how to let the web.config in the sub-directory to NOT to inherited from Root's web.config.

Discussion in 'ASP .Net' started by Benny Ng, Oct 13, 2005.

  1. Benny Ng

    Benny Ng Guest

    Hi,all,

    How to let the sub-directory to avoid the authentication control from Root's
    webconfig?
    I heard that we can add a new web.config to the sub-directory. And then we
    can slove the problem.

    Virtual directory is £ºhttp://localhost/main

    Sub-directory is : http://localhost/main/reminder

    My application used the Forms Authentication, then all files in every
    directory is controlled by the Forms Authentication. But now i want a
    sub-directory to avoid this. (user can access this directory directly,
    Needn't to Login.)

    In my application, the user can access the http://localhost/main/reminder
    and needn't to authentication.


    When I add the new web.config(cancel the forms authentication section), and
    when I access this URL(http://localhost/main/reminder), The following error
    shown:

    *****************************************************
    Configuration Error
    Description: An error occurred during the processing of a configuration file
    required to service this request. Please review the specific error details
    below and modify your configuration file appropriately.

    Parser Error Message: It is an error to use a section registered as
    allowDefinition='MachineToApplication' beyond application level. This error
    can be caused by a virtual directory not being configured as an application
    in IIS.

    Source Error:


    Line 38: by Microsoft that offers a single logon and core profile
    services for member sites.
    Line 39: -->
    Line 40: <authentication mode="None">
    Line 41: <!--<forms name=".ASPXAUTH" loginUrl="Login.aspx"
    protection="All" timeout="80" path="/"/>-->
    Line 42: </authentication>


    Source File: C:\Projects.Net\SalesChecking\Reminder_Update\web.config
    Line: 40
    ******************************************

    Can anyone give me some suggestion about it?

    Any suggestion about this are appreciated. Thanks!

    Benny Ng
     
    Benny Ng, Oct 13, 2005
    #1
    1. Advertising

  2. Benny Ng

    ViewState Guest

    try to make a application directory where the web.config will be located

    "Benny Ng" <> escreveu na mensagem
    news:...
    > Hi,all,
    >
    > How to let the sub-directory to avoid the authentication control from
    > Root's webconfig?
    > I heard that we can add a new web.config to the sub-directory. And then we
    > can slove the problem.
    >
    > Virtual directory is £ºhttp://localhost/main
    >
    > Sub-directory is : http://localhost/main/reminder
    >
    > My application used the Forms Authentication, then all files in every
    > directory is controlled by the Forms Authentication. But now i want a
    > sub-directory to avoid this. (user can access this directory directly,
    > Needn't to Login.)
    >
    > In my application, the user can access the http://localhost/main/reminder
    > and needn't to authentication.
    >
    >
    > When I add the new web.config(cancel the forms authentication section),
    > and when I access this URL(http://localhost/main/reminder), The following
    > error shown:
    >
    > *****************************************************
    > Configuration Error
    > Description: An error occurred during the processing of a configuration
    > file required to service this request. Please review the specific error
    > details below and modify your configuration file appropriately.
    >
    > Parser Error Message: It is an error to use a section registered as
    > allowDefinition='MachineToApplication' beyond application level. This
    > error can be caused by a virtual directory not being configured as an
    > application in IIS.
    >
    > Source Error:
    >
    >
    > Line 38: by Microsoft that offers a single logon and core
    > profile services for member sites.
    > Line 39: -->
    > Line 40: <authentication mode="None">
    > Line 41: <!--<forms name=".ASPXAUTH" loginUrl="Login.aspx"
    > protection="All" timeout="80" path="/"/>-->
    > Line 42: </authentication>
    >
    >
    > Source File: C:\Projects.Net\SalesChecking\Reminder_Update\web.config
    > Line: 40
    > ******************************************
    >
    > Can anyone give me some suggestion about it?
    >
    > Any suggestion about this are appreciated. Thanks!
    >
    > Benny Ng
    >
    >
     
    ViewState, Oct 13, 2005
    #2
    1. Advertising

  3. Set the location tag in webconfig
    in the first web.config
    <location path="<path to app>" allowOverride="true">
    </location>

    in the second web.config to
    <location path="" allowOverride="false">
    </location>
     
    Tasos Vogiatzoglou, Oct 13, 2005
    #3
  4. No, that will not help him.

    He wants one application with a subdirectory, not 2 applications.

