Security :: Web.config Not Working?
Feb 6, 2011
I have done forms authentication a couples of times before but this time I cant get my head around something.Somehow altough the user authenticated,the destination page does not get this.The destination page is called Approval.aspx and is located in the /Admin directory which is secured by having its own web config with those settings:
[Code]....
If I remove the <deny users="?" />,then everything works fine but obviously everyone has access to that page.I only want that the user of role Admin can access it. I have implemented the standard VS 2010 login controland the user gets to the destination page with a response redirect:
[Code]....
Why does the destination page not realize that the user is authenticated and does not treat the useras a user in role "Admin"?
[Code]....
While debugging the login page I can see that the user has the right role "Admin".
View 9 Replies
Similar Messages:
Feb 2, 2010
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
View 5 Replies
Sep 30, 2010
I'm using a Custom Role Provider for authorization.
There are 2 roles: "VIEWER" and "SYSTEM_ADMINISTRATOR".
I have set up my role for my account as "VIEWER".
Roles.GetRolesForUser(this.User.Identity.Name) returns "VIEWER"
User.IsInRole("SYSTEM_ADMINISTRATOR") returns false
Web.Config contains below:
<location path="Administration">
<system.web>
<authorization>
<allow roles="SYSTEM_ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
However, I can still access the ~/Administration pages.
Even if I change the web.config to:
<location>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
I can still access any of the pages, but I shouldn't be able to access any page when this is set. Correct?
I'm pretty sure my Role Manager is working fine (see above calls to User and Roles), but here's the config:
<roleManager enabled="true" defaultProvider="MyRoleProvider" >
<providers>
<clear/>
<add type="MyNamespace.MyRoleProvider" name="MyRoleProvider"/>
</providers>
</roleManager>
I'm testing this on my local dev environment using Cassini and on a test web server running IIS 6. Both systems/sites work the same way and allow anyone access to any page. Both systems/sites also return correct data when programmatically checking Roles.GetRolesForUser and User.IsInRole.
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Feb 21, 2011
I have a login control that is working beautifully on my localhost, but not working on the server. It validates my username & password - and gives me an error if I enter an invalid username/password. However, if I enter the correct username/password, the page refreshes, but does not redirect me to the "ReturnUrl" that I see in the URL. I've seen posts on this, but nothing that I tried worked. I've tried setting the 'MembershipProvider'attribute of the login control. I don't want to set the DestinationUrl...I want it to take what is in the ReturnUrl in the querystring. I don't think it's a web.config issue cuz it works on localhost??
View 3 Replies
Sep 23, 2010
We have an application that is making use of the location tag in the web.config file at the machine level - meaning like :WindowsMicrosoft.NETFrameworkv2.0...CONFIGweb.config, the one that applies to the whole server - this application has lots of virtual directories under it and for each one there is a <location path="IIS Web App NameCustomerA">...This seems to work ok for that app. But then we have a second app on the same server, and I'd like to add location tags to that app's web.config file - meaning the local web.config file in the app's directory - and have each one of them specify a location tag in a similar way
View 1 Replies
Nov 25, 2010
I have a problem to redirect to my error page. In global.asax I have implemented Application_Error, so I can catch and log errors.
If I put this:
<customErrors mode="On" defaultRedirect="~/Errore.html" />
everything works...
with this:
<customErrors mode="On" defaultRedirect="~/Errore.aspx" />
it is show the page: http://localhost:3821/Errore.aspx?aspxerrorpath=/pagine/Ricerca.aspx
BUT on Errore.aspx Page_load() or OnError() are not called, and the page showed is just the standar one, (runtime error) that suggest to change to off the mode in customErrors.
This is on my pc, so there is not IIS... ...and I don't use authentication (not yet)
UPDATE:
The error occur in Global.aspx, in Application_Start() . When the error occur, redirecting to an .aspx page will cause an error because the app is not up. The solution is to redirec to an html page.
View 1 Replies
Jan 5, 2011
The event is simply not firing, what am I missing?
