout="23:00:00" processPath=".\Nop.Web.exe" arguments="" forwardWindowsAuthToken="false" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" startupTimeLimit="3600" hostingModel="InProcess" />
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<!-- Protects against XSS injections. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-XSS-Protection" value="1; mode=block" />
<!-- Protects against Clickjacking attacks. ref.: http://stackoverflow.com/a/22105445/1233379 -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
<!-- Protects against MIME-type confusion attack. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
<add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" />
<!-- Prevents from leaking referrer data over insecure connections. ref.: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ -->
<add name="Referrer-Policy" value="same-origin" />
<!-- Permissions-Policy is a new header that allows a site to control which features and APIs can be used in the browser. ref.: https://w3c.github.io/webappsec-permissions-policy/ -->
<add name="Permissions-Policy" value="accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()" />
</customHeaders>
</httpProtocol>
</system.webServer>
<system.web>
<compilation tempDirectory="C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\tmp" />
</system.web>
</configuration>
<!--ProjectGuid: 4f1f649c-1020-45be-a487-f416d9297ff3-->
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<modules>
<!-- Remove WebDAV module so that we can make DELETE requests -->
<remove name="WebDAVModule" />
</modules>
<handlers>
<!-- Remove WebDAV module so that we can make DELETE requests -->
<remove name="WebDAV" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<!-- When deploying on Azure, make sure that "dotnet" is installed and the path to it is registered in the PATH environment variable or specify the full path to it -->
<aspNetCore requestTimeout="23:00:00" processPath=".\Nop.Web.exe" arguments="" forwardWindowsAuthToken="false" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" startupTimeLimit="3600" hostingModel="InProcess" />
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<!-- Protects against XSS injections. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-XSS-Protection" value="1; mode=block" />
<!-- Protects against Clickjacking attacks. ref.: http://stackoverflow.com/a/22105445/1233379 -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
<!-- Protects against MIME-type confusion attack. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
<add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" />
<!-- Prevents from leaking referrer data over insecure connections. ref.: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ -->
<add name="Referrer-Policy" value="same-origin" />
<!-- Permissions-Policy is a new header that allows a site to control which features and APIs can be used in the browser. ref.: https://w3c.github.io/webappsec-permissions-policy/ -->
<add name="Permissions-Policy" value="accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()" />
</customHeaders>
</httpProtocol>
</system.webServer>
<system.web>
<compilation tempDirectory="C:\Inetpub\vhosts\redtailblackcockatoofeathers.com\tmp" />
</system.web>
</configuration>
<!--ProjectGuid: 4f1f649c-1020-45be-a487-f416d9297ff3-->
- 11
- 85
- 1/13/2016
- United States
mnc12004 wrote:
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
Your error message says
but I don't see duplicate entries in your web.config file.
So I think either you've got two separate web.config files somewhere in your configuration, or else else the one file is being loaded twice.
That can happen if you've got two virtual directories for the same site.
Try checking for other .cconfig files in the folder structure, and make sure you don't have two different virtual directories pointing to the same location.
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
Your error message says
Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'Strict-Transport-Security'
but I don't see duplicate entries in your web.config file.
So I think either you've got two separate web.config files somewhere in your configuration, or else else the one file is being loaded twice.
That can happen if you've got two virtual directories for the same site.
Try checking for other .cconfig files in the folder structure, and make sure you don't have two different virtual directories pointing to the same location.
- 13
- 65
- 7/11/2015
- Australia
That is the confusing part.
There is no other web.config file in this directory. I have even gone to the extent of removing all files, uploading the nopCommerce archive, and decompressing it in place (Plesk System), which I have done every time I install nopCommerce for a new site.
I will keep plugging away and hopefully will come across the cause. If I do I will let everyone know.
There is no other web.config file in this directory. I have even gone to the extent of removing all files, uploading the nopCommerce archive, and decompressing it in place (Plesk System), which I have done every time I install nopCommerce for a new site.
I will keep plugging away and hopefully will come across the cause. If I do I will let everyone know.
MVP
Gold Solution Partner
Certified Developer
- 560
- 6882
- 11/7/2017
- India
When deploying a nopCommerce website on a live server, I typically adhere to the following procedure:
1. Verify that the appropriate .NET hosting bundle is installed on the server designated for hosting nopCommerce. A comprehensive list of supported bundles is available here: nopCommerce Technology and System Requirements.
2. Obtain the no-source version of nopCommerce, unzip it, and position it in the `wwwroot` directory within the `C:\inetpub` directory on a Windows server.
3. Open the IIS Manager, set up a new website, and link the aforementioned folder to this newly created site.
4. Configure the domain and SSL settings accurately.
5. Adjust the permissions of the new site to enable read/write access for the IIS_IUSRS user.
6. Launch the website using the set domain and proceed with the installation as guided by these instructions: Installing nopCommerce on Windows.
This methodology has been a cornerstone in my setup of over 500 nopCommerce websites. It has consistently yielded flawless results without any issues.
I hope this guidance proves beneficial to you and others.
Warm regards,
Atul
1. Verify that the appropriate .NET hosting bundle is installed on the server designated for hosting nopCommerce. A comprehensive list of supported bundles is available here: nopCommerce Technology and System Requirements.
2. Obtain the no-source version of nopCommerce, unzip it, and position it in the `wwwroot` directory within the `C:\inetpub` directory on a Windows server.
3. Open the IIS Manager, set up a new website, and link the aforementioned folder to this newly created site.
4. Configure the domain and SSL settings accurately.
5. Adjust the permissions of the new site to enable read/write access for the IIS_IUSRS user.
6. Launch the website using the set domain and proceed with the installation as guided by these instructions: Installing nopCommerce on Windows.
This methodology has been a cornerstone in my setup of over 500 nopCommerce websites. It has consistently yielded flawless results without any issues.
I hope this guidance proves beneficial to you and others.
Warm regards,
Atul