Configuration Error using Forms Authentication

[nmt via DotNetMonster.com]

I am authenticating users with a database table. I am using Forms
Authentication, and I am able to login, but when I want to register I get
this error:
-----------------------
Configuration Error
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.

Source Error:


Line 37: by Microsoft that offers a single logon and core
profile services for member sites.
Line 38: -->
Line 39: <authentication mode="Forms" />
Line 40:
Line 41:


Source File: c:\inetpub\wwwroot\dbpractice\Register\web.config Line: 39
---------------------
Register/web.config file looks like this:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Forms" />
<authorization>
<allow users="?" />
</authorization)
</system.web>
</configuration>
------------------
Can anyone help me? I am stumped. I believe I have the configuration
settings correct, but I must be missing something.
Thanx.

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[Joseph MCAD]

April 8, 2005

As you know, you can set authorization settings in folders to further
restrict users. What you cannot do is set the authentication element in
folders. You can only specify the authentication element ONCE per
application. Therefore, to change the authentication element for a Specific
folder, you will need to configure that folder to be a virtual directory in
IIS. I hope this helps!

Joseph MCAD


"nmt via DotNetMonster.com" <forum@nospam.DotNetMonster.com> wrote in
message news:ee1495fb06434826a2197b04254daabb@DotNetMonste r.com...

>I am authenticating users with a database table. I am using Forms
> Authentication, and I am able to login, but when I want to register I get
> this error:
> -----------------------
> Configuration Error
> Description: An error occurred during the processing of a configuration
> file required to service this request. Please review the specific error
> details below and modify your configuration file appropriately.
>
> Parser Error Message: It is an error to use a section registered as
> allowDefinition='MachineToApplication' beyond application level. This
> error
> can be caused by a virtual directory not being configured as an
> application
> in IIS.
>
> Source Error:
>
>
> Line 37: by Microsoft that offers a single logon and core
> profile services for member sites.
> Line 38: -->
> Line 39: <authentication mode="Forms" />
> Line 40:
> Line 41:
>
>
> Source File: c:\inetpub\wwwroot\dbpractice\Register\web.config Line: 39
> ---------------------
> Register/web.config file looks like this:
>
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
> <authentication mode="Forms" />
> <authorization>
> <allow users="?" />
> </authorization)
> </system.web>
> </configuration>
> ------------------
> Can anyone help me? I am stumped. I believe I have the configuration
> settings correct, but I must be missing something.
> Thanx.
>
> --
> Message posted via [url]http://www.dotnetmonster.com[/url]

[nmt via DotNetMonster.com]

When I originally created the Web.config file in a folder named Register,
the settings were:
-----------------
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
-----------------
Should I just leave these settings alone? This page can be accessed by
anyone and doesn't need authorization. This folder is in the same project
as the login form, does that matter? Should I create a new virtual
directory for the register page?

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[Joseph MCAD]

April 8, 2005

Do you think you could post the virtual directory filepaths? I think it
says that it is DBPractice\Register. If this is so, could you list which
web.config contents are from each folder? I am a little confused as to
whether you configured Window Auth for DBPractice or Register and what
folder has Forms Auth? Thanks and I will be happy to help!

Joseph MCAD


"nmt via DotNetMonster.com" <forum@DotNetMonster.com> wrote in message
news:acebc80e6f89440ea4240263e3fd1a0c@DotNetMonste r.com...

> When I originally created the Web.config file in a folder named Register,
> the settings were:
> -----------------
> <authentication mode="Windows" />
> <authorization>
> <allow users="*" />
> </authorization>
> -----------------
> Should I just leave these settings alone? This page can be accessed by
> anyone and doesn't need authorization. This folder is in the same project
> as the login form, does that matter? Should I create a new virtual
> directory for the register page?
>
> --
> Message posted via [url]http://www.dotnetmonster.com[/url]

[nmt via DotNetMonster.com]

Thanks a lot for your help! This is my first time developing a login form.
It's an exciting task, but it can also be very frustrating! Also, I am
doing this as a project for the company I am interning for, so I want to
get it right!

