Nested ASP.NET 'application' within IIS inheriting parent config values? - asp.net

I currently have 2 x ASP.NET 3.5 web applications in IIS7 (lets call them WebParent and WebChild).
WebChild is nested within the WebParent listing in IIS7 and is set up as an application (rather than just a virtual directory within WebParent). Both currently use their own (Classic) application pool.
Both WebParent and WebChild have their own fully defined web.config files in their own root directories.
I had assumed that seeing as WebChild is defined as an 'Application' within IIS, that it would not inherit anything from the WebParent configuration file. However, despite this configuration, I am seeing errors related to various elements within the web.config already being defined (which is correct, there are a couple items that are in both config files, but I thought they should be treated completely independently from one another)?
Can anyone please clarify why this might be occurring?

The exact solution to your problem will depend on what configuration exception message you are seeing. However, this is a typical problem that can often be solved through use of the inheritInChildApplications attribute on the location element in the web.config for "WebParent". By wrapping the entire system.web section in a location element as follows, you should be able to eliminate the problem you described:
<location path="." inheritInChildApplications="false">
<system.web>
<!-- ... -->
</system.web>
</location>
With IIS 7, you will also want to wrap the system.WebServer section the same way:
<location path="." inheritInChildApplications="false">
<system.webServer>
<!-- ... -->
</system.webServer>
</location>
This solution is based on an excellent blog article that I found here.

If they are repeated, you'll have to <remove/> then in the child application web.config first, then add back the element you'd like it it's place. This is assuming that you'd like to have a different value. If you don't, then just omit the element. A connection string would be a good example of something that is likely common for all applications - so you only need to specify it in the root.
Example:
<siteMap defaultProvider="AdminSiteMapProvider" enabled="true">
<providers>
<remove name="AdminSiteMapProvider"/>
<add name="AdminSiteMapProvider" description="Admin SiteMap provider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/App_Data/admin.sitemap" securityTrimmingEnabled="true" />
</providers>
</siteMap>

I think the inheritInChildApplications="false" is good for cases where you still want to inherit some part of the configuration from the parent.
In cases where you want to completely stop inheritance (as in this case if I'm correct), I'd suggest to use 2 separate application pools for the 2 apps and then apply a not very well documented setting in the applicationHost.config file as I explained in this question “Entry has already been added” - Two Separate App Pools
<add name="MyAppPool" autoStart="true" managedRuntimeVersion="v4.0" managedPipelineMode="Integrated" enableConfigurationOverride="false">
<processModel identityType="NetworkService" />
</add>

Follow Scott's advise and also ensure that you have right clicked WebChild in IIS and selected Convert to Application.

Related

how to set enableVersionHeader to false globally on IIS7

I've got several dozen sites that I wish to lock down running ASP.Net and part of the job is to turn off the bloody headers (saying what version of ASP.Net is running). This involves going to each and every web.config file and setting <httpRuntime enableVersionHeader="false" />
.
Is there any way to do this globally? The machine.config(s) , 4 in all, in IIS7 does not support enableVersionHeader="false" in the same httpRuntime tag.
Is there a special tag or section for this in the machine.config?
I wanted to add that <deployment retail="true" /> is another recommendation, but attempting to put that in the machine.config (under system.web) results in an error as well. (any ideas?)
Right now, I'm just going to put these in the web.configs, but it would be nice if MS would have this PCI mandatory feature inside IIS (a single typo in .config files can take a site or the entire server down - with such a popular request, you'd think they'd put this in the GUI!!!)
machine.config should have a webServer section and you should be able to set it there.
"You will need to add this configuration setting to each Machine.Config file inside the section.
<system.web>
<httpRuntime enableVersionHeader="false" />
.....
</system.web>
"
Reference: here
Since the enableHeader is FALSE it doesn't have to be mentioned at all.
Remove the entire element <httpRuntime enableVersionHeader="false" /> and try again

Is "management" section not allowed in web.config?

I'm trying to add users to IIS Manager via web.config, but whenever I add the following lines, the web site stops working and says web.config is not valid.
The web site works if I add those lines in administration.config, but I like to keep the scope small by sticking with web.config.
<system.webServer>
<management>
<authorization defaultProvider="ConfigurationAuthorizationProvider">
<authorizationRules>
<scope path="/MyApp">
<add name="domain\user" />
</scope>
</authorizationRules>
</authorization>
</management>
</system.webServer>
A simple Google search can answer your question.
IIS Management element
From that page:
Note: The settings in the management element can only be configured in the Administration.config file.

