this is my configuration for elmah in web.config
<location path="elmah.axd" inheritInChildApplications="false">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow roles="Dev" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="ELMAH"
verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah"
preCondition="integratedMode" />
</handlers>
</system.webServer>
But how do tell that I'm a Dev ? I'm using Session for cookies but I don't know how can i tell that i'm an admin or user
Related
For security reasons i want to disable some http methods(e.x. OPTIONS,TRACE,HEAD) through application level. I want to do this for all files in directory "bundles/"
But this path is actually created by this
bundles.Add(new Bundle("~/bundles/Something").Include("~/Contents/Scripts/file.js"));
bundles.Add(new Bundle("~/bundles/Anything").Include("~/Areas/Import/Scripts/App/anotherfile.js"));
Fow now I tried this (in Web.config)
<system.web>
<httpHandlers>
<add path="bundles/" verb="OPTIONS,TRACE,HEAD" type="System.Web.HttpMethodNotAllowedHandler" />
</httpHandlers>
</system.web>
but it doesn't work
So, I want user gets 405 Method Not Allowed when making OPTIONS, TRACE, HEAD requests for any link like myapp.com/bundles/example
Thank you
I'd do this like that:
<system.web>
<authorization>
<deny verbs="OPTIONS" users="*" />
<deny verbs="TRACE" users="*" />
<deny verbs="HEAD" users="*" />
</authorization>
...
<httpHandlers>
<add path="bundles" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true"/>
<add path="bundles" verb="TRACE" type="System.Web.DefaultHttpHandler" validate="true"/>
<add path="bundles" verb="HEAD" type="System.Web.DefaultHttpHandler" validate="true"/>
</httpHandlers>
</system.web>
Try this
<add path="bundles" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true"/>
<add path="bundles" verb="TRACE" type="System.Web.DefaultHttpHandler" validate="true"/>
<add path="bundles" verb="HEAD" type="System.Web.DefaultHttpHandler" validate="true"/>
my web.config is as
<?xml version="1.0" encoding="utf-8"?>
<!--
Web.config file for first.
The settings that can be used in this file are documented at
http://www.mono-project.com/Config_system.web and
http://msdn2.microsoft.com/en-us/library/b5ysx397.aspx
-->
<configuration>
<system.web>
<compilation defaultLanguage="C#" debug="true">
<assemblies>
<add assembly="System.Net, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add assembly="System.Data.Services.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<customErrors mode="Off"/>
<authentication mode="None">
</authentication>
<authorization>
<allow users="*" />
</authorization>
<httpHandlers>
</httpHandlers>
<trace enabled="true" localOnly="true" pageOutput="false" requestLimit="10" traceMode="SortByTime" />
<sessionState mode="InProc" cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<pages>
</pages>
</system.web>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
</configuration>
when I run it
it gives me an error like \
Application Exception
Runtime Error
A runtime error has occurred
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed (for security reasons).
Details: To enable the details of this specific error message to be viewable, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
A quick search using Google reveals:
CustomErrors mode="Off"
Basically you need to adjust a few other settings
Guys I am trying to use MSCaptcha in asp.net website. It is working perfectly but as soon as I add Forms authentication in web.config, the captcha image is not displayed.
Web.config before authentication (Captcha image shows up)
<system.web>
<httpRuntime targetFramework="4.5" />
<authorization>
<allow users="*" />
</authorization>
<httpHandlers>
<add verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" />
</httpHandlers>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="MSCaptcha.captchaImageHandler" verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" resourceType="Unspecified" />
</handlers>
Web.Config after forms authentication is added (Captcha image doesn't load)
<system.web>
<httpRuntime targetFramework="4.5" />
<authorization>
<deny users="?" />
<allow users="*" />
<allow users="GET" />
</authorization>
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Default2.aspx"
protection="All" path="/" timeout="30" />
</authentication>
<httpHandlers>
<add verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" />
</httpHandlers>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="MSCaptcha.captchaImageHandler" verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" resourceType="Unspecified" />
</handlers>
Why is forms authentication causing issues for captcha? what should I do?
P.S this web-config file is not complete so it might look confusing.
You need to add LOCATION in your web.config :
<location path="CaptchaImage.axd">
<system.web>
<authorization>
<allow users="*">
</allow>
</authorization>
</system.web>
</location>
When using the April 2013 AjaxControlToolkit I receive the error:
0x800a139e - JavaScript runtime error: error raising upload complete event and start new upload
When trying to upload a file using the AjaxFileUpload control.
Make sure the following stuff should be present in web.config.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="42949672" />
<httpHandlers>
<add verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit"/>
</httpHandlers>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<add name="AjaxFileUploadHandler" verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit"/>
</handlers>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="4294967295"/>
</requestFiltering>
</security>
</system.webServer>
</configuration>
To resolve the error you need to add this
<httpHandlers>
<add verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit"/>
</httpHandlers>
in your
<system.web>
section of your web.config
If your app pool is set to classic then this happens unless you use precondition=”integratedMode” added to httphandler for system.webserver
<add name="AjaxFileUploadHandler" verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit" preCondition="integratedMode"/>
Had the same issue after switching to 4.5. The suggested solution didn't worked until I added full assemply name:
<httpHandlers>
<add verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit, Version=4.5.7.725, Culture=neutral, PublicKeyToken=28F01B0E84B6D53E" />
</httpHandlers>
Turns out, if you have the 3.5 version in the "old" gac, and 4.5 in the new Microsoft.net/assembly gac, your webapp (IIS?) will not choose the right one!?
Since my application uses forms authentication, I added this to my web.config in order to put the ajaxfileupload to work:
<location path="AjaxFileUploadHandler.axd">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
If anyone still facing the issue even after the changes said by #sridharnetha try to include the below lines.
Important to add UseAbsoluteHandlerPath ="false"
<ajax:AjaxFileUpload ID="AjaxFileUpload11" runat="server"
MaximumNumberOfFiles="3" AllowedFileTypes="txt,xls,xlsx,doc,docx,pdf"
Width="400px" UseAbsoluteHandlerPath ="false"
OnUploadComplete="OnUploadComplete"
OnClientUploadStart="UploadStart"
OnClientUploadCompleteAll="UploadComplete"
ClearFileListAfterUpload="true"
OnClientUploadError="UploadError"/>
In Web.config
<httpHandlers>
<add verb="*" path="http://localhost/AjaxFileUploadHandler.axd"
type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit" />
</httpHandlers>
i'm getting this "Unrecognized configuration section system.web/configuration when i set my admin,staff and user authentication .please help me with this.by here i provide the web.config code
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings/>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
<add name="ASPNETDBConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Se7en\Desktop\Personal\VIVA\1\App_Data\ASPNETDB.MDF;Integrated Security=True;Connect Timeout=30;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="admin" password="password"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<compilation debug="true"/>
</system.web>
<location path="adminstrator">
<system.web>
<authorization>
<allow users="adminstrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="staff">
<system.web>
<authorization>
<allow users="staff"/>
<deny users="*"/>
<allow roles="adminstrator" />
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
<!--
<authentication mode="Forms"/>
-->
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
</configuration>
Try this:
<configuration>
<appSettings/>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
<add name="ASPNETDBConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Se7en\Desktop\Personal\VIVA\1\App_Data\ASPNETDB.MDF;Integrated Security=True;Connect Timeout=30;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<location path="adminstrator">
<system.web>
<authorization>
<allow users="adminstrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="staff">
<system.web>
<authorization>
<allow users="staff"/>
<deny users="*"/>
<allow roles="adminstrator" />
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.web>
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="admin" password="password"/>
</credentials>
</forms>
</authentication>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
</configuration>