After reading this blog post, please also have a look at the following article which includes a recent improvement for PageParserPath
September 2020 included a several important security fixes for all supported versions of Sharepoint (2010, 2013, 2016 and 2019).
Some of these security fixes have tightend the security requirements for 1st party and 3rd party solutions integrated with SharePoint.
Affected Microsoft Products which integrate with SharePoint and which are affected by this change include Microsoft Identity Manager (MIM) portal pages and Dynamix AX.
Here is a quick summary of the requirements which are enforced now:
- code behind classes and web parts need to be explicitly registered as safe in the web.config using <SafeControl…> entries
- custom user controls (ascx pages) need to be explicitly registered as safe in the web.config using <SafeControl…> entries
- custom server controls need to be explicitly registered as safe in the web.config using <SafeControl…> entries
- inline code blocks in pages are blocked. Pages which require that have to be whitelisted explicitly using <PageParserPath…> entries in the web.config
- declarative statements in pages and master pages which invoke server side code (e.g. autoeventwireup, enablesessionstate, serverside event receivers for page actions, …) are blocked. Pages which require that have to whitelisted explicitly using <PageParserPath…> entries in the web.config
Symptoms
One or more of the following error message can occur for an affected page:
- The attribute ‘autoeventwireup’ is not allowed in this page.
- The attribute ‘enablesessionstate’ is not allowed in this page.
- Code blocks are not allowed in this file.
- The event handler ‘…’ is not allowed in this page. (… is a place holder and can mean any event type like OnClick, OnSelectedIndexChanged, …)
- UnsafeControlException: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type could not be found or it is not registered as safe.
- The referenced file ‘/_layouts/somedirectory/affectedusercontrol.ascx’ is not allowed on this page.
Solution
Important: you should only whitelist affected pages and controls if these pages and controls are ghosted and remain ghosted. Ghosted means that they are deployed to the file system through custom solutions and are not modified afterwards using tools like SharePoint designer. Unghosted pages live in the SharePoint database while ghosted pages live on the file system. Modifications done through unghosting are not under the control of a SharePoint administrator and they should therefor be treated as unsafe and should not be unblocked.
Examples for web.config entries which can help to whitelist pages:
For blocked code behind files and server controls you need to whitelist the relevant classes using SafeControl elements similar to the following:
<SafeControl Assembly="CustomSolution.AssemblyName, Version=1.2.3.4,Culture=neutral, PublicKeyToken=11aa22bb33cc44dd" Namespace="CustomSolution.AssemblyName.NameSpace" TypeName="AffectedClass" AllowRemoteDesigner="True" Safe="True" SafeAgainstScript="True" />
Assembly, Namespace and TypeName in the above example has to be adjusted to reflect the information for the affected class.
If all controls and classes in a given assembly and namespace are safe you can use “*” as wildcard for the TypeName to whitelist all controls and classes at once. Please review your code carefully before applying this step to ensure that you are only whitelisting classes which are intended to be used in the affected pages.
To whitelist a directory hosting the affected user controls (.ascx) use a SafeControl element with the following syntax:
<SafeControls> <SafeControl Src="~/_layouts/somedirectory/*" IncludeSubFolders="True" Safe="True" AllowRemoteDesigner="True" SafeAgainstScript="True" /> </SafeControls>
or
<SafeControls> <SafeControl Src="~/_layouts/somedirectory/*" IncludeSubFolders="True" Safe="True" /> </SafeControls>
To whitelist pages or master pages which have inline code or include declarative statements which invoke server side code you need to whitelist them using a PageParserPath element similar to the following:
<SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="15" TotalFileDependencies="250" AllowPageLevelTrace="false"> <PageParserPaths> <PageParserPath VirtualPath="/<relativepath>/page.aspx" CompilationMode="Always" AllowUnsafeControls="true" AllowServerSideScript="true" /> </PageParserPaths> </SafeMode>
Important: do not add IncludeSubFolders=”True” in this line when specifying a specific page as above!
VirtualPath is the server relative path starting at the root of your web application. In case you are using the same user control in multiple sites or collections you need to add a separate entry for each occurance.
To whitelist all controls in a given directory you can use the following syntax:
<SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="15" TotalFileDependencies="250" AllowPageLevelTrace="false"> <PageParserPaths> <PageParserPath VirtualPath="/<relativepath>/*" CompilationMode="Always" AllowUnsafeControls="true" AllowServerSideScript="true" IncludeSubFolders="True"/> </PageParserPaths> </SafeMode>
Important: do NOT add VirtualPath=”/*” as this would effectively disable the security fix which was released in September 2020. Instead ensure to be a specific as possible for the VirtualPath to ensure that only pages are enabled which contain code that has been verified to be safe.