    Benny :

    If "SalesChecking" is your "main" application, and is defined as an
    Application is IIS, and "Reminder_Update" is your "reminder"
    directory, which is *not* configured as an Application, you should
    be able to place a properly configured web.config in it which changes
    the authorization mode for that directory, without needing the "reminder"
    subdirectory to be an application of its own, and without changing
    the authentication scheme.

    Please notice the phrase "a properly configured web.config",
    and please notice that there's both "authorization" and "authentication" involved.

    I mention that because the web.config you currently have is
    configured to request Forms Authorization from the base directory:

    Line 41: <forms name=".ASPXAUTH" loginUrl="Login.aspx"
    protection="All" timeout="80" path="/"/>

    You can simply delete the whole authentication section
    of that web.config and replace it with :

    <authorization>
    <allow users="*" />
    </authorization>

    That should fix your error problem *and* allow your users
    to use the resources in the "reminder" subdirectory freely.

    I could have just posted the code to replace,
    but I wanted you to understand *why* that needs to be done.

    Also, you should review the differences in meaning between
    "authentication" and "authorization", for future use.

    In this case, you only need to change the "authorization" permissions;
    you don't have to change the "authentication" permissions.



    Juan T. Llibre, ASP.NET MVP
    ASP.NET FAQ : http://asp.net.do/faq/
    Foros de ASP.NET en Español : http://asp.net.do/foros/
    ======================================
    "ViewState" <> wrote in message
    news:%...
    > try to make a application directory where the web.config will be located


    > "Benny Ng" <> escreveu na mensagem
    > news:...
    >> Hi,all,
    >>
    >> How to let the sub-directory to avoid the authentication control from Root's webconfig?
    >> I heard that we can add a new web.config to the sub-directory. And then we can slove
    >> the problem.
    >>
    >> Virtual directory is £ºhttp://localhost/main
    >>
    >> Sub-directory is : http://localhost/main/reminder
    >>
    >> My application used the Forms Authentication, then all files in every directory is
    >> controlled by the Forms Authentication. But now i want a sub-directory to avoid this.
    >> (user can access this directory directly, Needn't to Login.)
    >>
    >> In my application, the user can access the http://localhost/main/reminder and needn't
    >> to authentication.
    >>
    >>
    >> When I add the new web.config(cancel the forms authentication section), and when I
    >> access this URL(http://localhost/main/reminder), The following error shown:
    >>
    >> *****************************************************
    >> Configuration Error
    >> Description: An error occurred during the processing of a configuration file required
    >> to service this request. Please review the specific error details below and modify your
    >> configuration file appropriately.
    >>
    >> Parser Error Message: It is an error to use a section registered as
    >> allowDefinition='MachineToApplication' beyond application level. This error can be
    >> caused by a virtual directory not being configured as an application in IIS.
    >>
    >> Source Error:
    >>
    >>
    >> Line 38: by Microsoft that offers a single logon and core profile services
    >> for member sites.
    >> Line 39: -->
    >> Line 40: <authentication mode="None">
    >> Line 41: <!--<forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All"
    >> timeout="80" path="/"/>-->
    >> Line 42: </authentication>
    >>
    >>
    >> Source File: C:\Projects.Net\SalesChecking\Reminder_Update\web.config Line: 40
    >> ******************************************
    >>
    >> Can anyone give me some suggestion about it?
    >>
    >> Any suggestion about this are appreciated. Thanks!
    >>
    >> Benny Ng
     
    Juan T. Llibre, Oct 13, 2005
    #4
  5. Hi, Tasos.

    While -in principle- that would work in many situations,
    in practice it would fail in this situation because what's needed
    is not to request authentication again, but to change the
    authorization mode for the subdirectory.

    That is most easily done by getting rid of the authentication configuration
    in the subdirectory's web.config, and replacing it with:

    <authorization>
    <allow users="*" />
    </authorization>




    Juan T. Llibre, ASP.NET MVP
    ASP.NET FAQ : http://asp.net.do/faq/
    Foros de ASP.NET en Español : http://asp.net.do/foros/
    ======================================
    "Tasos Vogiatzoglou" <> wrote in message
    news:...
    > Set the location tag in webconfig
    > in the first web.config
    > <location path="<path to app>" allowOverride="true">
    > </location>
    >
    > in the second web.config to
    > <location path="" allowOverride="false">
    > </location>
    >
     
