I am running a shopping cart application in asp.net.I am running my application in IIS.I am getting following error while running.
Server Error in '/cart' Application.
Configuration Error Description: An error occurred during the
processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
Source Error:
Line 32: --> Line
33: Line 34: Line 35:
Source File: D:\ecomm_3_1_LITE\wwwroot\web.config Line: 34
-------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.42;
ASP.NET Version:2.0.50727.42
Following is my web.config file
Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<!-- SQL SP & TABLES PREFIX -->
<add key="SQLprefix" value="gaspprod_"/>
</appSettings>
<connectionStrings>
<add name="ConnStr" connectionString="Data Source=GRAPHIX\SQLEXPRESS;Initial Catalog=GlitzCart;Integrated Security=True " providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<globalization uiCulture="en" culture="en-US"/>
<!--<globalization uiCulture="hr" culture="hr-HR"/>-->
<authentication mode="Forms">
<forms name="guru_aspnet_cart"
protection="All"
timeout="30"
path="/"
loginUrl="AdminLogin.aspx"></forms>
</authentication>
<pages maintainScrollPositionOnPostBack="false"
buffer="true"
validateRequest="false"
compilationMode="Auto"></pages>
<customErrors mode="Off"
defaultRedirect="error.html"></customErrors>
<compilation debug="true">
</compilation>
<!--<trace enabled="true" pageOutput="true"/>-->
</system.web>
<!--disable access to Admin directory for everyone, except for the administrators -->
<location path="admin" allowOverride="false">
<system.web>
<authorization>
<allow users="admin, admin2, malik "/> <!--ADMINISTRATORS USERNAMES, SEPARATED BY ", " -->
<deny users="*"/>
</authorization>
</system.web>
</location>
<!--disable access to Admin/Modules directory -->
<location path="admin/modules" allowOverride="false">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<!--disable access to Modules directory -->
<location path="modules" allowOverride="false">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<!--disable access to Modules directory -->
<location path="SQLbackup" allowOverride="false">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
What change i have to make my application run?Can anybody help?
The error itself asks if you've enabled the virtual directory and set it as an application.
Is that the case? Your web.config is in the file root so I would say no.
Regardless, have you double checked you've enabled applications, enabled the correct version of ASP.NET and ensured ASP.NET is permitted to run.
If they are all ok then I would recommend you next take a vanilla ASP.NET website/web application (I prefer the latter) and deploy it to that folder. Don't write any code and double check it works.
If it doesn't then the default web.config doesn't work. It could be an error with your machine.config or something similar. Personally I'd reinstall and re-register .NET. A sledgehammer approach!
If it does work, then your web.config may be corrupt.
These are all guess-timates but I hope they help out!
Related
We are now building web apps using MVC, but have a number of legacy WebForm apps on a Server 2008 R2 box that we are updating from 4.5 to 4.6.1 and moving to server 2016..
Most follow the same format that everything in the Secure directory requires authentication and is redirected to the login page - so far they have all worked, but one app is throwing a loop (HTTP Error 404.15 - Query string too long) and I can't even access the login page directly...
Web.config in the Secure directory
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="SessionWarning" value ="18"/>
</appSettings>
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Same format as the ones that work. The main Web.Config contains
<authentication mode="Forms">
<forms name="SecureForms" loginUrl="Secure/Login"/>
</authentication>
This one has me totally baffled - I have no idea why it's throwing the toys out when others work flawlessly!
Thanks
I am using ASP.NET 4.5 OWIN Identity and attempting to block access to a directory for all but authenticated users. The directory contains raw files, so it isnt possible to wrap them in the ASP LoggedInTemplate tag.
When I try and prevent access to the directory to anonymous users, it fails.
I have tried adding the following to the main Web.config file:
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="/docs">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Doing this gives server 500 errors and highlight the location path="/docs" line as the source of the error. This is a hosted solution, so options for changing the IIS server config to allow overrides arent available to me, though that does seem one potential solution for anyone experiencing this issue.
I have now removed the above from the main web.config and added a separate web.config file in the directory that I want to protect. The new web.config contains this:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
This gives no errors, but allows unauthenticated users access to the folder, which is what I am trying to prevent.
Any ideas or pointers to any article that describes how to resolve this would be much appreciated.
The solution to this for my environment was to use the web.config file in the sub directory, but to add a custom handler definition for the file types in question.
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="PDFHandler" verb="*"
path="*.pdf"
type="System.Web.StaticFileHandler"
resourceType="Unspecified" />
</handlers>
</system.webServer>
</configuration>
The web server then allows authenticated users only to access the files in the sub directory.
This article led my to the solution: http://www.primaryobjects.com/CMS/Article112
In my asp.net MVC application I have tried to deny unauthorized users from an html file inside a sub folder. But it is not working as expected. Below is the web.config section which used right now.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/" defaultUrl="~/" slidingExpiration="true" timeout="60">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Docs/help/index.html">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
I think the global deny users will block all unauthorized access for all the pages, otherwise we should give specific permission. Please correct me If I am wrong.