DirectFileDependencies indicates the number of allowed direct file dependencies. If you receive an error message such as “The number of allowed direct file dependencies exceeds the limit,” you can increase this value.
To simplify adding the PageParserPath elements to the web.config you can use the following powershell script created by Joe Rodgers which ensures that the entry is set on all servers in your farm:
https://gist.github.com/joerodgers/91e8d70ae477ab84fe41c9395ffdcd82
More information
See the following KB article for more information:
- KB 4584132 – Ghosted pages in SharePoint don’t render
Permalink
Ciao Stefan,
thank you for your post!
Regarding your post about some fixes that will cause problems on SharePoint… I don’t understand the connection between the MIM and the problem pointed out by you… MIM portal pages…what means?
I have a MIM solution installed on another server for synchronize user profile value from SAP to SharePoint
but we dont have WebPart or custom page.
I would like some more clarification about your post 🙂
Thank you very much!
Permalink
sorry for the smile!! I don’t know how it came out! sorry
Permalink
No worries – it was a problem in the CSS styles of my blog.
I have fixed it now.
Permalink
Ciao Stefan,
thank you for your post!
Regarding your post about some fixes that will cause problems on SharePoint… I don’t understand the connection between the MIM and the problem pointed out by you… MIM portal pages…what means?
I have a MIM solution installed on another server for synchronize user profile value from SAP to SharePoint(witth a custom .DLL )
but we dont have WebPart or custom page.
I would like some more clarification about your post for understand if our SharePoint 2013 farm will be affected.
Thank you!
Permalink
Hi Roberto,
please check the section “Prepare SharePoint to host the MIM Portal”:
https://docs.microsoft.com/en-us/microsoft-identity-manager/prepare-server-sharepoint
Cheers,
Stefan
Permalink
PowerPivot is concerned in SP 2013 when accessing to admin pages in Central Administration.
Permalink
Hi Loic,
I don’t have a system in this configuration.
Would be great if you could share here the affected controls/pages and how you solved it.
It would certainly help the community.
Thanks,
Stefan
Permalink
Hi,
I hope your post will help me.
Actually, in SP 2013, in Central Administration, Application Management, Manage Services application, PowerPivot Service Application, the access to the ServiceAppDashboard.aspx generates the “attribute autoeventwireup is not allowed in this page” error.
Let see this problem next Week.
Thanks to your to share this kind of information.
Loïc
Permalink
Hi Loic,
ok, for this issue a PageParserPath needs to be configured. Be aware that after this is solved also some SafeControl elements might be required to fix it. Such issues are often hidden behind the issue you see right now as the inline code check fires first before binary references are evaluated.
Cheers,
Stefan
Permalink
Hi Stefan, I am experiencing this same error on my 2016 env, “after the sept 2020 cu”, I have added the PageParserPath and am now getting this error “WebPartPageUserException: This page has encountered a critical error.” How can I find which SafeControl elements should be added?
Permalink
Hi WVZ,
please evaluate the error details in the ULS log. They should help you to identify the issue.
If you need further assistance I would recommend to open a support case with Microsoft.
Cheers,
Stefan
Permalink
Hi Stefan,
Will October CU fix this issue? Do you recommend to wait for October CU for users who do not install September CU yet?
-Yuseon
Permalink
Hi Yuseon,
there seems to be a misunderstanding: this is not a regression or a problem that was introduced.
This behavior was introduced to solve a security issue through a security fix.
I do not see that this behaviour would be changed or reverted going forward.
Expect this to be the new normal which needs to be taken into consideration when developing custom applications for SharePoint.
Cheers,
Stefan
Permalink
Hi Stefan,
In our case, after applying the CU, accessing the search main page (https://oursearch/Pages/default.aspx), gives us the following error: Unknown server tag ‘SharePoint:BrowseStyleBlock’. We have checked for Register tags on master pages and so, but no luck. Any hint?
Permalink
Hi Ismael,
I haven’t seen this but this seems to be an unrelated issue as it is not a blocked page or control but an unknown tag in a page.
My recommendation would be to open a ticket with Microsoft Support.
Cheers,
Stefan
Permalink
Many thanks, good to know that at least is not related to blocked pages or control ones.