Code for the button:
<input type="button" class="button hide" id="savetext" style="float:right;" value="Hello" runat="server" OnServerClick="savetext_Click"/>
And the code that is generated (i.e. when opened in a browser and the source is viewed) is this:
<input onclick="__doPostBack('ctl00$Main$savetext','')" name="ctl00$Main$savetext" type="button" id="savetext" style="float:right;" class="button hide" value="Save to text" />
I've got <pages clientIDMode="Static" /> in web.config but the name and generated onclick event are prefixed despite that. Server side code:
Protected Sub savetext_Click(ByVal sender As Object, ByVal e As System.EventArgs)
End Sub
To be clear, my goal is to register a click on a button server-side, not just client-side.
View 1 Replies
Aug 27, 2010
I have created a website using visual studio 2010 on .net3.5 framework. When I run the site on my local system it works fine but on the external hosting server I am getting a 500 internal server error. Upon speaking to the hosting service provider, they advised me to delete the web.config file, having followed their instructions, the website works fine without the web.config file. But now I have added AJAX controls on one of the pages and am not able to run this page on the hosting server. Do I have to configure my web.config file in order to get this working. Could someone please help me with this.
View 4 Replies
Mar 31, 2011
Coding with ASP.NET 2.0 C# on a legacy application. The database is in MySQL I would like to know whether anything breaks if I delete the following lines from my code
First <xhtmlConformance mode="Strict"/>
Then,
<compilers>
<compiler language="c#"
type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"
extension=".cs"
compilerOptions="/d:DEBUG;trACE"/>
</compilers>
And last,
<browserCaps>
<case match="^Mozilla/5.0 ([^)]*) (Gecko/[-d]+)(?'VendorProductToken' (?'type'[^/d]*)([d]*)/(?'version'(?'major'd+)(?'minor'.d+)(?'letters'w*)))?">
browser=Gecko
<filter>
<case match="(Gecko/[-d]+)(?'VendorProductToken' (?'type'[^/d]*)([d]*)/(?'version'(?'major'd+)(?'minor'.d+)(?'letters'w*)))">
type=${type}
</case>
<case>
<!-- plain Mozilla if no VendorProductToken found -->
type=Mozilla
</case>
</filter>
frames=true
tables=true
cookies=true
javascript=true
javaapplets=true
ecmascriptversion=1.5
w3cdomversion=1.0
css1=true
css2=true
xml=true
tagwriter=System.Web.UI.HtmlTextWriter
<case match="rv:(?'version'(?'major'd+)(?'minor'.d+)(?'letters'w*))">
version=${version}
majorversion=0${major}
minorversion=0${minor}
<case match="^b" with="${letters}">
beta=true
</case>
</case>
</case>
<!-- AppleWebKit Based Browsers (Safari...) //-->
<case match="AppleWebKit/(?'version'(?'major'd?)(?'minor'd{2})(?'letters'w*)?)">
browser=AppleWebKit
version=${version}
majorversion=0${major}
minorversion=0.${minor}
frames=true
tables=true
cookies=true
javascript=true
javaapplets=true
ecmascriptversion=1.5
w3cdomversion=1.0
css1=true
css2=true
xml=true
tagwriter=System.Web.UI.HtmlTextWriter
<case match="AppleWebKit/(?'version'(?'major'd)(?'minor'd+)(?'letters'w*))(.* )?(?'type'[^/d]*)/.*( |$)">
type=${type}
</case>
</case>
<!-- Konqueror //-->
<case match=".+[K|k]onqueror/(?'version'(?'major'd+)(?'minor'(.[d])*)(?'letters'[^;]*));s+(?'platform'[^;)]*)(;|))">
browser=Konqueror
version=${version}
majorversion=0${major}
minorversion=0${minor}
platform=${platform}
type=Konqueror
frames=true
tables=true
cookies=true
javascript=true
javaapplets=true
ecmascriptversion=1.5
w3cdomversion=1.0
css1=true
css2=true
xml=true
tagwriter=System.Web.UI.HtmlTextWriter
</case>
<!-- Opera //-->
<case match="Opera[ /](?'version'(?'major'd+)(?'minor'.(?'minorint'd+))(?'letters'w*))">
<filter match="[7-9]" with="${major}">
tagwriter=System.Web.UI.HtmlTextWriter
</filter>
<filter>
<case match="7" with="${major}">
<filter>
<case match="[5-9]" with="${minorint}">
ecmascriptversion=1.5
</case>
<case>
ecmascriptversion=1.4
</case>
</filter>
</case>
<case match="[8-9]" with="${major}">
ecmascriptversion=1.5
</case>
</filter>
</case>
</browserCaps>
I believe they all are not needed. Are they needed at all at present? What I would really like to know is whether anything breaks if I delete them. I would also like to know whether the snippet given below is relevant for ASP.NET 2.0
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="100"/>
when my application is using MySQL as database and authentication mode is windows.
