asp.net, web.config inheritence, and clearing the authentication setting - asp.net

I have an ASP.net 1.1 application.
In a sub-folder, I've installed blogengine.net, which is a 2.0 app.
The folder is set to be an application and is using the proper framework.
It works...except for authentication.
The issue is inheritence from the web.config in the root application.
The common fix for this issue is to use 'clear' in your nested app's config file for each thing you want to reset.
<httpModules>
<clear/>
</httpModules>
The problem is that 'clear' does not appear to be allows within authentication tags:
<authentication mode="Forms">
<clear/>
<forms... rest of my child app's settings for authentication...>
</authentication>
Doing that gives me a syntax error.
Anyone know of a way to get this working? I need to prevent the root app's authentication info in web.config from being inherited within the child application.
UPDATE: per curious_geek's answer, one option is to modify the root config to not allow inheritance. However, my understanding is that will also block the system.config properties. Is that usually a big deal? This isn't my server, so wonder if doing that will open up some security issues that might not go over with with the server admin.

You need to tell the parent web.config no to force section inheritance in child-application.
If you want to stop system.web section inheritance to child-app then you'd wrap your system.web section with location element mentioned as below.
<location path="." inheritInChildApplications="false">
<system.web>
</system.web>
</location>
You can also apply this technique for stop inheritance for connectionstrings and appsettings section as well.
PS: when you actually add this
lines in web.config, visual studio will
not recognize it as valid and mark it
as error, but be rest assured that it
will work well under IIS when
deployed.

Related

Disable "httpErrors" element for a specific path

I'm having trouble with httpErrors element in Web.config.
I decided to use httpErrors element to handle http errors and show custom error pages in my (ASP.NET MVC) application. The problem is that I also have an API that I don't want httpErrors element to handle its errors, it has its own custom error responses.
I want it to be disabled when it comes to API.
Is there anything I can do to achieve what I want?
I found the solution.
We can fix such problems by using the location element:
We just have to put the code below in the configuration element (the root) of the Web.config:
<location path="api">
<system.webServer>
<httpErrors existingResponse="PassThrough"></httpErrors>
</system.webServer>
</location>
What the <location> element actually does is that it overrides the configurations for paths that start with what you put in the path attribute, which in my case is "api". Then what you have to do is disable the httpErrors, which can be done by setting the existingResponse attribute to PassThrough.
I hope this helps.

Is "management" section not allowed in web.config?

I'm trying to add users to IIS Manager via web.config, but whenever I add the following lines, the web site stops working and says web.config is not valid.
The web site works if I add those lines in administration.config, but I like to keep the scope small by sticking with web.config.
<system.webServer>
<management>
<authorization defaultProvider="ConfigurationAuthorizationProvider">
<authorizationRules>
<scope path="/MyApp">
<add name="domain\user" />
</scope>
</authorizationRules>
</authorization>
</management>
</system.webServer>
A simple Google search can answer your question.
IIS Management element
From that page:
Note: The settings in the management element can only be configured in the Administration.config file.

Nested ASP.NET 'application' within IIS inheriting parent config values?

I currently have 2 x ASP.NET 3.5 web applications in IIS7 (lets call them WebParent and WebChild).
WebChild is nested within the WebParent listing in IIS7 and is set up as an application (rather than just a virtual directory within WebParent). Both currently use their own (Classic) application pool.
Both WebParent and WebChild have their own fully defined web.config files in their own root directories.
I had assumed that seeing as WebChild is defined as an 'Application' within IIS, that it would not inherit anything from the WebParent configuration file. However, despite this configuration, I am seeing errors related to various elements within the web.config already being defined (which is correct, there are a couple items that are in both config files, but I thought they should be treated completely independently from one another)?
Can anyone please clarify why this might be occurring?
The exact solution to your problem will depend on what configuration exception message you are seeing. However, this is a typical problem that can often be solved through use of the inheritInChildApplications attribute on the location element in the web.config for "WebParent". By wrapping the entire system.web section in a location element as follows, you should be able to eliminate the problem you described:
<location path="." inheritInChildApplications="false">
<system.web>
<!-- ... -->
</system.web>
</location>
With IIS 7, you will also want to wrap the system.WebServer section the same way:
<location path="." inheritInChildApplications="false">
<system.webServer>
<!-- ... -->
</system.webServer>
</location>
This solution is based on an excellent blog article that I found here.
If they are repeated, you'll have to <remove/> then in the child application web.config first, then add back the element you'd like it it's place. This is assuming that you'd like to have a different value. If you don't, then just omit the element. A connection string would be a good example of something that is likely common for all applications - so you only need to specify it in the root.
Example:
<siteMap defaultProvider="AdminSiteMapProvider" enabled="true">
<providers>
<remove name="AdminSiteMapProvider"/>
<add name="AdminSiteMapProvider" description="Admin SiteMap provider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/App_Data/admin.sitemap" securityTrimmingEnabled="true" />
</providers>
</siteMap>
I think the inheritInChildApplications="false" is good for cases where you still want to inherit some part of the configuration from the parent.
In cases where you want to completely stop inheritance (as in this case if I'm correct), I'd suggest to use 2 separate application pools for the 2 apps and then apply a not very well documented setting in the applicationHost.config file as I explained in this question “Entry has already been added” - Two Separate App Pools
<add name="MyAppPool" autoStart="true" managedRuntimeVersion="v4.0" managedPipelineMode="Integrated" enableConfigurationOverride="false">
<processModel identityType="NetworkService" />
</add>
Follow Scott's advise and also ensure that you have right clicked WebChild in IIS and selected Convert to Application.