Cheers,
Ismael
Permalink
The SharePoint:BrowseStyleBlock issue can occur if KB 4484515 was installed without 4484525. There is a dependency between them.
Permalink
Search Center results pages were broken for us with the same error: ‘Unknown server tag ‘SharePoint:BrowseStyleBlock’.
Installing KB 4484525 fixed the issue. Thanks so much for the solution @Ed Barnes!
Permalink
Added this to our 2013 environment and this resolved the conflicts we noticed.
<SafeControl Assembly="Microsoft.PerformancePoint.Scorecards.Client, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.PerformancePoint.Scorecards" TypeName="*" />
<SafeControl Assembly="Microsoft.PerformancePoint.Scorecards.Client, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.PerformancePoint.Scorecards" TypeName="*" />
<SafeControl Assembly="Microsoft.PerformancePoint.Scorecards.Client, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.PerformancePoint.Scorecards.TransformerConfigurationRecord" TypeName="*" />
<SafeControl Assembly="Microsoft.PerformancePoint.Scorecards.Client, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.PerformancePoint.Scorecards.TransformerConfigurationRecord" TypeName="*" />
<SafeControl Assembly="Microsoft.PerformancePoint.Scorecards.WebControls, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.PerformancePoint.Scorecards.WebControls" TypeName="*" />
<SafeControl Assembly="Microsoft.PerformancePoint.Scorecards.WebControls, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.PerformancePoint.Scorecards.WebControls" TypeName="*" />
Note: “Microsoft.PerformancePoint.Scorecards.WebControls” already existed.
Permalink
Hi Matt,
thanks Matt!
No PageParserPath elements were required?
Cheers,
Stefan
Permalink
Above Safe Controls worked perfectly for us, Thanks Matt!
Permalink
Not yet but that farm doesn’t have much as 99% is moved to 2019. So far our 2019 has no known issues based on our regular test cases but we are holding off on promoting this to Stage/Prod until more testing is performed.
Thank you very much for posing this and everything you have been doing.
Permalink
Hey Stefan! Joe Rodgers wrote a script to make the changes a little easier.
“Use the SPWebConfigModifications class to deploy custom PageParserPath entries to web.config”
https://gist.github.com/joerodgers/91e8d70ae477ab84fe41c9395ffdcd82
Permalink
Thanks Mark! I will reference it in the article above.
Permalink
Hi,
we’ve a custom pages on sharepoint 2013 enviroment,
after applying this securty update, we got many System.NullReferenceException
Object reference not set to an instance of an object.
below erro logs from some of these pages
System.NullReferenceException: Object reference not set to an instance of an object.
at W.SharePoint.Item.GetService(Type serviceType)
at W.Extensions.GetService[T](IServiceProvider serviceProvider, Boolean required)
at W.SharePoint.Solutions.ObjectModel.WorkflowTaskInstance.get_TaskConfiguration()
at W.SharePoint.Solutions.WorkflowContext.get_TaskConfiguration()
at W.SharePoint.Solutions.UI.Controls.TaskFormPlaceholder.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at Microsoft.SharePoint.WebPartPages.ListFormWebPart.CreateChildControls()
at System.Web.UI.Control.E… cb5f7e9f-0f0c-5006-2e69-55b98c7f771d
System.NullReferenceException: Object reference not set to an instance of an object. at G.Epm.WebParts.PWAWebParts.RedirectUsers.RedirectUsersUserControl.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at G.Epm.WebParts.PWAWebParts.RedirectUsers.RedirectUsers.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRe
could you please help ?
Permalink
Hi Ahmad,
the exceptions all seem to originate in 3rd party controls as the relevant namespaces are not part of SharePoint (e.g. W.sharePoint…., G.Epm.WebParts…).
Be aware that certain configuration settings are required now as outlined above.
Please ensure that the correct entries for these controls are in the web.config. If the issue persists or if you are unsure what to configure, please work with the developer of these 3rd party controls to investigate this further.
Cheers,
Stefan
Permalink
hi, i am having the issue when i click on the “Result Sources,” “Query Rules,” “Search Result Sources,” or “Search Query Rules” page from the Search Settings section of Site Settings.
get this issue in the logs –
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Office.Server.Search.Internal.UI.SearchObjectAdminPageBase.ErrorHandler(Object sender, EventArgs e)
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously
it mentions on https://support.microsoft.com/en-gb/help/4484525/security-update-for-sharepoint-foundation-2013-sept-8-2020 to use Powershell but really this isnt a fix just a workaround.
