After adding <location> tag to web.config (ASP.NET 4) I got HTTP 500 Internal Server Error, when I remove <location> it works.
<?xml version="1.0"?>
<configuration>
<location path="man">
<system.web>
<authorization>
<allow users="man"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<configSections>
<section name="rewriter"
requirePermission="false"
type="Intelligencia.UrlRewriter.Configuration.RewriterConfigurationSectionHandler, Intelligencia.UrlRewriter" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="Login.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Login.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false"/>
</authentication>
<httpModules>
<add name="UrlRewriter" type="Intelligencia.UrlRewriter.RewriterHttpModule, Intelligencia.UrlRewriter" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRewriter" type="Intelligencia.UrlRewriter.RewriterHttpModule" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
<rewriter>
<rewrite url="~/man/(.+)" to="~/man/$1" processing="stop" />
<rewrite url="~/man/^(/.+(\.gif|\.png|\.jpg|\.ico|\.pdf|\.css|\.js|\.axd)(\?.+)?)$" to="~/man/$1" processing="stop" />
<rewrite url="~/files/^(/.+(\.gif|\.png|\.jpg|\.ico|\.pdf|\.css|\.js|\.axd|\.pdf|\.doc|\.ppt)(\?.+)?)$" to="~/files/$1" processing="stop" />
<rewrite url="~/man/" to="~/man/default.aspx" processing="stop"/>
<rewrite url="~/style/(.+)" to="~/style/$1" processing="stop" />
<rewrite url="~/images/(.+)" to="~/images/$1" processing="stop" />
<rewrite url="^(/.+(\.gif|\.png|\.jpg|\.ico|\.pdf|\.css|\.js|\.axd)(\?.+)?)$" to="$1" processing="stop" />
<rewrite url="~/(.+)" to="~/default.aspx?pn=$1" />
</rewriter>
</configuration>
Location must come below configSections
Related
this is my configuration for elmah in web.config
<location path="elmah.axd" inheritInChildApplications="false">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow roles="Dev" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="ELMAH"
verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah"
preCondition="integratedMode" />
</handlers>
</system.webServer>
But how do tell that I'm a Dev ? I'm using Session for cookies but I don't know how can i tell that i'm an admin or user
In my web.config in application is:
<authentication mode="Forms">
<forms loginUrl="app/Login.aspx" name=".ASPXFORMSAUTH" protection="All" slidingExpiration="true" timeout="10"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
In web.config in app folder is:
<configuration>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<directoryBrowse enabled="false"/>
<defaultDocument enabled="true">
<files>
<clear/>
<add value="Default.aspx"/>
</files>
</defaultDocument>
<handlers accessPolicy="Read, Script, Execute"/>
<staticContent enableDocFooter="false">
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="00:00:00"/>
</staticContent>
<asp enableParentPaths="false" scriptLanguage="VBScript" bufferingOn="true">
<limits scriptTimeout="00:01:30"/>
<session allowSessionState="true" timeout="00:20:00"/>
</asp>
<security>
<authentication>
<anonymousAuthentication enabled="true" password="" userName="IUSR"/>
<basicAuthentication enabled="false" realm="" defaultLogonDomain=""/>
<windowsAuthentication enabled="false"/>
<digestAuthentication enabled="false" realm=""/>
</authentication>
</security>
<httpLogging dontLog="true"/>
</system.webServer>
</configuration>
This working, but I want to give access to my_public folder for anonymous users.
In my_public folder is site about.aspx.
In web.config in my_public folder is:
<configuration>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<directoryBrowse enabled="false"/>
<defaultDocument enabled="true">
<files>
<clear/>
<add value="Default.aspx"/>
</files>
</defaultDocument>
<handlers accessPolicy="Read, Script, Execute"/>
<staticContent enableDocFooter="false">
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="00:00:00"/>
</staticContent>
<asp enableParentPaths="false" scriptLanguage="VBScript" bufferingOn="true">
<limits scriptTimeout="00:01:30"/>
<session allowSessionState="true" timeout="00:20:00"/>
</asp>
<security>
<authentication>
<anonymousAuthentication enabled="true" password="" userName="IUSR"/>
<basicAuthentication enabled="false" realm="" defaultLogonDomain=""/>
<windowsAuthentication enabled="false"/>
<digestAuthentication enabled="false" realm=""/>
</authentication>
</security>
</system.webServer>
<system.web>
<authorization>
<allow roles="*"/>
</authorization>
</system.web>
</configuration>
When user go to my_public/about.aspx always is redirect to app/login.aspx.