    Juan T. Llibre, Oct 13, 2005
    #5
  6. Benny Ng wrote:
    > Hi,all,
    >
    > How to let the sub-directory to avoid the authentication control from
    > Root's webconfig?
    > I heard that we can add a new web.config to the sub-directory. And
    > then we can slove the problem.
    >
    > Virtual directory is £ºhttp://localhost/main
    >
    > Sub-directory is : http://localhost/main/reminder
    >
    > My application used the Forms Authentication, then all files in every
    > directory is controlled by the Forms Authentication. But now i want a
    > sub-directory to avoid this. (user can access this directory directly,
    > Needn't to Login.)
    >


    You could place another web.config in the subfolder and just remove the
    <authentication> section. The authentication section has an AllowDefinition
    of MachineToApplication. That means you can set it at the machine level or
    the application level. You can't set it below the application level.

    I always opt for a <location> tag in the root's web.config instead of adding
    new web.configs. The reason is that if you add a new web.config in the
    sub-folder, you will need to remember it's there and you might not!

    You could easily add a <location> tag for your sub-folder. Just add this to
    the root's web.config BETWEEN the closing </system.web> tag and the closing
    </configuration> tag:

    <location path="/thesubfolder">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>

    --
    Jim Cheshire
    JIMCO Software
    http://www.jimcosoftware.com

    FrontPage add-ins for FrontPage 2000 - 2003
     
    JIMCO Software, Oct 13, 2005
    #6
  7. Hi, Jim.

    re:
    > I always opt for a <location> tag in the root's web.config instead of adding new
    > web.configs. The reason is that if you add a new web.config in the sub-folder, you will
    > need to remember it's there and you might not!


    I suppose that's a question of developer preference.

    My preference is to have a web.config in any subdirectory that
    needs custom settings different from the main application.

    My reason ? Sometimes you need extensive customizations and,
    if you have many subdirectories, configuring everything in one base
    web.config could lead to a humongous base web.config.

    Also, remember that your whole application will restart if the base
    web.config is edited just to change a subdirectory's custom settings.

    That could cause some havoc with session variables which
    should not be affected by changes in a subdirectory, for example,
    because the Application won't be restarted if you edit a web.config
    in a subdirectory which is not configured as an application.

    I'm glad we both recommended that the authentication section
    be eliminated, and that an authorization section be inserted, though.

    That's the key to Benny's solution.



    Juan T. Llibre, ASP.NET MVP
    ASP.NET FAQ : http://asp.net.do/faq/
    Foros de ASP.NET en Español : http://asp.net.do/foros/
    ======================================
    "JIMCO Software" <> wrote in message
    news:uo$MNQ$...
    > Benny Ng wrote:
    >> Hi,all,
    >>
    >> How to let the sub-directory to avoid the authentication control from
    >> Root's webconfig?
    >> I heard that we can add a new web.config to the sub-directory. And
    >> then we can slove the problem.
    >>
    >> Virtual directory is £ºhttp://localhost/main
    >>
    >> Sub-directory is : http://localhost/main/reminder
    >>
    >> My application used the Forms Authentication, then all files in every
    >> directory is controlled by the Forms Authentication. But now i want a
    >> sub-directory to avoid this. (user can access this directory directly,
    >> Needn't to Login.)
    >>

    >
    > You could place another web.config in the subfolder and just remove the <authentication>
    > section. The authentication section has an AllowDefinition of MachineToApplication.
    > That means you can set it at the machine level or the application level. You can't set
    > it below the application level.
    >
    > I always opt for a <location> tag in the root's web.config instead of adding new
    > web.configs. The reason is that if you add a new web.config in the sub-folder, you will
    > need to remember it's there and you might not!
    >
    > You could easily add a <location> tag for your sub-folder. Just add this to the root's
    > web.config BETWEEN the closing </system.web> tag and the closing </configuration> tag:
    >
    > <location path="/thesubfolder">
    > <system.web>
    > <authorization>
    > <allow users="*" />
    > </authorization>
    > </system.web>
    > </location>
    >
    > --
    > Jim Cheshire
    > JIMCO Software
    > http://www.jimcosoftware.com
    >
    > FrontPage add-ins for FrontPage 2000 - 2003
    >
    >
    >
    >
     
    Juan T. Llibre, Oct 13, 2005
    #7
  8. Juan T. Llibre wrote:
    > Hi, Jim.
    >
    > re:
    >> I always opt for a <location> tag in the root's web.config instead
    >> of adding new web.configs. The reason is that if you add a new
    >> web.config in the sub-folder, you will need to remember it's there
    >> and you might not!

