I have an asp.net WebApi application where I would like to move any configuration that is likely to change out of web.config into an external configuration file.
This will then allow an install update to overwrite the web.config so that it picks up any newer configuration added between version, but preserve other user settings which may vary between deployments.
I have successfully done this with a few sections, eg appSettings.
For appSettings, I have the folliwing in web.config...
<appSettings configSource="config\appSettings.config"/>
And then the external file has the various settings, eg ...
<?xml version="1.0" encoding="utf-8"?>
<appSettings>
<add key="IISSitePrefix" value="http" />
<!--- Set this to True to emit http request debug information to the Event log -->
<add key="EnableHttpDebugTracing" value="false" />
.... etc
I have been trying to do the same with the two configuration settings we need to change to toggle on/off windows authentication, as some deployments will use this, and others will use token based security. To do this I need to move the following out of web.config...
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
<system.web>
<authentication mode="Windows"/>
</system.web>
So for the first tag, I tried the following....
<authentication configSource="config\authentication.config"/>
with the contents of the external file being..
<?xml version="1.0" encoding="utf-8"?>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
However, when I run this, I get the following error...
The configuration section 'authentication' cannot be read because it is missing a section declaration
I get a similar result when I try the other section.
Does anyone know what this means, or even if it is possible to do the above?
Thanks in advance for any help
[EDIT 1]
After one of the comments I have realised, perhaps my configuration is not quite correct (it was some time ago I first looked at this, and am now revisiting)
Previously, to enable integrated (windows) authentication, I thought you needed two bits of configuration (system.web AND system.webserver)...
<system.web>
<authentication mode="Windows"/>
</system.web>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
BUT now looking at this post, it appears I only need the <system.webServer> and not <system.web> at all
I removed my <system.web> and I could indeed turn off the intergarted authentication using just the <system.webServer> section.
So, now, what I want to configure in the external file is just the following..
ie if possible I'd like to just move out the <security> section, and leave the rest of the <system.webServer> in web.config.
I tried the following ..
<system.webServer>
<security configSource ="config\authentication.config"/>
</system.webServer>
With the contents of authentication.config being...
<?xml version="1.0" encoding="utf-8"?>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
But now when I try to execute a route I get..
Unrecognized attribute 'configSource'
Config Source:
87:
88: <security configSource ="config\authentication.config"/>
89:
So my (modified) question becomes is there a way to move out the above section?
Try changing the external file from
<?xml version="1.0" encoding="utf-8"?>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
to:
<?xml version="1.0" encoding="utf-8"?>
<authentication mode="Windows"></authentication>
It works for me ;)
Related
The MVC project has a Startup.cs file in its root. When i run the project it throws
HTTP Error 404.7 - `Not Found. The request filtering module is configured to deny the file extension
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="Startup.cs" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
I added the following lines of config inside system.webserver tag - but there is no change:
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<remove fileExtension="." />
<add fileExtension="." allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
You do not need to add any defaultDocuments, and should not use cs files there.
If you are using the default route, it is sufficient to add a Home controller with a Index action, which will be called by default. You can adapt the default route to use another controller/action.
I'm running IIS Express (not to be confused with the normal IIS) under Windows 10. My understanding is the settings are stored in "My Documents\IISExpress\config\applicationhost.config"
These settings can be overriden by a local web.config file when using creating an asp.net core project.
When attempting to use this web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="" inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
I receive the following error.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
identifying this line
<authentication>
**<anonymousAuthentication enabled="false" />**
<windowsAuthentication enabled="true" />
This in spite of changing this line to state allow
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
Is there any other place I should be looking?
Based upon feedback received.
The correct location for the configuration file is {ProjectDirectory}.vs\config\applicationhost.config when working within visual studio.
"My Documents\IISExpress\config\applicationhost.config" is incorrect
In my web.config file I have the following entry:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<machineKey validationKey="656....9CCF" decryptionKey="9020.....659" validation="SHA1" decryption="AES" />
</system.web>
</configuration>
I need to swap the validationKey and decryptionKey values under certain web publish profiles using the web config transform method. I'm struggling however, as I can't find any examples that achieve more than a basic connection string swap, or suchlike.
Is it possible to actually modify this part of the file using config transforms?
My attempt so far doesn't get recognised when I preview the transform...
