An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode

 HTTP Error 500.24 - Internal Server Error

An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode

Most likely causes:

• system.web/identity@impersonate is set to true.

Things you can try:

• If the application supports it, disable client impersonation.
• If you are certain that it is OK to ignore this error, it can be disabled by setting system.webServer/validation@validateIntegratedModeConfiguration to false.

Background of the Issue: 

Above error may occur with any version of .Net or .Net Core and Any version of Visual Studio as well. I faced this issue while creating a POC on .Net Core 3.1 as well as recently while working with .Net 5. 

What is the root cause of Issue ? 

Root cause of the issue is that scaffolding template that comes with .Net as well as the settings of Visual studio which does not create web.config while choosing the web project specially .Net core versions.  

You need to have at least this web.config as bare mininum requirement in case no authentication is required and no authorisation is required. Depending upon the requirement you may comment/uncomment the codes after creating the web.config file manually in Root directory of website. Do not confuse it with wwwroot,  take a look on below snapshot to be more clear : 

<?xml version="1.0" encoding="utf-8"?>

<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 

  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->

  <system.webServer>

    <!--<handlers>

      <remove name="aspNetCore" />

      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />

    </handlers>

    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />

    <security>

      <authentication>

        <anonymousAuthentication enabled="false" />

        <windowsAuthentication enabled="true" />

      </authentication>

    </security>-->

    <validation validateIntegratedModeConfiguration="false"/>

  </system.webServer>

</configuration>

Location of  web.config File : 

Happy Coding...!!!

Get Free SSL From LetsEncrypt, Export PFX to Cert, Verify DNS via Txt Record

 How to Get Free SSL from LetsEncrypt for Website ?

LetsEncrypt provides Free SSL to protect website and provide green pad lock to encrypt all communication between user and server over secured http. But Getting a certificate is not that easy as described in various articles, specially in case where Hosting provider does not provide you SSH access, and there is no much help available to use Certbot in manual mode. Read this section on LetsEncrypt website : 

Without Shell Access

If your hosting provider doesn’t want to integrate Let’s Encrypt, but does support uploading custom certificates, you can install Certbot on your own computer and use it in manual mode. In manual mode, you upload a specific file to your website to prove your control. Certbot will then retrieve a certificate that you can upload to your hosting provider. We don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires. 

What is the Solution  then ? 

There are various ACME ((Automated Certificate Management Environment) client List available in different language and different platforms like Windows, Unix, etc. But here we require one that could generate SSL Certificate on our own Personal computer like desktop or laptop then we could choose to upload on web server hosting provider via Plesk. We preferred win-acme (.NET) client which is based on .Net and support wildcard option like *.yourdomain.com, simply download the zip and extract to a folder. Now open command prompt in Administrator mode and navigate to folder containing wacs.exe, execute this exe to get step by step guide to generate SSL. Contact us using form to get more info on how to use this exe, even though it is self explanatory in nature.

Unable to verify DNS after adding TXT Record, or, TXT Record Added not getting reflected ?

This is a major challenge while validating DNS TXT record to verify your ownership. Basically, there are two SSL option, one is per domain and sub domain and another is Wildcard which supports all of your subdomain, which is comparatively good as one certificate does all job. Whereas first option requires http challenge to place a file in root of your webserver,  under wellknownserver, but Later option to get wildcard SSL requires DNS verification via TXT Record.

So in case you are also facing above issue, you must be doing it at wrong place. Adding TXT record to your Registrar does not work once you hosted your content on web-server somewhere else, i.e., your registrar is different and hosting provider is different. So, Navigate to DNS setting on plesk and Add record over there _acme-challenge as TXT Record and value provided by above exe. It will reflected in fraction of seconds, so there should no problem in verify the ownership there.

Generated PFX but Plesk ask to upload Cert Files, How to export CERT from PFX file downloaded from LetsEncrypt ?

So irrespective of ACME clients chosen, they will give only PFX file which comprises both Public key and private key, but that PFX is not compatible with Plesk. So how to proceed ? 

1 In order to generate certificate or export cert file out of pfx, you will need to install OpenSSL, so choose any OpenSSL Windows client from Official OpenSSL website. We went with second option Win64 OpenSSL v1.1.1g EXE, 63MB Installer available on slproweb as it provides 64bit client and step by step Wizard to install and register relevant DLL.

2. you will need to update Path Environment Variable to installed directory to make it available all where like this  :

3. Test if above config went well, by putting openssl on any screen., this will return below like screen

4. Copy your PFX file somewhere else, so that original file remains the place where it was downloaded.
and Navigate to location it has been copied to :

5. Run these 3 Commands to export PFX to Cert

pkcs12 -in sample.pfx -nocerts -out private.key

pkcs12 -in sample.pfx -clcerts -nokeys -out certificate.crt

rsa -in private.key -out private-decrypted.key

6. Now upload decrypted private key and certificate to your plesk, No need to provide Bundle-Cert as that is optional :