I am using ria services with jsonp endpoint. When I call my method in service file it works fine in ie and firefox but sometimes works in chrome and sometimes I get "Cross domain javascript callback is not supported in authenticated services." error. Even I dont use authenticated services.
Here is a piece of code about what I have.
Jsonp service
[EnableClientAccess(RequiresSecureEndpoint = false)]
public class PPolJsonService : LinqToEntitiesDomainService<PPolAdvEntities>
{
public IQueryable<QuestionEntity> GetCompleteSurvey()
{
............
}
}
javascript code
function (data) {
var Params = {};
Params.type = 'GET';
Params.url = 'http://127.0.0.1:81/PPolSilverlight-Web-Services-PPolJsonService.svc/JSONP/GetCompleteSurvey;
Params.dataType = 'jsonp';
Params.data = { data:'somedata'};
Params.success = function (data) { };
Params.jsonpCallback = "ppolv2"
$.ajax(Params);
});
In web.config file my setting is <authentication mode="Forms">
İf I set <authentication mode="None"> I am be able to solve all problems with chrome. But the rest of the application needs authentication. So thats why I have to use it as "mode=Forms". And as you see my service does not use authentication so,
Why I am getting this error and is there any solution for it?
Note:
By the way I have other settings in web.config like
<webHttpEndpoint>
<standardEndpoint crossDomainScriptAccessEnabled="true"
automaticFormatSelectionEnabled="true"/>
</webHttpEndpoint>
or these in clientaccesspolicy.xml
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*"/>
<domain uri="https://*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
but none of them is helping me.
Thanks in advance.
Hi Try to add this line to your web.config files. It enables Cross-domain Ajax Requests.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
I haven't test it enough but I guess I found a solution.
İf you use secure endpoint in your application and if you don't need to use secure endpoint for jsonp services,
you can add requireSSL="true" in
<authentication mode="Forms">
<forms name=".PPolSilverlight_ASPXAUTH" timeout="2880" requireSSL="true" />
</authentication>
with this small piece of code your unsecure jsonp services will be able to work without authentication.
Related
I'm running IIS Express (not to be confused with the normal IIS) under Windows 10. My understanding is the settings are stored in "My Documents\IISExpress\config\applicationhost.config"
These settings can be overriden by a local web.config file when using creating an asp.net core project.
When attempting to use this web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="" inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
I receive the following error.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
identifying this line
<authentication>
**<anonymousAuthentication enabled="false" />**
<windowsAuthentication enabled="true" />
This in spite of changing this line to state allow
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
Is there any other place I should be looking?
Based upon feedback received.
The correct location for the configuration file is {ProjectDirectory}.vs\config\applicationhost.config when working within visual studio.
"My Documents\IISExpress\config\applicationhost.config" is incorrect
I have an asp.net WebApi application where I would like to move any configuration that is likely to change out of web.config into an external configuration file.
This will then allow an install update to overwrite the web.config so that it picks up any newer configuration added between version, but preserve other user settings which may vary between deployments.
I have successfully done this with a few sections, eg appSettings.
For appSettings, I have the folliwing in web.config...
<appSettings configSource="config\appSettings.config"/>
And then the external file has the various settings, eg ...
<?xml version="1.0" encoding="utf-8"?>
<appSettings>
<add key="IISSitePrefix" value="http" />
<!--- Set this to True to emit http request debug information to the Event log -->
<add key="EnableHttpDebugTracing" value="false" />
.... etc
I have been trying to do the same with the two configuration settings we need to change to toggle on/off windows authentication, as some deployments will use this, and others will use token based security. To do this I need to move the following out of web.config...
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
<system.web>
<authentication mode="Windows"/>
</system.web>
So for the first tag, I tried the following....
<authentication configSource="config\authentication.config"/>
with the contents of the external file being..
<?xml version="1.0" encoding="utf-8"?>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
However, when I run this, I get the following error...
The configuration section 'authentication' cannot be read because it is missing a section declaration
I get a similar result when I try the other section.
Does anyone know what this means, or even if it is possible to do the above?
Thanks in advance for any help
[EDIT 1]
After one of the comments I have realised, perhaps my configuration is not quite correct (it was some time ago I first looked at this, and am now revisiting)
Previously, to enable integrated (windows) authentication, I thought you needed two bits of configuration (system.web AND system.webserver)...
<system.web>
<authentication mode="Windows"/>
</system.web>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
BUT now looking at this post, it appears I only need the <system.webServer> and not <system.web> at all
I removed my <system.web> and I could indeed turn off the intergarted authentication using just the <system.webServer> section.