But in my case even http://siteurl.com/Docs/help/index.html still able to access for an unauthorze user.
IIS - 7.5 , .NET - 4.5, MVC - 4
Please help me to resolve this issue.
MG
You have two ways to achieve it.
1st: <modules runAllManagedModulesForAllRequests=“true” /> Meaning
Add <modules runAllManagedModulesForAllRequests="true" /> in your web.config
(IIS < v7)
2nd: Global.asax Events in IIS 6 and IIS 7 for Static Resources
Add an wildcard managed handler to serve each request (inlucding static files which are handled by iis directly)
You can put a new Web.config in the folder that needs the permissions applied. Inside it do something like this
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Or you might need to wrap the <authorization> tag with a <security> tag.
If that doesn't work for you, try to do it via IIS Manager and see how it does it, then copy that.
I have an ASP.NET 2.0 web application developed on my Win8/VS2012 machine (but using .NET2.0 and not 4.0). I want to protect direct acccess to a number of folders, e.g. the PDF files that are stored in the Content/Documents folder for particular roles, using forms authentication. It works with the below web.config file on my dev machine, and if I type in an URL of a PDF directly, I get redirected to the login page.
However, when copying the whole solution to the production server (windows server 2003R2 sp1, having .NET 2 and 4 installed) the files are directly accessible and it seems as if the forms authentication does not work.
How can I investigate this on the server?
What is wrong in my config?
Note: the roles are assigned at login time, without a roles provider (as demonstrated by many articles on the internet and on stackoverflow) and I guess I did that correct since it works on my dev machine.
Note 2: One strange thing I noticed is that in the IIS administration tool on the win2003R2 server, the configuration windows do not correspond with what I have in the web.config file. When I right click web app properties in IIS manager, go to ASP.NET tab, go to edit configuration and go to authorization tab for the different locations, it looks like it only states allow * while the config file clearly has deny *. Is it possible that on that server this type of configuration file is not supported (it does not generate any errors either however).
Thx in advance
Wim
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<add name="..." connectionString="..."
providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<httpRuntime maxRequestLength="102400" executionTimeout="600"/>
<authentication mode="Forms">
<forms name="MYWEBAPP.ASPXAUTH"
loginUrl="member_login.aspx"
protection="All"
path="/"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<customErrors mode="Off"></customErrors>
<compilation debug="true"/>
</system.web>
<location path="Content/Documents">
<system.web>
<authorization>
<allow roles="MEMBER,ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Content/Events">
<system.web>
<authorization>
<allow roles="MEMBER,ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Content/News">
<system.web>
<authorization>
<allow roles="MEMBER,ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Content/PriceChange">
<system.web>
<authorization>
<allow roles="MEMBER,ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Administrator">
<system.web>
<authorization>
<allow roles="MEMBER,ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Member">
<system.web>
<authorization>
<allow roles="MEMBER,ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Nothing is wrong with your config. Rather, static files (jpgs, csses, pdfs) are handled by iis without involving asp.net pipeline. This means that your authorization rules are ignored when you ask for a pdf file.
To fix this you can either have an aspx page that gets a parameter that states which file should be downloaded or configure the application to run some (or all) static files through the asp.net pipeline. An easiest way to have all requests go through asplnet is to set
runAllManagedModulesForAllRequests="true"
in the modules section of the web.config.
I was searching for some solution but can't find one. There is this and this ones but can't found and answer there. Im developing an asp.net application on ASP.NET development server. I have the following web.config in my root asp.net folder:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="4df5d465h"
loginUrl="~/login.aspx"
protection="All"
timeout="30" path="/" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
My image folder is together my main web.config at root asp.net application folder.
Inside the image folder I put the following web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="*"/>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
I put role attribute after to see if its work.
I wrote the main web.config in this way too:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="3D45C7D8B0B0C"
loginUrl="~/login.aspx"
protection="All"
timeout="30" path="/" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="~/image">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
But the login page never can load the images
In design mode, inside visual studio editor, the image load in login.aspx page then image tag must be ok.
What I'm doing wrong?? Thanks a lot.
#nico, thanks a lot for format my question. No im not rewriting nothing. Its most simple and default asp.net application possible. Its default template asp.net application with an link on Default.aspx and a simple login.aspx page, its a test project, the login form works but the image doesn't load.
#Chris_Lively, yes there is a web.config in image folder, its web.config with <'allow roles='*'>, i checked, the folder is named image\ , the src of image tag point to image\ its getting me crazy
Your config file contains error - 'roles'-tag cannot use asterisk, you should define specific role name (allow element) or dont use it at all.
You'll see error message 'Parser Error Message: Authorization rule names cannot contain the '*' character' in fiddler.
I think it was reason of your problem.