Permalink
Hi Matt,
yes – it is a workaround till a fix has been released.
The fix is currently planned for October CU.
Cheers,
Stefan
Permalink
Thanks Stefan for the heads up. much appericated.
Permalink
Hello Stefan,
Thanks for sharing this KB.
We have fixed the issue occurred after applying September CU for our SharePoint 2013 environment by updating web.config.
Is this issue still exists or fixed in Nov 2020 CU updates, or we still need to keep looking for permanent solution instead of updating web.config after each CU updates ?
Best Regards,
Meena
Permalink
Hi Meena,
this is not an issue – this is now by design to address certain security problems.
These changes should not be reverted through a CU installation.
Cheers,
Stefan
Permalink
Hi Stefan,
We have installed Sep 2020 security patches in Sharepoint 2013 environment. While search services and everything fine custom search is not working. We getting this error “Unknown server tag ‘SharePoint:BrowseStyleBlock’ ” while trying to search something. Can you please me on this issue.
Regards,
Naga
Permalink
Hi Naga,
this should be fixed if you install the complete September CU rather than just the security fix.
Cheers,
Stefan
Permalink
Applied September 2020 CU to Sharepoint 2016 An error occurred during the processing of /searchadministration.aspx. Code blocks are not allowed in this file
When I try to access in Central Admin, then Manage services, click on “Search Service Application, I get the following error
“Sorry, something went wrong
An error occurred during the processing of /searchadministration.aspx. Code blocks are not allowed in this file”
I tried applying the following to Central admin web.config, but did not resolves it.
Uls log
Timestamp
Process
TID Area Category EventID Level Message
Correlation
10/01/2020 01:04:38.23 w3wp.exe (Server:0x2084)
0x2794 SharePoint Foundation
Logging Correlation Data
xmnv Medium
Name=Request (GET:http://Server01:10000/searchadministration.aspx?appid=e699f757-c9a5-4744-b6b5-a3de117c5b5d)
004f7f9f-7ddd-004f-9044-4f005639bb57
10/01/2020 01:04:38.25 w3wp.exe (Server0x2084)
0x2794 SharePoint Foundation
Logging Correlation Data
xmnv Medium
Site=/ 004f7f9f-7ddd-004f-9044-4f005639bb57
10/01/2020 01:04:38.25 w3wp.exe (Server:0x2084)
0x2794 SharePoint Foundation
Runtime
tkau Unexpected
System.Web.HttpException: Code blocks are not allowed in this file. at System.Web.UI.TemplateParser.ProcessError(String message) at System.Web.UI.TemplateParser.EnsureCodeAllowed() at System.Web.UI.TemplateParser.ProcessCodeBlock(Match match, CodeBlockType blockType, String text) at System.Web.UI.TemplateParser.ParseStringInternal(String text, Encoding fileEncoding) at System.Web.UI.TemplateParser.ParseString(String text, VirtualPath virtualPath, Encoding fileEncoding) 004f7f9f-7ddd-004f-9044-4f005639bb57
10/01/2020 01:04:38.25 w3wp.exe (Server:0x2084)
0x2794 SharePoint Foundation
WOPI aubgn Monitorable
SPOIncidentsDetectionJob.UpdateErrorTextsIfNeeded: System.InvalidOperationException: Nullable object must have a value. at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource resource) at Microsoft.SharePoint.Administration.SPOIncidentsDetectionJob.GetSPOIncidentBitStatus() at Microsoft.SharePoint.Administration.SPOIncidentsDetectionJob.UpdateErrorTextsIfNeeded(String& errorText, String& linkText, String& linkUrl, Boolean& shouldIgnoreLinkValidation)
004f7f9f-7ddd-004f-9044-4f005639bb57
10/01/2020 01:04:38.25 w3wp.exe (Server:0x2084)
0x2794 SharePoint Foundation
General
aat87 Monitorable
004f7f9f-7ddd-004f-9044-4f005639bb57
10/01/2020 01:04:38.26 w3wp.exe (Server :0x2084)
0x2794 SharePoint Foundation
Micro Trace
uls4 Medium
Micro Trace Tags: 0 avwhy,0 nasq,0 az4z8,0 avwhz,0 aytib,0 avwh6,0 az4z8,0 agb9s,0 ajd6k,0 ajd6l,0 avwh7,0 avwh8,0 avwh0,0 a0t92,0 a08yd,0 a0t94,0 a0t97,0 a0t98,0 arc5u,14 ab3dt,0 ajoij,0 ax0ru,0 abnwl,2 az4z8,0 avwh1,5 avwhw,0 9tmwc,0 8nca,0 tkau,0 ajlz0,0 aw5fv,0 aw5f0,0 aw5f1,0 aubgp,0 aw5fz,0 aubgn,0 aat87,1 agxkz,0 avwh5,0 avwhx,0 aytib,0 avwia,0 avwib,0 avwic
004f7f9f-7ddd-004f-9044-4f005639bb57
Any help would be greatly helpful!!
