As you might expect, Contrast's analysis makes your application run a little slower. But, the time difference is usually minimal, and the results are definitely worth it.
It's more important to think about how Contrast affects the round-trip time. In typical applications, Contrast doubles the round-trip time for a request that contains a lot of business logic. Contrast only affects the CPU processing time of your application. Round-trip times for static resources don't get measurably worse in most cases. In many applications, a significant amount of time is spent waiting on databases and accessing remote resources. In requests where the total round-trip time is dominated by database or WebService calls, Contrast's effect is less noticeable.
If performance is crucial to your environment, consider the following options.
While the options above should provide the biggest boost to performance, you can try the following steps to tune performance further.
The Contrast Tray and/or .NET agent logs report errors when connecting to the Contrast application:
Contrast .NET service failed to start. Contrast .NET cannot connect to TeamServer at: https://app.contrastsecurity.com. The remote name could not be resolved: app.contrastsecurity.com
Data from a server with the installed agent doesn't appear in the Contrast interface.
Open the .NET agent's configuration file, DotnetAgentService.exe.config, which is located in the agent's installation directory (i.e., C:/Program Files/Contrast .NET).
Verify that the
TeamServerUrl value (e.g., https://app.contrastsecurity.com/Contrast) can be reached from a normal web browser on the server. If the URL can't be reached, you should review the network path and related settings between the server and the Contrast application.
Verify proxy settings. If a normal web browser can connect to Contrast but the agent can't, the agent might be missing the proxy settings required by your network environment. You can configure a proxy using the
ProxyAddress values in the configuration file.
Verify that the API key is correct. If the above settings are correct, the API key used by your organization might have changed. Follow these directions to view your current API Key.
By default, the .NET framework doesn't allow SSL connections that can't be validated. If the .NET agent is attempting to connect to Contrast with a self-signed SSL certificate, it could give the following error message:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
There are two configuration changes that allow the .NET agent to connect to Contrast with a self-signed SSL certificate:
Contrast only recommends that you use these solutions for testing purposes in a trusted environment. These changes could allow for man-in-the-middle attacks to intercept or modify data sent from the agent to Contrast.
Alternatively, you can configure the agent to trust any certificate. You should only use this configuration for testing purposes or in trusted environments.
<?xml version="1.0"?> <configuration> <appSettings> <add key="TeamServerUrl" value="*****************"/> <add key="TeamServerUserName" value="*******************"/> <add key="TeamServerApiKey" value="**************"/> <add key="TeamServerServiceKey" value="************"/> <add key="TeamServerValidateCert" value="false"/>
In rare scenarios, bad instrumentation causes a web server process to crash or a specific page to error out. If you ever encounter a crash or error caused by Contrast, please report the error and file a bug report. If possible, follow the steps below to gather agent logs and process dumps; this additional information is vital to reproducing and fixing these types of bugs.
The .NET agent logs information to the Contrast\dotnet\LOGS directory within C:\ProgramData\Contrast\dotnet\LOGS, the Windows 2008/2012 ProgramData directory. Depending on the setup of the Windows profile and folder view settings, the directories may be hidden. If so, paste the paths into the Windows Explorer location; you may need to replace the drive letter C with D.
You can change which information is logged by changing the logging level in the .NET agent configuration.
There are two primary types of agent bugs for which Contrast needs to gather logs and other information:
Check your scenario against the following indicators to confirm that the web server process crashed.
The web application is unresponsive after installing the .NET agent.
The Windows Event Log (Event Viewer > Windows Logs > Application) has Error entries for the ".NET Runtime" and "Application Error".
Application: w3wp.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP XXXXXXXXX with exit code YYYYYYY
The "Application Error" entry has details similar to:
Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp: 0x5215df96 Faulting module name: clr.dll, version: 4.7.2114.0, time stamp: 0x59a63e48 Exception code: 0xc0000005 Fault offset: 0x00000000002ff61c Faulting process id: 0x3724 Faulting application start time: 0x01d337d711f21e68 Faulting application path: c:\windows\system32\inetsrv\w3wp.exe Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Report Id: 4fc99650-a3ca-11e7-80e8-005056bd4248
Once you confirm that the observed bug is a process crash, you're ready to gather information to file a bug.
