Develop Reference

Disable OPTIONS, TRACE Method through web server configuration in IIS 8.5

I am using this but still showing 200 response code while checking it on burpsuit
<verbs allowUnlisted="false">
<clear />
<add verb="GET" allowed="true" />
<add verb="POST" allowed="true" />
<add verb="TRACE" allowed="false" />
<add verb="OPTIONS" allowed="false" />
<add verb="HEAD" allowed="false" />
<add verb="PUT" allowed="false" />
<add verb="CONNECT" allowed="false" />
<add verb="DELETE" allowed="false" />
<add verb="TRACK" allowed="false" />
</verbs>

Unable to add customAppSettingsGroup inside my console application app.config

I am working on an asp.net console application , and i am trying to add a custom app settings section to encrypt it, as follow:-
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<customAppSettingsGroup>
<customAppSettings>
<add key="KeyOne" value="****" />
</customAppSettings>
</customAppSettingsGroup>
<appSettings>
<add key="ConcurrentRequests" value="100" />
<add key="ApiLimit" value="100" />
<add key="FullScanDay" value="Tuesday" />
<add key="logsFilePath" value="C:\logslogs\" />
<add key="TPSFilePathAndName" value="C:\ctps_ns.txt" />
<add key="PhoneNumberLength" value="11" />
</appSettings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
</configuration>
but when i run the console application i will get this error:-
ConfigurationErrorsException: Unrecognized configuration section customAppSettingsGroup.
any advice?
EDIT-
I tried this inside my app.config:-
<configuration>
<configSections>
<sectionGroup name="customAppSettingsGroup">
<section name="customAppSettings"
type="System.Configuration.NameValueSectionHandler,System" />
</sectionGroup>
</configSections>
<customAppSettingsGroup>
<customAppSettings>
<add key="KeyOne" value="****" />
</customAppSettings>
</customAppSettingsGroup>
<appSettings>
<add key="ConcurrentRequests" value="100" />
<add key="ApiLimit" value="100" />
<add key="FullScanDay" value="Tuesday" />
<add key="logsFilePath" value="C:\logslogs\" />
<add key="TPSFilePathAndName" value="C:\ctps_ns.txt" />
<add key="PhoneNumberLength" value="11" />
</appSettings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
</configuration>
but when i try to access the section using this code:-
NameValueCollection settings = ConfigurationManager.GetSection("customAppSettingsGroup/customAppSettings") as System.Collections.Specialized.NameValueCollection;
i got this exception:-
Could not load file or assembly 'System' or one of its dependencies.
The system cannot find the file specified.'

Try it this way
<configuration>
<configSections>
<sectionGroup name="customAppSettingsGroup">
<section name="customAppSettings"
type="System.Configuration.NameValueSectionHandler,System" />
</sectionGroup>
</configSections>
<customAppSettingsGroup>
<customAppSettings>
<add key="KeyOne" value="****" />
</customAppSettings>
</customAppSettingsGroup>
<appSettings>
<add key="ConcurrentRequests" value="100" />
<add key="ApiLimit" value="100" />
<add key="FullScanDay" value="Tuesday" />
<add key="logsFilePath" value="C:\logslogs\" />
<add key="TPSFilePathAndName" value="C:\ctps_ns.txt" />
<add key="PhoneNumberLength" value="11" />
</appSettings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
</configuration>

Site moved to new server and this error appears: Hashed passwords cannot be retrieved

