ASP.NET, two Web.Config - asp.net

I have a .NET application with all the aspx pages and the main web.config in the root folder but I now have a situation where I need a portal like section for other users. I have created a new folder with it's own unique aspx pages and a second web.config.
I especially need a second web.config to have the <authentication> with a <forms loginUrl="" defaultUrl="> for this portal section and a <authentication> too.
I have implemeted this second web.config in the way I created the first and I am getting this error message:
It is an error to use a section registered as allowDefintion='MachineToApplication'
beyond application level. This error can be caused by a virtual directory not being
configured as an application in IIS.
Now I think the main web.config file is conflicting with the this second webconfig in it's folder. I'm not sure how to fix this, I have seen theories on how this works but no solid code.
Thank you for any suggestions and your time, it is much appreciated.

In IIS, create a virtual directory, under your main application. The local web.config will overide stuff in your main web.config, but still use you main web.config for everything else (i.e. ConnectionStrings, encoding, etc.).

Related

IIS website paths behave different when accessing the site from outside the network

As the title states, I get different behavior on my website when I try to access it from the internet, as opposed to accessing it from the local network, and I cannot figure out why. I know it is because IIS is trying to serve me content from the parent application, but I don't know how to fix it.
Let me try explain: I have a website (not a web application) that I deployed to an existing IIS site, and then converted it to an application. If I access the website from the local network (<hostname>/path/to/site.aspx) then everything works fine, but when I try to access the site from the internet (<domain.name>/path/to/site.aspx) then it breaks, and I have the mappings set up correctly for the domain (it works on the parent application).
Initially it couldn't access the Site.Master page, saying the file cannot be found at <Site Parent Folder>/Site.Master (Instead of <Site Parent Folder>/<Current App>/Site.Master), so I had to change the master page reference on the ASP page from ~/Site.Master to just Site.Master And that seems to have worked for the master page only. It now gives me an error about being unable to find my classes in the App_Code directory (The type or namespace name 'MyClass' could not be found. Are you missing a using directive or an assembly reference?) so I'm suspecting that it is still trying to reference those from the parent directory.
Any ideas on how I can fix it so that it references the current application's directory instead of the parent app's directory?
Thanks in advance.
Ensure that your deployed website is running as a sub-applicaiton under main IIS site.
In your main IIS website update web.config and wrap system.web section with location element with inheritInChildApplications set to false
<location path="." inheritInChildApplications="false">
<system.web>
…
</system.web>
</location>
You can read more about it here

Add Standalone ASP.Net Application Into Existing ASP.Net Website - not working

I have an asp.net '4.5' site (Orion Solarwinds) and I would like to add functionality. This can be done with a virtual directory, but adding anything to that folder will cause a recompile and interrupt service to the user.
It should be possible(and done it many times before) to 'just' add a application. So I should be able to use a separate application pool.
BUT what happens is that even with a index.html file in an empty application with a web.config in there, it still seems to inherit from the host webconfig. Thus this is not a Standalone ASP.Net Application in an existing website. I have tried to decouple this basic application - no joy. How can I fix this?
You can try using inheritInChildApplication by wrapping sections you don't want to inherit in host webconfig with this:
<location path="." inheritInChildApplications="false">
There's more details in this other thread

