My asp.net webform application is deployed and hosted in IIS.
I set 120 for the timeout of session state in Web.config.
According to the document, the timeout is in minutes, but the session actually is timeout in 120 seconds. I did not understand this behavior. Do you konw the reason?
<system.web>
<compilation defaultLanguage="c#" debug="true" targetFramework="4.5.2"/>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="xxx" loginUrl="Error.aspx" protection="All" timeout="240"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc" cookieless="false" timeout="120"/>
<globalization requestEncoding="Shift_JIS" responseEncoding="Shift_JIS" fileEncoding="Shift_JIS"/>
<httpRuntime maxRequestLength="1048576" executionTimeout="1800"/>
<xhtmlConformance mode="Legacy"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
Related
I want to log a user into an ASP.NET MVC site, and the session expires abnormally quickly, in minutes. I want the session to hold for days instead. Authentication is done using System.Web.Security:
FormsAuthentication.Authenticate(username, password);
My web.config looks like this:
<system.web>
<customErrors mode="Off" />
<httpRuntime targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="86400"
slidingExpiration="true"
defaultUrl="Day/ListDays"
path="/"
protection="All"
requireSSL="false"
cookieless="UseDeviceProfile"
domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="Clear">
<user name="user" password="-" />
</credentials>
</forms>
</authentication>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>
I want to configure the application and prevent the user from going directly to any page in the application without signing in but any user can access the websites homepage.
But when I run the homepage ,login page or any page of the website, I am getting this error:- The requested page cannot be accessed because the related configuration data for the page is invalid.
I can't find out where I am making mistake. I have posted my web.config file . have a look over it .show me where I am making mistake and what is the solution.
web.config
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="/Registration/LoginPage.aspx">
</forms>
</authentication>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<location path="FIRST PAGE">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Registration">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="AdminHome">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Student">
<system.web>
<authorization>
<allow roles="Student"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Teacher">
<system.web>
<authorization>
<allow roles="Teacher"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/>
</appSettings>
</configuration>
ERROR
the homepage of the website is under the folder FIRST PAGE and login and register page is under the folder Registration
The <authentication> part of your configuration should be inside the <system.web> section
MSDN authentication Element
Just edit your web.config:
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Registration/LoginPage.aspx">
</forms>
</authentication>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
Parallel Plesk is not opening default page on my domain name which I've set in the default directories, instead it is opening a login page of my ASP.NET web application. However it opens default page on my domain name once I logged in by giving right credentials.
Here is my web.config file:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH"></forms>
</authentication>
<httpRuntime targetFramework="4.5" maxRequestLength="20896" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="UserPanel.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
If you are hosting on IIS (7 or later), inside the <system.webServer> (of your web.config) add:
<defaultDocument>
<files>
<clear/>
<add value="UserPanel.aspx" />
</files>
</defaultDocument>
I am using following configuration in my web.config file
<system.web>
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Defautl.aspx" protection="All" path="/" timeout="30" />
</authentication>
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
But when I am running the code I get an error
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.
As I running it from local host so I am not sure why this error is happening.
If I disable Windows Authentication from project property the above error shows up. If I enable this then I can view any page inside my application without login.
I have commented the code ConfigureAuth inside Startup class.
Edit 1: I have gone through this link
Try This..
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms" lockItem="true">
<forms loginUrl="Login.aspx" name="frmL" slidingExpiration="true" protection="All" defaultUrl="Default.aspx" path="/"/>
</authentication>
</system.web>
<location path="YourDirectoryForAuthorizedUsers">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
So,
Not done anything in ASP.NET in a long time, I'm restricting a specific page if the user isn't logged in. I've done this a thousand times and have no idea why it's not working.
Root:
file: web.config.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="restricted.aspx"/>
</authentication>
</system.web>
</configuration>
In the folder containing restricted file:
file: web2.config
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>`
Any idea's what I'm missing?
Cheers.