I published API who execute DLL into IIS asp.net core application where I'm getting access denied to my files. I read a lot of forums about this error:
To execute DLL in webconfig I have:
<add key="myFile" value="D:\WebSites\business.myapi.WebApi\Web\App_Data\bin\myfile.NCD" />
In WebConfig I try adding:
<system.web>
<authorization>
<allow users="*" />
</authorization>
<customErrors mode="True" />
<trust level="Full" />
<compilation targetFramework="4.7" />
<httpRuntime targetFramework="4.7" />
<identity impersonate="false" />
<authentication mode="Windows" />
</system.web>
Also I set IIS_IUSRS user with full permisions and .NET Trust Levels are setted to Full (internal)
Nothing works, I'm really desesperated.
Error:
Exception: System.Security.SecurityException: Access is denied. at ...
The Zone of the assembly that failed was: MyComputer Inner Exception:
Access is denied.
Someone have an idea why this issue still appearing after add permissions?
Related
I am trying to deploy in Azure WebApp service an ASP.NET Weforms.
The app runs fine locally, without any problem.
After build ends I got the error below error in web browser after i go to myapp.azurewebsites.net i
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
Here is source of Web.config file
<?xml version="1.0"?>
<configuration>
<configSections/>
<connectionStrings>
<add name="constr" providerName="System.Data.SqlClient" connectionString="server=telendar.database.windows.net; database=TrackerDB;uid=telendar;password=*****;"/>
</connectionStrings>
<location path="Admin">
<system.web>
<customErrors mode="On"/>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5.1"/>
<sessionState timeout="60"/>
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/AuthUser.aspx" slidingExpiration="true" timeout="60"/>
</authentication>
<authorization/>
<pages controlRenderingCompatibilityVersion="4.0" validateRequest="true">
<controls>
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit"/>
</controls>
</pages>
</system.web>
</configuration>
You misunderstand the error message, it's telling you that your code crashed an unhandled exception and it's not allowed to show it ,it suggest you modifying the web.config to enable the details of the specific error message to be viewable on remote machines.
So what you need to do is recreate the error while you browse it on the server and then solve the problem.
However my suggestion is you could try to change your FrameWork maybe this will work for you.
If you still have other questions, please let me know.
I have developed a web application using c# and asp.net but when I am trying to publish and put it into the server using ftp then I am getting this following error:
Configuration Error
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.
Source File: \\fs8-n02\stor10wc2dfw1\555713\570520\www.gxxxxjjsxx.ssd\web\content\2way\armb
\web.config Line: 9
Here if I check on my Line 9 of the web config file then I get this:
<authentication mode="Forms">
And here is my complete web config file code:
<?xml version="1.0"?>
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="2880"/>
</authentication>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<pages validateRequest="false">
<controls>
<add tagPrefix="ajaxtoolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolKit" />
</controls>
</pages>
<globalization culture="en-GB"/>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
I have checked whether I have multiple web config files but I could not find something like that. And also I have used this published folder into my IIS and I can browse the site from my localhost using IIS but still when ever I am trying to browse using the link:
I am getting the same error. Please help me on this. Thanks.
Here is my solution to the problem: Actually the path was not configured properly into the IIS as a virtual directory. So, that I had to create a proper virtual directory and then only I am able to access the site.
I'm having a weird problem with my ASP.NET site. My site uses Windows Authentication, and I have set the authentication option on IIS server to deny Anonymous Authentication. However, whenever I upload my project to IIS server, Anonymous Authentication for my site turns on by itself.
This is my applicationHost.config. Notice Anonymous Authentication is set to false here, but every time I publish my site, it is automatically changed to true, and I have to login to the web server and manually change it back.