So I'm trying to move ASP.Net web site (DotNetNuke CMS) to a new web server. I have done this number of time's widauth any issues. This is the first time i get an error like this:
Configured settings are invalid: Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false.
Line 224: <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="false" passwordFormat="Hashed" applicationName="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database" />
What have I done?
Created a backup of database.
Restore database on new server.
Created new user for database and tested it using MSSQL Management Studio.
Coppied files from old server.
Changed MSSQL Connection string (host,user,password,catalog)
Run site
This is where the error appears.
What have i discovered so for?
The error appears even if connectionString is removed from web.config!
machineKey is defined in web.config
Source server: Windows Server 2012 R2, MSSQL 12.0.4232, IIS 8.5.9600
Target server: Windows Server 2016, MSSQL 12.0.5203, IIS 10.0.14393
Multiple sites have been already moved from this same old server to new server without issues.
Can you help please?!
This is web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="dotnetnuke">
<section name="data" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="logging" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="scheduling" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="htmlEditor" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="navigationControl" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="searchIndex" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="searchDataStore" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="friendlyUrl" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="caching" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="authentication" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="members" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="roles" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="profiles" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="permissions" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="moduleCaching" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="outputCaching" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="folder" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="clientcapability" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="sitemap" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="cryptography" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
</sectionGroup>
<sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor">
<section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor" requirePermission="false" />
</sectionGroup>
<section name="clientDependency" type="ClientDependency.Core.Config.ClientDependencySection, ClientDependency.Core" requirePermission="false" />
</configSections>
<connectionStrings>
<add name="SiteSqlServer" connectionString="Data Source=172.10.10.110;Initial Catalog=DNN_*****;User ID=****;Password=****" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="InstallTemplate" value="DotNetNuke.install.config" />
<add key="AutoUpgrade" value="true" />
<add key="UseInstallWizard" value="true" />
<add key="InstallMemberRole" value="true" />
<add key="ShowMissingKeys" value="false" />
<add key="EnableCachePersistence" value="false" />
<add key="HostHeader" value="" />
<add key="RemoveAngleBrackets" value="false" />
<add key="PersistentCookieTimeout" value="0" />
<add key="EnableServicesFrameworkTracing" value="false" />
<add key="InstallationDate" value="3/22/2013" />
<add key="UpdateServiceUrl" value="http://update.dotnetnuke.com" />
<add key="PreserveLoginUrl" value="true" />
<add key="loginUrl" value="~/Login.aspx" />
<add key="Telerik.Web.SkinsAssembly" value="Telerik.Web.UI.Skins, Version=2013.2.717.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
<add key="InstallVersion" value="07.00.04" />
<add key="CertName" value="Lavrena3311_billing.pfx" />
<add key="CertPass" value="lavrenasms" />