Permalink
Hi Mike,
a couple of things to check:
1) did you install both fixes (language independent and dependent?
2) did you run the SharePoint config wizard after you installed these two fixes?
That should address all issue with uncustomized SharePoint pages.
If the steps above did not help I assume you customized the searchadministration.aspx page.
Cheers,
Stefan
Permalink
Hi Stefan!
I fixed issues from semptember’s KBs, but now I have this error from windows event:
Microsoft.SharePoint
at Microsoft.SharePoint.Utilities.SPUtility.MakeBrowserCacheSafeLayoutsUrl(String name, Boolean localizable, Int32 desiredVersion)
at Microsoft.SharePoint.WebControls.CssLink.SetupDialogCSS()
at Microsoft.SharePoint.WebControls.CssLink.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Could you help me?
Permalink
Hi G,
this is not an error – this is just a callstack potentially complementing the error message.
What is the actual error message you see?
Thanks
Stefan
Permalink
Hi Stefan, thans for your help.
I’ve opened the log file located in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS\
and I’ve found this:
DelegateControl: Exception thrown while adding control ‘Microsoft.SharePoint.Portal.WebControls.SearchBoxEx’: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.AbortCurrentThread()
at Microsoft.SharePoint.Portal.WebControls.SPSCommon.StopProcessingRequestIfNotNeeded(Page page)
at Microsoft.SharePoint.Portal.WebControls.WebPartLoc.StopProcessingRequestIfNotNeeded()
at Microsoft.SharePoint.Portal.WebControls.SearchBoxEx.OnInit(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 i……ndex)
at Microsoft.SharePoint.WebControls.DelegateControl.AddControlResilient(Control ctl)
Permalink
This is strange. The error indicates that the server detected that the TCP connection between the client and the server no longer exists. In this case the server stops processing the page as no client is listening on the connection any longer and processing the request is a waste of resources.
Do you have any proxy or other edge device in front of your server which could cause this?
If you cannot resolve this on your own I would recommend to open a ticket with Microsoft to get this analyzed.
Cheers,
Stefan
Permalink
Hi,
Solution applied for our SP 2013 Enterprise farms (x3):
Problem:
In central administration, error “autoeventwireup” when clicking on powerpivot Dashboard page.
Solution\workaround:
SP 2013 / PowerPivot DashBoard Issue “autoeventwireup”
In Central Administration web.config:
Not the best solution but this workaround is available until next CU in few days 😉
Best regards.
Permalink
Hi, Could you please let us know the solution applied to resolve the issue for powerpivot dashboard page ?
Permalink
Hi,
In web.config on each SP Server, add this line:
to obtain this:
That works for us, perhaps this is not the best security solution but I must to go ahead.
Let me know if you find a better solution.
Best regards.
Loïc WENDEL
Permalink
Copy/paste from OneNote seems to work but text disapears after save action.
In web.config on each SP Server, add this line:
to obtain this:
Permalink
Permalink
In enterprise portal page of Dynamix AX 2012, customer came across error ‘An error occurred during the processing of /_catalogs/masterpage/defaultax.master. Code blocks are not allowed in this file.’
I found the following in web.config
Should I add AllowUnsafeControls=”true” as shown below, will it fix the error?
Permalink
Hi Spike,
sorry – xml/html markup will not get through in post comments.
Cheers,
Stefan
Permalink
Hi Stefan,
We had several custom web parts and solutions which broke after this update. After making page parser entries its not complaining about code block any more but page is not loading. We are looking at the custom web parts and assuming there are several .ascx that need to be added as safe in web.config. However we cant find all of them.
Question is will retracting and redeploying custom solutions will fix this and add all those missing assemblies and references in web.config again ?
Thanks.
Permalink
Hi Umr,
SharePoint does not automatically add these. It is up to the solution developer to define the controls that should be registered as safe and add the entries through event receivers during the deployment.
It is unlikely that these old solutions will include the necessary registration code.