ASP.NET 3.5 application with multiple web.config files (IIS 7)

We are working on a web application that creates more web applications.
Each web application will have to get a Url Rewrite rule (URL REWRITE MODULE 2.0).
As far as I know, there's no way to add such rules without modifying the web.config file (am I right??).
So my plan was to work with multiple web.config partial files. One main .config file, and lots of .config files per application (every file will contain it's web application url rewrite rules).
This way sounds a little bit messy, but I can't think of anything else, and suggestions will be welcomed.
So is it possible to use very-multiple web.config files for the root application?
Thanks in advance, Gal.
This following Tag will do the trick.
The absence of this tag was the main reason for my problem when i using with two web.config files for my two different application running in my website.
**<location path="." inheritInChildApplications="false">**
<system.web>
<!-- ... -->
</system.web>
**</location>**
Every application must have a full web.config and not partial, exept if you go with net 4
The trick is to use a lot the remove command on the other inside web.config and remove the parents setting that must not used on this.
For example if on the main root you have the a module that you do not won to use it on the other trees, you use the remove command on all other web.config to remove it. Especial the modules that are on one Bin and not on an other directory bin.
<httpModules>
<remove name="TheHttoModuleNotNeedHere" />
<remove name="AnonymousIdentification" />
... add here your other modules for that directory...
</httpModules>
The remove command is working for almost all sessions on config.
You can do make it work, I have done it, but its a lot of work to find all the conflicts/unnecessary configs and remove it.
For some other session there also the clear command. For example on role Manager you can clear all and add new.
<roleManager enabled="true" ...>
<providers>
<clear />
<add name="MyName" ... type="System.Web.Security.SqlRoleProvider" />
</providers>
Hope this help as tips to make it work.

IIS7: disabling HttpModule in subapplication - sites, application and virtual directories

I have a few aspx files in a "Cache" folder in my application and I do not want HttpModules to run for those files in that folder. I tried having a web.config in subdirectory but learned that HttpModules take the root web.config and not that of the subdirectory.
Reference 1, Reference2. So I decided to have this directory as a sub application as per suggestion here and here.
So I configure my application,then "add application" , map it to this directory, which already was inside this application and boom, it fails. It works for a static html file, but aspx files are not available.
My question is, how do I configure a sub-application in IIS7 so that the sub-application can have its own web.config and there I can disable HTTPModules of the root application
Edit:In fact I tried creating a subapplication within my main application and it did not work. Can some one point me to any article on how to configure a sub-application in IIS7 ?
Edit2: adding the error image. So how should I configure the child app pool. The child app runs in the same app pool as that of parent
Edit3: sorry, the child was running on a different app pool. A generic app worked(without modules). I am marking the answer after I try out the modules.Thanks for your help guys. There is something specific in my parent app web.config, which I am going to hunt down now.
EDIT: Actually both the answers provided below are correct. If you are using IIS7 integrated mode your modules should be in system.webServer and if IIS7 - classic mode your modules (and handlers?) should be in system.web
JKG has the right answer for IIS6, but the syntax is a little different in IIS7:
<system.webServer>
<modules>
<remove name="MyModule"/>
</modules>
</system.webServer>
The web.config will always inherit from its parent if it's in the same web application but you can clear the entire thing or remove an item like so:
From the child web.config (clear all or remove an item)
<httpModules>
<clear />
<remove name="MyModule"/>
</httpModules>
From the parent config by using the location tag...
<location inheritInChildApplications="false">
<system.web>
<!-- ... -->
</system.web>
</location>
http://www.jaylee.org/post/2008/03/Prevent-ASPNET-webconfig-inheritance-and-inheritInChildApplications-attribute.aspx

Resources