IIS Subsite with different web.config, Is it possible? - asp.net

My IIS subsite take the web.config from the main site. How to avoid it?
I want my subsite just read its own web.config and works as independent site
This is how it looks in IIS:
img1

Yes, web.config contains the server configuration information related to each web application, there should be a web.config in the root folder of your web application.
If you want different web.config for subsite, you can place web.config file under your subsite of application.
<location path="." inheritInChildApplications="false">
<system.web> 
...
</system.web>
</location>

Related

I want to url redired in asp.net using web.config

I have one or more than one url like http://vfiresolution.in/pdf/p.pdf. And I want to redirect the above url to http://vfiresolution.in/page.aspx?id=1.
I am using the below given code. My code is working on local host. But If i publish my code on shared server code not working.
my code is
<configuration>
<location path="pdf/p.pdf">
<system.webServer>
<httpRedirect enabled="true" destination="http://vfiresolution.in/page.aspx?id=1" httpResponseStatus="Permanent" />
</system.webServer>
</location>
</configuration>
http://www.iis.net/configreference/system.webserver/httpredirect
check the iis
(httpredirect)
Compatibility
The httpRedirect section of web.config is compatible with IIS 7 (w2k8) and IIS 7.5 (w2k8 r2).
Web.config files are deeply integrated with IIS 7.x.
The httpRedirect directives listed will apply to all files and directories (php, jpg, png, htm, etc), not just asp.net files.
While some web.config sections sometimes require that the containing directory is set as an application, this isn't one of them.
A simple web.config with a httpRedirect section may be placed in any directory, and the directory does NOT need to be set as an application.

how to prevent access to virtual directory without login to a website

I have a directory contains some documents,
i would like to allow access to files on this directory only if the user successfully logged in to a website.
the login users and passwords managed by aspNet Membership tables and stored at the DB.
if the directory was sitting on the website is would be easy since it restricted by default
but physical path of the directory is not inside the website
and i prefer to leave it that way, since this directory can be access from another website
how to solve this?
thanks
You should add the runAllManagedModulesForAllRequests attribute to the modules tag in your web.config like so:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
...
</modules>
...
</system.webServer>
This will impose your dotnet security on all files like word documents and such. Then you can secure the folder using the location section in web.config like so:
<location path="SomeVirtualDirectory">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
Its not possible to navigate outside of a website directory as it is outside scope of your website and no way depends on the website credentials.
The file directory doesn't have to be a physical subdirectory of your site. If you add it as a virtual directory inside your application, you can just set authentication appropriately.
Alternatively you can just issue something like this:
string filename = #"F:\SomeDirectory\Foo.txt";
Response.TransmitFile(filename);
Then you can just set authentication on this page, for example called DownloadFile.aspx.

Error in web.config "location"

My site has 2 logins. 1 on the front end for regular users, and one in the admin section, for admins (I need 2 logins because each one asks for different login criteria). To authenticate the admin directory, I setup a "location" element in my main site's web.config like this:
<location path="Admin">
<system.web>
<authentication mode="Forms" >
<forms loginUrl="/Accounts/adminLogin.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
If I try to type any page from my "Admin" directory, into my browser, I get the following error:
It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
How can I setup my location element to redirect properly?
Thanks
There are mainly one of the two reason why you got this error message.
If you have not configured your asp.Net application in iis. If you have not configure your application to run on iis first configure your site to run on iis.For that create virtual directory from iis and give permission to application (read,write)
If above is not problem then there are mainly problem of two or many web.Config exists on your site.When you open some site and if software crate backup of that application then software mainly do create subfolder and copy all files + web.Config in application.Just remove this subfolder web.Config from subfolder.
Check the web.Config in your admin folder and main root folder for settings and configurations.
You can't change the Authentication mode within a subdirectory. Only WebApplications can define this setting which applies to the entire application. A location element is only used in subdirectories to change authorization, not authentication settings.

How do I make web.config apply to the root folder only?

Is there a way of preventing inheritance of the web.config file in the root of wwwroot within IIS7 to all other sub-folders?
A developer installed a web app which put files in the wwwroot folder. All worked fine until Exchange 2010 was installed and didn't work. Removing the web.config file in the root of wwwroot gets Exchange working (OWA etc) but breaks the web app. Putting the web.config file back fixes the web app but breaks Exchange again.
To prevent inherited configuration to child applications, you wrap the <system.web> tag in a <location> tag, with inheritInChildApplications="false".
<location path="." inheritInChildApplications="false">
<system.web>
...
</system.web>
</location>

Multiple/Different authentication settings in web.config

How would I go about setting different authentication tags for different parts of my web app? Say I have:
/
/folder1/
/folder2/
Would it be possible to specify different <authentication/> tags for each folder?
I want folder1 to use Windows authentication but folder2 use Forms authentication.
I tried doing in a <location/> tag but it doesn't look like you can have <authentication/> tags in a <location/> tags, at least not via VS 2008 with it's built in webserver.
This errors out saying - Error 3 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
<location path="/folder1">
<system.web>
<authentication mode="Forms" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
You can only have <authentication /> on the top level web.config. You may have to create multiple applications. ie you can create an application within an application and use different authentication modes in each one.
I think you can set the forms authentication authorization on folder1 to
<allow users="*" />
then control the windows access via setting windows permissions on the folder.
I haven't tried it, but I can't think of why that wouldn't work.
These settings are only valid at the root level of your ASP.Net application. To use different settings in a sub folder you will need to go into IIS and set that sub folder to be a new application.
Once you done this, the folder will have a different icon in the IIs manager. Inside your subfolder, create a new web.config file and add the new authentication settings there.
More information available at Creating Applications.

Resources