I am trying to use Authentication Forms with my ASP.NET project.
I added the following lines in my web.config:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login/Login"></forms>
</authentication>
</system.web>
and when I run my application, I get this error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Now I don't know much about IIS and configurations. But after doing some research, I gotta make sure the virtual directory that the site is in is marked as a application in IIS. How would I do that ?
Below is a screenshot of what I see in IIS
Related
I'm having access denied errors when trying to create directories, move files etc. So I added (web.config) the impersonate user that have the right privileges to execute that functions.
So, in my web.config I have the current code:
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>...</handlers>
<aspNetCore .../>
</system.webServer>
</location>
<system.web>
<identity impersonate="true" password="password123" userName="DOMAIN\user123" />
</system.web>
</configuration>
And in my IIS, the DefaultAppPool pool have the Identity property set to ApplicationPoolIdentity.
iis pool configuration identity
And now I use WindowsIdentity.RunImpersonated() to run my code that create the folders and etc that I talked earlier with the purpose to use the configured user (DOMAIN\user123), and not the current User.Identity logged into, like DOMAIN\anyOtherCurrentUser:
WindowsIdentity.RunImpersonated(WindowsIdentity.GetCurrent().AccessToken, () => {
// create directory, move files, etc
});
The problem is when I run this code, calling WindowsIdentity.Getcurrent(), The user that I'm getting is the current one set on IIS Configuration IIS APPPOOL\DefaultAppPool and not the configured user in web.config DOMAIN\user123. Why this happens? How should I use this user configured in web.config?
You simply cannot.
Anything under <system.web> applies to only ASP.NET 4.x or older, and ASP.NET Core does not honor such.
Even for ASP.NET 4.x you should grant all permissions based on the application pool identity, not relying on impersonation for your own good.
I created a brand new Asp.Net Core 2.0 web mvc application with windows authentication enabled.
If I immediately hit play it prompts me for user credentials which is not what I want. If I hit cancel it then redirects me to a 401.2 unauthorized error screen with the following error:
"You are not authorized to view this page due to invalid
authentication headers."
When I then stop the application and enable anonymous authentication on the project and hit play again, it runs the application successfully but will not display my username. #User.Identity.Name returns empty string.
How do I get around the security prompt while still being able to display my username?
In the .NET Framework, I would use this in the web.config file along with anonymous authentication = true and it would work the way I want:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I am using Visual Studio 15.4.1.
I think that the <authentication> tag is related to ASP.NET, and not IIS. In ASP.NET Core, the System.Web pipeline doesn't run.
I've had success in implementing Windows authentication with ASP.NET Core by using the following configuration in the web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>
The <system.webServer> section is the one getting modified when you change the authentication settings through IIS Manager.
Edit after Ben's first comment
Sorry, I had misread part of your initial message, and thought that you were trying to deploy your application in IIS.
It looks like Windows Authentication is set up correctly since you get prompted for credentials. What I don't understand is why you get prompted. I'm using IE11, Edge and Chrome, and they all know how to send Windows credentials without prompting me.
What browser are you using when doing your test? Could you try with the ones I listed above?
I am having an interesting issue with IIS 8. I can run the app just find. However after triggering a sql query I get the dreaded "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'".
The real kicker to all of this is that when I run in IIS Express with Visual Studio 2013 it works fine.
IIS Authentication Settings
Web.Config:
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
Any/All help is appreciated!
Make sure the account that is running the app pool in IIS has access to SQL server. If that doesn't work then try changing the account that the app pool is running under to like NetworkService or LocalService and see if that has any effect.
Also try changing some of the other app pool settings in the "Advanced Settings..." dialog such as the managed pipeline mode and enable 32-bit applications.
Thanks everyone for the help.
What ended up happening is that we just used a local sql account.
We are going to use AD to control who has access to the page.
Using the <deny roles="DOMAIN\Domain Users"/>
option in web config file.
I am trying to implement the following code to test forms authentication in the web app.
<location path="Test.aspx">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Test.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
Error:
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.*
I already did clean in release mode then in debug mode then build solution. i also tried IIS express but still getting this error , anyone knows the solution , please ?
I have a web site underneath I want deploy another web application. So I created a folder in the ftp site and dumped all my file in it.
Example:
Now I am getting below error when trying to access my application default.aspx file
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error:
Line 33: </assemblies>
Line 34: </compilation>
Line 35: <authentication mode="Forms">
Line 36: <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
Line 37: </authentication>
I don't know root site asp.net version, but I developed on asp.net 3.5
How to resolve this?
You need to setup the subfolder as an IIS Application
I believe that you would need to go into IIS and ensure that the "OnlineReport" folder is configured as an application