Web.config <location> not redirecting

Discussion in 'ASP .Net Security' started by T-1000, Mar 29, 2006.

  1. T-1000

    T-1000 Guest

    I have a website with a /Admin subdir I want to protect via a
    signin.aspx page (which is in the Admin dir.)

    This is the entire contents of the web.config file located at the root
    of the website:

    <?xml version="1.0"?>
    <configuration
    xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>
    <connectionStrings>
    <add name="CunePressDB" connectionString="Data
    Source=66.235.176.128;Initial Catalog=CunePress;User
    ID=dotstorefront;Password=storefront"
    providerName="System.Data.SqlClient"/>
    </connectionStrings>

    <system.web>
    <compilation debug="true"/>
    <authentication mode="None"/>
    </system.web>

    <location path="~/Admin">
    <system.web>
    <authentication mode="Forms">
    <forms name="CunePress" loginUrl="~/Admin/SignIn.aspx"
    path="/Admin"/>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </location>
    </configuration>

    What am I missing? Everything located between the <location> tags used
    to work, when the Admin directory was a seperate application process
    running in IIS. I am attempting to roll the client and Admin side into
    a single application that can be developed using the .Net development
    server on a developer's computer.
    T-1000, Mar 29, 2006
    #1
    1. Advertising

  2. just use

    <location path="Admin">

    also - i would not recommend using a cookie path - they are case sensitive,
    so for e.g. if a user types in /admin - the browser will not send the cookie
    and the user has to reauthenticate.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have a website with a /Admin subdir I want to protect via a
    > signin.aspx page (which is in the Admin dir.)
    >
    > This is the entire contents of the web.config file located at the root
    > of the website:
    >
    > <?xml version="1.0"?>
    > <configuration
    > xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    > <appSettings/>
    > <connectionStrings>
    > <add name="CunePressDB" connectionString="Data
    > Source=66.235.176.128;Initial Catalog=CunePress;User
    > ID=dotstorefront;Password=storefront"
    > providerName="System.Data.SqlClient"/>
    > </connectionStrings>
    > <system.web>
    > <compilation debug="true"/>
    > <authentication mode="None"/>
    > </system.web>
    > <location path="~/Admin">
    > <system.web>
    > <authentication mode="Forms">
    > <forms name="CunePress" loginUrl="~/Admin/SignIn.aspx"
    > path="/Admin"/>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </location>
    > </configuration>
    > What am I missing? Everything located between the <location> tags
    > used to work, when the Admin directory was a seperate application
    > process running in IIS. I am attempting to roll the client and Admin
    > side into a single application that can be developed using the .Net
    > development server on a developer's computer.
    >
    Dominick Baier [DevelopMentor], Mar 29, 2006
    #2
    1. Advertising

  3. T-1000

    T-1000 Guest

    if I do that I get:

    "Error 25 It is an error to use a section registered as
    allowDefinition='MachineToApplication' beyond application level. This
    error can be caused by a virtual directory not being configured as an
    application in IIS. C:\Documents and Settings\Administrator\My
    Documents\Visual Studio 2005\WebSites\CunePress\Web.Config 15"
    T-1000, Mar 29, 2006
    #3
  4. you also need to set authentication mode to forms...

    is you base dir marked as an application in IIS?

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have a website with a /Admin subdir I want to protect via a
    > signin.aspx page (which is in the Admin dir.)
    >
    > This is the entire contents of the web.config file located at the root
    > of the website:
    >
    > <?xml version="1.0"?>
    > <configuration
    > xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    > <appSettings/>
    > <connectionStrings>
    > <add name="CunePressDB" connectionString="Data
    > Source=66.235.176.128;Initial Catalog=CunePress;User
    > ID=dotstorefront;Password=storefront"
    > providerName="System.Data.SqlClient"/>
    > </connectionStrings>
    > <system.web>
    > <compilation debug="true"/>
    > <authentication mode="None"/>
    > </system.web>
    > <location path="~/Admin">
    > <system.web>
    > <authentication mode="Forms">
    > <forms name="CunePress" loginUrl="~/Admin/SignIn.aspx"
    > path="/Admin"/>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </location>
    > </configuration>
    > What am I missing? Everything located between the <location> tags
    > used to work, when the Admin directory was a seperate application
    > process running in IIS. I am attempting to roll the client and Admin
    > side into a single application that can be developed using the .Net
    > development server on a developer's computer.
    >
    Dominick Baier [DevelopMentor], Mar 29, 2006
    #4
  5. T-1000

    T-1000 Guest

    it already is set to forms...

    and I am not using IIS, I am running it with the .net Development
    Server...

    when you say base path, are you refering to Admin?

    as I said, I am trying to run the admin and client side together using
    the development server... having to install IIS on the development
    machine is a PITA, and I am trying to avoid it. If I was running IIS
    on my development machine, I could have a totally seperate web.config
    in the Admin dir, with controls its authentication seperately.

    Also, the Admin and Client sides have to access common files, such an
    images directory. So, having them packaged together in the same
    application space will make that much easier.
    T-1000, Mar 29, 2006
    #5
  6. You are getting that error because you haven't configured your deirectory
    you can do that
    in IIS by clicking on create
    Patrick

    "T-1000" <> wrote in message
    news:...
    > if I do that I get:
    >
    > "Error 25 It is an error to use a section registered as
    > allowDefinition='MachineToApplication' beyond application level. This
    > error can be caused by a virtual directory not being configured as an
    > application in IIS. C:\Documents and Settings\Administrator\My
    > Documents\Visual Studio 2005\WebSites\CunePress\Web.Config 15"
    >
    Patrick.O.Ige, Mar 31, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Benny Ng
    Replies:
    9
    Views:
    9,913
    Benny Ng
    Oct 13, 2005
  2. CSharpner
    Replies:
    0
    Views:
    1,000
    CSharpner
    Apr 9, 2007
  3. darrel
    Replies:
    0
    Views:
    345
    darrel
    Aug 6, 2008
  4. Scott Roberts
    Replies:
    1
    Views:
    4,445
    Alexey Smirnov
    Jan 6, 2010
  5. mpaine
    Replies:
    0
    Views:
    1,166
    mpaine
    Mar 25, 2010
Loading...

Share This Page