My suggestion is to analyze the ULS logs. It should tell you the controls that are causing issues.
If you need assistance you have the option to open a support case with Microsoft.
Cheers,
Stefan
Permalink
Hi Stefan,
we have around 1300 site collections (customer portals) for which we need to add PageParserPaths, as they all use a masterpage with some code and custum programmed forms with code. We added the necessary lines to the web.config and now have the error “web.config exceeds file limit”.
Is there a way to split those about 2600 entries (“be as specific as possible”) to other web.configs or do we have to make the “/*” entry that is strongly discouraged. I have seen the possibility to extend the file limit in registry, but I cannot estimate the consequences with this larger file.
Any recommendations?
Thanks, Urs
Permalink
I also have the same problem, We can’t add all the pages needed to be allowed. I really don’t want to use the “/*” but at the moment have no choice!
luckily this has not been installed in live only in UAT after testing in very flat sharepoint installs.
There must be another way of doing this?
Permalink
Hi Stefan, please help, we have four servers farm with SP 2019 + Windows server 2019 + CU Nov 2020, but we can´t create a new search service application from the Central Administration, we get this error:
System.InvalidOperationException: Operation is not valid due to the current state of the object. at Microsoft.SharePoint.Administration.SPDatabase.Update() at Microsoft.Office.Server.Search.Administration.SearchDatabase.BaseUpdate() at Microsoft.Office.Server.Search.Administration.SearchDatabase.CreateCleanDatabase[T](String
searchApplicationName, ISearchDatabaseParameters databaseParameters) at Microsoft.Office.Server.Search.Administration.SearchServiceApplication.Create(String name, SearchQueryAndSiteSettingsService service, SPIisWebServiceApplicationPool applicationPool, SPIisWebServiceApplicationPool
adminApplicationPool, ISearchDatabaseParameters adminDBParameters, ISearchDatabaseParameters searchSettingsDBParameters, IEnumerable
1 crawlStoreDBsParameters, IEnumerable
1 analyticsStoreDBsParameters, IEnumerable1 linksStoreDBsParameters, SPPartitionOptions
1 crawlStoreDBsParameters, IEnumerable`1partitionOptions, Boolean cloudIndex) at Microsoft.Office.Server.Search.Administration.SearchServiceApplication.Create(String name, SearchQueryAndSiteSettingsService service, SPIisWebServiceApplicationPool applicationPool, SPIisWebServiceApplicationPool adminApplicationPool,
ISearchDatabaseParameters adminDBParameters, ISearchDatabaseParameters searchSettingsDBParameters, IEnumerable
We are ok with the upgrade and migration section, each server it’s succedeed
Thanks so much
Permalink
Dear Stefan,
Thanks for putting attention to these problems.
I hope you could spare some time to look into my problem as well.
I am a a real noob in coding and programming so I have tried to understand what you mention with the SafeControls part, but it is not working for me.
This is the error I got:
The base type ‘Microsoft.Office.Server.Search.Internal.UI.SearchAdministration’ is not allowed for this page. The type Microsoft.Office.Server.Search.Internal.UI.SearchAdministration, Microsoft.Office.Server.Search, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c could not be found or it is not registered as safe.
And it is preventing me to open the Search Application page. I need this page to re-index our search DB.
Could you (or anyone else) please let me know which syntax I should use in the web.config?
Thanks in advance.
Christian B.
Permalink
Hi Christian,
there is no need to do this for the controls coming with SharePoint.
The error indicates that you did not run the SharePoint configuration wizard after applying the patch as the wizard will update all web.config files with the necessary changes.
Cheers,
Stefan
Permalink
Hi Stefan,
Thanks for your reply.
A run of the Configuration Wizard did the trick! Thank you very much.
I wish all problems were easy like that 🙂
Regards,
Christian
Permalink
We use Lightning Conductor web parts and they wouldn’t display after installing the Sept CU. Got the error:
lightningTools.WebParts.Aggregation.LightningConductorWebPart, Error: The control type ‘System.Version’ is not allowed on this page. The type System.Version, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 could not be found or it is not registered as safe.
The vendor sent us this safe control entry key to add in our web application web config file:
After adding it and iisreset (automatically done on save of file), they displayed again. Hope this helps someone with a similar problem, using Lightning conductor web parts and Sept CU patch.
Permalink
Hi Jones,
Can you please retype the safe control key for the Lightning Conductor WebPart, it seems it was removed/not displayed.
