when I debug my website locally using Visual Studio, the change to the web.config goes into the effect without any problem.
However, when I make the same change to the web.config on my server host (running IIS 7.5) it looks like the site is still running off the old version of web.config when I load it up in my browser. The new changes aren't applied.
I have tried stopping and starting my site's application pool on the server using IIS Manager, but still no change. I've also tried stopping and starting IIS, which isn't working either.
The change I am making to my web.config involves removing entries in the block to allow and deny users.
It is currently set up to prompt for credentials, and if valid, the site is accessible. If not, access is denied. The change I am trying to make is to allow access to all users and not prompt them for their credentials.
BEFORE:
<authorization>
<deny users="?" />
<allow roles="admins" />
<deny users="*" />
</authorization>
AFTER:
<authorization>
<allow users="*" />
</authorization>
What is the reason for this?
You have to reset IIS. Just open command prompt and run IISRESET and you should be good.
I have found that if I attempt to modify the Web.config directly through the file system (on an IIS server), my changes fail to be saved, and thus, are not applied. This is what I have found works for me, provided you have access to IIS on the host server:
NOTE: These instructions are based on IIS 8 on Windows Server 2012, but may still work for IIS 7.5.
Go to the IIS Manager on the host server
Drill down in the Sites until you find your application
Using the Features view, double-click the Authorization Rules
Use the Add Allow Rule... and Add Deny Rule... link in the Actions panel (on the right) to configure all your authorization rules.
This process updates the Web.config for you. If you need to edit or delete a rule, click on the applicable rule, then click the Edit... or Remove link in the Actions panel.
I hope this helps.
Are you deploying,publishing or copying? Make sure that your debug and release settings are the same. There are also instances when the virtual directory is not setup correctly and the correct webconifg is not loading.
Copy the web.config file from your server and place it in your local machine and modify according to your requirements. And then delete the web.config file in the server and copy and paste the modified web.config from local machine to server.
This work for me, but for me connectionstring was the Issue.
From MSDN - Web.Config
Any changes to the web.config file will require restarting the "Microsoft IIS Administration" service to take effect.
Maybe, maybe and maybe it help some one. I have the same problem. with IIS reset not work. with recycling AppPool not work. Maybe your drive have not free space.
This work sometimes after I delete some unwanted files. but I think important reason is Permission. we must use Editor like notepad or Run editor as administrator or web.Config need permission to change and then change Web.config. then Save.This works for me.
For me the problem was that I was building multiple solutions in the Azure DevOps pipeline and the deploy.cmd took the first web.config file as given. Therefore, I had changed the wrong web.config and the solution was to build via the csproj file and not via the solution.
Hope this helps somebody! :-)
You have to do following action
Click the BUILD menu
select the Clean Solution
after then
select the Re-build Application
Published the files (codes)
Above this action done, It is working fine without issue.
Reflecting changes in IIS services
Related
I have a website that runs on IIS on an internal server.
It display fine when running from my local host. however, whenever I try to publish to my dev server, the images don't work.
And It looks like this
My first thought was that the images were not being transferred to the server. However I discovered this wasnt true, as I remotely connected to the server and found the images.
When I inspect the page, I get 404 errors for all the images. But the path for them seems correct. Goes to the properly named 'img' folder
I thought maybe it was a permissions issue with the images folder as indicated by this post
Images not showing on published ASP.NET MVC Website
So I added
<location path="img">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
And this did not change anything.
I checked to make sure none of the images in question were Encrypted through windows with the 'Encrypt contents to secure data' option under advanced image options.
After some more searching I came across this post,
http://blogs.msdn.com/b/ajay_pathak/archive/2011/08/06/website-deployed-on-iis-7-5-not-showing-images-and-css-files.aspx?CommentPosted=true#commentmessage
But i already have StaticFile enabled.
Finally I found this thread
CSS, Images, JS not loading in IIS
That suggested making sure anonymous authentication was set to 'application pool identity' instead of 'specific user'. I changed this and once again nothing has happened. I'm banging my head against a wall with this one. Please help.
So as it turns out there was a folder structure issue.
Was deploying from an svn where the folder structure was placed in another project incorrectly. As a result the 'img' folder was actually in a different location then specified. Once I cleared this up and properly nested the project, my issues vanished.
Thanks for the help everyone.
I've a website running under IIS7. Everything works fine with this website. I've copied the directory and created a clone website on a different port. When I browse to the new website on the different port, I do not get any of the style settings until I log in -- then all appears normally.
The problem appears to do with the ASP.NET Membership/Authorization. I have a web.config in the subdirectories to allow all users (web.config) but the clone website is not using them even though all the config, directories, etc are the same. Only the port is different or non .config settings that IIS 7 uses.