<add key="DefaultDevicesDatabase" value="DesktopModules\DevicePreviewManagement\Resources\defaultDevices.xml" />
</appSettings>
<system.web.webPages.razor>
<pages pageBaseType="DotNetNuke.Web.Razor.DotNetNukeWebPage">
<namespaces>
<add namespace="WebMatrix.Data" />
<add namespace="Microsoft.Web.Helpers" />
</namespaces>
</pages>
</system.web.webPages.razor>
<system.webServer>
<modules>
<add name="RequestFilter" type="DotNetNuke.HttpModules.RequestFilter.RequestFilterModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="UrlRewrite" type="DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="MobileRedirect" type="DotNetNuke.HttpModules.MobileRedirectModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="Exception" type="DotNetNuke.HttpModules.Exceptions.ExceptionModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="UsersOnline" type="DotNetNuke.HttpModules.UsersOnline.UsersOnlineModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="DNNMembership" type="DotNetNuke.HttpModules.Membership.MembershipModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="Personalization" type="DotNetNuke.HttpModules.Personalization.PersonalizationModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="Analytics" type="DotNetNuke.HttpModules.Analytics.AnalyticsModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
<add name="Services" type="DotNetNuke.HttpModules.Services.ServicesModule, DotNetNuke.HttpModules" />
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
<add name="ClientDependencyModule" type="ClientDependency.Core.Module.ClientDependencyModule, ClientDependency.Core" />
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule, Telerik.Web.UI" preCondition="managedHandler" />
<add name="Detector" type="FiftyOne.Foundation.Mobile.Detection.DetectorModule, FiftyOne.Foundation" preCondition="managedHandler" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<add name="LogoffHandler*" path="Logoff.aspx" verb="*" type="DotNetNuke.Services.Authentication.LogOffHandler, DotNetNuke" preCondition="integratedMode" />
<add name="RSSHandler" path="RSS.aspx" verb="*" type="DotNetNuke.Services.Syndication.RssHandler, DotNetNuke" preCondition="integratedMode" />
<add name="LinkClickHandler" path="LinkClick.aspx" verb="*" type="DotNetNuke.Services.FileSystem.FileServerHandler, DotNetNuke" preCondition="integratedMode" />
<add name="CaptchaHandler" path="*.captcha.aspx" verb="*" type="DotNetNuke.UI.WebControls.CaptchaHandler, DotNetNuke" preCondition="integratedMode" />
<add name="UserProfilePageHandler" path="User.aspx" verb="*" type="DotNetNuke.Services.UserProfile.UserProfilePageHandler, DotNetNuke" preCondition="integratedMode" />
<add name="RadProgressHandler" verb="*" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.Upload.RadUploadProgressHandler, Telerik.Web.UI" preCondition="integratedMode" />
<add name="UserProfilePicHandler" path="ProfilePic.ashx" verb="*" type="DotNetNuke.Services.UserProfile.UserProfilePicHandler, DotNetNuke" preCondition="integratedMode" />
<remove name="ExtensionlessUrl-Integrated-4.0" />
<add name="ExtensionlessUrl-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="SitemapHandler" path="Sitemap.aspx" verb="*" type="DotNetNuke.Services.Sitemap.SitemapHandler, DotNetNuke" preCondition="integratedMode" />
<add name="ClientDependencyHandler" verb="*" path="DependencyHandler.axd" type="ClientDependency.Core.CompositeFiles.CompositeDependencyHandler, ClientDependency.Core" preCondition="integratedMode" />
<add name="Telerik.Web.UI.WebResource" verb="*" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" preCondition="integratedMode" />
<add name="Telerik.Web.UI.ChartHttpHandler" verb="*" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler, Telerik.Web.UI, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
<add name="HtmTemplateFileHandler" verb="*" path="*.htmtemplate" type="DotNetNuke.Providers.RadEditorProvider.HtmTemplateFileHandler, DotNetNuke.RadEditorProvider" preCondition="integratedMode" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Documentation" />
