Protecting The (location) Element On Web Config?
Oct 26, 2011
Now since i'm securing the site i've noticed that the location element does not get much attention.The only thing i have found is that you can use <location path="" allowOverride="false"> on machine.config .I'm not sure how this goes but if you need to use this one every page then i will have multiple problems.First if i have a page with the same name on another website there is trouble and also if i need to update pages again problem.What i'm not sure of is if the location element on machine.config i just used once and then magically every site you have will throw an exception if a hacker changes you web.config.I have doubts and it's confusing and if i play with the server web.config,well i don't wanna mess with that.
So i also tried to encrypt the location element but i cannot find an example(can you encrypt it?).I can encrypt authorization and authentication but i will not go inside the location element.Just the standard authorization and authentication nodes.How can i secure the web.config location element so no hacker can change the allow,deny,etc.
[URL]
View 8 Replies
Similar Messages:
Jan 5, 2011
In my ASP.NET's Web Config file I have the following location elements defined:
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="dir1">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="dir2">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2. I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
<location path="dir1,dir2,etc">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
View 1 Replies
Dec 20, 2010
How to specify multiple paths in one location element in web.config:, a
<location path="Images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
We would like to add styles and images to location, e.g. location path="images, styles". Is it possible to put multiple paths in location element (and how)?
View 2 Replies
Sep 29, 2010
I'm looking at an asp.net application, i notice that there are assemblies defined into two places. In web.config there is configuration/system.web/compilation/assemblies/add elements. In the project file there are references setup under the Project/ItemGroup/Reference elements.
I was wondering, what is the difference between assemblies/references added in either location?
View 1 Replies
Sep 29, 2010
got a folder named profile with about 4 pages in it. i used this tag to protect the directory but it only works if i go www.mysite.com/profile. if i specifically try to go to a page like www.mysite.com/profile/mypage.aspx it lets me in and doesn't block my access or drive me to the login page as it's supposed to
<location path="profile">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
View 7 Replies
Jun 16, 2010
Let's imagine you have an asp.net page in front of you full of input elements, user controls and panels etc. And you are asked to modify a specific textBox and you do not know where that textBox stands in your project. Most of the time I use FireBug and try to see the Id of that element but it is not the best way all the time. So, What is the fastest way you believe that can be used to locate the source file that houses a specific html element in your web project?
View 2 Replies
Mar 30, 2010
today i tried to work with a testing site in server. but i got an error like this
XML Parsing Error: no element found
Location: http://iamrenjith.co.cc/Home.aspx
Line Number 1, Column 1:
View 3 Replies
Mar 1, 2010
My web.config has following settings :
Code:
<authentication mode="Forms">
<forms loginUrl="SignIn.aspx" >
</forms>
[code]....
and different settings for a folder - "user" inside root.
( same config file )
Code:
<location path="User">
<system.web>
<authorization>
[code]....
but when use the statement
Code:
Server.Transfer("~/user/somepage.aspx")
in code behind , the control goes to somepage.aspx instead of SignIn.aspx.
View 5 Replies
Sep 23, 2010
We have an application that is making use of the location tag in the web.config file at the machine level - meaning like :WindowsMicrosoft.NETFrameworkv2.0...CONFIGweb.config, the one that applies to the whole server - this application has lots of virtual directories under it and for each one there is a <location path="IIS Web App NameCustomerA">...This seems to work ok for that app. But then we have a second app on the same server, and I'd like to add location tags to that app's web.config file - meaning the local web.config file in the app's directory - and have each one of them specify a location tag in a similar way
View 1 Replies
Jul 8, 2010
I wanted to impose specific timeout interval and request length on some specific pages that uploads documents of size up to 50MB. Hence I did the following config changes after going through some sites.
<location path="Upload.aspx" >
<httpRuntime maxRequestLength="51200"/>
<httpRuntime executionTimeout="36000"/>
</location>
I keep getting error when I run the application. I tried various other ways like giving the complete path like <sitename>/<applicationname>/<v.folder name>/<filename>.I tried this on both IIS 6.0 and IIS 7.0.
View 8 Replies
Dec 7, 2010
In my ASP.Net application I'm using URL routing.
The url format is somewhat like: [URL] To allow users to visit the login and recovery page, I've added the following entries to my web.config:
[code]....
Is there a form of notation so that I can skip the en-GB part and replace it with a wildcard? I want the login and recovery page etc. to be available regardless of the culture.
View 3 Replies
Jun 10, 2010
When I add this in my web.config
[Code]....
View 1 Replies
Oct 2, 2010
This is part of my web.config
<location path="Secure">
<system.web>
<authorization>
<allow users="SecureUsers" />
</authorization>
</system.web>
</location>
I want to be able to search for path of Secure and find out the user role that is specified. My input is the path, such as "Secure" and the value I'm trying to retrieve is "SecureUsers".
View 1 Replies
Sep 20, 2010
Is it possible to have location authorization nodes in a web.config be external?
Such that I could take all of the nodes simlar to
[code]....
