I have a machine.config with this configuration:
<system.web>
<machineKey compatibilityMode="Framework20SP2" validationKey="123" decryptionKey="456" validation="SHA1" decryption="3DES"/>
And a web.config with this attribute
<system.web>
<machineKey decryption="SHA1"/>
Does the final configuration do a combination of both?
<machineKey compatibilityMode="Framework20SP2" validationKey="123" decryptionKey="456" validation="SHA1" decryption="SHA1"/>
or if I have redefined machineKey it will get overriden completely?
<machineKey decryption="SHA1"/>
Settings in child directory will either override or modify settings from parent directory. e.g. Lets take example of handlers or modules. In parent directory if web.config contains handlers like this.
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="SampleHandler.new" type="SampleHandler, SampleHandlerAssembly" />
</httpHandlers>
</system.web>
</configuration>
and if child directory contains handlers like this
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.SampleFileExtension" type="SampleHandler2 " />
</httpHandlers>
</system.web>
</configuration>
Then effective handlers available for child directory will be union of two configurations. So essentially configuration is getting modified here in child directory. If you add < clear/> tag right after < httpHandlers> tag in child directory's config file then it will override parent's configuration and only one handler which is there in child's config file will be available for child directory.
Now lets take second example. Consider configuration in question. In this case since we are re-declaring/configuring same setting in child's configuration file it will override parent's configuration settings and effective configuration will be whatever is there in child's configuration file. i.e.
<machineKey decryption="SHA1"/>
You may get more insight on how configuration works from this link.
http://weblogs.asp.net/jongalloway/10-things-asp-net-developers-should-know-about-web-config-inheritance-and-overrides
I like to secure all aspx files in a folder ~/Secure/ secure such that specific IP addresses can access the folder's aspx files. I added the following web.config file to the folder, hoping that it adds to the parent web.config:
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</configuration>
The problem is that I get this error when I try to access to any of the aspx pages in the folder:
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
What does it take to make this idea happen? I like to just include one web.config file to a folder and that enforces the IP address authorization. I like this idea, since it is no-code and config only.
You cannot do it in the website web.config only.
If you can use IIS manager:
Open IIS Manager, locate the site, click on the folder you want to protect, then click on IP address and Domain Restrinctions.
Also click on "Edit feature settings" in the right Actions panel" to specify actions for unspecified clients (i.e. Deny with Forbidden, or simply Deny With Not Found).
This will generate the right configuration for you.
In your root web.config use the location element:-
<location path="Secure">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
My application has this structure
MyApplication
-Themes
In my application's webconfig I remove the UrlAuthorization module and add my own:
<modules runAllManagedModulesForAllRequests="true">
<remove name="UrlAuthorization" />
<add name="MyModule" type="MyType, MyNamespace" preCondition="managedHandler" />
</modules>
My Theme folder has this webconfig (this is the complete webconfig):
<?xml version="1.0"?>
<configuration>
<system.web>
<pages styleSheetTheme="" validateRequest="false" />
</system.web>
</configuration>
I have this deployed in 3 environments. 2 of them works correctly but in one of them I have the UrlAuthorization module working when I make a request do a file inside the Theme folder.
I know that the UrlAuthorization is active because I do not get the resource I requested, but an URL /ReturnURl/... path
The < remove> tag is working because removing it causes the whole request to be redirect to the /ReturnUrl
Is there any reason that may cause this behavior to happen only in this machine?
I deployed all of them and I do not remember making and different task on any of them
thanks!
FYI, it was an issue due to the folders permissions in the file system. I made the environments identical and it worked.
I have an IIS website running an ASP.NET site but it has multiple applications running under it (a virtual directory with separate app pools basically).
Well - I need two separate applications which point to the same root folder director but I want the apps to have separate default documents. The reason is because this is how it is configured in production and this is on my development box.
The problem is that IIS keeps giving me the SAME default document for both apps (which are separate virtual paths and separate app pools just same physical location). How can I overcome this or can I not in IIS7?
I am going to be re-writing the whole thing and it will not be done this way in the furture...but until then I need to fix some bugs and want a local dev environment. Help!
In order to accomplish this and preserve the setup implemented in our sites I needed to add a location tag around the System.WebServer element in the root site web.config and specify the default document in there as follows where the path is the VirtualDirectory/Application name:
<location path="VirtualDirectoryName">
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="Document.asp" />
</files>
</defaultDocument>
</system.webServer>
</location>
<location path="VirtualDirectoryName2">
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="AnotherDocument.asp" />
</files>
</defaultDocument>
</system.webServer>
</location>
I am trying to add
<location inheritInChildApplications="false">
to my parent web application's web.config but it doesn't seem to be working.
My parent's web.config has:
<configuration>
<configSections>
</configSections>
// 10 or so custom config sections like log4net, hibernate,
<connectionStrings>
</connectionStrings>
<appSettings>
</appSettings>
<system.diagnostics>
</system.diagnostics>
<system.web>
<webParts>
</webParts>
<membership>
</membership>
<compilation>
</compilation>
</system.web>
<location ..>
<system.web>
</system.web>
</location>
<system.webServer>
</system.webServer>
My child web application is setup as an application in IIS, and is inheriting from the parent's web.config which is causing problems.