<add segment="Licenses" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
<system.web>
<machineKey validationKey="" decryptionKey="" decryption="3DES" validation="SHA1" />
<compilation debug="true" strict="false" targetFramework="4.0">
<buildProviders>
<remove extension=".resx" />
<remove extension=".resources" />
</buildProviders>
<assemblies>
<add assembly="Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add assembly="System.Transactions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
<expressionBuilders>
<add expressionPrefix="dnnLoc" type="DotNetNuke.Services.Localization.LocalizationExpressionBuilder, DotNetNuke" />
</expressionBuilders>
</compilation>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
<httpRuntime shutdownTimeout="120" executionTimeout="900" useFullyQualifiedRedirectUrl="true" maxRequestLength="12288" requestLengthDiskThreshold="12288" requestValidationMode="2.0" fcnMode="Single" requestPathInvalidCharacters="<,>,*,%,:,\,?" />
<httpCookies httpOnlyCookies="true" requireSSL="false" domain="" />
<globalization culture="en-US" uiCulture="en" requestEncoding="UTF-8" responseEncoding="UTF-8" fileEncoding="UTF-8" />
<pages validateRequest="false" enableViewStateMac="true" enableEventValidation="true" viewStateEncryptionMode="Always">
<namespaces>
<add namespace="System.ComponentModel" />
<add namespace="System.Data" />
<add namespace="System.Data.SqlClient" />
<add namespace="System.Drawing" />
<add namespace="Microsoft.VisualBasic" />
<add namespace="System.Globalization" />
<add namespace="DotNetNuke.Services.Localization" />
<add namespace="DotNetNuke.Entities.Users" />
<add namespace="DotNetNuke" />
<add namespace="DotNetNuke.Common" />
<add namespace="DotNetNuke.Data" />
<add namespace="DotNetNuke.Framework" />
<add namespace="DotNetNuke.Modules" />
<add namespace="DotNetNuke.Security" />
<add namespace="DotNetNuke.Services" />
<add namespace="DotNetNuke.UI" />
<add namespace="DotNetNuke.Entities.Portals" />
<add namespace="DotNetNuke.Common.Utilities" />
<add namespace="DotNetNuke.Services.Exceptions" />
<add namespace="DotNetNuke.Entities.Tabs" />
</namespaces>
<controls></controls>
</pages>
<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="None" domain="" />
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="false" passwordFormat="Hashed" applicationName="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database" />
</providers>
</membership>
</system.web>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="bin;bin\HttpModules;bin\Providers;bin\Modules;bin\Support;" />
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="4.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="4.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Telerik.Web.UI" publicKeyToken="121fae78165ba3d4" />
<bindingRedirect oldVersion="2008.0.0.0-2020.0.0.0" newVersion="2013.2.717.40" />
</dependentAssembly>
<dependentAssembly xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity name="WebFormsMvp" publicKeyToken="537f18701145dff0" />
<bindingRedirect oldVersion="0.0.0.0-1.4.999.999" newVersion="1.4.1.0" />
</dependentAssembly>
<dependentAssembly xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<dotnetnuke>
<htmlEditor defaultProvider="DotNetNuke.RadEditorProvider">
<providers>
<clear />
<add name="DotNetNuke.RadEditorProvider" type="DotNetNuke.Providers.RadEditorProvider.EditorProvider, DotNetNuke.RadEditorProvider" providerPath="~/DesktopModules/Admin/RadEditorProvider" />
</providers>
</htmlEditor>
<navigationControl defaultProvider="DNNMenuNavigationProvider">
<providers>
<clear />
<add name="DNNDropDownNavigationProvider" type="DotNetNuke.NavigationControl.DNNDropDownNavigationProvider, DotNetNuke.DNNDropDownNavigationProvider" providerPath="~\Providers\NavigationProviders\DNNDropDownNavigationProvider\" />
<add name="ASP2MenuNavigationProvider" type="DotNetNuke.NavigationControl.ASP2MenuNavigationProvider, DotNetNuke.ASP2MenuNavigationProvider" providerPath="~\Providers\NavigationProviders\ASP2MenuNavigationProvider\" />
