location path not functioning within web.config -- no images/css

Discussion in 'ASP .Net Security' started by mpaine, Mar 25, 2010.

  1. mpaine

    mpaine Guest

    I am using forms-based authentication on a normal .NET 2.0 website.
    Unfortunately, the login.aspx is not able to serve any css or images from
    either the root or subdirectories. Here is the web.config which *should*
    work as-is but doesn't. I've looked and looked to no avail. A solution
    would be profoundly helpful.


    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <configSections>
    <sectionGroup name="system.web.extensions"
    type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35">
    <sectionGroup name="scripting"
    type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
    <section name="scriptResourceHandler"
    type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" requirePermission="false"
    allowDefinition="MachineToApplication" />
    <sectionGroup name="webServices"
    type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35">
    <section name="jsonSerialization"
    type="System.Web.Configuration.ScriptingJsonSerializationSection,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" requirePermission="false"
    allowDefinition="Everywhere" />
    <section name="profileService"
    type="System.Web.Configuration.ScriptingProfileServiceSection,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" requirePermission="false"
    allowDefinition="MachineToApplication" />
    <section name="authenticationService"
    type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" requirePermission="false"
    allowDefinition="MachineToApplication" />
    <section name="roleService"
    type="System.Web.Configuration.ScriptingRoleServiceSection,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" requirePermission="false"
    allowDefinition="MachineToApplication" />
    </sectionGroup>
    </sectionGroup>
    </sectionGroup>
    </configSections>
    <system.web>
    <!-- DYNAMIC DEBUG COMPILATION
    Set compilation debug="true" to enable ASPX debugging. Otherwise,
    setting this value to
    false will improve runtime performance of this application.
    Set compilation debug="true" to insert debugging symbols (.pdb
    information)
    into the compiled page. Because this creates a larger file that executes
    more slowly, you should set this value to true only when debugging and to
    false at all other times. For more information, refer to the
    documentation about
    debugging ASP.NET files.
    -->
    <compilation defaultLanguage="vb" debug="true">
    <codeSubDirectories>
    <add directoryName="DAL" />
    <add directoryName="CS" />
    <add directoryName="VB" />
    </codeSubDirectories>
    <assemblies>
    <add assembly="System.Core, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=B77A5C561934E089" />
    <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add assembly="System.Web.Abstractions, Version=3.5.0.0,
    Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add assembly="System.Web.Routing, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add assembly="System.ComponentModel.DataAnnotations, Version=3.5.0.0,
    Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add assembly="System.Web.DynamicData, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0,
    Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=B77A5C561934E089" />
    <add assembly="System.Data.Linq, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=B77A5C561934E089" />
    <add assembly="System.Runtime.Serialization.Formatters.Soap,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
    </assemblies>
    </compilation>
    <!-- CUSTOM ERROR MESSAGES
    Set customErrors mode="On" or "RemoteOnly" to enable custom error
    messages, "Off" to disable.
    Add <error> tags for each of the errors you want to handle.

    "On" Always display custom (friendly) messages.
    "Off" Always display detailed ASP.NET error information.
    "RemoteOnly" Display custom (friendly) messages only to users not running
    on the local Web server. This setting is recommended for security
    purposes, so
    that you do not display application detail information to remote clients.
    -->
    <customErrors defaultRedirect="/error.htm" mode="Off">
    <error statusCode="404" redirect="/error.htm" />
    </customErrors>
    <!-- AUTHENTICATION
    This section sets the authentication policies of the application.
    Possible modes are "Windows",
    "Forms", "Passport" and "None"

    "None" No authentication is performed.
    "Windows" IIS performs authentication (Basic, Digest, or Integrated
    Windows) according to
    its settings for the application. Anonymous access must be disabled in
    IIS.
    "Forms" You provide a custom form (Web page) for users to enter their
    credentials, and then
    you authenticate them in your application. A user credential token is
    stored in a cookie.
    "Passport" Authentication is performed via a centralized authentication
    service provided
    by Microsoft that offers a single logon and core profile services for
    member sites.
    -->
    <authentication mode="Forms">
    <forms cookieless="AutoDetect" defaultUrl="default.aspx"
    enableCrossAppRedirects="false" loginUrl="Login.aspx" name="Pulse"
    path="/EPCore" protection="All" requireSSL="false" slidingExpiration="true"
    timeout="20" />
    </authentication>
    <!-- <authentication mode="Windows" /> -->
    <identity impersonate="true" />
    <authorization>
    <deny users="?" />
    <allow users="*" />
    <!--
    <allow roles="ENDPOINT\PulseDevAdminUsers, ENDPOINT\PulseDevUsers" />
    -->
    </authorization>
    <!-- AUTHORIZATION
    This section sets the authorization policies of the application. You can
    allow or deny access
    to application resources by user or role. Wildcards: "*" mean everyone,
    "?" means anonymous
    (unauthenticated) users.
    -->

    <membership defaultProvider="MembershipADProvider">
    <providers>
    <add name="MembershipADProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADConnectionString"
    connectionUsername="ENDPOINT\IUSR_AD_Login"
    connectionPassword="Endpoint.2010" attributeMapUsername="sAMAccountName" />
    </providers>
    </membership>

    <roleManager defaultProvider="AuthorizationStoreRoleProvider"
    enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES"
    cookieTimeout="30" cookiePath="/" cookieRequireSSL="false"
    cookieSlidingExpiration="true" cookieProtection="All">
    <providers>
    <clear />
    <add name="AuthorizationStoreRoleProvider"
    type="System.Web.Security.AuthorizationStoreRoleProvider"
    connectionStringName="ADConnectionString" applicationName="SampleApplication"
    cacheRefreshInterval="60" scopeName="" />
    </providers>
    </roleManager>


