Re: Web.Config and subdirectory *location* security
From: Grant Harmeyer (gn_harmeyer_at_hotmail.com)
Date: 07/21/04
- Next message: Jim Cheshire [MSFT]: "RE: Roles based Forms Auth - denied pages redirect"
- Previous message: Jonathan Dixon: "Re: Getting windows username"
- In reply to: Chris Mohan: "RE: Web.Config and subdirectory *location* security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 08:36:24 -0500
Thanks, I see that very clearly now and it makes sense. I went to
http://www.gotdotnet.com and downloaded the source code for the .Text blog
application to analyze some of the tactics used in that application for
authentication and also for some performance techniques.
Thanks for the reply
Grant
"Chris Mohan" <ChrisMohan@discussions.microsoft.com> wrote in message
news:FB25FC63-4379-47D7-91D4-663611E98F7F@microsoft.com...
>
> > Is this an IIS config issue, or do I need to create a configSections
node in
> > my web.config to facilitate this? If I need the configSections node
added,
> > an example would be very helpful. Thanks.
>
> The way to address this is to configure the admin sub dir as an
application in IIS.
>
> The problem is that the authentication element can only be declared at the
machine(for all apps hosted on a server), site, or application level. The
documentation states: "Any attempt to declare it in a configuration file at
the subdirectory or page level will result in a parser error message."
> See:
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfauthenticationsection.asp
>
> Here's a good article for more info on setting up an app that uses windows
and forms auth:
>
http://www.theserverside.net/articles/showarticle.tss?id=FormAuthentication
>
> "Grant Harmeyer" wrote:
>
> > I've read similar posts to this issue, and I am fairly certain this
> > configuration should work. However, when I try to request any of the
pages
> > in the Admin subdirectory of my application root, I am given the
following
> > error:
> >
> > It is an error to use a section registered as
> > allowDefinition='MachineToApplication' beyond application level. This
error
> > can be caused by a virtual directory not being configured as an
application
> > in IIS.
> >
> > It then has the line "<authentication mode="Forms">" highlighted as the
line
> > the error occurs at.
> >
>
> >
> > <!-- Web.Config -->
> >
> >
> > <configuration>
> > <system.web>
> > <authorization>
> > <allow users="?" />
> > </authorization>
> > <compilation defaultLanguage="C#">
> > <assemblies>
> > <add assembly="MyAssembly" />
> > </assemblies>
> > </compilation>
> > <customErrors mode="Off" />
> > <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
> > </system.web>
> >
> > <location path="Admin">
> > <system.web>
> > <authentication mode="Forms">
> > <forms name=".MYAPPAUTH" loginUrl="login.aspx"
> > protection="Encryption" timeout="20" />
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > <httpRuntime executionTimeout="90" maxRequestLength="512"
> > useFullyQualifiedRedirectUrl="false" minFreeThreads="8"
> > minLocalRequestFreeThreads="4" appRequestQueueLimit="100" />
> > </system.web>
> > </location>
> >
> > </configuration>
> >
> >
> >
- Next message: Jim Cheshire [MSFT]: "RE: Roles based Forms Auth - denied pages redirect"
- Previous message: Jonathan Dixon: "Re: Getting windows username"
- In reply to: Chris Mohan: "RE: Web.Config and subdirectory *location* security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