HERE IS AN OUTLINE OF MY PROJECT:
Solution 'dbPractice'
dbPractice
Register(folder)
Register.aspx
Web.config
Login.aspx
Web.config
----------
The root Web.config file says this:

<authentication mode="Forms" />
<authorization>
<deny users="?" />
</authorization>
----------
The Register/Web.config file says this:

(when I created this file, the authentication mode was set to 'Windows',
and I changed it to 'Forms')

<authentication mode="Forms" />
<authorization>
<allow users="*" />
</authorization>
----------

The virtual directory path in the Internet Services Manager for dbPractice
is:
[url]http://localhost/dbPractice/[/url]

----------
Also, in the book I am using as a reference (ASP.NET Unleashed) it states
this little note:

'The Register.aspx page is contained in its own directory with its own
Web.config file. The
Web.config file enables anonymous access to files in the directory.
Enabling access this way is
necessary to enable unauthenticated users to register. (You could also
enable anonymous access to the
Register.aspx page with the location element in the root Web.config file.)'

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[Joseph MCAD]

April 9, 2005

If I understand correctly DBPractice is the root directory and Register
is another folder (not virtual directory). Assuming this... Web.Config files
inherit the settings farther up the filepath. The config file in register
inherits the dbpractice config which in turn inherits from Machine.config.
Also, like I said earlier, is that in order to be able to declare the
authentication element in the config, the folder it is in must be a virtual
directory. Because this is not the case this is where your problem is coming
from. Since the register config inherits the root virtual directory, you can
remove the authentication element. You can think of inheritance as if you
add all of the elements from the web.config files above yours in the
filesystem. Then you decide which ones to change. Also, you have denied
unauthenticated users the ability to view pages in the root directory (which
is correct) and allowed unauthenticated users the ability to view the login
page. Both are correct, besides the fact that you must specify in the root
config file where the people can login. Right now you have denied access and
have not allowed them to login, unless they browse to the page themselves.
If you specify the <forms> element with the attribute
loginUrl="Register\Login.aspx" then it will Automatically Redirect
unauthenticated users to this page. Then the users do not have to find the
login page themselves...

<authentication mode="Forms">
<forms loginUrl="Register\Login.aspx"/>
</authentication>

Just to be clear... Because the register config file inherits from the root,
you do not need to specify the authentication element again (which is
actually illegal to the machine to specify it in a non-vdirectory). Hope
this helps and I wish you the best of luck with your internship! Feel free
to ask more questions!



Joseph MCAD




"nmt via DotNetMonster.com" <forum@DotNetMonster.com> wrote in message
news:f7dc5e4c3d4a44898cf83f1153e7a7bb@DotNetMonste r.com...

> Thanks a lot for your help! This is my first time developing a login form.
> It's an exciting task, but it can also be very frustrating! Also, I am
> doing this as a project for the company I am interning for, so I want to
> get it right!
>
> HERE IS AN OUTLINE OF MY PROJECT:
> Solution 'dbPractice'
> dbPractice
> Register(folder)
> Register.aspx
> Web.config
> Login.aspx
> Web.config
> ----------
> The root Web.config file says this:
>
> <authentication mode="Forms" />
> <authorization>
> <deny users="?" />
> </authorization>
> ----------
> The Register/Web.config file says this:
>
> (when I created this file, the authentication mode was set to 'Windows',
> and I changed it to 'Forms')
>
> <authentication mode="Forms" />
> <authorization>
> <allow users="*" />
> </authorization>
> ----------
>
> The virtual directory path in the Internet Services Manager for dbPractice
> is:
> [url]http://localhost/dbPractice/[/url]
>
> ----------
> Also, in the book I am using as a reference (ASP.NET Unleashed) it states
> this little note:
>
> 'The Register.aspx page is contained in its own directory with its own
> Web.config file. The
> Web.config file enables anonymous access to files in the directory.
> Enabling access this way is
> necessary to enable unauthenticated users to register. (You could also
> enable anonymous access to the
> Register.aspx page with the location element in the root Web.config
> file.)'
>
> --
> Message posted via [url]http://www.dotnetmonster.com[/url]

[nmt via DotNetMonster.com]

I did what you said. I removed the authorization element in the
register/web.config file. I added the forms element with the loginUrl to
the root web.config file. And now it wants a network username and
password; it says access is denied after it prompts me for a network
username and password. Also in the loginUrl you used the path 'Register\
Login.aspx', but that path is not a correct path, so I changed it to just
say 'Login.aspx'. Here is the error I am getting:
-----------
Server Error in '/dbpractice' Application.

