My ASP.net web application works on my machine, but will not work properly on the test or production server. It redirects to the login page instead of allowing Anonymous Authentication. I know that my project properties in Visual Studio include Anonymous Authentication.
Here is my project properties window:
My web.config file looks like this:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<!-- Removed for privacy -->
</connectionStrings>
<appSettings>
<!-- Removed for privacy -->
</appSettings>
<location path="ResetPassword.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" requireSSL="false" />
</authentication>
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="<!-- Removed for privacy -->" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" minRequiredNonalphanumericCharacters="0" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="<!-- Removed for privacy -->" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="<!-- Removed for privacy -->" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483647">
</jsonSerialization>
</webServices>
</scripting>
</system.web.extensions>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=edge" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
I should also mention that this web.config file matches the web.config file that is currently being used in production. It should work, but I just don't understand if there are some additional settings or inherited properties in IIS that are messing things up on my test server.
*Update: I was able to get this site working on a different server without changing anything in the web.config. It must be something in the configuration of the server.
Related
I have added web service in my application. Working fine in my local IIS. But when I host web service folder and .asmx file to hosting server getting security exception. I also tried by adding . Then I am getting "This configuration section cannot be used at this path. This happens when the site administrator has locked access to this section using from an inherited configuration file." Please any one can help me to solve this issue.
web.config
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="false" targetFramework="4.0" defaultLanguage="c#">
<assemblies>
<add assembly="mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
<authentication mode="Forms">
<forms defaultUrl="login.aspx"/>
</authentication>
<authorization/>
<httpRuntime executionTimeout="10800" maxRequestLength="10485760" useFullyQualifiedRedirectUrl="false"/>
<customErrors mode="Off"/>
<machineKey validationKey="6628ECBFB40F6F852AB543C23C0B83C1679C5AAE35AD72FACF5B9F4FDB70AA1F648A1D5877CE1F9D69F08BAD919BFBAC0976D9119B8F32CFB80814E4E943F8EE" decryptionKey="42F45B378301126EB4CCBA16995304263754EF116E08A81003A936CC04B7537F" validation="SHA1" decryption="AES"/>
<pages enableEventValidation="false" viewStateEncryptionMode="Never" validateRequest="false"/>
<identity impersonate="false"/>
<trust level="Full" originUrl="http://myhostsite.net"/>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<profileService enabled="true" />
</webServices>
</scripting>
</system.web.extensions>
<connectionStrings>
<add name="irisdb" connectionString="Data Source=192.185.8.483;Initial Catalog=ice2014;User ID=ice2014; Password=iri!; Integrated Security=False" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="conStr" value="Data Source=192.185.8.483;Initial Catalog=ice2014;User ID=ice2014; Password=iri!; Integrated Security=False;Timeout=900" />
<add key="irisdb" value="Data Source=192.185.8.483;Initial Catalog=ice2014;User ID=ice2014; Password=iri!; Integrated Security=False;Timeout=500" />
</appSettings>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824"/>
</requestFiltering>
</security>
<staticContent/>
</system.webServer>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ICEServiceSoap"/>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:3798/ICE%20Application/ICEService.asmx" binding="basicHttpBinding" bindingConfiguration="ICEServiceSoap" contract="Service.ICEServiceSoap" name="ICEServiceSoap"/>
</client>
</system.serviceModel>
</configuration>
Thank you in advance
I'm integrating security into an existing asp classic website. and I'd like to keep the anonymous users able to still access the site until I'm ready to flip the switch. Shouldn't setting allow users="*" let everyone in and not redirect? Right now it's redirecting all pages until you authenticate.
<configuration>
<connectionStrings>
<add name="foConnectionString" connectionString="Data Source=;Initial Catalog=fo;Persist Security Info=True;User ID=foSecurity;Password=" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="foSecurityConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/foSecurity"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="foSecurityConnectionString" applicationName="/foSecurity"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="foSecurityConnectionString" applicationName="/foSecurity"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/foSecurity" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<customErrors mode="Off"/>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.asp" />
</files>
</defaultDocument>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
uncaught exception: [Exception...
"'Sys.WebForms.PageRequestManagerServerErrorException:
Sys.WebForms.PageRequestManagerServerErrorException:
Validation of viewstate MAC failed. If
this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies
the same validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.' when calling method:
[nsIDOMEventListener::handleEvent]"
nsresult: "0x8057001c
(NS_ERROR_XPC_JS_THREW_JS_OBJECT)"
location: "JS frame ::
chrome://firebug/content/spy.js ::
callPageHandler :: line 744" data: no]
Thing is, I don't even have a machineKey tag. I commented it out and I still get this error.