View 1 Replies
Apr 16, 2010
I have easy to reproduce issue with web.config transform. Steps below are causing major grief.
Create new Web Application Project in VS 2010. Open web.debug.config, put following inside it
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform" xdt:Transform ="Replace">
<applicationSettings>
<MyProject.Properties.Settings>
<setting name="Username" serializeAs="String">
<value>username</value>
</setting>
</MyProject.Properties.Settings>
</applicationSettings>
</configuration>
Now deploy to file system on local hardrive. Open resulting web.config and see <value> setting has extrac carriag return and bunch of tabs in front of it..
Screenshots can be downloaded below.
[URL]
View 1 Replies
Feb 8, 2011
am working with Login page,but is not working.so what can i do. This is my code.
string connect = ConfigurationManager.ConnectionStrings["CarsalesConnectionString"].ToString(); protected void btnLogin_Click(object sender, EventArgs e) { Session["Username"] = txtUsername.Text; Session["Password"] = txtPassword.Text; string status = "Active";
string Query = "Select * from tbl_User where Username = '" + txtUsername.Text + "' and Password = '" + txtPassword.Text + "' and Active = 1 and Status ='" + status + "' "; SqlDataAdapter cnAccess = new SqlDataAdapter(Query, connect); DataSet myAccessDataSet
= new DataSet(); cnAccess.Fill(myAccessDataSet, "tbl_User"); if (myAccessDataSet.Tables["tbl_User"].Rows.Count != 0) { //condition A lblErr.Text = "Invalid Username and Password!"; //Response.Redirect("~/Customer/CustomerForm.aspx"); //Response.Redirect("~/Mainpage.aspx");
} else { //condition B Response.Redirect("~/Mainpage.aspx"); //lblErr.Text = "Invalid Username and Password!"; }
View 2 Replies
Jun 29, 2010
I created a http Module following this tutorial. The module just displays a simple "Hello from OnBeginRequest in custom module.".I've referenced it in web.config and then, to satisfy my scenario (at work we need to see a module in action for all websites on a server, with the minimal configuration) I installed the module in the GAC, then I edited the "global" web.config in order tomake the module work for all the my web applications
View 1 Replies
Mar 25, 2011
When running the ASP.NET Development Server, everything is working fine. However, when I deploy my asp.net application to the production server (IIS 7.0 integrated mode, fresh install), my location tags in my web.config file are being ignored.
Case in point: I'm using forms authentication, and when the user arrives at my login.aspx page, the external css & js files are not being loaded...even though I have specified that those files should be available to all users (auth'd or not). However, once the user is logged in, the files do in fact load.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<authorization>
<deny users="?" /> <!-- Restrict anonymouse user access -->
</authorization>
And the exception to my css file...
<location path="Styles/xtools.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I've verified that the path to the css file is accurate.
--EDIT Forgot to mention, I have tried creating a web.config file in the targetted folder as well...still not working.
View 1 Replies
Feb 2, 2010
For some reason the Custom Errors for 404 pages are not working on my production server, but they work fine on development. Instead of going to the custom 404.aspx page, it goes to the ugly IIS 404 page.
Here is my Custom Errors protion of my web.config:
[Code]....
I changed the defaultRedirect to also go to my 404.aspx page just to make sure I was catching everything, but still it does't work. I know I could change the IIS 404 error to also point to my 404.aspx page, but that will not work for me because I need to capture the "aspxerrorpath" in the querystring for .net 404 errors. The IIS method will not give me that.
I am just hoping it is a server configuration I missed somewhere, but everything on production looks the same as on development.
View 9 Replies
May 5, 2014
I am trying to make Login through webConfig but it is not working. When I click on Login with the user and pass it is not redirected to theAllowUsers page.