ASP.NET 3.5 application with multiple web.config files (IIS 7)

We are working on a web application that creates more web applications.
Each web application will have to get a Url Rewrite rule (URL REWRITE MODULE 2.0).
As far as I know, there's no way to add such rules without modifying the web.config file (am I right??).
So my plan was to work with multiple web.config partial files. One main .config file, and lots of .config files per application (every file will contain it's web application url rewrite rules).
This way sounds a little bit messy, but I can't think of anything else, and suggestions will be welcomed.
So is it possible to use very-multiple web.config files for the root application?
Thanks in advance, Gal.
This following Tag will do the trick.
The absence of this tag was the main reason for my problem when i using with two web.config files for my two different application running in my website.
**<location path="." inheritInChildApplications="false">**
<system.web>
<!-- ... -->
</system.web>
**</location>**
Every application must have a full web.config and not partial, exept if you go with net 4
The trick is to use a lot the remove command on the other inside web.config and remove the parents setting that must not used on this.
For example if on the main root you have the a module that you do not won to use it on the other trees, you use the remove command on all other web.config to remove it. Especial the modules that are on one Bin and not on an other directory bin.
<httpModules>
<remove name="TheHttoModuleNotNeedHere" />
<remove name="AnonymousIdentification" />
... add here your other modules for that directory...
</httpModules>
The remove command is working for almost all sessions on config.
You can do make it work, I have done it, but its a lot of work to find all the conflicts/unnecessary configs and remove it.
For some other session there also the clear command. For example on role Manager you can clear all and add new.
<roleManager enabled="true" ...>
<providers>
<clear />
<add name="MyName" ... type="System.Web.Security.SqlRoleProvider" />
</providers>
Hope this help as tips to make it work.

How is the order of execution for HttpModules determined?

Suppose that both FirstModule and SecondModule handle the Application_BeginRequest event. Will it execute in the order defined in the web.config?
<httpModules>
<add type="MyApp.FirstModule, MyApp" name="FirstModule"/>
<add type="MyApp.SecondModule, MyApp" name="SecondModule"/>
<add type="OtherApp.OtherModule, OtherApp" name="OtherModule"/>
</httpModules>
Are there other ways that the order can be specified?
According to this forum post, HttpModules are executed in the order in which they were registered. This makes sense to me, because otherwise the <clear> and <remove> directives would also not work as expected, e.g. when used like this:
<httpModules>
<clear/>
<add... />
</httpModules>
According to the Internet Information Services (IIS) 7.0 Resource Kit book extract from Microsoft Press,
To resolve such relative ordering dependencies, the administrator can control the relative ordering of modules by changing the order in which they are listed in the modules section.
This works because the server uses the order in the modules configuration section to order module execution within each request processing stage. By placing module A before module B in the list, you can allow module A to execute before module B.

asp.net, web.config inheritence, and clearing the authentication setting

I have an ASP.net 1.1 application.
In a sub-folder, I've installed blogengine.net, which is a 2.0 app.
The folder is set to be an application and is using the proper framework.
It works...except for authentication.
The issue is inheritence from the web.config in the root application.
The common fix for this issue is to use 'clear' in your nested app's config file for each thing you want to reset.
<httpModules>
<clear/>
</httpModules>
The problem is that 'clear' does not appear to be allows within authentication tags:
<authentication mode="Forms">
<clear/>
<forms... rest of my child app's settings for authentication...>
</authentication>
Doing that gives me a syntax error.
Anyone know of a way to get this working? I need to prevent the root app's authentication info in web.config from being inherited within the child application.
UPDATE: per curious_geek's answer, one option is to modify the root config to not allow inheritance. However, my understanding is that will also block the system.config properties. Is that usually a big deal? This isn't my server, so wonder if doing that will open up some security issues that might not go over with with the server admin.
You need to tell the parent web.config no to force section inheritance in child-application.
If you want to stop system.web section inheritance to child-app then you'd wrap your system.web section with location element mentioned as below.
<location path="." inheritInChildApplications="false">
<system.web>
</system.web>
</location>
You can also apply this technique for stop inheritance for connectionstrings and appsettings section as well.
PS: when you actually add this
lines in web.config, visual studio will
not recognize it as valid and mark it
as error, but be rest assured that it
will work well under IIS when
deployed.

Resources