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.

Error message 401.2.: You do not have permission to view this directory or
page using the credentials you supplied. Contact the Web server's
administrator for help.
-----------

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[nmt via DotNetMonster.com]

OK, so I am not getting the access denied error anymore, and I moved the
login.aspx file into the same folder as the register.aspx. Is that wrong?
Well, I figured the login and register pages both can allow access to
anonymous users and the items in the root all require a username and
password.
---------
dbpractice(solution)
Register(folder)
Register.aspx
Login.aspx
Web.config
Default.aspx
Web.config
---------
Then I changed the loginUrl in the root Web.config file to say 'Register\
Login.aspx', like you had said before. Now the error I am getting is:
------------------
Server Error in '/dbpractice' Application.

Configuration Error
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.

Source Error:

Line 69: To disable cookies, set sessionState cookieless="true".
Line 70: -->
Line 71: <sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
Line 72:
Line 73: <!-- GLOBALIZATION

Source File: c:\inetpub\wwwroot\dbpractice\Register\web.config Line: 71
-----------------
If you could help me again, that would be great! Thanks.

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[Joseph MCAD]

April 11, 2005

Yes. The login page needs to be contained in the Register folder. This
will allow unauthenticated users to reach the login page. You can think of
this in the way of that there is a key in a box which you need. To get the
key you must lift up the lid of the box and take the key out. By not having
the login page in the Register folder, it would be as if there was a lock on
the box with the key, but only the key in the box can unlock it. Or (as some
of us might know better, but fortunately not me) it is like getting locked
out of your car. You have to unlock the car to get the key, but only the key
inside the car can unlock the lock... The new error you are getting is
(like the authentication element I mention earlier) not allowed in a
non-virtual directory. Therefore I believe you must delete this element and
move it to the root directory (which is a vdirectory) and then let the
register config file to inherit the settings. I think this is what needs to
be done, but I will do a little more research and then post back! Feel free
to ask more questions in the mean time!

Joseph MCAD


"nmt via DotNetMonster.com" <forum@DotNetMonster.com> wrote in message
news:60d7fd54eb09477aa873d72116195496@DotNetMonste r.com...

> OK, so I am not getting the access denied error anymore, and I moved the
> login.aspx file into the same folder as the register.aspx. Is that wrong?
> Well, I figured the login and register pages both can allow access to
> anonymous users and the items in the root all require a username and
> password.
> ---------
> dbpractice(solution)
> Register(folder)
> Register.aspx
> Login.aspx
> Web.config
> Default.aspx
> Web.config
> ---------
> Then I changed the loginUrl in the root Web.config file to say 'Register\
> Login.aspx', like you had said before. Now the error I am getting is:
> ------------------
> Server Error in '/dbpractice' Application.
>
> Configuration Error
> Description: An error occurred during the processing of a configuration
> file required to service this request. Please review the specific error
> details below and modify your configuration file appropriately.
>
> Parser Error Message: It is an error to use a section registered as
> allowDefinition='MachineToApplication' beyond application level. This
> error
> can be caused by a virtual directory not being configured as an
> application
> in IIS.
>
> Source Error:
>
> Line 69: To disable cookies, set sessionState cookieless="true".
> Line 70: -->
> Line 71: <sessionState mode="InProc"
> stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"
> />
> Line 72:
> Line 73: <!-- GLOBALIZATION
>
> Source File: c:\inetpub\wwwroot\dbpractice\Register\web.config Line: 71
> -----------------
> If you could help me again, that would be great! Thanks.
>
> --
> Message posted via [url]http://www.dotnetmonster.com[/url]

[nmt via DotNetMonster.com]

The authentication element is out of the register/web.config file. And in
the root web.config file says this:
----
<authentication mode="Forms">
<forms loginUrl="Register\Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
----

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[nmt via DotNetMonster.com]

The register/web.config file says this:
----
<authorization>
<allow users="?" />
</authorization>
----
And I am still getting that error.

--
Message posted via [url]http://www.dotnetmonster.com[/url]