I am getting a 401.2 error on the default document in VS2013 (and IIS). Here are the steps I'm taking:
In VS2013, right click choose "New Project"
Choose "ASP.NET Web Application", click OK
Choose "Empty" project, Check "Web Forms" at the bottom and click OK
Right click on the project and choose "Add | Web Form" - named
Default.aspx with "Authentication Succeeded" as the page content
Right click on the project and choose "Add | Web Form" - named
Login.aspx
Add a "Login" as the page content
Assign an "Authentication" event handler that sets "e.Authenticated
= true"
Update the web.config as listed below
Press F5
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="default.aspx" />
</files>
</defaultDocument>
<security>
<authorization>
<remove users="*"/>
<add accessType="Deny" users="?" />
<add accessType="Allow" users="*"/>
</authorization>
</security>
</system.webServer>
</configuration>
The behavior that I'm seeing is that http://localhost:12345/Default.aspx behaves correctly (always). In other words, when I first go to Default.aspx, it redirects me to the Login.aspx page. Once I've authenticated, I can see the Default.aspx page. If I logout and try to go to the Default.aspx page again it redirects me to login first.
However, when I got the / URL instead (no Default.aspx) I get a 401.2 error (even if I've authenticated 1st)?
The Default.aspx page is listed as a default document, and if I remove the "Deny" line from the Web.Config - then the default document behaves as expected. But when Deny ? is listed in the web config, suddenly the default document stops working and I have to go to /Default.aspx in order to avoid a 401.2 error.
Any suggests as to why this would behave like this?
I see no errors about any of this in the event log. I see the same behavior when using IISExpress (in VS by pressing F5) or with IIS when going to the public URL directly through a browser.
I hesitate to offer this as an answer as I don't understand exactly why it worked for me. However it is too long for a comment and it might help you.
I found that adding the following to the System.Webserver section solved this problem:
<modules>
<remove name="FormsAuthentication"/>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
</modules>
The key seems to be to remove the managedHandler Precondition from the FormsAuthentication module. As I understand it this is only supposed to optimize serving of static content. So I do not at this point know why it would have this effect. I stumbled on this trying to establish if FormsAuthentication module needed to be registered in the System.Webserver section.
Related
I am trying to deploy in Azure WebApp service an ASP.NET Weforms.
The app runs fine locally, without any problem.
After build ends I got the error below error in web browser after i go to myapp.azurewebsites.net i
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
Here is source of Web.config file
<?xml version="1.0"?>
<configuration>
<configSections/>
<connectionStrings>
<add name="constr" providerName="System.Data.SqlClient" connectionString="server=telendar.database.windows.net; database=TrackerDB;uid=telendar;password=*****;"/>
</connectionStrings>
<location path="Admin">
<system.web>
<customErrors mode="On"/>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5.1"/>
<sessionState timeout="60"/>
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/AuthUser.aspx" slidingExpiration="true" timeout="60"/>
</authentication>
<authorization/>
<pages controlRenderingCompatibilityVersion="4.0" validateRequest="true">
<controls>
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit"/>
</controls>
</pages>
</system.web>
</configuration>
You misunderstand the error message, it's telling you that your code crashed an unhandled exception and it's not allowed to show it ,it suggest you modifying the web.config to enable the details of the specific error message to be viewable on remote machines.
So what you need to do is recreate the error while you browse it on the server and then solve the problem.
However my suggestion is you could try to change your FrameWork maybe this will work for you.
If you still have other questions, please let me know.
In my ASP.NET web-application I have created Default.aspx (set as my start page), and a new folder called SmartCard with WebForm1.aspx inside of it. How do I configure Web.Config to prompt user for Certificate upon visiting SmartCard/WebForm1.aspx but NOT when Default.aspx loads?
In the accepted answer of this question:
if your app is hosted in IIS then simply add (in web.config) a section that says client certificate is required for those pages. THe browser will then ask the user for a cert.
From the above answer, I looked some more on StackOverflow and found this. From their accepted answer I put the following section in Web.Config:
<location path="SmartCard">
<system.webServer>
<security>
<access sslFlags="SslRequireCert" />
</security>
</system.webServer>
I then modified applicationHost.config in C:\Windows\System32\inetsrv\config (or appropriate directory for your install) and change the following line:
<section name="access" overrideModeDefault="Deny" />
to:
<section name="access" overrideModeDefault="Allow" />
However, I still get prompted for a Certificate on site load. I first get the following screen:
After clicking "Continue to this website" I then get prompted to selected a Certificate when Default.aspx loads. However, I only want to get prompted to selected a Certificate when SmartCard/WebForm1.aspx loads!