    >
    > I suppose that's a question of developer preference.
    >
    > Also, remember that your whole application will restart if the base
    > web.config is edited just to change a subdirectory's custom settings.
    >
    > That could cause some havoc with session variables which
    > should not be affected by changes in a subdirectory, for example,
    > because the Application won't be restarted if you edit a web.config
    > in a subdirectory which is not configured as an application.
    >


    Yes, it's developer preference and it depends on how often you think you
    might need to modify your configuration.

    You are absolutely correct on both counts. Only the web.config in the root
    is monitored for file change notifications, so you're better off putting a
    web.config in the subfolder itself if you think you might need to modify the
    configuration at some later point.

    --
    Jim Cheshire
    JIMCO Software
    http://www.jimcosoftware.com

    FrontPage add-ins for FrontPage 2000 - 2003
     
    JIMCO Software, Oct 13, 2005
    #8
  9. Benny Ng

    Benny Ng Guest

    Hi,Llibre and JimCO and ViewState and Tasos,
    Thank you for your's help. and I Slove this problem by your all helps.

    At least, I select JimCo's solution.

    <location path="/thesubfolder">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>

    This configuration section can let the sub-folder to avoid the Forms(users)
    Authentication.

    Now the pages that in that sub-folder can let all users to access without
    authentication.

    Seems now all runs smoothly.

    Actually from your all opinions.Seems to add "location" section is better
    than add sub-web.config file to the special folder.But anyway, maybe add
    "location" is the best way to me . Surely it's very simple. ^-^

    Thank you very much.


    Benny Ng

    "Juan T. Llibre" <> wrote in message
    news:%23Z$UTJ%...
    > No, that will not help him.
    >
    > He wants one application with a subdirectory, not 2 applications.
    >
    > Benny :
    >
    > If "SalesChecking" is your "main" application, and is defined as an
    > Application is IIS, and "Reminder_Update" is your "reminder"
    > directory, which is *not* configured as an Application, you should
    > be able to place a properly configured web.config in it which changes
    > the authorization mode for that directory, without needing the "reminder"
    > subdirectory to be an application of its own, and without changing
    > the authentication scheme.
    >
    > Please notice the phrase "a properly configured web.config",
    > and please notice that there's both "authorization" and "authentication"
    > involved.
    >
    > I mention that because the web.config you currently have is
    > configured to request Forms Authorization from the base directory:
    >
    > Line 41: <forms name=".ASPXAUTH" loginUrl="Login.aspx"
    > protection="All" timeout="80" path="/"/>
    >
    > You can simply delete the whole authentication section
    > of that web.config and replace it with :
    >
    > <authorization>
    > <allow users="*" />
    > </authorization>
    >
    > That should fix your error problem *and* allow your users
    > to use the resources in the "reminder" subdirectory freely.
    >
    > I could have just posted the code to replace,
    > but I wanted you to understand *why* that needs to be done.
    >
    > Also, you should review the differences in meaning between
    > "authentication" and "authorization", for future use.
    >
    > In this case, you only need to change the "authorization" permissions;
    > you don't have to change the "authentication" permissions.
    >
    >
    >
    > Juan T. Llibre, ASP.NET MVP
    > ASP.NET FAQ : http://asp.net.do/faq/
    > Foros de ASP.NET en Español : http://asp.net.do/foros/
    > ======================================
    > "ViewState" <> wrote in message
    > news:%...
    >> try to make a application directory where the web.config will be located

