In our project we have many folders.I have authenticate my folder separately,without the help of root web.config.because web.config is always update by x person.i need all my control to a separate folder.
When i am trying to changing the "authentication mode" to root web.config,its working .but not in the subfolder, it is not working in my subfolderfolder web.config.
My question is : can web.config permission is associated to particular folder?
,without the help of root config?if not why it is not possible?(looking for the theory)
You can override the root web.config by putting a new web.config under your own subdirectory, or defining a <location> element to the root web.config.
Related
I have 2 web.config files at root/ and at root/Web. I want that when I hit /Root/Web my application should load a certain set of settings from the root/Web.Config even though they are present in /root/web/Web.config
Any ideas where and what should I be modifying?
Yes, the way to do that is removing the elements in sub web.config that conflict with the settings in the root web.config.
If you need them for other purposes then you need to read whatever settings you want/need and apply them programmatically.
From MSDN:
The root of the ASP.NET configuration hierarchy is a file referred to
as the root Web.config file, and it is located in the same directory
as the Machine.config file. The root Web.config file inherits all of
the settings in the Machine.config file. The root Web.config file
includes settings that apply to all of the ASP.NET applications that
run a specific version of the .NET Framework. Because each ASP.NET
application inherits default configuration settings from the root
Web.config file, you need to create Web.config files only for settings
that override the default settings.
I need to prevent someone from directly accessing a pdf, instead only allowing them to be pulled through the app itself. How can this be done?
Add this to your top-level Web.config to block a folder called Reports (your folder name goes there).
This will allow your application to access Reports/file.pdf but an outside request to yoursite.com/Reports/file.pdf will be blocked.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Reports" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
There are two solutions for doing that:
1- You can put your “UsersUploads” folder outside the website
directory, so if your website exist on “c:\website\example.com” you
can put the “UsersUploads” there “c:\UsersUploads”, Like that IIS has
no control over this folder and its files, And your website code will
still have access to this directory as a normal physical path.
2- Stop IIS from serving this folder:
IIS by default doesn’t server some website folders and files such
App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources,
Web.config,….
Put the files in the app_data folder and then use a HttpHandler to serve the files. You can use url rewriting if you want to hide it and make it look cleaner.
set the permissions on the folder to deny access to whoever. Ask your sys admin guy to create an account and give read access to the folder. Then set impersonation up in the web.config file to use the new account.
Read this
http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx
I need the settings in web.config file of my asp.net application through which i can set permission for particular folder outside IIS. I need this functionality through settings in web.config.
Edited: I need to know that how can we apply impersonation in web.config file
thanks
regarding the second part
<configuration>
<system.web><identity impersonate="true"/></system.web>
</configuration>
I have several ASP.NET applications in virtual folders (already configured as applications, and with different application pools), but I want to install another ASP.NET application that will redirect to one of the virtual folders according to some criteria (from database and cookies).
All the applications in the virtual folders work fine, but if I install the root application, then I get some errors about duplicate web.config settings.
A workaround would be to create yet another virtual folder for the redirecting application, and use HTML redirection on the root site.
However, I would like to know if it is possible for a web application in a virtual folder to skip the website-root web.config in the .config hierarchy.
Thanks,
Luis Alonso Ramos
One option is to move all the settings of the web.config to a location path where you use the inheritInChildApplications attribute so that those settings are only applied for the parent application and not child applications, something like:
<location inheritInChildApplications="false">
... move all your settings here...
</location>
How can I change loginurl using Forms Auth?
I am using web.config to configure all permissions.
At root web.config, I set login url. Now I need to change loginurl at a subfolder, but ASP.NET give me a error if I try to re-configure at inner web.config.
The only way to get this to work (to my knowledge) would be to configure the subfolder as a virtual/application directory, which will allow you to place another web.config in that directory.