Permalink
Hi Stefan,
I have the issue after the Sept CU updates for SP2010.
We have custom webparts using telerik control and after the patch it is throwing the error like below.
‘Telerik.Web.UI.SocialShare.GenericSocialButtonsCollection`1[[Telerik.Web.UI.RadSocialButtonBase, Telerik.Web.UI, Version=2016.1.113.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4]]’ is not allowed on this page. The type is not registered as safe.
The safe control key has been added since we went live and it has been working fine before Sept CU.
is there anything else I can do to resolve the issue?(I know that there is work around from MS)
https://support.microsoft.com/en-ca/help/4572409/sharepoint-pages-not-render-when-using-unsafe-controls
Is Microsoft working on this issue to resolve?
I’d really appreciate if you provide some of inside information.
Thanks,
Ryan
Permalink
Hi Ryan,
before September 2020 CU the SafeControl element has not been enforced in all situations.
The error indicates that the SafeControl element is not correctly registered. If you need assistance to resolve this I would suggest to open a support case with Microsoft.
About the article you quoted: this is not a workaround – that is the solution.
About your question is Microsoft is working to resolve the issue. The seems to be a misunderstanding.
The new behavior is not caused by a problem in SharePoint but by a design change which was required to fix a security vulnerability in SharePoint.
All future patch levels of SharePoint will enforce the new behavior.
Cheers,
Stefan
Permalink
Hi Stefan,
Thank you for the information.
The issue has been resolved as I added the masterpage to the whitelist.
Whitelist the telerik control is not enough since our masterpage is ghosted. Your blog post comes and save me.
Thanks,
Ryan
Permalink
Hi Stefan,
Is this issue solved with one of the new CU?
Permalink
Hi Raphael,
there is nothing to resolve. This is a design change introduced by a security fix.
Going forward all custom controls and all pages with server side code have to be explicily enabled in the web.config.
Cheers,
Stefan
Permalink
Hi Stefan,
Thank you for your response. By a customer with SPF13 we has this issue for the searchadministration.aspx page. On this page it hasn’t custom controls. When I try it in the web.config for the CA with “<PageParserPath VirtualPath=”searchadministration.aspx”…” I get an runtime error. Do you have a solution for this?
Permalink
Hi Raphael,
it sounds to me as if you did not run the SharePoint configuration wizard after installing the fix as the Config Wizard will add the relevant entries to the web.config.
Cheers,
Stefan
Permalink
It is CU July 2020 installed and after install the SharePoint security fixes released with December 2020 PU and run the SharePoint configuration wizard we get this issue.
Permalink
Hi Raphael,
in this case I would suggest to open a support case with Microsoft to get this analyzed in more detail.
Cheers,
Stefan
Permalink
Hi Stefan, I don’t normally thank people for what I find via google. But damn, you have saved me with this post I spent days redeploying features hacking master pages trying to work out what was going on. Crazy sharepoint.
Permalink
Hi Matthew,
glad to see that my post is helpful!
Cheers,
Stefan
Permalink
Hi Stefan,
we are facing this issue in a site migrated from SP2010 to SP2016 and facing the following issue on rendering a page.
“This page allows a limit of 200 controls, and that limit has been exceeded”
I read some articles and found that it is not recommended to increase the default value of MaxControls=200 in web.config files.
Can you please suggest something? Everything works fine in SP2010 for any number of controls.
Cheers,
Harry.
Permalink
Hi Harry,
please open a ticket with Microsoft to get this analyzed.
Cheers,
Stefan
Permalink
Permalink
Hi,
After the upgrade some of our custom pages give an error like this:
http://server/_catalogs/masterpage/Themable/Catalog-CourseCalendar.aspx(243): error CS0102: The type ‘ASP._15_2188a217_5d82_4c64_9063_cfa5f884e556__1959289573’ already contains a definition for ‘g_00e5df4a_2f5e_4952_a129_47bf43bda56e’
Any ideas? Thanks!
Permalink
Hi John,
just looking at the error its not possible to answer this.
I would assume there is a problem in the custom code of this page.
If you need assistance to get this analyzed I would recommend to open a support case with Microsoft.