I've discovered the problem but not the whole answer. The directories needed the IUSR permission to work but the original website doesn't have those permissions. It only had IIS_IUSRS. IF anyone can fully explain this behavior and how to fix the problem without granting IUSR then I will award the bounty for that answer.
The answer should be fully explanatory.
One potential issue would be with authorization settings in your config.
Look for something like this:
<location path="MyResourcesFolder">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
The above example would produce the effect that you've described assuming that your resources (css, jscript, etc) were located in a folder named MyResourcesFolder. Check the web.config that's in the actual website and not necessarily the project. This is because your website config may not be the same as your project config if you are using config transformations.
How can I deny access to particular directory in IIS.
In Apache I could just add .htaccess file:
Order allow,deny
Deny from all
to Logs or cache directory and nobody will allowed to see any content in that directory.
However when I add Web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
it works only for files handled by asp and doesn't work for i.e. log.txt.
I don't have access to IIS server, I can only add and change files.
Thanks in advance for help.
In IIS6 when you open folder properties you will see a checkbox labeled "Read". Try unsettling it
If you don't have access to IIS, do you at least have access to the file system? As in, can you set security on folders?
If so, go to the security tab on the particular folder and remove all rights to whatever guest account the site is running under.
Seeing as the only .net file are handled by the .net process and security model under IIS 6 (which you learned), I don't see what else you can do.
One other possibility - that may not work in your application - you could move all non .net files that require permission into the /App_Data/ folder. .Net does seem to just into the pipeline and prevent these files from being loaded. You could stream them instead.
FYI - if you DID have access to IIS this is a good article on how to restrict access to non .net files:
http://quickstarts.asp.net/QuickStartv20/aspnet/doc/tipstricks/default.aspx#securingnonaspnetcontent
Go to the folder properties in IIS Manager -> Directory Security tab -> Authentication and access control.
Uncheck 'Anonimous access' checkbox and disable all the authentication methods below.
There is no built-in file-based access management like htaccess. This can be achieved using third-party ISAPI modules like Helicon Ape
I need to let an aspx.cs file run code to enumerate the contents of a directory on another server altogether. Basically, use a Directory object, etc.
Here is what I can piece together (I'm really not a network rights guy at all, so this is all confusing to me.) When a user loads my aspx page, that page, code behind, is actually running under some kind of windows user account. IUSR_ or something.
For some reason, the server I need to reach (it's a Page Flex server) will not let me change the "Location" to search for users in so I can't go find /IUSR... and give it rights.
Is there some way to pass credentials as I try to enumerate the contents of a remote server's directories?
I really hope that made sense.
I don't know all your security constraints, but you may want to look into delegation
http://msdn.microsoft.com/en-us/library/aa291350(VS.71).aspx
There's lots of other articles on it if you search google
EDIT:
From: http://msdn.microsoft.com/en-us/library/xh507fc5(VS.71).aspx
<!-- Web.config file. -->
<identity impersonate="true" userName="contoso\Jane" password="pass"/>
The idea is to have the web request run as whatever domain user does have access to the share, instead of the default (IUSR_* or ASPNET user, I can't remember)
I believe you can do this for just a subdirectory or script if you want to limit what scripts are running as this user, see http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx
<location path="ReadUNC.aspx">
<system.web>
<identity impersonate="true" userName="contoso\Jane" password="pass"/>
</system.web>
</location>
And if you want to do the impersonation programmatically, maybe this will help get you started: http://www.west-wind.com/WebLog/posts/1572.aspx
When developing (works fine live) the pages for our website don't pick up the correct CSS until the user has authenticated (logged on).
So the Logon and Logoff forms look bad, but once inside the site, the CSS works again.
I'm guessing it's some kind of authentication issue? Haven't really looked into it too much because it's only when working on dev so not a huge issue, but would be nice to know how to fix it.
To allow an unauthenticated user to see your .css files (or any other file/directory) you can add a location element to your web.config file pointing to the .css file.
<configuration>
<system.web>
// system.web configuration settings.
</system.web>
<location path="App_Themes/Default/YourFile.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Check and make sure that the CSS file itself is not in an area that you are securing. You can manually exclude the file via the web.config if needed.
I just ran into this problem myself and manually adding the location made no difference. I found that I had given the IIS_IUSRS access to the folders so my application pool had no problem accessing the files but IIS was using the IUSR account for anonymous access.
To fix it, I opened IIS Manager -> IIS: Authentication -> Select 'Anonymous Authentication' -> Click Actions: Edit.. (or right click) -> Select 'Application pool identity'
Now anonymous access attempts use the IIS_IUSRS which have the correct file permissions.
Can you try using a tool like Fiddler or HttpWatch and check if a request actually goes for the .css file from the login page. Verify the return codes are 200. Could be because of relative path issue in your dev box.