Server Error in '/' Application. ASP.NET

Greeting,
I developed a website using ASP.Net 3.5 and C#. It is working good with Visual Stdio 2010.
I uploaded my website to my domain under the public folder.
First time I lunched my website for testing (http://wecoders.com/Habib_cuizine/Gallery.aspx)
I would revive (Server Error in '/' Application.)
Runtime Error Description: An
application error occurred on the
server. The current custom error
settings for this application prevent
the details of the application error
from being viewed remotely (for
security reasons). It could, however,
be viewed by browsers running on the
local server machine.
Details: To enable the details of this
specific error message to be viewable
on remote machines, please create a
tag within a
"web.config" configuration file
located in the root directory of the
current web application. This
tag should then have
its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
>
> <configuration>
> <system.web>
> <customErrors mode="Off"/>
> </system.web> </configuration>
Notes: The current error page you are
seeing can be replaced by a custom
error page by modifying the
"defaultRedirect" attribute of the
application's
configuration tag to point to a custom
error page URL.
> <!-- Web.Config Configuration File -->
>
> <configuration>
> <system.web>
> <customErrors mode="RemoteOnly"
> defaultRedirect="mycustompage.htm"/>
> </system.web> </configuration>
To fix this error I added to the webConfig file inside tag:
> <customErrors mode="Off"/>
After that when I lunch the website I would receive a new error as listed bellow:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error:
Line 35: ASP.NET to identify an incoming user.
Line 36: -->
Line 37: <authentication mode="Windows" />
Line 38: <!--
Line 39: The section enables configuration
Source File: \10.0.40.35\wecoders.com\public\habib_cuizine\web.config Line: 37
Please advice how to fix this error and how configure my website which developed using Visual Stdio 2010 to be published in the internet.
Regards,
The key information in this error is this line:
This error can be caused by a virtual
directory not being configured as an
application in IIS.
In IIS, you can have several applications, but they must be configured as an application. Generally, when you create a web project it maps directly to an IIS application.
Check with your hosting service on how to create an IIS application for your web app.
Edit - added
If this is on your server, you can set this up yourself following the instructions in #Frazell Thomas's answer. He beat me to finding that link. To save yourself some reading, you should be able to focus in on the Creating Virtual Directories and Local Web Sites section.
right-click virtual directory (e.g. MyVirtualDirectory)
click convert to application.
Have you configured the virtual directory as an ASP.NET application for the right framework version?
See IIS Setup
Look at these two excerpts:
I uploaded my website to my domain under the public folder.
and
This error can be caused by a virtual directory not being configured as an application in IIS.
It's pretty clear to me that you did exactly what you said you did, and no more, i.e. you transfered the files to the web server, but nothing else. You need to configure that public folder as a virtual directory in IIS as the error is telling you, or it's just not going to work.
Looks like you have <authentication mode="Windows" /> in your web.config file but your hosting provider won't let you use that. Just remove that line.
I got the same problem and my solution was to remove webconfig file from the directory.. then it works..
http://www.velocityreviews.com/forums/t123353-configuration-error.html
If you want to use inetpub/wwwroot/aspnet as your application, remove this
line :
Line 26:
and any other lines which define MachineToApplication beyond application
level
If you want to use d:\inetpub\wwwroot\aspnet\begin\chapter02\ as your
application,
create an IIS Application which points to
d:\inetpub\wwwroot\aspnet\begin\chapter02\
maybe you can refer link above.
For my application, my web.config store in d:\inetpub\wwwroot\aspnet\begin\chapter02\
and when i move the web.config to d:\inetpub\wwwroot\aspnet and the problem is solve.
Please check also does your application have two web.config file.
Looks like this is a very generic message from iis.
in my case we enabled integrated security on web config but forgot to change IIS app pool identity.
Things to check -
go to event viewer on your server and check exact message.
-make sure your app pool and web config using same security(E.g Windows,integrated)
Note: this may not help every time but this might be one of the reason for above error message.
I have the same issue, my application was running on amazon vps, lately i found that bin folder had multiple copies of dll's ...
After removing those copies of dlls like entityframework(copy1).dll, errors were gone....
May be some one will get help...cheers
Removing the web.config-file from the IIS Directory Folder solves the problem.
Try removing the contents of the <compilers> tag in the web.config file. Depending on who you're hosting with, some don't allow the compiler in production.
Your application is trying to compile when it is called and their servers won't allow it.
This wont necessarily fix the problem...but it will tell you what the real problem is. Its currently trying to use a custom error page that doesn't exist.
If you add this line to Web.config (under system.web tag) it should give you the real error.
<system.web>
<!-- added line -->
<customErrors mode="Off"/>
<!-- added line -->
</system.web>
If your project is linq with Sql Database.
Then Simply Check your System Services and Start sql Server Agent Service.
Now your problem is solved.
Just check connectivity between SQL And your App (if you used SQL)

How to resolve "Server Error in '/' Application" error?