Cheers,
Stefan
Permalink
Hi Stefen,
Customers are facing issues with Dashboards accross the sites:
Error:
Web Part Error: The control type
‘Microsoft.PerformancePoint.Scorecards.TrasnformerConfigurationRecord’ is not allowed on this page. The type Microsoft.PerformancePoint.Scorecards.TrasnformerConfigurationRecord, Microsoft.PerformancePoint.Scorecards.Client, Version=15.0.0.0,Culture=neutral, PublicKeyToken=71e9bce111e9429c could not be found or it is not registered as safe. Correlation ID: 09a7b09f-1391-2002-aefb-85b1d316b8cf
Tried to add into the web.config the below lines but dint help:
Tried all these below, but still error persists:
2.
FYI In server there is already entry with:
for version 14 and 15
Permalink
Hi Prathiba,
did you try the solution listed above in the comments section posted by “Matt” on Sept 25th?
Cheers,
Stefan
Permalink
Has anyone solved the Powerpivot issue in Central Administration with the error? I am uncertain how to reference this in the web.config to fix
http://xxxserver:39779/ServiceAppDashboard.aspx
I am able to fix it using a wildcard like this:
But unsure how to reference the ServiceAppDashboard.aspx page directly as it does not reside in a virtual directory
Sorry, something went wrong
The attribute ‘autoeventwireup’ is not allowed in this page.
Technical Details
Go back to site
Permalink
Update….I was able to resolve by adding this
<PageParserPaths>
Permalink
I was able to resolve the issue issue by adding but getting the following now. Any Input?
An error occurred during the compilation of the requested file, or one of its dependencies. A using namespace directive can only be applied to namespaces; ‘custom.solution.name’ is a type not a namespace
Permalink
Hi Cesar,
it seems you specified the fully qualified name of the class rather than the containing Namespace.
You need to ensure that you are only specifying the namespace here.
Cheers,
Stefan
Permalink
Hello Stefan,
Thanks for sharing the solution. Have you seen any performance related issues when using PageParser method ?
As per the article below it can cause performance issues.
https://docs.microsoft.com/en-us/sharepoint/troubleshoot/sites/using-pageparserpath-directive
When PageParserPath directive is used in combination with CompilationMode=”Always” AllowServerSideScript=”true” IncludeSubFolders=”true” property values, each page in the folders specified in the VirtualPath attribute will get compiled into “C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root” as an App_Web_GUID.dll file. Once you edit the aspx page in SharePoint, the last modified date of the file will change and ASP.NET will recompile the page. ASP.NET will restart the application domain after 15 recompilations, which will unload all dlls from memory and run garbage collection and release all cached resources. The next request will initialize a new application domain for the web site and start compiling pages and repopulate caches, therefore the request will take more time.
Your time and input is always appreciated.
Thanks
Permalink
Hi Umr, as you can see in the article it is not the use of the PageParserPath directive alone which causes the performance problems – it is the the combination of using this with certain properties and a large number of modifications to the files which match the scope specified in the PageParserPath directive.
I have not seen any reports about performance problems so far – but by specifying the relevant pages directly rather than using wild cards and avoid include sub directories you can further minimize the impact.
Permalink
Thanks Stefan for the response. This work around was suggested after an issue surfaced as result of patching. Do you know if need of pageparser will be removed in future patch ?
We are seeing lots of performance related issues in on sites declared in pageparser tag. We have close to 9K sites under VirtualPath=managed path and heavily used.
we are using pageparser as below
Thanks again
Permalink
I am having the issue of ‘autoeventwireup’ not allowed in performance point dashboard in central admin. I have added the SafeCOntrol entries from Matt in the post above and also added “VirtualPath=”/ServiceAppDashboard.aspx/*” to PageParserPaths but no luck so far. I still get the autoeventwireup error on the dashboard. Any ideas anyone?
Permalink
I managed to recover the powerpivot dasboard page but none of the web parts are working. They show: “UnsafeControlException: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type Microsoft.AnalysisServices.SPAddin.DataRefreshHistoryWebPart, Microsoft.AnalysisServices.SPAddin, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 could not be found or it is not registered as safe.” I have tried crating a safe control assembly line but where do I get the namespace? I have loooked in the ULS logs and there isn’t one there. My line looks like this so far: “SafeControl Assembly=”Microsoft.AnalysisServices.SPAddin.DataRefreshHistoryWebPart, Microsoft.AnalysisServices.SPAddin, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91″ Namespace=” ? ” TypeName=”*”.
Any ideas?
Permalink
Have a educated guess, I’m not able to verify. Notice the pattern from the others, try Microsoft.AnalysisServices.SPAddin as namespace, if not that try Microsoft.AnalysisServices.
-Matt
Permalink
Thanks for the suggestions. None of the combinations worked. We are giving up on this and abandoning the dashboard.