<add name="DNNTreeNavigationProvider" type="DotNetNuke.NavigationControl.DNNTreeNavigationProvider, DotNetNuke.DNNTreeNavigationProvider" providerPath="~\Providers\NavigationProviders\DNNTreeNavigationProvider\" />
<add name="SolpartMenuNavigationProvider" type="DotNetNuke.NavigationControl.SolpartMenuNavigationProvider, DotNetNuke.SolpartMenuNavigationProvider" providerPath="~\Providers\NavigationProviders\SolpartMenuNavigationProvider\" />
<add name="DDRMenuNavigationProvider" type="DotNetNuke.Web.DDRMenu.DDRMenuNavigationProvider, DotNetNuke.Web.DDRMenu" />
<add name="DNNMenuNavigationProvider" type="DotNetNuke.NavigationControl.DNNMenuNavigationProvider, DotNetNuke.DNNMenuNavigationProvider" providerPath="~\Providers\NavigationProviders\DNNMenuNavigationProvider\" />
</providers>
</navigationControl>
<searchIndex defaultProvider="ModuleIndexProvider">
<providers>
<clear />
<add name="ModuleIndexProvider" type="DotNetNuke.Services.Search.ModuleIndexer, DotNetNuke" providerPath="~\Providers\SearchProviders\ModuleIndexer\" />
</providers>
</searchIndex>
<searchDataStore defaultProvider="SearchDataStoreProvider">
<providers>
<clear />
<add name="SearchDataStoreProvider" type="DotNetNuke.Services.Search.SearchDataStore, DotNetNuke" providerPath="~\Providers\SearchProviders\SearchDataStore\" />
</providers>
</searchDataStore>
<data defaultProvider="SqlDataProvider">
<providers>
<clear />
<add name="SqlDataProvider" type="DotNetNuke.Data.SqlDataProvider, DotNetNuke" connectionStringName="SiteSqlServer" upgradeConnectionString="" providerPath="~\Providers\DataProviders\SqlDataProvider\" objectQualifier="" databaseOwner="dbo" />
</providers>
</data>
<logging defaultProvider="DBLoggingProvider">
<providers>
<clear />
<add name="DBLoggingProvider" type="DotNetNuke.Services.Log.EventLog.DBLoggingProvider, DotNetNuke" providerPath="~\Providers\LoggingProviders\DBLoggingProvider\" />
</providers>
</logging>
<scheduling defaultProvider="DNNScheduler">
<providers>
<clear />
<add name="DNNScheduler" type="DotNetNuke.Services.Scheduling.DNNScheduler, DotNetNuke" providerPath="~\Providers\SchedulingProviders\DNNScheduler\" debug="false" maxThreads="1" />
</providers>
</scheduling>
<friendlyUrl defaultProvider="DNNFriendlyUrl">
<providers>
<clear />
<add name="DNNFriendlyUrl" type="DotNetNuke.Services.Url.FriendlyUrl.DNNFriendlyUrlProvider, DotNetNuke.HttpModules" includePageName="true" regexMatch="[^a-zA-Z0-9 _-]" urlFormat="humanfriendly" />
</providers>
</friendlyUrl>
<caching defaultProvider="FileBasedCachingProvider">
<providers>
<clear />
<add name="FileBasedCachingProvider" type="DotNetNuke.Services.Cache.FBCachingProvider, DotNetNuke" providerPath="~\Providers\CachingProviders\FileBasedCachingProvider\" />
</providers>
</caching>
<authentication defaultProvider="ADSIAuthenticationProvider">
<providers>
<clear />
<add name="ADSIAuthenticationProvider" type="DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider, DotNetNuke.Authentication.ActiveDirectory" providerPath="~\Providers\AuthenticationProviders\ADSIProvider\" />
</providers>
</authentication>
<members defaultProvider="AspNetMembershipProvider">
<providers>
<clear />
<add name="AspNetMembershipProvider" type="DotNetNuke.Security.Membership.AspNetMembershipProvider, DotNetNuke" providerPath="~\Providers\MembershipProviders\AspNetMembershipProvider\" />
</providers>
</members>
<roles defaultProvider="DNNRoleProvider">
<providers>
<clear />
<add name="DNNRoleProvider" type="DotNetNuke.Security.Roles.DNNRoleProvider, DotNetNuke" providerPath="~\Providers\MembershipProviders\DNNMembershipProvider\" />
</providers>
</roles>
<profiles defaultProvider="DNNProfileProvider">
<providers>
<clear />
<add name="DNNProfileProvider" type="DotNetNuke.Security.Profile.DNNProfileProvider, DotNetNuke" providerPath="~\Providers\MembershipProviders\DNNProfileProvider\" />
</providers>
</profiles>
<permissions defaultProvider="CorePermissionProvider">
<providers>
<clear />