This is my entire web.config file:
<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="UrlRewriter">
<section name="PlainRules" type="System.Configuration.NameValueSectionHandler"/>
<section name="RegExRules" type="System.Configuration.NameValueSectionHandler"/>
</sectionGroup>
</configSections>
<UrlRewriter>
<PlainRules configSource="UrlRewriter.plain.config" />
<RegExRules configSource="UrlRewriter.regex.config" />
</UrlRewriter>
<connectionStrings configSource="db.config"/>
<system.net>
<mailSettings>
<smtp configSource="mail.config"/>
</mailSettings>
</system.net>
<system.web>
<!--<machineKey validationKey=""
decryptionKey="" validation="SHA1" />-->
<compilation debug="true" targetFramework="4.0" />
<globalization culture="en-US" uiCulture="en" requestEncoding="UTF-8" responseEncoding="UTF-8" fileEncoding="UTF-8" />
<trace enabled="false"/>
<!--<customErrors defaultRedirect="~/error" mode="RemoteOnly"/>-->
<httpRuntime maxRequestLength="4000" executionTimeout="1000"/>
<authentication mode="Forms">
<forms defaultUrl="~/" loginUrl="~/login" timeout="43200" protection="All" cookieless="UseCookies" />
</authentication>
<membership defaultProvider="AspNetSqlMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" applicationName="damnation" connectionStringName="membership"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed"
maxInvalidPasswordAttempts="20" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="5"
/>
</providers>
</membership>
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="membership" applicationName="damnation"/>
</providers>
</roleManager>
<profile defaultProvider="AspNetSqlProfileProvider" enabled="true" inherits="Damnation.Website.Shared.Membership.SharedMembershipProfile">
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="membership" applicationName="damnation"/>
</providers>
</profile>
<httpModules>
<add name="UrlRewriter" type="Damnation.Website.Shared.UrlRewriting.UrlRewriterModule"/>
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRewriter" type="Damnation.Website.Shared.UrlRewriting.UrlRewriterModule"/>
</modules>
</system.webServer>
</configuration>
What could be the issue here?
I should also mention that I tried with and without the rewriter (small module I wrote myself), so that's not the issue either here...
Update: this issue is caught by firebug when I try to login with membership, which causes a postback in an updatepanel.
If you don't have a machineKey in your config, its using the one from machine.config.
Is this site setup on a web farm? If so you should generate a machineKey and put it in all the web.config file installations for your site.
SOLUTION: <allow users="*"/> changed to <allow users="?"/> did the trick for me.
I have a problem that started to occur when i moved my asp.net website to my webserver (Windows Webserver 2008 R2 - IIS7).
I use VS2010 and run the project asp.net configuration and set deny all on root folder on my website.
Then when accessing the website externally i was correctly forwarded to /Account/Login.aspx but then the css file was not loaded.
So i added a allow all on the /Styles folder.
Still same problem.
If i login and then logout the css seems to load..
I dont really know what to look for here, is it a web.config problem, iis7 config problem or something else?
This is the web.config located at /Account/
<?xml version="1.0"?>
<configuration>
<location path="~/Styles/Site.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
And this is my websites base web.config:
<?xml version="1.0"?>
<configuration>
<location path="~/Styles/Site.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<connectionStrings>
<remove name="halldbConnectionString"/>
<remove name="ApplicationServices"/>
<add name="ApplicationServices" connectionString="Data Source=xxx.xxx.xxx.xxx;Initial Catalog=xxxxxx;Persist Security Info=True;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
<add name="halldbConnectionString" connectionString="Data Source=xxx.xxx.xxx.xxx;Initial Catalog=xxxxxx;Persist Security Info=True;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Väljhall.aspx"
timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
First of all please explore what requests to the css files respond. (Is it 404, 500, 302 response codes). You can do it with any http watcher like HttpAnalyzer.
If css files response contains the information that request was not authorize - try to set AppPool to classic mode
<allow users="*"/>
changed to
<allow users="?"/>
did the trick for me
I have a application that connects to a remote sql server. I am able to create users and they are stored in the DB. Then I can go to the login page and login. But after a while, I am unable to log in and it just sits at the login page. The user is still in the DB
Help?
<configuration>
<connectionStrings>
<add name="LoginSQL" providerName="System.Data.SqlClient"
connectionString="Data Source=xx.xx.xx.xx;Initial Catalog=xxxx;UID=xxxxx;pwd=xxxx;"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms name="Login" loginUrl="Default.aspx" protection="All" timeout="20"/>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MySqlLoginProvider">
<providers>
<add name="MySqlLoginProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LoginSQL" applicationName="Login" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="3" passwordAttemptWindow="30" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPRoles" cookiePath="/" cookieTimeout="60" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="MyRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="LoginSQL" applicationName="Login"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>