WebConfig
<authentication mode="Forms">
<forms loginUrl="~/RestrictedArea/Login.aspx" defaultUrl="~/AllowUsers.aspx" timeout="2880">
<credentials passwordFormat="Clear">
[code]...
View 1 Replies
Oct 14, 2010
I'm having a hard time figuring out how to test email sending on my localhost machine that I'm using to develop the application on. Here is my function to send the email:
[Code]....
Here is the excerpt from my web.config file:
[Code]....
Here is the error I get when trying to test the code out:
An attempt was made to access a socket in a way forbidden by its access permissions 127.0.0.1:25
What could be causing this? Am I doing something wrong in my web.config file??? I know this isn't possible with Vista, but I'm running Windows 7 now.
View 5 Replies
Apr 28, 2010
I have the following generic lifetime manager
[code]...
causes the following error
Cannot create an instance of UI.Common.Unity.RequestLifetimeManager`1[T] because Type.ContainsGenericParameters is true.How do you reference generic lifetime managers?
View 1 Replies
Jul 17, 2015
i am working on an application ,i have hosted on server. everything going fine . i have added a code to set session timeout in webconfig . but its expire default time .
<sessionState mode="InProc" timeout="524601"/>
View 1 Replies
Oct 28, 2010
I implemented the Location tag in the web.config file to authorize the anonymous users for Images folder. I deployed the code in IIS6.0 with Forms authentication mode enabled for the virtual directory. I disabled all other authentication modes. When I browse the login page, Images are not displaying. When I set Anonymous authentication in IIS6.0 for the Image folder, it works fine.
See below the code implemented in web.config:
[Code]....
View 2 Replies
Nov 3, 2010
I made a custom server control library that all of our websites will be using. I have registered the dll in the global web.config of our production and development servers, and everything runs fine in the browser. The only problem I have is Visual Studio/Intellisense not recognizing my control. I get the error message "Unknown server tag...", which in turn throws other validation warnings. Does anyone know how to tell Visual Studio to include dll's registered in this location? Our sites are .net 4.0 and below is an excerpt from the web.config located in %SystemDrive%WindowsMicrosoft.NETFrameworkv4.0.30319Config on the servers.
<pages>
<controls>
<add assembly="[assembly info]" tagPrefix="irnrControls" namespace="IRNR.Controls"/>
</controls>
</pages>
It's not that big of a deal right now as I only have one control in the dll, but I would like to fix this before I add more controls.
Edit: I can't debug the site and it fails when I try to build it. The Output window displays "Unknown server tag".
View 2 Replies
May 9, 2010
Stuck trying to populate a dropdownlist with an ObjectDataSource using the wizard.
using the wizard i can successfully configure the datasource, then I can choose the datasource. The next step you should be able to select your display value and the selected value. However, these boxes are not populated within the wizard. I added a gridview to test the datasource and it displays fine.
[Code]....
View 4 Replies
Apr 7, 2010
Im uysing my custom login for user,and suppose im having a group of user who can login in.and rest of other should be deniedso how i can maintain that in web.config,
View 2 Replies
Jan 8, 2011
Within my site structure there is a folder called { Account } where I only want certain users to have access to. At University, my lecturer provided us with the following instructions:
Create new website and delete the default.aspx file in the Solution ExplorerRight click on the website path at the top of the Solution Explorer window and add a new folder. Name the folder Secure.To set up the security, select Website and then ASP.NET configuration.Select the Security link and in the Users column click "Select Authentication Type" and on the page that appears check the "From the Internet" option. Then click the "Done" button.Still in the security section select "Create Access Rules" and then click on the Secure folder and select "Anonymous Users" and "Deny". Then click OK. You can now close down this window.In the Solution Explorer click the "Refresh" button and you should see two web.config files appear.I am following his instructions to the letter, but I am not getting the {web.config } for my { Account } folder ! What am I doing wrong ?
PS. Is a users table in a database redundant in ASP.NET because there is already a user's table with roles built into ASP.NET ?
View 1 Replies
Jan 26, 2010
I need to set my logged in time in web.config but I do not know how? I get logged out after a while if I do no do anything in the website but I wanna be logged in for 120 minutes.
View 3 Replies