<add name="CorePermissionProvider" type="DotNetNuke.Security.Permissions.CorePermissionProvider, DotNetNuke" providerPath="~\Providers\PermissionProviders\CorePermissionProvider\" />
</providers>
</permissions>
<moduleCaching defaultProvider="FileModuleCachingProvider">
<providers>
<clear />
<add name="FileModuleCachingProvider" type="DotNetNuke.Services.ModuleCache.FileProvider, DotNetNuke" providerPath="~\Providers\ModuleCachingProviders\FileModuleCachingProvider\" />
<add name="MemoryModuleCachingProvider" type="DotNetNuke.Services.ModuleCache.MemoryProvider, DotNetNuke" providerPath="~\Providers\ModuleCachingProviders\MemoryModuleCachingProvider\" />
</providers>
</moduleCaching>
<outputCaching defaultProvider="FileOutputCachingProvider">
<providers>
<clear />
</providers>
</outputCaching>
<folder defaultProvider="StandardFolderProvider">
<providers>
<clear />
<add name="StandardFolderProvider" type="DotNetNuke.Services.FileSystem.StandardFolderProvider, DotNetNuke" />
<add name="SecureFolderProvider" type="DotNetNuke.Services.FileSystem.SecureFolderProvider, DotNetNuke" />
<add name="DatabaseFolderProvider" type="DotNetNuke.Services.FileSystem.DatabaseFolderProvider, DotNetNuke" />
</providers>
</folder>
<clientcapability defaultProvider="FiftyOneClientCapabilityProvider">
<providers>
<clear />
<add name="FiftyOneClientCapabilityProvider" type="DotNetNuke.Providers.FiftyOneClientCapabilityProvider.FiftyOneClientCapabilityProvider, DotNetNuke.Providers.FiftyOneClientCapabilityProvider" providerPath="~\Providers\ClientCapabilityProviders\FiftyOneClientCapabilityProvider\" />
</providers>
</clientcapability>
<sitemap defaultProvider="coreSitemapProvider">
<providers>
<clear />
<add name="coreSitemapProvider" type="DotNetNuke.Services.Sitemap.CoreSitemapProvider, DotNetNuke" providerPath="~\Providers\MembershipProviders\Sitemap\CoreSitemapProvider\" />
</providers>
</sitemap>
<cryptography defaultProvider="CoreCryptographyProvider">
<providers>
<clear />
<add name="CoreCryptographyProvider" type="DotNetNuke.Services.Cryptography.CoreCryptographyProvider, DotNetNuke" providerPath="~\Providers\CryptographyProviders\CoreCryptographyProvider\" />
</providers>
</cryptography>
</dotnetnuke>
<clientDependency version="0" fileDependencyExtensions=".js,.css">
<fileRegistration defaultProvider="DnnPageHeaderProvider">
<providers>
<add name="DnnBodyProvider" type="DotNetNuke.Web.Client.Providers.DnnBodyProvider, DotNetNuke.Web.Client" enableCompositeFiles="false" />
<add name="DnnPageHeaderProvider" type="DotNetNuke.Web.Client.Providers.DnnPageHeaderProvider, DotNetNuke.Web.Client" enableCompositeFiles="false" />
<add name="DnnFormBottomProvider" type="DotNetNuke.Web.Client.Providers.DnnFormBottomProvider, DotNetNuke.Web.Client" enableCompositeFiles="false" />
<add name="PageHeaderProvider" type="ClientDependency.Core.FileRegistration.Providers.PageHeaderProvider, ClientDependency.Core" enableCompositeFiles="false" />
<add name="LazyLoadProvider" type="ClientDependency.Core.FileRegistration.Providers.LazyLoadProvider, ClientDependency.Core" enableCompositeFiles="false" />
<add name="LoaderControlProvider" type="ClientDependency.Core.FileRegistration.Providers.LoaderControlProvider, ClientDependency.Core" enableCompositeFiles="false" />
</providers>
</fileRegistration>
<compositeFiles defaultFileProcessingProvider="DnnCompositeFileProcessor" compositeFileHandlerPath="~/DependencyHandler.axd">
<fileProcessingProviders>
<add name="CompositeFileProcessor" type="ClientDependency.Core.CompositeFiles.Providers.CompositeFileProcessingProvider, ClientDependency.Core" enableCssMinify="false" enableJsMinify="true" persistFiles="true" compositeFilePath="~/App_Data/ClientDependency" bundleDomains="" urlType="MappedId" />
<add name="DnnCompositeFileProcessor" type="DotNetNuke.Web.Client.Providers.DnnCompositeFileProcessingProvider, DotNetNuke.Web.Client" enableCssMinify="false" enableJsMinify="true" persistFiles="true" compositeFilePath="~/App_Data/ClientDependency" bundleDomains="" urlType="MappedId" />
</fileProcessingProviders>
</compositeFiles>
</clientDependency>
</configuration>