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<machineKey validationKey="AE3E7...FAB49" decryptionKey="ADS32....32423twe" xdt:Transform="Replace" xdt:Locator="Match(validationKey)" />
</system.web>
</configuration>
You can use something like this:
<machineKey validationKey="AE3E7...FAB49" decryptionKey="ADS32....32423twe"
xdt:Transform="SetAttributes" xdt:Locator="XPath(../machineKey)"/>
Note that I replaced the xdt:Transform to "SetAttributes" not "Replace".
For more reference you can check msdn page.
You can also test the transform here.
I'm training my web.config to recognize what the best default file is. According to my host it's supposed to look like in the listing below.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<appSettings/>
<system.web>
<defaultDocument>
<files>
<clear />
<add value="Defalut.aspx" />
</files>
</defaultDocument>
<compilation debug="true" targetFramework="4.0"/>
<httpRuntime/>
<pages controlRenderingCompatibilityVersion="4.0"/>
<machineKey/>
<customErrors defaultRedirect="Error.aspx" mode="On"/>
</system.web>
</configuration>
The problem is that VS2012 (Express) marks it blue and claims the error in the subject. First i thought that i could upload it as it is and by brute force make the server to like the file but it then got angry and spat out the following
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
As i read the error message it says that: "The configuration section 'defaultDocument' cannot be read because it is missing a section declaration."
I've done my homework and found the article below but due to the limitation in my situation (e.g. i need to manually upload the web.config file and i can't run any scripts on the server of my hosting company), it was to no avail.
How do i kill this little problem?
"Defalut.aspx" is a definite yellow flag.
SUGGESTION:
Just create a new dummy project with MSVS2012 (I don't have a copy handy, so I can't help you at the moment)
Cut and paste the auto-generated "web.config" into your project and verify that it works.
If it doesn't, make ONLY those MINIMAL changes needed to get a clean compile/execute.
Save a backup of your working web.config
Try adding your "defaultDocument" section and see what happens.
If it still doesn't work, please cut/paste:
a) the exact section (as I presume you did above)
b) the exact error message
ALSO:
Q: It now fails in BOTH your MSVS2012 (running locally) AND your target web server, correct?
Q: Are you sure the target web server is ASP.Net 4.0 capable?
You config looks correct but the error occurs because it cannot find the file that is mean to be the default document for all your website folders
So please replace "Defalut.aspx" with he correct spelling of the file in the below xml
<defaultDocument>
<files>
<clear />
<add value=*"Defalut.aspx"* />
</files>
</defaultDocument>
Late to the party, I know, but for anybody still with a similar problem, I don't believe this has anything to do with the spelling of the default page name (that will probably just give a 404 when it's accessed).
The real issue is that the defaultDocument section should actually be under system.webServer, not system.web. See defaultDocument Element for more info.
So your sample config file should look something like:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<appSettings/>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<httpRuntime/>
<pages controlRenderingCompatibilityVersion="4.0"/>
<machineKey/>
<customErrors defaultRedirect="Error.aspx" mode="On"/>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="Defalut.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
I'm in the process of creating a new web application using classic ASP. I've done this before and have 2 similar websites that have been running for over 2 years. My problem is that the ISP I'm using has me hosted on a system running Server 2008, IIS7, and I cannot rely on session state remaining constant. I use a session variable to pass validated usernames from page to page. I know I can re-write the application to use db storage as an alternative, but I hate to have to modify a working application.
In talking with the ISP they suggested adding a sessionState variable to my web.config file and use stateserver to pass the data to a file on their system (they provided the connection string, etc.). This seems fine, but whenever I add the sessionState line to the web.config the website gets a error 500.19 with an error code of 0x8007000d.
I've tried to add a line on my local PC to simply change the session timeout as a testing methodology, but I get the same error. I'm sure it's something obvious, but I've researched the general topic and it looks like it should work? The simple web.config code is below and any suggestions would be greatfully appreciated (I'm developing a flat spot on my forehead from hitting the desk).
Thanks,
Contents of web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<sessionState timeout="40" />
<defaultDocument enabled="true">
<files>
<clear />
<add value="index.aspx" />
<add value="index.asp" />
<add value="default.htm" />
<add value="default.html" />
</files>
</defaultDocument>
<security>
<authentication>
<basicAuthentication enabled="true" />
</authentication>
</security>
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/OaOInternal/DefaultWebs/sedoCurrent/Error404.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
classic ASP sites don't use web.config files