I'm building a project in Visual Studio using C#.
When I try to run the program I get Error Http 404.
My question is how can I change my URL
http://localhost:55188/login.aspx?ReturnUrl=%2f
to
http://localhost:55188/Index.aspx.
The page login.aspx does no longer exist.
This is my web.config
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms defaultUrl="addRole.aspx" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="LoggedIn.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
Thank you.
The page you try to reach requires authintication and your web.config says login.aspx can provide that. Change your web.config and you'll be fine.
Here is your web.config without authentication requirements:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
As Matthias Aslund correctly started, you have specified that you want your users to be authenticated but have not specified which Login page you wish users to be redirected to in order to login by using the "LoginUrl" attribute on the forms element in the Web.config file. The default value of "Login.aspx" is therefore being used, as specified on this MSDN page on the LoginUrl attribute. The "DefaultUrl" attribute has a different purpose and is used as the default page to redirect users to after logging on if one is not specified using the "ReturnUrl" querystring value that is visible in your URL above - see the MSDN page on the DefaultUrl attribute for more.
If you no longer have any authentication in your application, that is to say any user can access your application without a username and password, then you need to change your Web.config as follows. It is extremely important that you are clear that any user who is able to reach your application will now be able to access any part of it, and that there will be no restrictions based on the fact that the user is authenticated/known to the application, is a specific user, or is in a specific role.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="None" />
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
This replaces the whole of the contents of your Web.config file you have provided above, but you must be clear that this removes all authentication from your application (which appears to be what you want).
Related
I have a site that uses OWIN authentication. All works perfectly, however, I need to restrict access for this site before placing it to the public.
To accomplish this, I want to make the system to present the windows authentication dialog box before the home page is loaded.
I put this in web.config of the site:
<system.web>
<customErrors mode="Off" />
<compilation targetFramework="4.6" />
<httpRuntime targetFramework="4.6" />
<authentication mode="Windows" />
<globalization culture="es-CL" uiCulture="es" />
<authorization>
<deny users="?"/>
<allow users="Demo" />
</authorization>
</system.web>
But the home page does not work.
when I try to load home page, this actual URL is loaded:
http://demo.site.cl/Security/Account?ReturnUrl=%2FSecurity%2FAccount%3FReturnUrl%3D%252FSecurity%252FAccount%253FReturnUrl%253D%25252FSecurity%25252FAccount%25253FReturnUrl%25253D%2525252FSecurity%2525252FAccount%2525253FReturnUrl%2525253D%252525252FSecurity%252525252FAccount%252525253FReturnUrl%252525253D%25252525252FSecurity%25252525252FAccount%25252525253FReturnUrl%25252525253D%2525252525252FSecurity%2525252525252FAccount%2525252525253FReturnUrl%2525252525253D%252525252525252FSecurity%252525252525252FAccount%252525252525253FReturnUrl%252525252525253D%25252525252525252FSecurity%25252525252525252FAccount%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FSecurity%2525252525252525252FAccount%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FSecurity%252525252525252525252FAccount%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FSecurity%25252525252525252525252FAccount%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FSecurity%2525252525252525252525252FAccount%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FSecurity%252525252525252525252525252FAccount%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FSecurity%25252525252525252525252525252FAccount%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FSecurity%2525252525252525252525252525252FAccount%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FSecurity%252525252525252525252525252525252FAccount%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FSecurity%25252525252525252525252525252525252FAccount%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FSecurity%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252F
And a 404 error is shown.
How can this be done?
So,
Not done anything in ASP.NET in a long time, I'm restricting a specific page if the user isn't logged in. I've done this a thousand times and have no idea why it's not working.
Root:
file: web.config.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="restricted.aspx"/>
</authentication>
</system.web>
</configuration>
In the folder containing restricted file:
file: web2.config
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>`
Any idea's what I'm missing?
Cheers.
I have created a login system to my website. This login system is supposed to protect one page only (Meaning that there is one page that requires users to login to see it).
My problem is:
Since I created this login system, all my other 8 pages now require validation. This is not my intention, and I have been searching like crazy for a solution, but no luck.
My web.config file looks like this:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="MySql.Data, Version=5.0.9.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="30" /> <!--name =".ASPXFORMSAUTH"-->
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
The only page that requires log in is called Default.aspx
The rest of my pages should be public to all users. How can I achieve this?
Thanks
You can do it by using location element within web.config file.
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Use "location" in your web.config and specify the directory you want to be protected. Here's a nice example:
http://www.codefixer.com/asp-net/tutorials/protecting-folders-with-forms-authentication.asp
I have an ASP.NET Web Site running in Visual Studio dev-fabric (azure project) and am using ACS and WIF. My authentication process isn't working because after I login I get this:
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
The documentation states that I need to add
<pages validateRequest="false" />
and
<httpRuntime requestValidationMode="2.0" />
And I did - but I'm still getting the error. I've also added validateRequest="false" at the page level. But nada - still getting the same error.
These steps seem to have fixed the issue for other posters - is it something to do with running in dev-fabric perhaps?
I hadn't realised, but I'd accidentally added these settings within a location tag created by WIF:
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
<!-- wrong! -->
</system.web>
</location>
<system.web>
<!-- right! -->
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
My ASP.NET Forms 4.0 site is running with forms authentication. By default unauthorized users are denied, and then I allow access to certain pages.
I have a problem allowing access to the default url: http:/example.com. I have this entry in web.config that defines default page:
<defaultDocument>
<files>
<clear/>
<add value="default.aspx" />
</files>
</defaultDocument>
and I have this location override:
<location path="default.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
It works OK when I go to the full url: http://example.com/default.aspx, but redirects to the login page if I go to http://example.com
Any ideas what am I doing wrong?
I just found answer in a response (by Dmitry) to a similar question here in SO: Forms Authentication Ignoring Default Document:
In Global.asax, method: Application_BeginRequest, place the following:
if (Request.AppRelativeCurrentExecutionFilePath == "~/")
HttpContext.Current.RewritePath("default.aspx");
Worked like charm!
I've just figured out how to solve this without having to fudge a redirection.
If just happened to me after converting from .Net 2 to .Net 4 and I've never found my solution anywhere on the internet so here goes.
If like me your login page is also your default page you need to make sure you do the following two things in the web.config file
Add this to exempt to default.aspx from authentication (didn't need this in .Net 2)
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
And change the login url from this
<forms name="myform" loginUrl="~/default.aspx" timeout="240" defaultUrl="~/home.aspx" slidingExpiration="true" protection="All" path="/" />
to this
<forms name="myform" loginUrl="~/" timeout="240" defaultUrl="~/home.aspx" slidingExpiration="true" protection="All" path="/" />
and you should fine it all work nows, just tried it out on two different sites and it did the trick for me
I didn't like making a code change for this issue, especially because my site was working fine on my Windows Server 2008 R2 machine, but not on my Windows 7 SP1 development machine.
It turns out that the root cause of this issue is an update in Service Pack 1 for Windows 7:
http://support.microsoft.com/kb/2526854
The solution appears to be to disable the new "ExtensionlessUrl" feature that was added in SP1:
<system.webServer>
<handlers>
<remove name="ExtensionlessUrl-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrl-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrl-Integrated-4.0" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
Obviously if you're using the ExtensionlessUrl feature this won't work for you, but I've documented it here for those migrating a legacy site and are wondering what has suddenly gone wrong.
This works for me in a test web app:
<location path="">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
Now I can't get to either "/" or "/Default.aspx" - give that a try (but use allow instead).