SOLUTION: <allow users="*"/> changed to <allow users="?"/> did the trick for me.
I have a problem that started to occur when i moved my asp.net website to my webserver (Windows Webserver 2008 R2 - IIS7).
I use VS2010 and run the project asp.net configuration and set deny all on root folder on my website.
Then when accessing the website externally i was correctly forwarded to /Account/Login.aspx but then the css file was not loaded.
So i added a allow all on the /Styles folder.
Still same problem.
If i login and then logout the css seems to load..
I dont really know what to look for here, is it a web.config problem, iis7 config problem or something else?
This is the web.config located at /Account/
<?xml version="1.0"?>
<configuration>
<location path="~/Styles/Site.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
And this is my websites base web.config:
<?xml version="1.0"?>
<configuration>
<location path="~/Styles/Site.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<connectionStrings>
<remove name="halldbConnectionString"/>
<remove name="ApplicationServices"/>
<add name="ApplicationServices" connectionString="Data Source=xxx.xxx.xxx.xxx;Initial Catalog=xxxxxx;Persist Security Info=True;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
<add name="halldbConnectionString" connectionString="Data Source=xxx.xxx.xxx.xxx;Initial Catalog=xxxxxx;Persist Security Info=True;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Väljhall.aspx"
timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
First of all please explore what requests to the css files respond. (Is it 404, 500, 302 response codes). You can do it with any http watcher like HttpAnalyzer.
If css files response contains the information that request was not authorize - try to set AppPool to classic mode
<allow users="*"/>
changed to
<allow users="?"/>
did the trick for me
Related
My ASP.net web application works on my machine, but will not work properly on the test or production server. It redirects to the login page instead of allowing Anonymous Authentication. I know that my project properties in Visual Studio include Anonymous Authentication.
Here is my project properties window:
My web.config file looks like this:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<!-- Removed for privacy -->
</connectionStrings>
<appSettings>
<!-- Removed for privacy -->
</appSettings>
<location path="ResetPassword.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" requireSSL="false" />
</authentication>
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="<!-- Removed for privacy -->" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" minRequiredNonalphanumericCharacters="0" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="<!-- Removed for privacy -->" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="<!-- Removed for privacy -->" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483647">
</jsonSerialization>
</webServices>
</scripting>
</system.web.extensions>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=edge" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
I should also mention that this web.config file matches the web.config file that is currently being used in production. It should work, but I just don't understand if there are some additional settings or inherited properties in IIS that are messing things up on my test server.
*Update: I was able to get this site working on a different server without changing anything in the web.config. It must be something in the configuration of the server.
I have a webforms application that I am securing using forms authentication. My issue is that for some url's I am getting a basic authentication modal dialog prompt (unexpectedly) even when the user is logged in. Other pages are fine and don't exhibit this behaviour.
This is only occurring on the staging server and not in my development environment. Here are my relevant configurations:
Staging server is running IIS 8
web.config
<system.web>
<authentication mode="Forms">
<forms loginUrl="Account/Login" timeout="120" defaultUrl="/" />
</authentication>
<pages validateRequest="false" clientIDMode="AutoID">
</pages>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="GliderWorks" name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="GliderWorks" />
</providers>
</profile>
<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<add connectionStringName="DefaultConnection".....
</providers>
</roleManager>
<siteMap defaultProvider="SitemapNone">
<providers>
<clear />
<add name="SitemapAdministrator" type="System.Web.XmlSiteMapProvider" siteMapFile="WebHorizontalMenuAdministrator.sitemap" />
<add name="SitemapNone" type="System.Web.XmlSiteMapProvider" siteMapFile="WebHorizontalMenuNone.sitemap" />
<add name="SitemapSuperAdministrator" type="System.Web.XmlSiteMapProvider" siteMapFile="WebHorizontalMenuSuperAdministrator.sitemap" />
</providers>
</siteMap>
</system.web>
<!-- Site Security --> <!-- Allow anonymous access to Public Area
-->
<location path="Public">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location> <!-- Entire site is secured --> <location path=".">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location> <!-- Allow anonymous access to api -->
<location path="api">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location> <!-- /Site Security -->
and a relevant sitemap SitemapSuperAdministrator.xml configuration file:
I'm integrating security into an existing asp classic website. and I'd like to keep the anonymous users able to still access the site until I'm ready to flip the switch. Shouldn't setting allow users="*" let everyone in and not redirect? Right now it's redirecting all pages until you authenticate.
<configuration>
<connectionStrings>
<add name="foConnectionString" connectionString="Data Source=;Initial Catalog=fo;Persist Security Info=True;User ID=foSecurity;Password=" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="foSecurityConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/foSecurity"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="foSecurityConnectionString" applicationName="/foSecurity"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="foSecurityConnectionString" applicationName="/foSecurity"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/foSecurity" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<customErrors mode="Off"/>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.asp" />
</files>
</defaultDocument>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I have a application that connects to a remote sql server. I am able to create users and they are stored in the DB. Then I can go to the login page and login. But after a while, I am unable to log in and it just sits at the login page. The user is still in the DB
Help?
<configuration>
<connectionStrings>
<add name="LoginSQL" providerName="System.Data.SqlClient"
connectionString="Data Source=xx.xx.xx.xx;Initial Catalog=xxxx;UID=xxxxx;pwd=xxxx;"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms name="Login" loginUrl="Default.aspx" protection="All" timeout="20"/>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MySqlLoginProvider">
<providers>
<add name="MySqlLoginProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LoginSQL" applicationName="Login" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="3" passwordAttemptWindow="30" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPRoles" cookiePath="/" cookieTimeout="60" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="MyRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="LoginSQL" applicationName="Login"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Hello everyone can someone help me with my web.config file? I am having error. I just want you guys to look at it and if there are errors someone that needs correction. Thank you all:
This is the error message:
Warning 1 The 'targetFramework' attribute is not declared. G:\display images in gridview\Web.config 17 62 Miscellaneous Files
Message 2 Could not find schema information for the element 'modules'. G:\display images in gridview\Web.config 51 7 Miscellaneous Files
Message 3 Could not find schema information for the attribute 'runAllManagedModulesForAllRequests'. G:\display images in gridview\Web.config 51 15 Miscellaneous Files
Error 4 The 'configuration' start tag on line 10 does not match the end tag of 'system.web'. Line 101, position 4. (C:\Users\Collins\Documents\Visual Studio 2005\WebSites\living to please god world\web.config line 101)
Here is the Web.config file:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="ConnectionString"
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off"/>
<compilation debug="true"/>
</system.web>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/"/>
</providers>
</profile>
<authentication mode="Forms">
<forms loginUrl="login.aspx" defaultUrl="Default.aspx"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<location path="PhotoAdmin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.net>
<mailSettings>
<smtp from="some#example.com">
<network host="relay-hosting.example.net" password="" userName=""/>
</smtp>
</mailSettings>
</system.net>
</configuration>
Well there are several things that are messed up.
The targetFramework attribute must be specified if the application pool that you are using is set up to use .Net Framework 4. If this is the case then you should have the following section under system.web:
<compilation debug="true" targetFramework="4.0" />
The system.web section is closed too earlier. The sections 'pages', 'membership', 'profile', 'authentication' and 'authorization' must be subsections of system.web.