    <!-- APPLICATION-LEVEL TRACE LOGGING
    Application-level tracing enables trace log output for every page within
    an application.
    Set trace enabled="true" to enable application trace logging. If
    pageOutput="true", the
    trace information will be displayed at the bottom of each page.
    Otherwise, you can view the
    application trace log by browsing the "trace.axd" page from your web
    application
    root.
    -->
    <trace enabled="false" requestLimit="10" pageOutput="false"
    traceMode="SortByTime" localOnly="true" />
    <!-- SESSION STATE SETTINGS
    By default ASP.NET uses cookies to identify which requests belong to a
    particular session.
    If cookies are not available, a session can be tracked by adding a session
    identifier to the URL.
    To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState mode="SQLServer" allowCustomSqlDatabase="true"
    sqlConnectionString="
    server=EPMAIN002;database=ASPState;uid=EPCore_User;password=guest;Connect
    Timeout=120;" useHostingIdentity="false" cookieless="false" timeout="20" />
    <!--
    <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false" timeout="20"/>
    GLOBALIZATION
    This section sets the globalization settings of the application.
    -->
    <globalization requestEncoding="utf-8" responseEncoding="utf-8"
    uiCulture="en-US" />
    <pages>
    <controls>
    <add tagPrefix="asp" namespace="System.Web.UI"
    assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add tagPrefix="asp" namespace="System.Web.UI.WebControls"
    assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add tagPrefix="asp" namespace="System.Web.DynamicData"
    assembly="System.Web.DynamicData, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    </controls>
    </pages>
    <httpHandlers>
    <remove verb="*" path="*.asmx" />
    <add verb="*" path="*.asmx" validate="false"
    type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add verb="*" path="*_AppService.axd" validate="false"
    type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add verb="GET,HEAD" path="ScriptResource.axd"
    type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
    validate="false" />
    </httpHandlers>
    <httpModules>
    <add name="ScriptModule" type="System.Web.Handlers.ScriptModule,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule,
    System.Web.Routing, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    </httpModules>
    </system.web>

    <location path="Login.aspx">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="css">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="js">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="WebResource.axd">
    <system.web>
    <authorization>
    <allow users="?" />
    </authorization>
    </system.web>
    </location>

    <system.codedom>
    <compilers>
    <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4"
    type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <providerOption name="CompilerVersion" value="v3.5" />
    <providerOption name="WarnAsError" value="false" />
    </compiler>
    <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
    warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <providerOption name="CompilerVersion" value="v3.5" />
    <providerOption name="OptionInfer" value="true" />
    <providerOption name="WarnAsError" value="false" />
    </compiler>
    </compilers>
    </system.codedom>
    <!--
    The system.webServer section is required for running ASP.NET AJAX
    under Internet
    Information Services 7.0. It is not necessary for previous version
    of IIS.
    -->
    <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true">
    <remove name="ScriptModule" />
    <remove name="UrlRoutingModule" />
    <add name="ScriptModule" preCondition="managedHandler"
    type="System.Web.Handlers.ScriptModule, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule,
    System.Web.Routing, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    </modules>
    <handlers>
    <remove name="WebServiceHandlerFactory-Integrated" />
    <remove name="ScriptHandlerFactory" />
    <remove name="ScriptHandlerFactoryAppServices" />
    <remove name="ScriptResource" />
    <remove name="MSSCustomMap" />
    <add name="MSSCustomMap" path="*.speax" verb="*" modules="IsapiModule"
    scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll"
    resourceType="Unspecified" requireAccess="Script" responseBufferLimit="0" />
    <add name="ScriptHandlerFactory" verb="*" path="*.asmx"
    preCondition="integratedMode"
    type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add name="ScriptHandlerFactoryAppServices" verb="*"
    path="*_AppService.axd" preCondition="integratedMode"
    type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions,
    Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD"
    path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
    PublicKeyToken=31BF3856AD364E35" />
    <add name="UrlRoutingHandler" preCondition="integratedMode" verb="*"
    path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </handlers>
    <security>
    <authorization>
    <clear />
    <add accessType="Deny" users="?" />
    <add accessType="Allow" users="*" />
    </authorization>
    </security>
    </system.webServer>
    <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependentAssembly>
    <assemblyIdentity name="System.Web.Extensions"
    publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
    </dependentAssembly>
    <dependentAssembly>
    <assemblyIdentity name="System.Web.Extensions.Design"
    publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
    </dependentAssembly>
    </assemblyBinding>
    </runtime>
    </configuration>







    --
    msdn premium subscriber
    mpaine, Mar 25, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick Olurotimi Ige

    Web.Config (location path=)Question

    Patrick Olurotimi Ige, Apr 4, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    52,230
    grchuah
    Nov 5, 2006
  2. Patrick Olurotimi Ige

    location path in Web.config

    Patrick Olurotimi Ige, May 12, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    1,995
    Brock Allen
    May 12, 2005
  3. Dica
    Replies:
    1
    Views:
    394
    Patrice
    Nov 10, 2005
  4. =?Utf-8?B?TmF0aGFuQw==?=

    VB.NET (2.0) Web.Config Impersonate not functioning?

    =?Utf-8?B?TmF0aGFuQw==?=, May 17, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    570
    Juan T. Llibre
    May 18, 2007
  5. luqman
    Replies:
    2
    Views:
    786
    luqman
    Jul 11, 2007
Loading...

Share This Page