Web.config problems.....

Discussion in '.NET' started by soswald, Jun 26, 2006.

  1. soswald

    soswald

    Joined:
    Jun 26, 2006
    Messages:
    1
    Location:
    Where else? Green Bay!
    AAARGHHH!!!

    I'm sick of fighting with this!!!

    I've got a small web site for a customer, and they want to enforce roles-based security on two pages in that site. Add "location" tags to the Web.config file, right???

    Well, when I try to use the file below, I get the "Server Application Unavailable" message. When I revert back to a more normal .config file, it works, but without the security the customer wants. What do I have wrong in there?

    Thanks. Here's the file:

    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.web>
        <!--  DYNAMIC DEBUG COMPILATION
              Set compilation debug="true" to insert debugging symbols (.pdb information)
              into the compiled page. Because this creates a larger file that executes
              more slowly, you should set this value to true only when debugging and to
              false at all other times. For more information, refer to the documentation about
              debugging ASP.NET files.
        -->
        <compilation defaultLanguage="vb" debug="true" />
    
        <!--  CUSTOM ERROR MESSAGES
              Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
              Add <error> tags for each of the errors you want to handle.
    
              "On" Always display custom (friendly) messages.
              "Off" Always display detailed ASP.NET error information.
              "RemoteOnly" Display custom (friendly) messages only to users not running 
               on the local Web server. This setting is recommended for security purposes, so 
               that you do not display application detail information to remote clients.
        -->
        <customErrors mode="RemoteOnly" />
    
        <!--  AUTHENTICATION 
              This section sets the authentication policies of the application. Possible modes are "Windows", 
              "Forms", "Passport" and "None"
    
              "None" No authentication is performed. 
              "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
               its settings for the application. Anonymous access must be disabled in IIS. 
              "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
               you authenticate them in your application. A user credential token is stored in a cookie.
              "Passport" Authentication is performed via a centralized authentication service provided
               by Microsoft that offers a single logon and core profile services for member sites.
        -->
        <authentication mode="Windows" /> 
    	<identity impersonate="true" />
    
        <!--  AUTHORIZATION 
              This section sets the authorization policies of the application. You can allow or deny access
              to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
              (unauthenticated) users.
        -->
    
    
        <!--  APPLICATION-LEVEL TRACE LOGGING
              Application-level tracing enables trace log output for every page within an application. 
              Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
              trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
              application trace log by browsing the "trace.axd" page from your web application
              root. 
        -->
        <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
    
        <!--  SESSION STATE SETTINGS
              By default ASP.NET uses cookies to identify which requests belong to a particular session. 
              If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
              To disable cookies, set sessionState cookieless="true".
        -->
        <sessionState 
                mode="InProc"
                stateConnectionString="tcpip=127.0.0.1:42424"
                sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
                cookieless="false" 
                timeout="20" 
        />
    
        <!--  GLOBALIZATION
              This section sets the globalization settings of the application. 
        -->
        <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
      </system.web>
      
      <!-- SECURE PAGES -->
      <location path="ECR_Choose.aspx">
    	<system.web>
    		<authorization>
    			<allow roles="COLMAN\Domain Admins,COLMAN\Administrators,Colman\ECRDCC"/>
    			<allow users="COLMAN\jdantuma,COLMAN\rgallun,COLMAN\dwipperfurth,COLMAN\mbehlman,COLMAN\dmacier,COLMAN\asterkowitz"/>
    			<deny users="*"/>
    		</authorization>
    	</system.web>
      </location>
      <location path="ECR_Approval.aspx">
    	<system.web>
    		<authorization>
    			<allow roles="COLMAN\Domain Admins,COLMAN\Administrators,Colman\ECRDCC"/>
    			<allow users="COLMAN\jdantuma,COLMAN\rgallun,COLMAN\dwipperfurth,COLMAN\mbehlman,COLMAN\dmacier,COLMAN\asterkowitz"/>
    			<deny users="*"/>
    		</authorization>
    	</system.web>
      </location>
      <authorization>
    	<allow users="*" /> <!-- Allow all users -->
      </authorization>
    </configuration>
    
    Sorry for the long post, but all the examples I have found are just little snippets of code, and I can't help but think that I've just got things paired up wrong.

    Thanks again,

    Kahuna
     
    soswald, Jun 26, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGFuaWVs?=

    Machine.config & web.config

    =?Utf-8?B?RGFuaWVs?=, Jan 18, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    13,473
    Hermit Dave
    Jan 18, 2004
  2. =?Utf-8?B?QXVndXN0aW4gUHJhc2FubmEuIEo=?=

    Web.Config Get Config settings at runtime.

    =?Utf-8?B?QXVndXN0aW4gUHJhc2FubmEuIEo=?=, Feb 5, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    2,310
    Kevin Spencer
    Feb 6, 2004
  3. Bob
    Replies:
    7
    Views:
    1,000
    Saravana [MVP]
    May 5, 2004
  4. Benny Ng
    Replies:
    9
    Views:
    10,225
    Benny Ng
    Oct 13, 2005
  5. CSharpner
    Replies:
    0
    Views:
    1,129
    CSharpner
    Apr 9, 2007
Loading...

Share This Page