<location path="[my root folder]">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" realm="" defaultLogonDomain="[my domain]" />
</authentication>
</security>
</system.webServer>
</location>
And this is my web.config
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="102400" executionTimeout="3600" requestLengthDiskThreshold="102400"/>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<customErrors mode="On" defaultRedirect="[my error page]"/>
</system.web>
In the past I used to allow anonymous authentication to 1 particular sub folder, using the following setting
<location path="[my sub folder]">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="false" />
<anonymousAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
And
<location path="[my sub folder]">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
However I no longer use that setting.
After a few days of poking around, I finally found the reason. Turned out that while I did disable anonymous authentication for my individual site, I forgot to turn off anonymous authentication on the server wide level. In case someone got the same error, this is the steps I used to solve it:
Open IIS control panel.
In the tree view on the left, select your server's name instead of your individual site.
In the newly opened panel on the right, double click authentication under IIS
Right click on anonymous authentication and select disable.
I am doing a web service in .NET containing a server file (.asmx) and a client interface (.aspx). The visitors should be able to visit only the client aspx site ( urlXXX:portYY/Client.aspx)
However, when I remove the "/Client.aspx" part from the URL, I get into the project directory and this should not be possible. (So far, I am running the project just on localhost.)
Is there any way, how restrict getting into other parts of the solution? The only possibility I could think of is creating a separate project for the client aspx site, however, even then the visitor is able to get into the directory containing that site.
You should be able to control explicit access using your web.config. Have a look at this example (exclaimer: I've copied this straight from this MS page):
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the Default1.aspx page only. It is located in the same folder as this configuration file. -->
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the unauthenticated user access to all of the files that are stored in the Subdir1 folder. -->
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>
EDIT: Take a look at this question for more info on denying access to explicit folders as well.
So, basically I have managed to find a workaround, by adding the following code into the Web.config:
<system.webServer>
<defaultDocument>
<files>
<add value="Client.aspx" />
</files>
</defaultDocument>
</system.webServer>
...which makes the Client a default web-page, thus preventing to see the directory. However, I will leave this topic open in case someone comes with a more elaborate and sophisticated solution.
I have been working on a website project which restricts access to a certain folder to annonymous users and allows access to the folder to those who are logged in.
This has been working perfectly on my development machine.
However since publishing the website and deploying to a web server (Windows Server 2008, IIS7) the forms authentication appears not to be working. Anonymous users are able to access the "restricted" folder.
I have compared the webconfig on both the development machine and the web server and they are exactly the same.
I set up the access/restriction to the directory on the development machine using the Web Site Administration Tool built into the .NET Framework using this tutorial. However I understand this tool is localhost only?
Please note: I am not using the asp.net login and registration controls. I am using a custom function in the code behind (C#)
Is this problem caused by the change of location?
The development machine directory: C:\Users\Megatron\Documents\Visual Studio 2010\Projects\Osqar - v0.2\OSQARv0.1
The Web server Directory: C:\inetpub\wwwroot\Osqar
I am a little lost here so any advice would be greatly appreciated.
Here is the web config file
<?xml version="1.0" encoding="UTF-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="dbConn" connectionString="data source=mssql.database.com; Initial Catalog=devworks_oscar;User ID=myusername;Password=password" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name="Osqar" loginUrl="/login/login.aspx" protection="All" path="/" timeout="60" />
</authentication>
<compilation debug="true" />
<pages /></system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
The authorization section seems to be missing (?). You should have something like
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
Without the information about the required level of authorization (deny anonymous users), the application server will let everyone go everywhere.
Put this under <cofiguraation> main tag like:
<configuration>
<location path="~/RestrictedFolder">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
....
if you're restricting specific files do:
<location path="~/securedpage.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Do these changes to the web.config in the deployed project
Alternatively as Wiktor suggested use to block anonymous access to the website as a whole
put it under <system.web> possibly before or after <authentication> tag
<authorization>
<deny users="?"/>
</authorization>
Or create a folder under the root of your project and put secured pages inside that folder. R-click on the folder add new web.config file and put the following under the <system.web> tag
<authorization>
<deny users="?"/>
</authorization>