Complete the following steps to gather information to send to Contrast.
md c:\dumps procdump.exe -ma -i c:\dumps
Once you've reproduced the crash, gather the following items and include them in your bug report:
You can then uninstall ProcDump with
The above process also helps the .NET engineering team resolve issues such as application errors caused by the .NET agent. Use the following indicators to determine if the .NET agent is causing an application error.
You've observed the application working normally without the agent.
You've observed a page of the application "crashing" (returning a 500 error) under the agent.
There are no errors for ."NET Runtime" and "Application Error" in the Windows Event Log.
There may be warnings for "ASP.NET" in the Windows Event Log. The warning should look similar to the following:
Source: ASP.NET 4.0.30319.0 Date: 10/9/2017 9:22:46 AM Event ID: 1309 Task Category: Web Event Level: Warning Keywords: Classic User: N/A Computer: FOO.COMPUTER.COM Description: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 09/10/2017 9:22:46 AM Event time (UTC): 09/10/2017 2:22:46 PM Event ID: f706787c1f1247e6a87b777a90413c3d Event sequence: 9 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/ROOT/FOO-1-131520325424796488 Trust level: Full Application Virtual Path: /Foo Application Path: E:\MCMSFiles\inetpub\wwwroot\Foo\ Machine name: FOO Process information: Process ID: 176840 Process name: w3wp.exe Account name: System Exception information: Exception type: ArgumentOutOfRangeException Exception message: Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index at System.Collections.ArrayList.get_Item(Int32 index) at System.Web.UI.WebControls.DataListItemCollection.get_Item(Int32 index) at Fabrikam.SetTabCount(Int32 index, NullableInt32 summaryCount) in C:\Foo\Fabrikam.aspx.cs:line 1686 at Fabrikam.GetSummaryCounts() in C:\Foo\Fabrikam.aspx.cs:line 1468 at Fabrikam.OnPreRender(EventArgs e) in C:\Foo\Fabrikam.aspx.cs:line 549 at System.Web.UI.Control.PreRenderRecursiveInternal() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Request information: Request URL: https://www.foo-staging.com/Foo/Fabrikam.aspx Request path: /Foo/Fabrikam.aspx User host address: 22.214.171.124 User: msteeber Is authenticated: True Authentication Type: Thread account name: System Thread information: Thread ID: 19 Thread account name: System Is impersonating: False Stack trace: at System.Collections.ArrayList.get_Item(Int32 index) at System.Web.UI.WebControls.DataListItemCollection.get_Item(Int32 index) at Fabrikam.SetTabCount(Int32 index, NullableInt32 summaryCount) in C:\Foo\Fabrikam.aspx.cs:line 1686 at Fabrikam.GetSummaryCounts() in C:\Foo\Fabrikam.aspx.cs:line 1468 at Fabrikam.OnPreRender(EventArgs e) in C:\Foo\Fabrikam.aspx.cs:line 549 at System.Web.UI.Control.PreRenderRecursiveInternal() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
As the process hasn't crashed, ProcDump won't capture process dumps. Instead, you must gather the process dump manually by completing the following steps.
Find the Process ID of the worker process that you need.
From an administrator command prompt, replace
NNNNN with the process ID from the previous step.
C:\>procdump -ma NNNNN
Follow a similar process to gather agent logs, windows events and process dumps to include with your bug report.
If you encountered a bug other than a process crash or unhandled exception - maybe the .NET Tray has an inaccurate state, or the agent found a false positive - please file a bug report. Contrast doesn't usually need process dumps, but trace-level logs and a detailed description of the problem are very helpful when it's time to fix these bugs.