Ask a Question related to ASP.NET Security, Design and Development.
-
Grant Harmeyer #1
Web.Config and subdirectory *location* security
I've read similar posts to this issue, and I am fairly certain this
configuration should work. However, when I try to request any of the pages
in the Admin subdirectory of my application root, I am given the following
error:
It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.
It then has the line "<authentication mode="Forms">" highlighted as the line
the error occurs at.
Is this an IIS config issue, or do I need to create a configSections node in
my web.config to facilitate this? If I need the configSections node added,
an example would be very helpful. Thanks.
<!-- Web.Config -->
<configuration>
<system.web>
<authorization>
<allow users="?" />
</authorization>
<compilation defaultLanguage="C#">
<assemblies>
<add assembly="MyAssembly" />
</assemblies>
</compilation>
<customErrors mode="Off" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name=".MYAPPAUTH" loginUrl="login.aspx"
protection="Encryption" timeout="20" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<httpRuntime executionTimeout="90" maxRequestLength="512"
useFullyQualifiedRedirectUrl="false" minFreeThreads="8"
minLocalRequestFreeThreads="4" appRequestQueueLimit="100" />
</system.web>
</location>
</configuration>
Grant Harmeyer Guest
-
Create a subdirectory and change to subdirectory
How can i create a subdirectory thru SDK in VB.NET? Like :- MD <NEWDIRNAME> CD <NEWDIRNAME> I dont know if my approach of searching is wrong,... -
BUG: Server.Execute ignores web.config <location> role permissions
I have an intranet site that uses authentication mode="Windows" with identity impersonate="true". I recently implemented a site search feature that... -
How can the location roles be read from the web.config file?
Security Experts, I have a config file such as this: <configuration> <system.web> <!--- other stuff goes here --> <authentication... -
Problem with web.config access-restricted subdirectory
Hi, I have a problem with web.config unsuccessfully controlling access to a subdirectory. I'm using VS03 and IIS5.0 on NT2K. I have been able... -
web.config in subdirectory related query
Hi all, I have read that you can have have multiple web.config files but some tags including <authentication> can only be present in the root... -
Chris Mohan #2 RE: Web.Config and subdirectory *location* security
The way to address this is to configure the admin sub dir as an application in IIS.> Is this an IIS config issue, or do I need to create a configSections node in
> my web.config to facilitate this? If I need the configSections node added,
> an example would be very helpful. Thanks.
The problem is that the authentication element can only be declared at the machine(for all apps hosted on a server), site, or application level. The documentation states: "Any attempt to declare it in a configuration file at the subdirectory or page level will result in a parser error message."
See: [url]http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfauthenticationsection.asp[/url]
Here's a good article for more info on setting up an app that uses windows and forms auth:
[url]http://www.theserverside.net/articles/showarticle.tss?id=FormAuthentication[/url]
"Grant Harmeyer" wrote:
> I've read similar posts to this issue, and I am fairly certain this
> configuration should work. However, when I try to request any of the pages
> in the Admin subdirectory of my application root, I am given the following
> error:
>
> It is an error to use a section registered as
> allowDefinition='MachineToApplication' beyond application level. This error
> can be caused by a virtual directory not being configured as an application
> in IIS.
>
> It then has the line "<authentication mode="Forms">" highlighted as the line
> the error occurs at.
>>
> <!-- Web.Config -->
>
>
> <configuration>
> <system.web>
> <authorization>
> <allow users="?" />
> </authorization>
> <compilation defaultLanguage="C#">
> <assemblies>
> <add assembly="MyAssembly" />
> </assemblies>
> </compilation>
> <customErrors mode="Off" />
> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
> </system.web>
>
> <location path="Admin">
> <system.web>
> <authentication mode="Forms">
> <forms name=".MYAPPAUTH" loginUrl="login.aspx"
> protection="Encryption" timeout="20" />
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
> <httpRuntime executionTimeout="90" maxRequestLength="512"
> useFullyQualifiedRedirectUrl="false" minFreeThreads="8"
> minLocalRequestFreeThreads="4" appRequestQueueLimit="100" />
> </system.web>
> </location>
>
> </configuration>
>
>
>Chris Mohan Guest
-
Grant Harmeyer #3 Re: Web.Config and subdirectory *location* security
Thanks, I see that very clearly now and it makes sense. I went to
[url]http://www.gotdotnet.com[/url] and downloaded the source code for the .Text blog
application to analyze some of the tactics used in that application for
authentication and also for some performance techniques.
Thanks for the reply
Grant
"Chris Mohan" <ChrisMohan@discussions.microsoft.com> wrote in message
news:FB25FC63-4379-47D7-91D4-663611E98F7F@microsoft.com...node in>> > Is this an IIS config issue, or do I need to create a configSectionsadded,> > my web.config to facilitate this? If I need the configSections nodeapplication in IIS.>> > an example would be very helpful. Thanks.
> The way to address this is to configure the admin sub dir as anmachine(for all apps hosted on a server), site, or application level. The>
> The problem is that the authentication element can only be declared at the
documentation states: "Any attempt to declare it in a configuration file at
the subdirectory or page level will result in a parser error message."[url]http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfauthenticationsection.asp[/url]> See:and forms auth:>
> Here's a good article for more info on setting up an app that uses windows[url]http://www.theserverside.net/articles/showarticle.tss?id=FormAuthentication[/url]>pages>
> "Grant Harmeyer" wrote:
>> > I've read similar posts to this issue, and I am fairly certain this
> > configuration should work. However, when I try to request any of thefollowing> > in the Admin subdirectory of my application root, I am given theerror> > error:
> >
> > It is an error to use a section registered as
> > allowDefinition='MachineToApplication' beyond application level. Thisapplication> > can be caused by a virtual directory not being configured as anline> > in IIS.
> >
> > It then has the line "<authentication mode="Forms">" highlighted as the>> > the error occurs at.
> >> >
> > <!-- Web.Config -->
> >
> >
> > <configuration>
> > <system.web>
> > <authorization>
> > <allow users="?" />
> > </authorization>
> > <compilation defaultLanguage="C#">
> > <assemblies>
> > <add assembly="MyAssembly" />
> > </assemblies>
> > </compilation>
> > <customErrors mode="Off" />
> > <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
> > </system.web>
> >
> > <location path="Admin">
> > <system.web>
> > <authentication mode="Forms">
> > <forms name=".MYAPPAUTH" loginUrl="login.aspx"
> > protection="Encryption" timeout="20" />
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > <httpRuntime executionTimeout="90" maxRequestLength="512"
> > useFullyQualifiedRedirectUrl="false" minFreeThreads="8"
> > minLocalRequestFreeThreads="4" appRequestQueueLimit="100" />
> > </system.web>
> > </location>
> >
> > </configuration>
> >
> >
> >
Grant Harmeyer Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