And move them outside of the web.config or something simlar? I find these nodes at an extreme amount of noise to a web.config when they're relatively static. Normally my approach would be to config source something like this but since it falls under the root node I'm not sure of it's possible with these nodes.
View 1 Replies
Mar 21, 2011
I'm looking to deploy a web app and I have a simple question about the <location> tag of the web.config file. For the moment, I want all the pages to be password protected and I've created a simple login page with the login object. I've put all my .aspx file in a directory called AppMyPages and I've put this in the config file:
<location path="AppMyPages">
<system.web>
<authorization>
<allow roles="tester" />
[code]...
View 1 Replies
Sep 21, 2010
Where do I find the machineKey config section for ASP.NET?
I don't have one in my application Web.config, there isn't one in the root Web.config and there isn't one in my machine.config.
Does this mean there is some other default hardcoded into ASP.NET? If so, what are the defaults? (For .NET 2 and 4)
Having read this: [URL]
i was expecting to find something like this, somewhere:
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
/>
Edit: the 1.1 docs seem fairly clear wrt default values: [URL] but the 4 docs are rather ambiguous [URL]
View 1 Replies
May 18, 2010
I want to be able to determine if the web.config element <compilation defaultLanguage="vb" debug="false" /> if the property is debug is set to true or false. Public Shared Function isDebug() as Boolean
View 1 Replies
Aug 4, 2010
look at the attached web.config? The last part doesn't seem to work although the path is correct. I've tried logging on the site with a use which is in no groups, but it can still access the page...
[Code]....
View 5 Replies
Oct 10, 2010
I have the following authorization settings in my web.config:
[Code]....
This deny's all anonymous access to the application accept the login page. In addition to this I am using authorization within each controller action via a custom authorize attribute.
I have one additional action that I would like to expose publicly in addition to the login page. This action does not have the authorize attribute on it. I have tried to make this view (resetPassword view) public by using the location tag in the web.config file like so:
[Code]....
In the path attribute above I have tried both the view as well as the action path, but it doesnt allow public access to the action.
I have even tried to put this view in a separate folder within the shared folder and put a separate web.config file to make that folder public like so:
[Code]....
None of the above configuration allow me to make this particular action (view) public. Can anyone suggest any other solutions, or what I may be doing wrong in this case?
View 5 Replies
Mar 9, 2010
I have my theme for each folder set in the web.config, but on design I have no access to the css or skins for that page unless I add them in the page directive, then upon rendering in html, the page shows 2 references to the same css file.
So for design purpose do I have to reference the file, then delete the references after I finish designing the page? why does the editor not recognize the web.config and reference the proper theme?
View 3 Replies
Mar 25, 2011
When running the ASP.NET Development Server, everything is working fine. However, when I deploy my asp.net application to the production server (IIS 7.0 integrated mode, fresh install), my location tags in my web.config file are being ignored.
Case in point: I'm using forms authentication, and when the user arrives at my login.aspx page, the external css & js files are not being loaded...even though I have specified that those files should be available to all users (auth'd or not). However, once the user is logged in, the files do in fact load.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<authorization>
<deny users="?" /> <!-- Restrict anonymouse user access -->
</authorization>
And the exception to my css file...
<location path="Styles/xtools.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I've verified that the path to the css file is accurate.
--EDIT Forgot to mention, I have tried creating a web.config file in the targetted folder as well...still not working.
View 1 Replies
Jun 23, 2010
I'm having some trouble setting the ExecutionTimeout element in my applications web.config. My page is making a lengthy webservice call and times out after 110 seconds. (the default I believe). I set the value to 220, and make sure the compilation debug=false.
Does the compilation setting refer to when IIS/ASP.net compiles the ASPX pages when a client requests them, or does it refer to the visual studio compile process there the assemblies are created. Would using an assembly built using debug in visual studio still allow the above settings to work?
View 3 Replies
Jul 12, 2010
I need to read configuration elements from the web.config. Let this be my web.config.
<family>
<parents>
<child name="Hello"/>
<child name="World"/>
</parents>
<parents>
<child name="Hello1"/>
<child name="World2"/>
</parents>
</family>
So I have something like this, I need to read this into a collection.
View 4 Replies
Nov 4, 2010
My web.config file has several authorization. May i know how can i update the roles value in to allow 'Staff' to access Page1.aspx programmatically.
[code]....
View 5 Replies
Jan 6, 2011
I'm struggling to find a way of specifying a file location in web.config appSettings that avoids using hard-coded paths but allows a non-'web aware' C# library to find a file. The C# library uses standard File.Open, File.Exists methods, etc. to operate on a data file, which is stored in my web application (ASP.NET MVC) tree, e.g. under:
contentdataMyDataFile.txt
Requirements:
I want to be able to specify my path like, e.g.:
<appSettings>
this--> <add key="MyFileLocation" value="~contentdataMyDataFile.txt" />
not --> <add key="MyFileLocation" value="c:inetpubwwwrootfoocontentdataMyDataFile.txt" />
</appSettings>
I don't want the C# library to be aware of the web application it's being used in, as it is used in other software, and the web application has no need to know about the configuration of the C# library.
View 3 Replies
