I am working on a web application that has several folders and its pages in the web project. There is also a web.config will all the traditional mark up. I needed to create another folder called "customerportal", in this folder I created 3 pages, customerlogin.aspx, customerdefault.aspx and customerhelp.aspx. I also added within that folder 3 folders, images, css and scripts.
Now when I navigate to that folder say http://mysite.com/customerportal/customerlogin.aspx, it works fine. I added a web.config file because now I need to retrict this folder to only the roles for customer and likewise I need to restrict the main app (parent) to the clients role. So no client cant get into the customer portal and no customer portal user can get into the main app pages. So I added the mark up that restricts the roles in the child web.config., this did not work as it told me that
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level.
This error can be caused by a virtual directory not being
configured as an application in IIS.
So, I converted the folder into a virtual directory, and then into an application in the iis. Then the error went away but I encountered other problems like things of the main web.config being inherited to the child web.config. So i started investigating and I saw a lot of answers like:
place a <location path="." inheritInChildApplications="false"> before the <system.web> section, I tried this but now I get an error on the <membership> tag. The membership is on a different aspmembership database, so the child has a different connection string etc.. But I am unable to do something like
<membership>
<clear />
or a <membership> <remove name=..>
Its like the membership is still getting inherited somehow. What is the best way to solve this child web.config issues?, what is the best practice to do this kind of setup where the child folder needs its own web.config? It is the first time i do this.
If I understand your problem correctly, can't you just add authorization in the root web.config and give the path "~/customerportal/customerlogin.aspx" and so on? I think because you have a web.config it thinks that directory is it's own application.
Related
I'm trying to programmatically read (and only read) various IIS settings from remote servers (Win 2k8/IIS7 , or Win2k12/IIS8).
Have tried but eventually gave up on Microsoft.Web.Administration and WebConfigurationManager methods, because they require certain security "flexibility", which isn't feasible for me.
I found WMI impersonation capabilities the most adequate, and I am able to get the settings which reside within ApplicationHost.config file.
So far I've not been able to find a way to use WMI to read from the web.config file at the virtual directory level.
Currently I'm looking to read Authentication settings - "mode", and the various attributes of that mode.
To illustrate, this is the portion of the web.config file I'm interested in (example for Forms Authentication):
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" name=".ASPXAUTH" timeout="360" />
</authentication>
<system.webServer>
</configuration>
Is there a way to reach this data using WMI?
Or can you think of another (secure) method to achieve this goal?
Appreciate the help!
EDIT found the right namespace and posted it in an answer
The WMI doesn't provide any class to read the content of a file.... but for your particular case you can check the IIS WMI Provider reference and try something like the IIsWebFileSetting class.
Turns out I was using the wrong WMI Namespace (MicrosoftIISv2).
The namespace I should've been using is WebAdministration. It has access to the properties I'm looking for (specifically those related to Forms Authentication). More info here - http://wutils.com/wmi/root/webadministration
I'm now facing another problem, where I'm able to connect to this namespace on one machine and query for data, but not on another (seemingly identical) machine.
Guess that's a subject for a different question, though.
Let's assume I've got multi-user asp.net web application. There are 2 roles - admin and user. The users of application belong to different organizations. There is a folder with path "~/Reports" with below config file in it:
<system.web>
<authorization>
<allow roles="*"/>
</authorization>
</system.web>
In addition folder "Reports" has many subfolders in it, each corresponding to an organization. For example "~/Reports/Organization1"
It is supposed that all the users with role "user" will upload their report files to subfolder in "~/Report" corresponding to their organization.
I've implemented the logic in code behind, but now I'm facing with an error like "Access denied for path ..Reports/Organization1" when the user of an Organization1 attempts to upload a file.
Is there any way to change config file above(in Reports) so that users get access to all the subfolders of "~/Reports"?
I would appreciate any help!
What you need to do is give the asp.net worker process write permission to the reports folder and this has nothing to do with the web config
You can find the steps in the following answer
https://stackoverflow.com/a/14654062/499930
I having a issue when i click to edit a user with this url in a ASP.NET MVC 3 project:
http://domain.com:8089/User/EditUser/username.surname?IDUser=e11a621p-df11-4687-9903-8bfc33c922cf
If i get another user without the '.' character, it works fine.