So, now, what I want to configure in the external file is just the following..
ie if possible I'd like to just move out the <security> section, and leave the rest of the <system.webServer> in web.config.
I tried the following ..
<system.webServer>
<security configSource ="config\authentication.config"/>
</system.webServer>
With the contents of authentication.config being...
<?xml version="1.0" encoding="utf-8"?>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
But now when I try to execute a route I get..
Unrecognized attribute 'configSource'
Config Source:
87:
88: <security configSource ="config\authentication.config"/>
89:
So my (modified) question becomes is there a way to move out the above section?
Try changing the external file from
<?xml version="1.0" encoding="utf-8"?>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
to:
<?xml version="1.0" encoding="utf-8"?>
<authentication mode="Windows"></authentication>
It works for me ;)
I would like to set up rules in IIS7 for static content caching in my ASP.NET website.
I have seen these articles, which details how to do it using the <clientCache /> element in web.config:
Client Cache <clientCache> (IIS.NET)
Add Expires or Cache Control Header to static content in IIS (Stack Overflow)
However, this setting appears to apply globally to all static content. Is there a way to do this just for certain directories or extensions?
For example, I may have two directories which need separate cache settings:
/static/images
/content/pdfs
Is it possible to set up rules for sending cache headers (max-age, expires, etc) based on extensions and folder paths?
Please note, I must be able to do this via web.config because I don't have access to the IIS console.
You can set specific cache-headers for a whole folder in either your root web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<!-- Note the use of the 'location' tag to specify which
folder this applies to-->
<location path="images">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="00:00:15" />
</staticContent>
</system.webServer>
</location>
</configuration>
Or you can specify these in a web.config file in the content folder:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="00:00:15" />
</staticContent>
</system.webServer>
</configuration>
I'm not aware of a built in mechanism to target specific file types.
You can do it on a per file basis. Use the path attribute to include the filename
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="YourFileNameHere.xml">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
</system.webServer>
</location>
</configuration>
I had the same issue.For me the problem was how to configure a cache limit to images.And i came across this site which gave some insights to the procedure on how the issue can be handled.Hope it will be helpful for you too
Link:[https://varvy.com/pagespeed/cache-control.html]
ASP.Net Data Retrieval site now erroring due to MS Patch limiting keys.
Trying to put the following section into web.config to up the number of keys
<appsettings>
<add key="aspnet:MaxHttpCollectionKeys" value="2000"></add>
</appsettings>
Adding the section causes an Internal Server Error 'The configuration section 'appsettings' cannot be read because it is missing a section declaration'
Any idea how to correctly add this section? I have tried variations of examples on the Web but I can't get past this.
Watch the case of the tags--I'm pretty sure web.configs are case-sensitive. Here is a full web.config, with appSettings nested inside of configuration...
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="2000" />
</appSettings>
</configuration>
Like the title states - I have a web.config file that looks like,
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="login" protection="All" timeout="30" loginUrl="login" defaultUrl="~/">
<credentials passwordFormat="Clear">
<user name="admin" password="password" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
I want to do exactly what it says it should do... I want to deny all users who try to enter the site.
It works however, it redirects to a "Account/Login?ReturnUrl=%2flogin" url I have never heard of...
Is there a place I can change this?
I've seen this problem before. No doubt you're also getting this error:
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
And you're being redirected to "/Account/Login" which doesn't even exist. I believe it's some kind of default that get's pulled in due to using MVC components even if you're using an ASP.NET Forms website. Perhaps you have some Razor pages and the following was added to your web.config:
<appSettings>
<add key="webpages:Enabled" value="true" />
</appSettings>
Having this in there seems to be enough to mess up your login page as defined normally:
<authentication mode="Forms">
<forms loginUrl="login" timeout="43200"/>
</authentication>
I've solved this by adding an extra "loginUrl" key to appSettings:
<appSettings>
<add key="webpages:Enabled" value="true" />
<add key="loginUrl" value="~/Login.aspx" /><!-- Override default -->
</appSettings>
The loginUrl param does not have an absolute path, so the path get mixed with the relative folder the website is.
Solution:
loginUrl="~/login"
or
loginUrl="/login"
The problem is
loginUrl="login"
This is the URL to send unauthenticated users to. If the URL to your login page is "Login.aspx" then thats what you should set it too.
loginUrl="login.aspx"
The piece at the end, ReturnURL, is the address to redirect the user to if they successfully login.
The LoginUrl is created with the code UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, loginUrl);, so I'm guessing somehow your root of your website is set to "Application".
http://www.ureader.com/msg/15372322.aspx