Did you try what the error message said? You have set enablePasswordRetrieval to true in your Web.Config. Try setting it to False
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" enablePasswordRetrieval="false" ... />
</providers>
I changed it to true on a local DNN installation and got the exact same error.

The issue ware missing files... Lost about 2 days for this :/ case closed. Thank you all for helping me!

How to achieve URL rewrite in mvc3?

My directory structure in MVC3 is below.
I installed URL-rewriting 2.0. I have added URL Rewriting.
Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<configSections>
<sectionGroup name="elmah">
<section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" />
<section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
<section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
<section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" />
</sectionGroup>
<section name="dotless" type="dotless.Core.configuration.DotlessConfigurationSectionHandler, dotless.Core" />
<section name="combres" type="Combres.ConfigSectionSetting, Combres, Version=2.2, Culture=neutral, PublicKeyToken=1ca6b37997dd7536" />
<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
<section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
<section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
</sectionGroup>
<section name="glimpse" type="Glimpse.Core.Configuration.Section, Glimpse.Core" />
</configSections>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="1.0.0.0" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="elmah.mvc.disableHandler" value="false" />
<add key="elmah.mvc.disableHandleErrorFilter" value="false" />
<add key="elmah.mvc.requiresAuthentication" value="false" />
<add key="elmah.mvc.IgnoreDefaultRoute" value="false" />
<add key="elmah.mvc.allowedRoles" value="*" />
<add key="elmah.mvc.allowedUsers" value="*" />
<add key="elmah.mvc.route" value="elmah" />
<add key="CombresSectionName" value="combres" />
</appSettings>
<system.web>
<customErrors mode="RemoteOnly"></customErrors>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
<add namespace="Combres" />
<add namespace="Combres.Mvc" />
</namespaces>
</pages>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
<add path="*.less" verb="GET" type="dotless.Core.LessCssHttpHandler, dotless.Core" />
<add path="glimpse.axd" verb="GET" type="Glimpse.AspNet.HttpHandler, Glimpse.AspNet" />
</httpHandlers>
<!-- Glimpse: This can be commented in to add additional data to the Trace tab when using WebForms
<trace writeToDiagnosticsTrace="true" enabled="true" pageOutput="false"/> -->
<httpModules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
<add name="Glimpse" type="Glimpse.AspNet.HttpModule, Glimpse.AspNet" />
</httpModules>
</system.web>
<system.webServer>
<rewrite>
<rules>
<rule name="WebFormToMyPage" stopProcessing="true">
<match url="^WEBFORM1.aspx" />
<action type="Redirect" url="MyDirectory/MyPage" appendQueryString="false" />
</rule>
</rules>
</rewrite>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
<add name="Glimpse" type="Glimpse.AspNet.HttpModule, Glimpse.AspNet" preCondition="integratedMode" />
</modules>
<handlers>
<add name="dotless" path="*.less" verb="GET" type="dotless.Core.LessCssHttpHandler,dotless.Core" resourceType="File" preCondition="" />
<add name="Glimpse" path="glimpse.axd" verb="GET" type="Glimpse.AspNet.HttpHandler, Glimpse.AspNet" preCondition="integratedMode" />
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="AjaxMin" publicKeyToken="21ef50ce11b5d80f" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.84.4790.14405" newVersion="4.84.4790.14405" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />
</dependentAssembly>
</assemblyBinding>
<!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->
<legacyHMACWarning enabled="0" />
<!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
-->
</runtime>
<elmah></elmah>
<dotless minifyCss="false" cache="true" web="false" />
<combres definitionUrl="~/App_Data/combres.xml" />
<system.net>
<defaultProxy enabled="true" />
<settings>
<!-- This setting causes .NET to check certificate revocation lists (CRL)
before trusting HTTPS certificates. But this setting tends to not
be allowed in shared hosting environments. -->
<!--<servicePointManager checkCertificateRevocationList="true"/>-->
</settings>
</system.net>
<dotNetOpenAuth>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
<!--<add name="localhost" />-->
</whitelistHosts>
</untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true" />
<!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. -->
<!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ -->
<openid>
<relyingParty>
<security requireSsl="false">
<!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
<!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
<add endpoint="https://www.google.com/accounts/o8/ud" />
</trustedProviders>-->
</security>
<behaviors>
<!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
with OPs that use Attribute Exchange (in various formats). -->
<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
</behaviors>
</relyingParty>
<provider></provider>
</openid>
</dotNetOpenAuth>
<uri>
<!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
which is necessary for OpenID urls with unicode characters in the domain/host name.
It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
<idn enabled="All" />
<iriParsing enabled="true" />
</uri>
<glimpse defaultRuntimePolicy="On" endpointBaseUri="~/Glimpse.axd">
<!-- If you are having issues with Glimpse, please include this. It will help us figure out whats going on.
<logging level="Trace" />-->
<!-- Want to use Glimpse on a remote server? Ignore the LocalPolicy by removing this comment.-->
<runtimePolicies>
<ignoredTypes>
<add type="Glimpse.AspNet.Policy.LocalPolicy, Glimpse.AspNet"/>
</ignoredTypes>
</runtimePolicies>
</glimpse>
</configuration>
When somebody is trying to type below url
http://localhost/webform1.aspx
It should be turned to like below...
http://localhost/MyDirectory/MyPage
How can i achieve this?