The error:
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
I tried some tips that i find here, like:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
and:
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true" />
and this attribute on the edituser action:
[ValidateInput(false)]
But nothing seems to work. This site is hosted on a IIS server, when it was on Windows Azure WebSite, it was working as expected.
Thanks.
If you know for a fact that the edit page is the only page where you use the firstname.lastname url part, you can use the method described in this SO answer:
Prevent static file handler from intercepting filename-like URL
Specifically, in your case, adding the following web.config section should route the request to MVC:
<system.webServer>
...
<handlers>
...
<add
name="userEditPage"
path="User/EditUser/*"
verb="GET"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
This will not be sufficient if you use the firstname.lastname in urls outside of the User/EditUser/... path, and is not a general solution. That would be much more complicated because you would need to tell IIS something like the following:
1) if the file exists, serve it (so that your .js files still serve properly)
2) Before any of the other handlers execute for the file extension, run the MVC handler and see if there is a route matching the url. Because what if you have a user of last name html?
3) If the MVC handler does not match any routes for the url, let the other handlers. Because what if you also had an .aspx page in your project?
Lastly, for the general case, you may want to consider the edge case of someone malicious creating a user with first name ../../web and lastname config? Just a thought, but it seems like the best you can hope for is restricting the use of the . in the url to specific paths.
After some headache, i publish it to Azure WebSites again and it works normally, with same web.config file that i was using in local enviroment. So the solution must be on the IIS, then after no more tries, i change the Application Pool to Default App Pool and guess what, it worked.
I have my asp.net web site. This web site is part of another big application that has its own web.config. Is it possible to force my web site use this web.config?
For example, root application with web.config:
C:\RootApp\web.config
And nested web site:
C:\RootApp\SomeFolder\NestedWebSite
I want NestedWebSite to use root web.config.
Note: NestedWebSite is complete ASP.NET WebSite
You should take a look how ASP.NET Configuration File Hierarchy and Inheritance works. More specifically the Scope of Configuration Settings section.
Basically it cascade (like Belogix pointed out) the configurations follow how the virtual directory is configured.
WebSiteRootApp
---->AnotherNestedWebSite
-------->EvenMoreNestedWebSite
---->NestedWebSite
In this example the NestedWebSite will inherit all config above (according the links I provided). But in this example I want to point that it will inherit your WebSiteRootApp config.
In the EvenMoreNestedWebSite example it will inherit its "father" and "grampa" too, in this case AnotherNestedWebSite and WebSiteRootApp.
Some configurations maybe you will not want to inherit so you can avoid this with this example:
<connectionStrings>
<clear/>
<add name="connectionString" value="sample value"/>
</connectionStrings>
In the above example I can specify that EvenMoreNestedWebSite needs to forget all configurations in that section it inherit and use just the one provided.
Here is my issue. I have an ASPX web site and I have code in there to redirect from the login page with the call to "FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and the call to redirect works on a previous version of the website we have running currently, but the one that I am updating on a separate test server is not working. It gives me the error "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." I have this in the config file:
<authorization>
<allow users="*" />
</authorization>
under the "authentication" option and...
<location path="Admin">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
for the location of Admin.
Also, there is no difference in the code between the web.config, Login.aspx, or the default.aspx files on the current server and the one on the test server, so I am confused as to why the redirect will not work on both. It even works in the Visual Studio server environment, for which the code is also identical.
Any suggestions and help is appreciated.
Directory Listing Denied is an IIS error, stating that directory browsing on the server isn't allowed. If you see this, it means when browsing to Website/Admin, the server isn't finding any expected default documents and is then trying to show you the file directory through the browser (expected behavior). IIS is set to not allow this in your case (which is a good thing).
Can you contact the server admins and ask them to verify the default documents for the website, and add Default.aspx to the list? If not, at least find out what the default file names are in the site setup, and name your root page based on that.
I think by default IIS uses Default.htm and maybe one other. Even when registering asp.net with IIS, I don't believe Default.aspx is added. It has to be done manually.