I created a custom http module and want to add this module to the web config. The web application is a project that contains several "sub applications". A sub application is just a folder, and within that folder it has its own web.config. I'm doing this so each application has its own application related contents.
Now I created a custom http module. When adding this to the root web.config, the module is working properly. When adding the http module config to the directory-level web.config (e.g. /Applications/MyApplication/web.config) the module is not initialized anymore.
This is the root config which is working fine.
<httpModules>
<add name="MyFirstHttpModule" type="CustomModule.CustomModule,CustomModule" />
</httpModules>
Kindly help
ASP.net configuration already supports configuration inherance. You just have to add a new web.config in the specified folder.
ASP.NET website's Web.config is part of an inheritance chain. Your website's subfolders can have Web.config. This allows for setting general settings at the site level and overriding them when necessary. Any settings in the base Web.config that aren't overridden in the subfolder stay in effect, so the "child" Web.config can be pretty small. You can continue to nest them, so sub-sub-subfolders can get their own Web.config if needed.
A good example is the Web.config file in an ASP.NET MVC application's View folder which does things like preventing directly viewing the View templates
You can read more here.
If a request is received for a file in the SubDir1 directory that does
not exist, ASP.NET begins to search the configuration hierarchy,
starting at the most local Web.config file (which is located in the
current directory, if it exists, or a parent directory). ASP.NET is
searching for an error Element for customErrors (ASP.NET Settings
Schema) element where the statusCode attribute equals "404". Once
ASP.NET finds the configuration setting for the 404 error, the URL in
the redirect attribute is returned as the response.
Related
I have a .NET application with all the aspx pages and the main web.config in the root folder but I now have a situation where I need a portal like section for other users. I have created a new folder with it's own unique aspx pages and a second web.config.
I especially need a second web.config to have the <authentication> with a <forms loginUrl="" defaultUrl="> for this portal section and a <authentication> too.
I have implemeted this second web.config in the way I created the first and I am getting this error message:
It is an error to use a section registered as allowDefintion='MachineToApplication'
beyond application level. This error can be caused by a virtual directory not being
configured as an application in IIS.
Now I think the main web.config file is conflicting with the this second webconfig in it's folder. I'm not sure how to fix this, I have seen theories on how this works but no solid code.
Thank you for any suggestions and your time, it is much appreciated.
In IIS, create a virtual directory, under your main application. The local web.config will overide stuff in your main web.config, but still use you main web.config for everything else (i.e. ConnectionStrings, encoding, etc.).
I have an asp.net application that sets the configSource attribute on the rewriteRules element in web.config to point to a separate config file:
<rewrite>
<rules configSource="App_Data\Config\RewriteRules.config" />
</rewrite>
My web app makes edits to the RewriteRules.config file programmatically, but my web app does not pick up the configuration changes after the file is edited and saved.
I have tried calling HttpRuntime.UnloadAppDomain() after editing the file. This successfully restarts my app domain, but the changes in RewriteRules.config are still not picked up. I have tried adding RestartOnExternalChanges="true" to the rewrite element, but this is apparently not supported on the IIS rewrite module. I have also tried ConfigurationManager.RefreshSection("rewrite/rules") but this does not seem to have any effect. The only way I can get the changes to take effect is to edit and save the main web.config file, but I am trying to avoid doing this programmatically for security reasons.
I am confused as to why HttpRuntime.UnloadAppDomain() does not cause external config files to be re-read. Is this expected behavior? Does the config file cache somehow exist outside the bounds of the app domain? Is there any practical way to achieve what I am looking to do?
Dude, the problem with your case is, related configSection definition is not marked as restartOnExternalChanges="true" in definition. For example; we created a custom config section for storing application urls in an external file and we create a section definition in web.config file like
<section name="pageUrlFormats" type="Kahia.Web.Configuration.PageUrlFormats.PageUrlFormatsSection, Kahia.Web" restartOnExternalChanges="true" requirePermission="false" />
so that asp.net knows if any change occurs in related file:
<pageUrlFormats configSource="Config\PageUrlFormats.config" />
application domain restarts. This goes same for all config section definitions, including UrlRewrite module's definition.
What you have to do is, find definition of related module. In this scenario, it is at apphost.config at C:\Windows\system32\inetsrv\config\applicationHost.config
In that file, look for rule section definition, it starts like
<section name="rules"
You have to add restartOnExternalChanges="true" attribute to that config file.
IIS7 configuration system uses the same syntax as the .Net framework configuration system, but is a different implementation that has some behavior differences. The restartOnExternalChanges thing is a feature of the .Net framework configuration system that is not supported by the IIS7 configuration system. The url rewriter module uses the IIS7 configuration system.
We have a whole bunch of websites with very similar web.config files.
Can you centralise the duplicate configs in 1 config file before the root directory of each website? Or is the only option machine.config?
We are looking to centralise an assembly reference in the GAC.
Structure:
Containing Directory
Website 1 Directory
Website 2 Directory
Website 3 Directory
Web.Config File for all above sites
I have not encountered a way to have inherited config files besides machine.config, app/web.config and user.config levels. But you can use configSource attribute on all config sections (ConfigurationSection based) to include a common file for example with service endpoints, client endpoints, bindings, connection strings and others. Even though VS intellisense marks it as unsupported it does work.
