Hi,
We have ghostable pages that are using autoeventwireup.
Since we deployed the September patch, we are getting "autoeventwireup is not allowed for this page".
Please Help
Sharepoint 2016 on premise - autoeventwireup error after September 2020 patch
Getting Error Message for Exception System.Web.HttpParseException (0x80004005): The attribute 'autoeventwireup' is not allowed in this page. ---> System.Web.HttpParseException (0x80004005): The attribute 'autoeventwireup' is not allowed in this page. ---> System.Web.HttpException (0x80004005): The attribute 'autoeventwireup' is not allowed in this page.
at System.Web.UI.TemplateParser.ProcessError(String message)
at System.Web.UI.TemplateParser.OnFoundAttributeRequiringCompilation(String attribName)
at System.Web.UI.TemplateControlParser.ProcessMainDirectiveAttribute(String deviceName, String name, String value, IDictionary parseData)
at System.Web.UI.TemplateParser.ProcessMainDirective(IDictionary mainDirective)
at System.Web.UI.TemplateParser.ProcessException(Exception ex)
at System.Web.UI.TemplateParser.ParseStringInternal(String text, Encoding fileEncoding)
at System.Web.UI.TemplateParser.ParseString(String text, VirtualPath virtualPath, Encoding fileEncoding)
at System.Web.UI.TemplateParser.ParseString(String text, VirtualPath virtualPath, Encoding fileEncoding)
at System.Web.UI.TemplateParser.ParseFile(String physicalPath, VirtualPath virtualPath)
at System.Web.UI.TemplateParser.ParseInternal()
at System.Web.UI.TemplateParser.Parse()
at System.Web.Compilation.BaseTemplateBuildProvider.get_CodeCompilerType()
at System.Web.Compilation.BuildProvider.GetCompilerTypeFromBuildProvider(BuildProvider buildProvider)
at System.Web.Compilation.BuildProvidersCompiler.ProcessBuildProviders()
at System.Web.Compilation.BuildProvidersCompiler.PerformBuild()
at System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath)
at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean throwIfNotFound)
at System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp)
at System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath)
at System.Web.HttpApplication.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
The master page might be changed. Can you take a reference of below similar thread?
http://www.suhail.cloud/2017/01/the-attribute-autoeventwireup-is-not.html
Best Regards,
Baker Kong
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
We're experiencing the same issue after installing September 2020 CU on a SharePoint 2016 farm. The sites use very customized master pages and home pages. Resetting to site definition is not an option.
We have the same issue after installing the security updates for SharePoint 2013 that came out on windows update.
Same problem here. Seems like this occured after installing the updates. What are the KB's you guys see?
I have KB4484488, KB4484525, KB4484515, KB4577038, KB4577048
Message I have:
Getting Error Message for Exception System.Web.HttpParseException (0x80004005): The referenced file '/_layouts/ep/EPSecurityControl.ascx' is not allowed on this page. ---> System.Web.HttpParseException (0x80004005): The referenced file '/_layouts/ep/EPSecurityControl.ascx' is not allowed on this page. ---> System.Web.HttpException (0x80004005): The referenced file '/_layouts/ep/EPSecurityControl.ascx' is not allowed on this page. at System.Web.UI.BaseTemplateParser.GetReferencedType(VirtualPath virtualPath, Boolean allowNoCompile) at System.Web.UI.BaseTemplateParser.GetUserControlType(VirtualPath virtualPath) at System.Web.UI.MainTagNameToTypeMapper.ProcessUserControlRegistration(UserControlRegisterEntry ucRegisterEntry) at System.Web.UI.BaseTemplateParser.ProcessDirective(... e4e2799f-611f-d0b0-9775-d61afeba893c
I tried rebooting the server. Rebooting IIS. Updating using SharePoint Products Configuration Tool. Browsing the C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS.
Databases have status no action required. Upgrade status is succeeded.
I do see some messages in the Update and Migration menu. But I believe these were already there.
I may have found some useful links:
https://thesharepointfarm.com/2020/09/sharepoint-september-2020-update-notes/
https://support.microsoft.com/nl-nl/help/4572409/sharepoint-pages-not-render-when-using-unsafe-controls
Post I created on Reddit: https://www.reddit.com/r/sharepoint/comments/iu2h35/troubleshoot_issues_with_microsoft_sharepoint/
Issue surfaced in SharePoint 2013, just on a page with inline (C#) code.