As far as I can tell, you actually want two things:
When a user navigates to /MyDirectory/MyPage you want to return whatever WebForm1.aspx renders.
When a user navigates to /WebForm1.aspx you want to redirect him to /MyDirectory/MyPage so that the URL in the address bar changes.
For the first one, add this route before your default route:
routes.MapPageRoute("MyPage", "MyDirectory/MyPage", "~/WebForm1.aspx");
This will make /MyDirectory/MyPage an alias to /WebForm1.aspx.
For the second one, add the following rewrite rule to the system.webServer section of your web.config file:
<rewrite>
<rules>
<rule name="WebFormToMyPage" stopProcessing="true">
<match url="^WebForm1.aspx" />
<action type="Redirect" url="MyDirectory/MyPage" />
</rule>
</rules>
</rewrite>

It sounds like you just want WebForm1.aspx to take you over to MyDirectory/MyPage. I would suggest redirecting the user to your new page:
<system.webServer>
<rewrite>
<rules>
<rule name="WebFormToMyPage" stopProcessing="true">
<match url="^webform1.aspx" />
<action type="Redirect" url="MyDirectory/MyPage" appendQueryString="false" />
</rule>
</rules>
</rewrite>

What causes a 404.4 on IIS 7.5 for delivering a static file?

I'm trying to set my default page to Index.html on an ASP.NET site running on IIS7.5. I keep getting a 404.4 which tells me that a handler is not set up. However, I have a <handler> and an <httpHandlers> value set up for my html pages. I've also specified the default document. Yet I keep getting a 404.4.
I CAN browse to myuri/index.html but I can't get it to load as the default.
Any suggestions?
Here's my web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings />
<connectionStrings />
<system.web>
<authentication mode="Windows" />
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.0" />
<httpHandlers>
<add path="*.html" verb="*" type="System.Web.StaticFileHandler" />
<add path="~/assets/*" verb="*" type="System.Web.StaticFileHandler"/>
<add verb="*" path="*.rastahook" validate="false" type="OpenRasta.Hosting.AspNet.OpenRastaRewriterHandler, OpenRasta.Hosting.AspNet" />
</httpHandlers>
<httpModules>
<add name="OpenRasta" type="OpenRasta.Hosting.AspNet.OpenRastaModule, OpenRasta.Hosting.AspNet" />
</httpModules>
<pages controlRenderingCompatibilityVersion="4.0" clientIDMode="AutoID" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true" />
<defaultDocument enabled="true">
<files>
<clear />
<add value="/index.html" />
</files>
</defaultDocument>
<rewrite>
<rules>
<rule name="Remove WWW" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="threetasks.apphb.net{PATH_INFO}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<httpCompression directory="%SystemDrive%\websites\_compressed" minFileSizeForComp="1024">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" />
<httpProtocol>
<customHeaders>
<add name="X-UA-Compatible" value="IE=Edge,chrome=1" />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="OpenRasta" type="OpenRasta.Hosting.AspNet.OpenRastaModule, OpenRasta.Hosting.AspNet" />
</modules>
<handlers accessPolicy="Script,Read">
<clear />
<add name="StaticFile" path="index.html" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
<add name="StaticFiles" path="~/assets/*" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
<add name="OpenRasta" verb="*" path="*.rastahook"
type="OpenRasta.Hosting.AspNet.OpenRastaRewriterHandler, OpenRasta.Hosting.AspNet" />
</handlers>
<staticContent>
<!-- Set expire headers to 30 days for static content-->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
<remove fileExtension=".css" />
<mimeMap fileExtension=".css" mimeType="text/css; charset=UTF-8" />
<remove fileExtension=".js" />
<mimeMap fileExtension=".js" mimeType="text/javascript; charset=UTF-8" />
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json; charset=UTF-8" />
<remove fileExtension=".rss" />
<mimeMap fileExtension=".rss" mimeType="application/rss+xml; charset=UTF-8" />
<remove fileExtension=".html" />
<mimeMap fileExtension=".html" mimeType="text/html; charset=UTF-8" />
<remove fileExtension=".xml" />
<mimeMap fileExtension=".xml" mimeType="application/xml; charset=UTF-8" />
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<mimeMap fileExtension=".m4v" mimeType="video/m4v" />
<mimeMap fileExtension=".ogg" mimeType="video/ogg" />
<mimeMap fileExtension=".ogv" mimeType="video/ogg" />
<mimeMap fileExtension=".webm" mimeType="video/webm" />
<!--<mimeMap fileExtension=".svg" mimeType="images/svg+xml" />-->
<!--<mimeMap fileExtension=".svgz" mimeType="images/svg+xml" />-->
<remove fileExtension=".eot" />
<mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
<mimeMap fileExtension=".otf" mimeType="font/otf" />
<mimeMap fileExtension=".woff" mimeType="font/x-woff" />
</staticContent>
</system.webServer>
</configuration>

For handling static content in iis 7.5, you need to register mime type via the following element in web.config file within element. I am mostly used for mp4 videos withot it 404.4 error arises.
<staticContent>
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<!-- for html may be -->
<mimeMap fileExtension=".html" mimeType="text/html" />
</staticContent>

Taking a step back....where are you setting the default document?
If you set it in web.config, then you are saying that the ASP.Net runtime will/should handle .html extension. In other words, web.config pertains to ASP.Net.
Have you set the default document in IIS?
If its just a static file, there is no need for ASP.Net to even be involved - IIS should handle htm/html files out of the box.

What we ended up doing was splitting the project. Our goal was to have a service backend with a think JavaScript front end. Some of this is to try out different patterns and ideas we have. I'm writing the service and my friend is writing the front end. After talking about it, they don't need to be in the same project.
That is, I'll create an API and he'll create a client that can be hosted anywhere. With that in mind, my site will now just do API work, and will not need to deliver any html as a default page.