User should redirect to my_public/about.aspx when is annonymus.
Change the authorization section on the public web.config to
<authorization>
<allow users="?"/>
</authorization>
This will allow anonymous access.
Guys I am trying to use MSCaptcha in asp.net website. It is working perfectly but as soon as I add Forms authentication in web.config, the captcha image is not displayed.
Web.config before authentication (Captcha image shows up)
<system.web>
<httpRuntime targetFramework="4.5" />
<authorization>
<allow users="*" />
</authorization>
<httpHandlers>
<add verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" />
</httpHandlers>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="MSCaptcha.captchaImageHandler" verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" resourceType="Unspecified" />
</handlers>
Web.Config after forms authentication is added (Captcha image doesn't load)
<system.web>
<httpRuntime targetFramework="4.5" />
<authorization>
<deny users="?" />
<allow users="*" />
<allow users="GET" />
</authorization>
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Default2.aspx"
protection="All" path="/" timeout="30" />
</authentication>
<httpHandlers>
<add verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" />
</httpHandlers>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="MSCaptcha.captchaImageHandler" verb="GET" path="CaptchaImage.axd" type="MSCaptcha.captchaImageHandler, MSCaptcha" resourceType="Unspecified" />
</handlers>
Why is forms authentication causing issues for captcha? what should I do?
P.S this web-config file is not complete so it might look confusing.
You need to add LOCATION in your web.config :
<location path="CaptchaImage.axd">
<system.web>
<authorization>
<allow users="*">
</allow>
</authorization>
</system.web>
</location>
i'm getting this "Unrecognized configuration section system.web/configuration when i set my admin,staff and user authentication .please help me with this.by here i provide the web.config code
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings/>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
<add name="ASPNETDBConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Se7en\Desktop\Personal\VIVA\1\App_Data\ASPNETDB.MDF;Integrated Security=True;Connect Timeout=30;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="admin" password="password"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<compilation debug="true"/>
</system.web>
<location path="adminstrator">
<system.web>
<authorization>
<allow users="adminstrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="staff">
<system.web>
<authorization>
<allow users="staff"/>
<deny users="*"/>
<allow roles="adminstrator" />
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
<!--
<authentication mode="Forms"/>
-->
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
</configuration>
Try this:
<configuration>
<appSettings/>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
<add name="ASPNETDBConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Se7en\Desktop\Personal\VIVA\1\App_Data\ASPNETDB.MDF;Integrated Security=True;Connect Timeout=30;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<location path="adminstrator">
<system.web>
<authorization>
<allow users="adminstrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="staff">
<system.web>
<authorization>
<allow users="staff"/>
<deny users="*"/>
<allow roles="adminstrator" />
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.web>
<roleManager enabled="true"/>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="admin" password="password"/>
</credentials>
</forms>
</authentication>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
</configuration>
I have to password protect a directory on a Windows server. The page is supposed to show a list of files located in that directory. I don't have any previous knowledge (only worked with Apache before) so I've tried hacking something together by googling. (For someone who knows what they're doing I'm sure this will look ridiculous)
What I have right now is I get a login-popup but no password is working. We have a table in our SQL database for adminusers so either fetching user-login from there or having the login embedded in the config file is fine. All I need is the folder to be password-protected.
This is what I have right now in my web.config file that is located in the folder that is supposed to be password-protected.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authentication mode="Forms">
<credentials passwordFormat="Clear">
<user name="test" password="test" />
</credentials>
</authentication>
<authorization>
<allow users="test" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<directoryBrowse enabled="true" />
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</configuration>
Hopefully this is a simple problem and thanks in advance for any help! :)
Try this:
<configuration>
<system.web>
<authentication mode="Forms">
<credentials passwordFormat="Clear">
<user name="test" password="test" />
</credentials>
</authentication>
<authorization>
<allow users="test" />
<deny users="*" />
</authorization>
</system.web>
<location path="admin">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.webServer>
<directoryBrowse enabled="true" />
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</configuration>
You can encrypt the user information using something like this:
aspnet_regiis.exe -pef "sectionName" C:\Path\To\Your\Application