<configuration>
<system.serviceModel>
<services configSource="Services.config" />
<client configSource="Client.config" />
<bindings configSource="Bindings.config" />
<behaviors configSource="Behaviors.config" />
</system.serviceModel>
<pages configSource="pages.config"/>
</configuration>
Config source files must be in application's folder or any folder below. No going up or absolute paths. But there is a trick to overcome this limitation in VS2010. You need to add an existing file as a link and change its property named "Copy to Output Directory". This way your absolute path file will get copied to your application folder from where you can reference it in configSource.
In previous versions of VS it is also possible but in a less elegant way - copy file in post build event.
If you are looking mainly to centralize WCF settings there is another option: in-code configuration. Huge advantage of this is you get compilation-time check and refactoring support from VS. If this does not sound like much I can assure you that in a bigger WCF project, config file management is a nightmare especially when you need to change something. With this approach it is also very easy to centralize WCF settings by just creating a common assembly where all services, endpoints, bindings etc. are defined. Disadvantage is that you loose possibility to change WCF settings without recompilation. But if those settings do not change very often it is a tempting alternative.
You can use the web.config located in
%SystemRoot%\Microsoft.NET\Framework\<versionNumber>\CONFIG\Web.config
Or if in IIS you configure your Containing directory as a main web site and then put your website directories as applications, you can put the web.config in the main web site to have the structure you mention.
I have IIS 7.0 on my development machine and IIS 6.0 on my server. On my development machine I was able to set a handler map on a directory within my site called /ViewHtml/ and I mapped it to asp.net. In my global.asax I check the request sent to asp.net for /ViewHtml/ and I serve the appropriate html file(html version of a Doc, Power Point, or Excel file) located outside this apps virtual directory. I am doing it this way because all files are permission protected, we didn't want to put these files in are database due to scalability, and I need to hide the path to these file on the server. This all works in IIS 7.0 exactly how I would like it to. Although I have not been able to get my IIS 6.0 server configured to map all requests to that directory to asp.net.
Any ideas? Thanks Guys?
I set up a web application using the same configuration you're using and I'm also getting the 404. I don't know why it works in IIS 7, but here's what I had to do to fix it.
Create a class that implements the System.Web.IHttpHandler class. move the the code from Application_BeginRequest to your implementation of IHttpHandler.ProcessRequest.
Now you just have to register your HTTP handler with ASP.NET. To do so add an entry in your Web.config at /configuration/system.web/httphandlers.
Web.config Example:
...
<httpHandlers>
<clear />
<add verb="*" path="*" type="namespace.classname, assemblyname" />
</httpHandlers>
...
That entry is telling ASP.NET to handle HTTP requests with any extension and any HTTP method by running the code in your HTTP hander. Note that I'm also clearing all the previously definded handlers (defined in the machine's web.config).
Note that you will still need the Application Mapping configured in IIS.
If I understand the problem correctly, it sounds like you need add a "Wildcard Application Mapping" for your virtual directory. In other words, you want to forward all requests to any file extension to ASP.NET's ISAPI extension.
To do so, open the properties of your virtual directory. On the Virtual Directory tab (Home Directory tab if it's a web site), click the Configuration... button. Click the Insert... button next to the bottom list box in the dialog that shows up. In this dialog, choose "%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" as the executable and make sure to un-check "Verify that file exists" checkbox, since the files to be requested don't live in your virtual directory.
I hope this helps!
i think your problem is all about access policy , you have to make sure that the access policy is Read and not None , cz with None you have no permission to even read files from your website
On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.
Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?
e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?
Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:
<location path="Secret" allowOverride="false">
<system.web>
<authorization>
<deny users="*" />
</authorization>
<httpHandlers>
<remove path="*.*" verb="*"/>
</httpHandlers>
</system.web>
</location>
I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.
Well, if you can access IIS settings, UrlScan can help. For IIS 7, request filtering can help a lot.
http://learn.iis.net/page.aspx/473/using-urlscan
http://learn.iis.net/page.aspx/143/how-to-use-request-filtering/
There are some things you can do with web.config like defining security settings etc...
Other times you have to use HttpModules or HttpHandlers, look here:
http://msdn.microsoft.com/en-us/library/aa719858(VS.71).aspx
If not, you can find different ISAPI, but in this case you need access to IIS.
For example, the ISAPI for emulating rewrite mod apache:
> http://www.codeplex.com/IIRF
The other question, yes ASPNETDB.MDF in APP_Data is protected normally (it depends on your administrator). To change the path, change the connectionstring.
There are two cases:
If the server is using IIS7 then there is equivalent functionality available using the web.config approach for all files.
If the server is using IIS6 or earlier (and for the time being this is by far the most likely case for shared hosting) then its more of a problem. If you can force all your requests to go via the ASP.NET handler (which normally requires access to the server to configure) then again the web.config approach will work but otherwise you're going to need other tools and a sympathetic hosting provider. For this reason alone one probably wants IIS7...
That said for asp.net there are files that are protected by default anyway - files in app_data as already mentioned plus specific file types (like .config). Additionally one would expect a decent host to provide a directory that is not accessible via the web - ours offer a private and a web folder, both accessible via FTP but only the contents of the latter via the web.
As per the [documentation on Application Folders][1], IIS won't serve requests to content stored in the /app_data folder although your application can read and interact with those files.
ASP.NET recognizes certain folder names that you can use for specific types of content. The following table lists the reserved folder names and the type of files that the folders typically contain.
Note
The content of application folders, except for the App_Themes folder, is not served in response to Web requests, but it can be accessed from application code.