I've created web site in c:\website folder using visual studio 2010. Then, I've created web site in IIS 7.5 that maps to that folder. However when I access Default.aspx page and request to css is issued like
http://localhost/webapp/Styles/Site.css
it's redirected to something like this:
http://localhost/website/Account/Login.aspx?ReturnUrl=%2fwebsite%2fStyles%2fSite.css
Any ideas what is going on?
Thanks , Paweł
It looks as if you have restricted security settings in your web.config? Check out the
attribute in this file.
If it looks anything like this:
<authorization>
<deny users="?"/>
</authorization>
Then this is likely the issue. Alternatively if you are using Windows authentication then review the user account settings within IIS.
Related
We created a Web Site in our IIS that points to a folder with several simple HTML pages. The application pool is set to asp.net v4.0.
Only certain users can view these html pages, but everyone that logs on to the company's intranet can view them. I want to implement authorization rules, but the icon to add them is not displayed in IIS manager, even though Management Services is installed according to this MSDN link.
Is it possible to add these authorization rules without doing it through the IIS Manager? I know it wan be done by adding several keys to web.config, but what happens if web.config doesn't exist? This website doesn't have anything related to asp.net.
The server is running Windows Server 2008 and IIS 7.
Wanted to add that I created a web.config for this particular folder that is supposed to block everyone, but nothing changed:
<configuration>
<system.web>
<authorization>
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</configuration>
I have recently been re-working a web form application from .net2.0 to .net4.7 and decide to add Identity and OWIn for local and social authentication.
I create a new web forms app and then copied the account, app_start and models folders over to the existing app as well as the startup.vb file.
Now all this is OK and the app compiles without issue however whenever we try to login using /Accoount/Login itsimply redirects us back to the default.aspx page in the root of the app.
there is a web.config file in the Account folder and it looks like this, although i do not think this is the issue:
<configuration>
<location path="Manage.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Although this allows authenticated access to manage.aspx all other files in the account folder should be anonymous access but something is redirecting away from login.aspx and I cannot figure out what?
Anyone come across this?
Although my tool works on my own machine (ASP.NET 4.5) It begins this:
http://localhost/KnownErrorDatabase/login?ReturnUrl=%2fKnownErrorDatabase%2fHome&AspxAutoDetectCookieSupport=1
And i did an exact copy of it from exporting it from the iis into an ZIP File, and importing it on the server (NOTE: I did check the authentification mode (Everythings Checked!)
Although my local IIS Starts with the Login, the Server not. The Page works and, on my local IIS, other PC's in the intranet can login etc. But now the Error: If i click the login button (that refers to the page) i get redirected to the Homepage of the WebApp... Does anybody know whats the matter at it? IIS is on both machines on version 7.5
Greetings Ethnor
This is the result of a setting in IIS. Your default page is probably set to your home page instead of your login page. Otherwise, your IIS server is set to allow Anonymous users. So, no authentication/login is happening. Check the authentication settings in IIS.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
Adding this to my web.config fixed the problem
I created deployment package of my site when I try to use it I get the following error:
The length of the query string for this request exceeds the configured maxQueryStringLength value.