The likely culprit is https://support.microsoft.com/en-us/help/4486667/security-update-for-sharepoint-foundation-2010-sept-8-2020, potentially overlapping other related changes pointed to by @MarcoBroere-0639:
"This security update enhances security rules for rendering and creating pages. Some customized pages may be blocked if they contain inline code. You can revert the pages to their original state, delete all inline code to make the pages work, or mark the pages for safe scripting."
Even though the post makes reference to SharePoint 2010, it appears it affects 2013 and 2016 as well.
One potential solution is to explicitly enable inline code execution, that was not required until the Sept 2020 updates:
1) In the SharePoint site's web.config, look for the <SafeMode> tag
Add a <PageParserPath> entry allowing inline execution. More fine grained definition of the path to point to the particular page that caused the issue did not work, just the big hammer below, using the broadest possible wildcard. Probably some silly mistake that can hopefully be fixed.
Notice that there is plenty of discussion (e.g. http://support.microsoft.com/kb/2659203) of risks and performance implications of this that need to be considered longer term. But this may get pages back online in the meantime.
<SafeMode ControlCompatMode="true" MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="250" AllowPageLevelTrace="false">
<PageParserPaths>
<PageParserPath VirtualPath="/*" CompilationMode="Always" AllowServerSideScript="true" IncludeSubFolders="true"></PageParserPath>
</PageParserPaths>
</SafeMode>
2) Add the assembly with the code behind, if any, to the web.config <SafeControls> list
Edit
Getting Error Message for Exception System.Web.HttpParseException (0x80004005): The attribute 'autoeventwireup' is not allowed in this page. ---> System.Web.HttpParseException (0x80004005): The attribute 'autoeventwireup' is not allowed in this page. ---> System.Web.HttpException (0x80004005): The attribute 'autoeventwireup' is not allowed in this page.
at System.Web.UI.TemplateParser.ProcessError(String message)
at System.Web.UI.TemplateParser.OnFoundAttributeRequiringCompilation(String attribName)
at System.Web.UI.TemplateControlParser.ProcessMainDirectiveAttribute(String deviceName, String name, String value, IDictionary parseData)
at System.Web.UI.TemplateParser.ProcessMainDirective(IDictionary mainDirective)
at System.Web.UI.TemplateParser.ProcessException(Exception ex)
.....
@PBarth-2849 , Have you implemented this potential solution? Did it work for you?
Worked for me as described @MarcBroere-0639, on a test server, and then on production.
I suspect the same symptom may be shown for a variety of reasons though, as the set of related posts that you list, plus mine indicate.
I'm still puzzled by the fact that I cannot get just the specific page listed as safe, unless I use the broadest wildcard as shown. Tried many variations of the virtualpath to layouts, but always get the same error when not using a plain "/*". Shows you need to be very precise here, so in case you get the issue on a page with inline code as well, I would triple check that entry just in case.
Thank God it worked. Reset to site definition was NOT an option.
This whole situation without the proper communication to the companies leaves me nuts!
Try <PageParserPath VirtualPath="/*" CompilationMode="Always" AllowServerSideScript="true" AllowUnsafeControls="true" IncludeSubFolders="true"></PageParserPath>
That seemed to do the trick for my issue with Ax 2012 EP on SP 2013.
I have removed the autoeventwireup declaration and registered the events on page_load.
In order to bypass the SafeMode issue, we have added each Class as safe control
like
<SafeControl Assembly="SPPortal, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a17985f45517094" Namespace="MyApp.SitePages" TypeName="MyWorkshop" Safe="True" AllowRemoteDesigner="False" />
The pages are working.
Hi @vinjourdain,
We have got an update about this known issue from the premier group.
In Sep CU, some enhance security rules has overridden several settings, the product added “allowServerSideScript=false” & “allowUnsafeControls=false” against the ghosted page, so if you have ghosted pages which contains inline-code or code behind which hasn’t been declared as safe control, then the page should be blocked. It will affect SP2019 & 2016 & 2013 & 2010.
For more details, please refer to :
It seems that you have got it working, and if you're the original author, please accept your reply as Answer so that others who stuck in similar issue could get answered quickly.
Thanks
Baker Kong
8 people are following this question.
