I'm trying to add users to IIS Manager via web.config, but whenever I add the following lines, the web site stops working and says web.config is not valid.
The web site works if I add those lines in administration.config, but I like to keep the scope small by sticking with web.config.
<system.webServer>
<management>
<authorization defaultProvider="ConfigurationAuthorizationProvider">
<authorizationRules>
<scope path="/MyApp">
<add name="domain\user" />
</scope>
</authorizationRules>
</authorization>
</management>
</system.webServer>
A simple Google search can answer your question.
IIS Management element
From that page:
Note: The settings in the management element can only be configured in the Administration.config file.
Related
I have successfully setup Elmah at machine level in order to have error logging for all web applications. Now I want to add the RSS feed of each application to Outlook. Problem is applications are secured and won't allow Outlook to access RSS feed (at my.web.application.com/elmah.axd/rss). Since I can't ask Outlook to login in the app, I figured I'd give access to anybody to the elmah path and restrict by IP address (actually restricting to our local network), with the following config:
<location path="elmah.axd">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="127.0.0.1" allowed="true" />
<add ipAddress="10.0.0.0" allowed="true" subnetMask="255.255.255.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
This actually works when put in the application's Web.config: I have access to the elmah.axd page without logging in. Perfect. Now I wanted to do this at machine level so every application behaves the same. So I put it at the same places I put the Elmah config, that is:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config
C:\Windows\System32\inetsrv\config\applicationHost.config (IIS config)
Although putting the config there made Elmah respond on every web application, it doesn't work with that security config: the applications still ask to login... What need I do to make it work at machine level ?
Would it be that in machine level web.config the path is not relative to the applications ? but then how can I make it work ? (I also tried ~/elmah.axd without success...)
Check for overrides in each application's configuration.
The local configuration settings override settings in parent
configuration files.
Source: https://msdn.microsoft.com/en-us/library/ms178685%28v=vs.140%29.aspx
I am using HttpContext.Current.User.Identity.Name to get the user name when the web application is in use. During development I was using my local iis, with integrated windows authentication enabled and anonymous access enabled and disabled, and I was able to get the username.
Now, when I publish the web application, it comes back blank. The setup on the published server is the same, and I have tried using Page.User.Identity.Name, which also returned blank.
Does anyone know why this is and how to fix it?
You probably had Anonymous Authentication on as well as Windows Authentication. Turn off Anonymous off.
So,
<system.web>
<authentication mode="Windows" />
</system.web>
In IIS config for the app,
look in Authentication tab
Set **Anonymous Authentication** to **Disabled** and
Set **Windows Authentication** to **Enabled**
This should work and the Identity.UserName should now show up properly.
HttpContext.Current.Request.LogonUserIdentity.Name always work for me in VS 2012 environment and IIS 7
To solve the problem, you have to enable the Windows Authentication feature. Follow the below steps:
-Click Start, and then click Control Panel. Open the Programs group.
-Under Programs and -Features, click Turn Windows Features on or off.
-Expand the item labeled Internet Information Services.
-Expand the item labeled World Wide Web Services.
-Expand the item Security ->
Make sure to select Windows Authentication
Also you need to disable Anonymous Authentication from the IIS as follows:
-Click on your application in IIS
-Double click Authentication under IIS group
-Click on Anonymous Authentication
-Click on Disable on the right side under Actions.
Hope this helps
When working with WIF you should use Thread.CurrentPrincipal.Identity.Name instead of User.Identity.Name.
Read more here: http://msdn.microsoft.com/en-us/magazine/ff872350.aspx to learn more about Windows Identity Foundation
Similar question: User.Identity.Name is null after authenticate via WIF
set <authentication mode="Forms"> in web.config file & Your Problem Will solve.
Test your web-site by using below code
if (Page.User.Identity.Name != "" )
{
Label1.Text = "Hello";
}
else
{
Response.Redirect("login.aspx?url=Upload.aspx");
}
This will not solve the original post, but want to put this here anyways in case others stumble across this when searching for why user.identity is returning nothing...
In my case User.Identity started returning nothing after updating a users ad username (specifically the pre-windows 2000 username).
The LSA cache on IIS was the issue. Even after restarting the IIS server while troubleshooting the issue persisted. It was not until adding the registry setting outlined here the the issue was fixed:
https://support.microsoft.com/en-us/help/946358/the-lsalookupsids-function-may-return-the-old-user-name-instead-of-the
For a blank return, my solution ended up being the web.config. I'm using Visual Studio 2010, and the default web.config did not work. I replaced it with a nearly empty web.config and then success! Perhaps the default vs2010 web.config called too many references or configured the IIS incorrectly for the use of User.Identity.Name. My system is Windows7.