and the adress bar looks like this.this doens't happen in visual studio
http://localhost/MyServer/Login.aspx?ReturnUrl=%2fMyServer%2fLogin.aspx%3fReturnUrl%3d%252fMyServer%252fLogin.aspx%253fReturnUrl%253d%25252fMyServer%25252fLogin.aspx%25253fReturnUrl%25253d%2525252fMyServer%2525252fLogin.aspx%2525253fReturnUrl%2525253d%252525252fMyServer%252525252fLogin.aspx%252525253fReturnUrl%252525253d%25252525252fMyServer%25252525252fLogin.aspx%25252525253fReturnUrl%25252525253d%2525252525252fMyServer%2525252525252fLogin.aspx%2525252525253fReturnUrl%2525252525253d%252525252525252fMyServer%252525252525252fLogin.aspx%252525252525253fReturnUrl%252525252525253d%25252525252525252fMyServer%25252525252525252fLogin.aspx%25252525252525253fReturnUrl%25252525252525253d%2525252525252525252fMyServer%2525252525252525252fLogin.aspx%2525252525252525253fReturnUrl%2525252525252525253d%252525252525252525252fMyServer%252525252525252525252fLogin.aspx%252525252525252525253fReturnUrl%252525252525252525253d%25252525252525252525252fMyServer%25252525252525252525252fLogin.aspx%25252525252525252525253fReturnUrl%25252525252525252525253d%2525252525252525252525252fMyServer%2525252525252525252525252fLogin.aspx%2525252525252525252525253fReturnUrl%2525252525252525252525253d%252525252525252525252525252fMyServer%252525252525252525252525252fLogin.aspx%252525252525252525252525253fReturnUrl%252525252525252525252525253d%25252525252525252525252525252fMyServer%25252525252525252525252525252fLogin.aspx%25252525252525252525252525253fReturnUrl%25252525252525252525252525253d%2525252525252525252525252525252fMyServer%2525252525252525252525252525252fLogin.aspx%2525252525252525252525252525253fReturnUrl%2525252525252525252525252525253d%252525252525252525252525252525252fMyServer%252525252525252525252525252525252fLogin.aspx%252525252525252525252525252525253fReturnUrl%252525252525252525252525252525253d%25252525252525252525252525252525252fMyServer%25252525252525252525252525252525252fLogin.aspx%25252525252525252525252525252525253fReturnUrl%25252525252525252525252525252525253d%2525252525252525252525252525252525252fMyServer%2525252525252525252525252525252525252f
Seems that you have circular navigation. Please give code of page load event of login.aspx and the 2nd page which you are accessing.
Just a hunch: it might be that your login page is not accessible for anonymous users. So it redirects to the login page, that in turn redirects to the login page.
Have a look at the web.config to set the proper access rights.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
It looks like your solution in Visual Studio has been built from one of the templates that has some sort of forms - based authentication built in. I'm pretty sure that you can disable this in the web.config.
I have an asp.net (dynamic data) website set up as an application in a subdirectory of another site. This site requires different security settings from the top level site. Something like:
<authorization>
<allow roles="ADMIN"/>
<deny users="*"/>
</authorization>
These settings are ignored in the sub site. However, they work on the top level site, but even when set on the top level site, they are not inherited by the sub-site, and it's freely accessible. What could cause these settings to be ignored? I've tried adding:
<location path="." inheritInChildApplications="false">
to the top level web.config and then setting the above authorization rule in the sub site, even tried just denying all users. When visiting the site it looks like: http://mysite/mybrokensite
I am using windows authentication.
I think the key thing is this
website set up as an application in a
subdirectory of another site
If it's a separate application within IIS it should have it's own web.config file and the security settings can be set from there. So you'll have one web.config for the main site and one for the subsite. really they are two applications.
If it's just a subfolder under your website then this doesn't apply. It depends how you've set it up under IIS. If it's a seperate app then the icon will be a world/cabbage type icon. If it's a sub-folder they the icon will be ... well a folder.
To elaborate on Tim's answer, make sure in IIS that it is set up as a virtual directory. Look at the property page for that directory in IIS Admin, Directory (or Home Directory) tab. If the Application label is greyed out, hit the Create button. Now IIS will load the web.config from that directory.
I typed up a summary since many were facing the same situation regarding subfolder authentication.
Subfolder Authorization
ASP.NET can only have a single
authentication mode for one
application.
The different
applications CANNOT share resource
among them.
Scenario
Let's say the home page should not prompt login dialog. It should let users pass through without whatever login is. However, in the same applicatiopn, in a different folder presumably, another page needs to check user permission against database table using user network login ID. By default IE treats all web site with only hostname a Intranet. By its default intranet setting, it will not prompt the login dialog and pass user login and password to the application if Windows Authentication is used. However, the tricky party is, if the application has an actual domain, IE will think it is an Internet site, and it will prompt the login and password if Windows Authentication is used.
The only way to not to promopt login dialog for Internet site using Windows Authentication, is to also turn on the anonymous authentication in IIS. However, you will lose the ability to capture the login info because the Anonymous has precedence over the Windows Authentication. The good news is there is a way to resolve that issue. If an application subfolder needs to capture the login information, you will need to overwrite the parent authorization in Location element in web.config.
1 In IIS, configure Authentication as follows:
Enable Anonymous Authentication,
Enable Windows Authentication
2 Add the followings in Web.Config.
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
<!-- secured is the relative subfolder name. deny anonymous user, so only the authenticated login will pass through -->
<location path="secured" allowOverride="true">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>