Where exactly should I place the
<location inheritInChildApplications="false">
so it ignores all the various web.config settings?
As the commenters for the previous answer mentioned, you cannot simply add the line...
<location path="." inheritInChildApplications="false">
...just below <configuration>. Instead, you need to wrap the individual web.config sections for which you want to disable inheritance. For example:
<!-- disable inheritance for the connectionStrings section -->
<location path="." inheritInChildApplications="false">
<connectionStrings>
</connectionStrings>
</location>
<!-- leave inheritance enabled for appSettings -->
<appSettings>
</appSettings>
<!-- disable inheritance for the system.web section -->
<location path="." inheritInChildApplications="false">
<system.web>
<webParts>
</webParts>
<membership>
</membership>
<compilation>
</compilation>
</system.web>
</location>
While <clear /> may work for some configuration sections, there are some that instead require a <remove name="..."> directive, and still others don't seem to support either. In these situations, it's probably appropriate to set inheritInChildApplications="false".
It needs to go directly under the root <configuration> node and you need to set a path like this:
<?xml version="1.0"?>
<configuration>
<location path="." inheritInChildApplications="false">
<!-- Stuff that shouldn't be inherited goes in here -->
</location>
</configuration>
A better way to handle configuration inheritance is to use a <clear/> in the child config wherever you don't want to inherit. So if you didn't want to inherit the parent config's connection strings you would do something like this:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<clear/>
<!-- Child config's connection strings -->
</connectionStrings>
</configuration>
I put everything into:
<location path="." inheritInChildApplications="false">
....
</location>
except: <configSections/>, <connectionStrings/> and <runtime/>.
There are some cases when we don't want to inherit some secions from <configSections />, but we can't put <section/> tag into <location/>, so we have to create a <secionGroup /> and put our unwanted sections into that group. Section groups can be later inserted into a location tag.
So we have to change this:
<configSections>
<section name="unwantedSection" />
</configSections>
Into:
<configSections>
<sectionGroup name="myNotInheritedSections">
<section name="unwantedSection" />
</sectionGroup>
</configSections>
<location path="." inheritInChildApplications="false">
<myNotInheritedSections>
<unwantedSection />
</myNotInheritedSections>
</location>
We were getting an error related to this after a recent release of code to one of our development environments. We have an application that is a child of another application. This relationship has been working fine for YEARS until yesterday.
The problem:
We were getting a yellow stack trace error due to duplicate keys being entered. This is because both the web.config for the child and parent applications had this key. But this existed for many years like this without change. Why all of sudden its an issue now?
The solution:
The reason this was never a problem is because the keys AND values were always the same. Yesterday we updated our SQL connection strings to include the Application Name in the connection string. This made the string unique and all of sudden started to fail.
Without doing any research on the exact reason for this, I have to assume that when the child application inherits the parents web.config values, it ignores identical key/value pairs.
We were able to solve it by wrapping the connection string like this
<location path="." inheritInChildApplications="false">
<connectionStrings>
<!-- Updated connection strings go here -->
</connectionStrings>
</location>
Edit: I forgot to mention that I added this in the PARENTS web.config. I didn't have to modify the child's web.config.
Thanks for everyones help on this, saved our butts.
If (as I understand) you're trying to completely block inheritance in the web config of your child application, I suggest you to avoid using the tag in web.config.
Instead create a new apppool and edit the applicationHost.config file (located in %WINDIR%\System32\inetsrv\Config and %WINDIR%\SysWOW64\inetsrv\config).
You just have to find the entry for your apppool and add the attribute enableConfigurationOverride="false" like in the following example:
<add name="MyAppPool" autoStart="true" managedRuntimeVersion="v4.0" managedPipelineMode="Integrated" enableConfigurationOverride="false">
<processModel identityType="NetworkService" />
</add>
This will avoid configuration inheritance in the applications served by MyAppPool.
Matteo
This is microsoft's page on the location tag: http://msdn.microsoft.com/en-us/library/b6x6shw7%28v=vs.100%29.aspx
It may be helpful to some folks.
We're getting errors about duplicate configuration directives on the one of our apps.
After investigation it looks like it's because of this issue.
In brief, our root website is ASP.NET 3.5 (which is 2.0 with specific libraries added), and we have a subapplication that is ASP.NET 4.0.
web.config inheritance causes the ASP.NET 4.0 sub-application to inherit the web.config file of the parent ASP.NET 3.5 application.
However, the ASP.NET 4.0 application's global (or "root") web.config, which resides at C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config and C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config (depending on your bitness), already contains these config sections.
The ASP.NET 4.0 app then tries to merge together the root ASP.NET 4.0 web.config, and the parent web.config (the one for an ASP.NET 3.5 app), and runs into duplicates in the node.
The only solution I've been able to find is to remove the config sections from the parent web.config, and then either
Determine that you didn't need them in your root application, or if you do
Upgrade the parent app to ASP.NET 4.0 (so it gains access to the root web.config's configSections)