Default asp.net web site web.config from vs2010 was about 100-115 lines long. As you can see below the nearly empty web.config is about 20 lines long.
the web.config that i used:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
<allow roles="Doman Name\Group Name" users="" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<security>
<authorization>
<add accessType="Allow" users="" roles="Doman Name\Group Name" />
</authorization>
</security>
</system.webServer>
</configuration>
In IIS: click on your Site.
In Home Page: Authentication.
In Action menu: Open Feature.
Disable Anonymous Authentication.
Restart Site.
steps 1,2,3
step 4
I have an ASP.net 1.1 application.
In a sub-folder, I've installed blogengine.net, which is a 2.0 app.
The folder is set to be an application and is using the proper framework.
It works...except for authentication.
The issue is inheritence from the web.config in the root application.
The common fix for this issue is to use 'clear' in your nested app's config file for each thing you want to reset.
<httpModules>
<clear/>
</httpModules>
The problem is that 'clear' does not appear to be allows within authentication tags:
<authentication mode="Forms">
<clear/>
<forms... rest of my child app's settings for authentication...>
</authentication>
Doing that gives me a syntax error.
Anyone know of a way to get this working? I need to prevent the root app's authentication info in web.config from being inherited within the child application.
UPDATE: per curious_geek's answer, one option is to modify the root config to not allow inheritance. However, my understanding is that will also block the system.config properties. Is that usually a big deal? This isn't my server, so wonder if doing that will open up some security issues that might not go over with with the server admin.
You need to tell the parent web.config no to force section inheritance in child-application.
If you want to stop system.web section inheritance to child-app then you'd wrap your system.web section with location element mentioned as below.
<location path="." inheritInChildApplications="false">
<system.web>
</system.web>
</location>
You can also apply this technique for stop inheritance for connectionstrings and appsettings section as well.
PS: when you actually add this
lines in web.config, visual studio will
not recognize it as valid and mark it
as error, but be rest assured that it
will work well under IIS when
deployed.
is it possible to prevent browsing of a folder contents in an ASP.NET web application other than creating a default page, say using web.config?
I would like to avoid using IIS for this if possible.
Thanks
If you are using IIS7, you can use web.config files for this. Specify a <location> tag for the desired folder, and give it a <directoryBrowse> sub-tag, ie:
<location path="path to your folder">
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
</location>
The previous answer system.webServer -> directoryBrowse is new and can be used when your site is running under IIS7 (be it debugging or otherwise) only, it will not work in IIS6. In IIS6 you need to do it using the IIS management console.
I have a few aspx files in a "Cache" folder in my application and I do not want HttpModules to run for those files in that folder. I tried having a web.config in subdirectory but learned that HttpModules take the root web.config and not that of the subdirectory.
Reference 1, Reference2. So I decided to have this directory as a sub application as per suggestion here and here.
So I configure my application,then "add application" , map it to this directory, which already was inside this application and boom, it fails. It works for a static html file, but aspx files are not available.
My question is, how do I configure a sub-application in IIS7 so that the sub-application can have its own web.config and there I can disable HTTPModules of the root application
Edit:In fact I tried creating a subapplication within my main application and it did not work. Can some one point me to any article on how to configure a sub-application in IIS7 ?
Edit2: adding the error image. So how should I configure the child app pool. The child app runs in the same app pool as that of parent
Edit3: sorry, the child was running on a different app pool. A generic app worked(without modules). I am marking the answer after I try out the modules.Thanks for your help guys. There is something specific in my parent app web.config, which I am going to hunt down now.
EDIT: Actually both the answers provided below are correct. If you are using IIS7 integrated mode your modules should be in system.webServer and if IIS7 - classic mode your modules (and handlers?) should be in system.web
JKG has the right answer for IIS6, but the syntax is a little different in IIS7:
<system.webServer>
<modules>
<remove name="MyModule"/>
</modules>
</system.webServer>
The web.config will always inherit from its parent if it's in the same web application but you can clear the entire thing or remove an item like so:
From the child web.config (clear all or remove an item)
<httpModules>
<clear />
<remove name="MyModule"/>
</httpModules>
From the parent config by using the location tag...
<location inheritInChildApplications="false">
<system.web>
<!-- ... -->
</system.web>
</location>
http://www.jaylee.org/post/2008/03/Prevent-ASPNET-webconfig-inheritance-and-inheritInChildApplications-attribute.aspx