i have the following property which takes an IP address as its value and defined in my custom config section as follows and To validate the IP address i am using a Reg expression.
We have a scenario using asp.net Forms Authentication in a web farm and need to setup identical <machinekey /> sections on each servers .config file.
Is it better to store the <machinekey /> section in machine.config rather then web.config? what's the advantages and disadvantages of each approach concerning security?
If its not secure enough, is there any way to encrypt <machinekey /> section like we encrypt our connectionsstring (with DPAPI)? (http://msdn.microsoft.com/en-us/library/ms998280.aspx)
We (out IT partner really) recently changed some DNS for a web farmed site we have so that the two production server have round-robin DNS switching between the two. Prior to this switch we didn't really have problems with WebResource.axd files. Since the switch, when we hit the live public URL, we get an error:
CryptographicException
Padding is invalid and cannot be removed.
When we hit the specific servers themselves, they load fine. I've researched the issue and it seems since they're sharing assets between two servers, we need to have a consistent machineKey in the web.config for each server so they can encrypt and decrypt consistently between the two. My questions are:
Can I generate a machineKey via a tool on the server, or do I need to write code to do this?
Do I just need to add the machineKey to the web.config on each server or do you think I'll need to do anything else to make the two server work together? (Both web.config's currently do not have a machineKey)
I would like to add this section to my machine.config in exactly the same way many articles and microsoft are suggesting:
<configuration> <system.net> <connectionManagement> <add name = [URL]/> <add name = "*" maxconnection = "2" /> </connectionManagement> </system.net> </configuration>
[URL] As soon as I do it though, I get this exception when trying to hit a page hosted on the IIS on the same machine: Parser Error Message: Unrecognized configuration section system.net. Source Error:
Line 9: settings that differ from their defaults. Line 10: --><configuration> Line 11: <system.net> Line 12: <connectionManagement> Line 13: <add address="*" maxconnection="24" />
Source File: C:WINDOWSMicrosoft.NETFramework64v2.0.50727Configmachine.config Line: 11 Where is the problem and how can I modify the machine.config so that I can finally control the maxconnection value?
I am wondering how to encrypt the below information in the "web.config" file of the "Account" folder (where we have the secured pages):
[Code]....
My issue here is that even after I compiled my application (using "aspnet_compiler -v /reports c: eports"), the information inside the web.config file of the Account folder still not encrypted, and I want to publish my site to the customer server. So, since this server is a customer server, then they can access this "web.config" file and change our web-application security behaviour (correct me if I am wrong). Basically, I don't want the customer to even have access to our secured pages when they access our web-application using the web browser. How to solve this issue?
The code I've used to get the HTTP Modules is basically
HttpModulesSection modules = ((SystemWebSectionGroup)config.GetSectionGroup("system.web")).HttpModules; // Depending on what we need to do... //modules.Modules.Add(CreateSomeModule()); //modules.Modules.Remove("SomeOtherModule");
This worked fine up until IIS7. The migration command %SystemRoot%system32inetsrvappcmd migrate config "website/" moves the modules into system.webServer, so my code is now updating the wrong section. Is there a built in way to get the proper module section that should be modified? Or do I have to add a check for the Request.ServerVariables["SERVER_SOFTWARE"] and return system.web/system.webServer depending on the string I get back?
I am referencing some classes in my _layout.cshtml file and I have the namespaces in my Views/web.config <pages><namespaces> section and the layout page does not resolve. If I put @using statements in the layout page, it works fine. Shouldn't the layout page respect the web.config section?
I've created a custom config section for my application. For some reason Visual Studio 2010 isn't picking up and of my custom properties. I'm getting warnings similar to this for all the "add" keys: Could not find schema information for the element 'urlFilterSection'
CONFIG FILE: <configSections> <section name="urlFilterSection" type="BotFinderApp.Models.UrlFilterSection, BotFinder" /> </configSections> <urlFilterSection> <urlFilterCollection> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> <add url="urlhere.com.au" numberOfIpsToExtract="10" /> </urlFilterCollection> </urlFilterSection> UrlFilterSection: namespace BotFinderApp.Models { public class UrlFilterSection : ConfigurationSection { public UrlFilterSection() { } [ConfigurationProperty("urlFilterCollection", IsDefaultCollection = false)] [ConfigurationCollection(typeof(UrlFilterCollection), AddItemName = "add", ClearItemsName = "clear", RemoveItemName = "remove")] public UrlFilterCollection Urls { get { var urlsCollection = (UrlFilterCollection)base["urlFilterCollection"]; return urlsCollection; } } } } UrlFilterCollection namespace BotFinderApp.Models { public class UrlFilterCollection : ConfigurationElementCollection { public UrlFilterCollection() { } protected override ConfigurationElement CreateNewElement() { return new UrlFilter(); } protected override object GetElementKey(ConfigurationElement element) { return ((UrlFilter)element).Url; } } } UrlFilter namespace BotFinderApp.Models { public class UrlFilter : ConfigurationElement { public UrlFilter() { } [ConfigurationProperty("url", DefaultValue = "", IsRequired = true)] public string Url { get { return (string)this["url"]; } set { this["url"] = value; } } [ConfigurationProperty("numberOfIpsToExtract", DefaultValue = "0", IsRequired = true)] public int NumberOfIpsToExtract { get { return (int)this["numberOfIpsToExtract"]; } set { this["numberOfIpsToExtract"] = value; } } } }
I'm getting an ConfigurationErrorsException when trying to load a custom section from my web.config.