I am trying to deploy an asp.net application in our server while I am receiving the following error.
Server Error in '/' Application.
________________________________________
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error:
Line 63: ASP.NET to identify an incoming user.
Line 64: -->
Line 65: <authentication mode="Windows"/>
Line 66: <!--<forms loginUrl="~/SCR.UI/Login1.aspx"/>
Line 67: </authentication>-->
Source File: D:\BarclaysPayamentManagementSystem\scr.ui\web.config Line: 65
What is the reason and how to resolve it?
Please help
You may get this error when trying to browse an ASP.NET application.
The debug information shows that "This error can be caused by a virtual directory not being configured as an application in IIS."
However, this error occurs primarily out of two scenarios.
When you create an new web application using Visual Studio .NET, it automatically creates the virtual directory and configures it as an application. However, if you manually create the virtual directory and it is not configured as an application, then you will not be able to browse the application and may get the above error. The debug information you get as mentioned above, is applicable to this scenario.
To resolve it, right click on the virtual directory - select properties and then click on
"Create" next to the "Application" Label and the text box. It will automatically create the "application" using the virtual directory's name. Now the application can be accessed.
When you have sub-directories in your application, you can have web.config file for the sub-directory. However, there are certain properties which cannot be set in the web.config of the sub-directory such as authentication, session state (you may see that the error message shows the line number where the authentication or session state is declared in the web.config of the sub-directory). The reason is, these settings cannot be overridden at the sub-directory level unless the sub-directory is also configured as an application (as mentioned in the above point).
Mostly, we have the practice of adding web.config in the sub-directory if we want to protect access to the sub-directory files (say, the directory is admin and we wish to protect the admin pages from unauthorized users).
I had this error when the .NET version was wrong - make sure the site is configured to the one you need.
See aspnet_regiis.exe for details.
I had this error with VS 2015, in my case going to the project properties page, Web tab, and clicking on Create Virtual Directory button in Servers section solved it
It sounds like the admin has locked the "authentication" node of the web.config, which one can do in the global web.config pretty easily. Or, in a nutshell, this is working as designed.
I just had the same issue on visual studio 2012. For a internet application project.
How to resolve “Server Error in '/' Application” error?
Searching for answer I came across this post, but none of these answer help me.
Than I found another post here on stackoverflow that has the answer for resolving this issue.
Specified argument was out of the range of valid values. Parameter name: site
When you create an new web application using visual studio.net, it automatically creates the virtual directory and configures it as an application. However, if you manually create the virtual directory and it is not configured as an application, then you will not be able to browse the application and may get the above error.
I also got this error when I moved an entity framework edmx file into a "Models" sub-folder. This automatically changed the metadata in my connection string setting in my app.config.
So before the connection string changed... it looked something like this:
<connectionStrings>
<add name="MyDbEntities" connectionString="metadata=res://*/MyDb.csdl|res://*/MyDb.ssdl|res://*/MyDb.msl; ...
</connectionStrings>
And after... it added the "Models" subfolder name (btw... it also added "Models" to the namespace for the EF classes generated) and the connection string now looks something like this:
<connectionStrings>
<add name="MyDbEntities" connectionString="metadata=res://*/Models.MyDb.csdl|res://*/Models.MyDb.ssdl|res://*/Models.MyDb.msl; ...
</connectionStrings>
I have a website project that references this Entity Framework DB project. But its web.config did not have the updates to the connection string... and that's when I started getting the compilation error being discussed here.
To fix this error, I updated the connection string in the web.config in the website project to match the app.config in my EntityFramework project.
vs2017 just added in these lines to csproj.user file
<IISExpressAnonymousAuthentication>enabled</IISExpressAnonymousAuthentication>
<IISExpressWindowsAuthentication>enabled</IISExpressWindowsAuthentication>
<IISExpressUseClassicPipelineMode>false</IISExpressUseClassicPipelineMode>
with these lines in Web.config
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="1048576" />
<identity impersonate="false" />
<authentication mode="Windows" />
<authorization>
<allow users="yourNTusername" />
<deny users="?" />
</authorization>
And it worked
I opened the Properties window for the website project in question and changed Windows Authentication to "Enabled" and that resolved my issue in VS 2019.
The error message is quite clear: you have a configuration element in a web.config file in a subfolder of your web app that is not allowed at that level - OR you forgot to configure your web application as IIS application.
Example: you try to override application level settings like forms authentication parameters in a web.config in a subfolder of your application

What replaces .htaccess on IIS/ASP.NET sites?

On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.
Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?
e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?
Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:
<location path="Secret" allowOverride="false">
<system.web>
<authorization>
<deny users="*" />
</authorization>
<httpHandlers>
<remove path="*.*" verb="*"/>
</httpHandlers>
</system.web>
</location>
I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.
Well, if you can access IIS settings, UrlScan can help. For IIS 7, request filtering can help a lot.
http://learn.iis.net/page.aspx/473/using-urlscan
http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/
There are some things you can do with web.config like defining security settings etc...
Other times you have to use HttpModules or HttpHandlers, look here:
http://msdn.microsoft.com/en-us/library/aa719858(VS.71).aspx
If not, you can find different ISAPI, but in this case you need access to IIS.
For example, the ISAPI for emulating rewrite mod apache:
> http://www.codeplex.com/IIRF
The other question, yes ASPNETDB.MDF in APP_Data is protected normally (it depends on your administrator). To change the path, change the connectionstring.
There are two cases:
If the server is using IIS7 then there is equivalent functionality available using the web.config approach for all files.
If the server is using IIS6 or earlier (and for the time being this is by far the most likely case for shared hosting) then its more of a problem. If you can force all your requests to go via the ASP.NET handler (which normally requires access to the server to configure) then again the web.config approach will work but otherwise you're going to need other tools and a sympathetic hosting provider. For this reason alone one probably wants IIS7...
That said for asp.net there are files that are protected by default anyway - files in app_data as already mentioned plus specific file types (like .config). Additionally one would expect a decent host to provide a directory that is not accessible via the web - ours offer a private and a web folder, both accessible via FTP but only the contents of the latter via the web.
As per the [documentation on Application Folders][1], IIS won't serve requests to content stored in the /app_data folder although your application can read and interact with those files.
ASP.NET recognizes certain folder names that you can use for specific types of content. The following table lists the reserved folder names and the type of files that the folders typically contain.
Note
The content of application folders, except for the App_Themes folder, is not served in response to Web requests, but it can be accessed from application code.

Resources