ANY help is greatly appreciated!
Here are my site settings in IIS-7:
SSL settings:
Site Bindings:
*MyDevCert is self-signed
Update:
I created a new Web.Config file inside of SmartCard directory with the following:
<?xml version="1.0"?>
<configuration>
<security>
<access sslFlags="SslRequireCert" />
</security>
<system.web></system.web>
</configuration>
I then removed the 'location' tag from base Web.Config.
Base Web.Config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<identity impersonate="false" />
</system.web>
</configuration>
However, I still get "There is a problem with this website's security certificate" screen and I get prompted for certificate once I click "Continue to this website"
From what I'm seeing, you can only have a single value for sslFlags.
See http://www.iis.net/configreference/system.webserver/security/access
And https://msdn.microsoft.com/en-us/library/ms689458(v=VS.90).aspx
The sslFlags attribute can be one of the following possible values. The default is None.
I uploaded my website on web server(www.somee.com) but there is an error which I am facing like many other new web developers face. I had done these things to get rid of this error. There is no error when I test my website on local host.
1) I have right clicked on my page named "WebHome.aspx" and make it start page.
2) After reading multiple solution I had tried most of them but still the problem is still there.
My web conf. file have following script
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true" />
<defaultDocument>
<files>
<clear />
<add value="WebHome.aspx" />
</files>
</defaultDocument>
</system.webServer>
<authentication mode="Forms">
<forms loginUrl="WebHome.aspx" defaultUrl="WebHome.aspx" >
</forms>
</authentication>
Error:
HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.
Please help and Thanks in advance.
Server Error in '/' Application.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I've looked through countless of previous questions and I haven't managed to get it working.
I've edited my web.config file and included a generated key at no success.
Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<machineKey validationKey="E91A16E07A8D628F1F1397962336B0C63B6DC45B8EB3D16BBD5E5761DD8AE462C04C1CC215904FF0353E84EF8194B48682114C72CF8E10F5295E5ADF36DBC520" decryptionKey="EFA118DF00BFB8206F24A1BB4AF7D18FBD6A605B44789E9048D8127FFF950A09" validation="SHA1" decryption="AES" />
<httpRuntime />
<pages enableViewStateMac="true" />
<customErrors mode="Off" />
<compilation targetFramework="4.0" debug="true" />
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
This happens when I postback to another page!
Instead of using <form action="..."> to perform a cross-page post back, try changing your submit button to read <asp:Button runat="server" postbackurl="...">. Using the PostBackUrl property is the officially supported way to perform a cross-page post back, as it sets a flag in the request telling the destination page to ignore the __VIEWSTATE field.
The main problem lies in the Application Pool of your website.Configure your website to use the proper .NET Framework version (i.e. v4.0) under the General section of the Application Pool related to your website.
Under the Process Model, set the Identity value to Network Service.Close the dialog box and right-click your website and select Advanced Settings... from the Manage Website option of the content menu. In the dialog box, under General section, make sure you have selected the proper name of the Application Pool to be used.
Your website should now run without any problem.Hope this helps you overcome this error.
I'm using form authentication in my asp.net website. Currently I have my authentication setting in web.config as below.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="60" cookieless="UseCookies" defaultUrl="~/landing.aspx" protection="All" slidingExpiration="true" />
</authentication>
I want to navigate to landing.aspx page before login.aspx page then on a button click on the landing page go to login.aspx page.
I'm assumimg you are using web forms (versus MVC).
The first step is to create a landing page in your project. Probably you will want it in the root of the site. Let's assume it is called LandingPage.aspx.
Add the following inside the <configuration> tag of your web.config. This will allow people to access the landing page without having to log in first.
<location path="LandingPage.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Next, in IIS Manager, configure a default document for the web site that points to LandingPage.aspx. This will ensure that new visitors are directed to the landing page when they navigate to your web site.
Lastly, you just need to fill out the content of the landing page, and make a "Sign in" button somewhere that will take users to the Login page when they want to log in. I leave that to you.
We can also configure default page from web config file with below tags
<system.webServer>
<defaultDocument>
<files>
<add value="default.aspx" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.html" />
<add value="index.htm" />
<add value="iisstart.htm" />
</files>
</defaultDocument>
</system.webServer>