I'm trying to register a custom section in web.config to load it later using a "Section Class". Suppose my section is orderService, and I register it in web.config as shown: <configuration> <configSections> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> </sectionGroup> <section name="orderService" type="orderService"/> </configSections> <orderService available="true" pollTimeout="00:01:00" location="abc"> </orderService> <appSettings></appSettings> <connectionStrings/>
Then I try to load it with:
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); OrderService custSection = OrderService)config.GetSection("orderService"); <== The exception is thrown here (OrderService is a class that inherits from the class ConfigurationSection, and that defines a property for each orderService property, in this case: available, pollTimeout and location)
The exception says: An error occurred creating the configuration section handler for orderService: Could not load type 'orderService'. (my web.config path line 23) Does anybody know what am I doing wrong here? (I got it from the book APress: Pro ASP.NET 3.5 in C#)
I've been working on implementing a custom section in the web.config file for a little something I'm working for the past few hours, but I can't seem to get it working. The following is what I'd like to use as my XML structure:
Dim roleRedirectSection As LoginRedirectByRoleSection = DirectCast(ConfigurationManager.GetSection("loginRedirectByRole"), LoginRedirectByRoleSection)
...I get the following error:
Message: "An error occurred creating the configuration section handler for loginRedirectByRole: Could not load type 'sitename.LoginRedirectByRoleSection'. (W:Webs2010DEVsitenameASP 4.0web.config line 10)"
I am trying to get sections from specific .config file such like "my.config". WebConfigurationManager.OpenWebConfiguration can get the web.config in specific path. Maybe WebConfigurationManager.OpenMappedWebConfiguration can reach my purpose
actually i need the maxRequestLength value of the httpRuntime section in web.config to check if a postedfile's size is greater. What's the best way to read it?
In my web.config file, I have an authorization section that is supposed to deny all users EXCEPT for those included in the group specified. However, my login form doesn't allow these users to proceed to the next page - the login form just reappears as if the user has been denied. Code:
[Code]....
I have a user named 'test' that is in the Student Council group. I've tried 'allow users' and 'allow roles' with no success. I've also confirmed that the user is able to log into any workstation in my domain.
If I add a namespace element to the system.web pages namespaces section of the web.config do I still have to add references in the code behinds in order to have access to the members of that namespace at design-time?
[code]... causes the following error Cannot create an instance of UI.Common.Unity.RequestLifetimeManager`1[T] because Type.ContainsGenericParameters is true.How do you reference generic lifetime managers?
I have a few pages that need to use SSL and I am confused bc I read you should set the forms authentication section in the web.config to use SSL. so if this is the case, the user logs in (login page is using ssl) the forms auth cookie is created and now if i redirect to the non ssl enable home page, does this mean the auth cookie will not be transmitted, so i can't display like a welcome module or know the username of the user who logged in?
just installed VS2010 from MS site.it comes with some of the membership stuff like login/register etchowever, i want to know where the database is. here is what the webconfig shows:
We have an application that is making use of the location tag in the web.config file at the machine level - meaning like :WindowsMicrosoft.NETFrameworkv2.0...CONFIGweb.config, the one that applies to the whole server - this application has lots of virtual directories under it and for each one there is a <location path="IIS Web App NameCustomerA">...This seems to work ok for that app. But then we have a second app on the same server, and I'd like to add location tags to that app's web.config file - meaning the local web.config file in the app's directory - and have each one of them specify a location tag in a similar way
I've written a command line tool that deploys HTTP Handlers to an applications Web.Config file using a combination of System.Configuration, System.Web.Configuration and Microsoft.Web.Administration since it needs to register the handlers for both Classic and Integrated Modes as I don't know what mode end users will be using for their IIS deployments.
My issue is that is that when the tool is run the <handlers> section under <system.webServer> gets filled with the following extra unecessary entries as well as the entries I wanted to add:
[code]...
why this might be happening and how I can stop it?
When I save my configuration opened with System.Web.WebConfigurationManager I use ConfigurationSaveMode.Minimal so any inherited configuration (which is what this appears to be) should not get written.