    >
    >> "Benny Ng" <> escreveu na mensagem
    >> news:...
    >>> Hi,all,
    >>>
    >>> How to let the sub-directory to avoid the authentication control from
    >>> Root's webconfig?
    >>> I heard that we can add a new web.config to the sub-directory. And then
    >>> we can slove the problem.
    >>>
    >>> Virtual directory is £ºhttp://localhost/main
    >>>
    >>> Sub-directory is : http://localhost/main/reminder
    >>>
    >>> My application used the Forms Authentication, then all files in every
    >>> directory is controlled by the Forms Authentication. But now i want a
    >>> sub-directory to avoid this. (user can access this directory directly,
    >>> Needn't to Login.)
    >>>
    >>> In my application, the user can access the
    >>> http://localhost/main/reminder and needn't to authentication.
    >>>
    >>>
    >>> When I add the new web.config(cancel the forms authentication section),
    >>> and when I access this URL(http://localhost/main/reminder), The
    >>> following error shown:
    >>>
    >>> *****************************************************
    >>> Configuration Error
    >>> Description: An error occurred during the processing of a configuration
    >>> file required to service this request. Please review the specific error
    >>> details below and modify your configuration file appropriately.
    >>>
    >>> Parser Error Message: It is an error to use a section registered as
    >>> allowDefinition='MachineToApplication' beyond application level. This
    >>> error can be caused by a virtual directory not being configured as an
    >>> application in IIS.
    >>>
    >>> Source Error:
    >>>
    >>>
    >>> Line 38: by Microsoft that offers a single logon and core
    >>> profile services for member sites.
    >>> Line 39: -->
    >>> Line 40: <authentication mode="None">
    >>> Line 41: <!--<forms name=".ASPXAUTH" loginUrl="Login.aspx"
    >>> protection="All" timeout="80" path="/"/>-->
    >>> Line 42: </authentication>
    >>>
    >>>
    >>> Source File: C:\Projects.Net\SalesChecking\Reminder_Update\web.config
    >>> Line: 40
    >>> ******************************************
    >>>
    >>> Can anyone give me some suggestion about it?
    >>>
    >>> Any suggestion about this are appreciated. Thanks!
    >>>
    >>> Benny Ng

    >
    >
     
    Benny Ng, Oct 13, 2005
    #9
  10. Benny Ng

    Benny Ng Guest

    Hi,Llibre and JimCO and ViewState and Tasos,
    Thank you for your's help. and I Slove this problem by your all helps.

    At least, I select JimCo's solution.

    <location path="/thesubfolder">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>

    This configuration section can let the sub-folder to avoid the Forms(users)
    Authentication.

    Now the pages that in that sub-folder can let all users to access without
    authentication.

    Seems now all runs smoothly.

    Actually from your all opinions.Seems to add "location" section is better
    than add sub-web.config file to the special folder.But anyway, maybe add
    "location" is the best way to me . Surely it's very simple. ^-^

    Thank you very much.


    Benny Ng




    "JIMCO Software" <> wrote in message
    news:%23dp7x8$...
    > Juan T. Llibre wrote:
    >> Hi, Jim.
    >>
    >> re:
    >>> I always opt for a <location> tag in the root's web.config instead
    >>> of adding new web.configs. The reason is that if you add a new
    >>> web.config in the sub-folder, you will need to remember it's there
    >>> and you might not!

    >>
    >> I suppose that's a question of developer preference.
    >>
    >> Also, remember that your whole application will restart if the base
    >> web.config is edited just to change a subdirectory's custom settings.
    >>
    >> That could cause some havoc with session variables which
    >> should not be affected by changes in a subdirectory, for example,
    >> because the Application won't be restarted if you edit a web.config
    >> in a subdirectory which is not configured as an application.
    >>

    >
    > Yes, it's developer preference and it depends on how often you think you
    > might need to modify your configuration.
    >
    > You are absolutely correct on both counts. Only the web.config in the
    > root is monitored for file change notifications, so you're better off
    > putting a web.config in the subfolder itself if you think you might need
    > to modify the configuration at some later point.
    >
    > --
    > Jim Cheshire
    > JIMCO Software
    > http://www.jimcosoftware.com
    >
    > FrontPage add-ins for FrontPage 2000 - 2003
    >
    >
    >
    >
     
    Benny Ng, Oct 13, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jiong Feng
    Replies:
    3
    Views:
    2,038
    Chris Moore
    Apr 30, 2004
  2. Luigi Donatello Asero

    Let or not let the text float

    Luigi Donatello Asero, Jan 15, 2004, in forum: HTML
    Replies:
    6
    Views:
    475
    Steve R.
    Jan 15, 2004
  3. Nathan Sokalski
    Replies:
    2
    Views:
    380
    Nathan Sokalski
    Sep 22, 2006
  4. Ben
    Replies:
    2
    Views:
    905
  5. Lawrence D'Oliveiro

    Death To Sub-Sub-Sub-Directories!

    Lawrence D'Oliveiro, May 5, 2011, in forum: Java
    Replies:
    92
    Views:
    2,056
    Lawrence D'Oliveiro
    May 20, 2011
Loading...

Share This Page