Error while deploying Asp.Net application to IIs server.
HTTP Error 500.19 - Internal Server Error
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
I am new to ASP.Net.
Help me how to solve this problem.
Thank you in advance.
The solution was to make a change in the applicationHost.config file.
Browse to “C:\Windows\System32\inetsrv\config” (you will need
administrator rights here)
Open applicationHost.config
Find the section that showed up in the “config source” part of the
error message page. For me this has typically been “modules” or
“handlers”
Change the overrideModeDefault attribute to be “Allow”
So the whole line now looks like:
After saving the file, the page loaded up fine in my browser.
For more info: http://blog.thinkoriginally.com/2010/02/17/asp-net-config-error-this-configuration-section-cannot-be-used-at-this-path/
Related
I want to use custom membership and role provider in MVC4 .
So i added some code to my config file as you can see here:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers> <clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="authentication" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="CustomRoleProvider">
<providers>
<clear/>
<add name="CustomRoleProvider"
connectionStringName="authentication"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>
But when i go to ** Web Site Administration Too** for adding role i got this error:
The following message may help in diagnosing the problem: Sections must only appear once per config file. See the help topic for exceptions. (C:\Users\ehsan\Desktop\EducationModel\EducationMVC\web.config line 46)
You have multiple membership providers defined separately:
Removing one of them should get rid of that error. But if you need to have both providers then update as follows:
<membership defaultProvider="MembershipProvider2">
<providers>
<add name="MembershipProvider1" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
<add name="MembershipProvider2" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Here MembershipProvider2 is set as defaultProvider just for example. You would update this with whichever providers you need to use as default.
I upload my project to IIS ,I used my custome sqlmembership provider.and createed roles and users ,but when I tring to edit/delete/update data ,It tell me "u dont have a permission to do that" but inside the roles already define it can do that.
Plus I am using VS ASP.NET configuration tool,to add user and roles but when click the test button onAspNetSqlRoleProvider ,it tell me not found database.It works fine with VS build-in server but I upload the IIs ,it give error.
here is the a part of web.config
<system.web>
<roleManager enabled="true" />
<customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Hata.aspx" />
<authentication mode="Forms">
<forms cookieless="AutoDetect" loginUrl="~/Login.aspx" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<!--Add a customized SqlMembershipProvider -->
<add name="MySqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="OSProjeConnectionString" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="15" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
passwordStrengthRegularExpression="">
</providers>
</membership>
<connectionStrings>
<add name="OSProjeConnectionString" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=OSProje;Integrated Security=SSPI; User ID=sa;Password=password;" />
</connectionStrings>
..............
...................
edıt :
I fix the problem adding this lines
<roleManager defaultProvider="roleProvider">
<providers>
<add connectionStringName="OSProjeConnectionString"
name="roleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
Here is the line which is creating problem.
But you have not specified the DefaultProvider, so it takes AspNetSqlRoleProvider as the provider. Now you have to check the settings of AspNetSqlRoleProvider. Or you can add the following code:
<roleManager
enabled="false"
cacheRolesInCookie="false"
cookieName=".ASPXROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All"
defaultProvider="AspNetSqlRoleProvider"
createPersistentCookie="false"
maxCachedResults="25">
<providers>
<clear />
<add
connectionStringName="LocalSqlServer"
applicationName="/"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add
applicationName="/"
name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
With some modifications.
Regarding App_Data folder, its automatically created for the application related data. For more details read this
I develop some site, that uses authentication ticket from API of other service.
I have method GetSessionTicket() from API. And now question:
can i do asp.net authentication thats depends only from cookie?
Now i remove all section about Membership provider at web.config:
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>-->
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
and left this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
LogOn logic looks like:
var ticket = SecurityService.GetSessionTicket(model.UserName, model.Password);
FormsAuthentication.SetAuthCookie(ticket.SessionUserId.ToString(), true);
Is it ok? Now my ASP.NET authorization based only on cookie and does not require sql server or aspnetdb.mdf, yes?
Yes it is fine to do this, what you are essentially doing is implementing Forms authentication, without the membership database. You are not required to use a membership datbase to achieve authentication, and setting the cookies in code is fine.
I use method=get to send my data from one webform to the other. But I don't want to have in the URL query things like:
Search.aspx?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwODIwNTg5MQ9kFgJmD2QWAgIDDxYCHgZtZXRob2QFA2dldGRkGOirvzjoAxt%2BfOb915%2FpsYZXmAxLZZdpnK6UW7A9%2Fk83D&__PREVIOUSPAGE=cog5Yzt_1GerH9r2ERTIPbLWMCwMFYteZjmDYCbBO3vobCG4C_mWM7GZMNuBesyAjw77cvuNKl_aSUYzeajiW6W0CjI0tLB6ikjcM4t5Kbg1&__EVENTVALIDATION=%2FwEWAgKYsPjPDQKY24%2FQBBH4CPejKl3spy0A%2BtpMxb%2BCGVGJf73dYtmaEnIFF4IR&name=Amy&state=24&ctl00%24MainContent%24submit=Searchbut
I only want the name and the state to be in the Get query like:
?name=Amy&state=24
<configuration>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Most of the additional parameters appear to be view state ones?
You could consider turning off view state – see this MSDN article which would get you closer to your desired URL.
Other options include switching to POST as the method or using some other mechanism to pass the additional data such as setting cookies.
Or moving to something like ASP.Net MVC which would allow your more control over how URLs are created/used.
i am facing a wierd problem
i use visual studio 2010, SQL express 2008 on win server 2008
after running the wizard of security (created single user, set permissions like deny anonymous and allow the created user) and pressing F5 --> the site works just fine.
when i move the folder to IIS 7 and "convert to application" the login page appears but it wont accept the password i provided.
i was told that only Stackoverflow geniuses will answer this question.
i am using .Net 4, manged pipleine mode --> inegrated
IIS settings:
Anonymous Auth. --> Enabled
Forms Auth. --> Enabled
ASP.Net Impersonation, Basic Auth, Digest Auth, Windows Auth--> Disabled
web.config
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<deny users="?"/>
<allow users="statmaster"/>
</authorization>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
the username exists in aspnet_Users table and the username "encrypted" in aspnet_Membership table
Read the article
Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers
try creating a new website and put the application component in the root in case web.config application name = "/"
i hope this will solve it
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx