I am working on WEB API Windows Authentication. I have added below config in web.config
Getting this issue:
This configuration section cannot be used at this path.
This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
Please help me on this. Please provide steps how to achieve window authentication in web api
The reason why this error encounters is probably because of the
settings to enable windowsauthentication in IIS via the
web.config file. To resolve this you have to adjust the applicationhost.config file of the IIS server. You need to tell IIS that his own configuration may be overwritten:
For IIS Express follow these instructions
For IIS Server follow 'section applicationhost.config'
Below steps (simple scenario) to allow windows authentication
Assure the webapi project is using windows authentication.
<system.web>
<authentication mode="Windows"></authentication>
</system.web>
Set IIS to windowsAuthenthication and nothing else by configuring the config file
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false"/>
</authentication>
</security>
</system.webServer>
Adjust the applicationhost.config of IIS like described above.
Related
I am using asp.net identity and GenerateEmailConfirmationTokenAsync gives me a token for email confirmation. I cannot use this code in confirmation url, because it gets an error :
The request filtering module is configured to deny a request that contains a double escape sequence.
The solution for that issue was to allowDoubleEscaping in web.config, but how can I do it in appsettings.json? I should write this code somehow in appsettings, or in Startup.cs:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true"/>
</security>
</system.webServer>
It's still an IIS setting if you're running in IIS.
Create a web.Release.config file (you don't need a web.config file in your actual project) with the following:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location>
<system.webServer>
<security xdt:Transform="InsertIfMissing">
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
</location>
</configuration>
When you publish a release build this will get added. Very important to include the part InsertIfMissing or it will be ignored.
You DON'T need a third party package such as this. 7
See also https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/transform-webconfig?view=aspnetcore-3.1
We are developing an ASP.NET 5 project and one of the requirements is that user authentication is done through client certificates via browser, but I can't make this work.
Using web.config and IIS the certificate is requested properly with this configuration:
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert" />
<authentication>
<iisClientCertificateMappingAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
But the client certificate does not arrive to the web application, as I understand it should be in context.Connection.ClientCertificate property, where context is the current HttpContext.
I suspect that httpPlatformHandler that tunnels IIS to Kestrel is ignoring https and this may be implemented in the future.
I have made some tests with an OWIN site (not DNX) and a custom AuthenticationHandler that gets the X509 client certificate and works properly under IIS.
It looks like there has been some work done on this and a pull request and merge was done implementing this. So... hopefully we'll see it in a updated release of Kestrel.
See here: https://github.com/aspnet/KestrelHttpServer/pull/385
As I can read in the Change to IIS hosting model announcement:
The HttpPlatformHandler currently does not forward client certs (this will be a future enhancement)
So, it seems that is not possible right now and httpPlaformHandler must be fixed.
I have got quite a long way with this. I want a WCF service hosted in azure that uses client certificate authentication.
Everything works with the client cert requirement turned off and server cert on; ie
<transport clientCredentialType="None" />
but when I change to
<transport clientCredentialType="Certificate" />
I get
The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'None'.
This seems to suggest that I need to change my IIS configuration. But I am running inside azure emulator, not IIS.
I tried adding
<system.webServer>
<security>
<access sslFlags="ssl">
</security>
</system.webServer>
but the web server did not like that at all; says this is a locked configuration option
All help gratefully received
answer: unlock the iis config file with appcmd
unlock the iis config file with appcmd
I've been trying to do a simple restful wcf service that will return JSON. Its working if i will run it in the development server. However if I deploy it on IIS 7.5, i will have this error when i accessed it using http://localhost:70
HTTP Error 500.19 - Internal Server
Error The requested page cannot be
accessed because the related
configuration data for the page is
invalid.
Config Error The configuration section
'standardEndpoints' cannot be read
because it is missing a section
declaration
Here is my configuration file: This is the default file generated by the VS2010.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</modules>
</system.webServer>
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<standardEndpoints>
<webHttpEndpoint>
<!--
Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below
-->
<standardEndpoint name="LocationService" helpEnabled="true" automaticFormatSelectionEnabled="true"/>
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
</configuration>
Im new to WCF specially on .net 4.0 and IIS 7.5.
Can anybody help? Or anybody has experienced the same and has fixed already?
Do you definitely have the IIS application pool for your site configured to run with ASP .NET 4.0?
Right click your Virtual Directory in IIS Manager > Manage Application > Advanced Settings > read the app pool name.
Then go to Application Pools, find that name and make sure the .NET Framework column says v4.0.
I had the same error on a w2008 x64 with the app pool running .net 4.0; after installing SP2 the issue disappeared
This issue can be seen on Windows Server 2008 without service pack 2 installed. To fix the problem install Windows Server 2008 Service Pack 2.
Taken from Ram Poornalingam's WebLog entry from the 26th October 2009:
If you encounter the following error in your web application (things hosted in IIS) “The configuration section cannot be read because it is missing a section declaration"
examples
“The configuration section 'standardEndpoints' cannot be read because it is missing a section declaration”
“The configuration section ‘tracking’ cannot be read because it is missing a section declaration”
then you need to install either SP2 of Vista/Win2k8 or the hotfix mentioned in KB article 958854.
Sorry to ask a question that may seem obvious to some, but it might help others (mainly me) if you could clarify the last step:
Then go to Application Pools...
Where do I find Application Pools ?
If you can't tell I am used to working for big companies where someone else did that for me and now I am playing developer and IT director.
Thanks
Ok, after 10 seconds of research (I opened my eyes) and looked right above Sites in IIS Manager
When I host the "WCF 4 Rest Service Template" project (from template) in IIS Developer Express I get the following:
IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.
I have not changed any configuration explicitly other than setting automaticFormatSelectionEnabled to false in order to return JSON:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<standardEndpoints>
<webHttpEndpoint>
<!--Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below-->
<standardEndpoint name=""
helpEnabled="true"
automaticFormatSelectionEnabled="false"
/>
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
If the endpoint configuration not being set explicitly is the issue then how would I do so for this kind of service, in order to set the authentication scheme for the service explicitly to avoid this issue with iis developer express?
Note: I have the following assemblies Microsoft.Web.dll & Microsoft.Web.Administration.dll in the web service projects /bin folder of the application as described in workaround for hopsting WCF services here on the iss team blog:
http://blogs.iis.net/vaidyg/archive/2010/07/21/wcf-workaround-for-webmatrix-beta.aspx
You will need to disable the authentication scheme that is not needed, my guess Windows authnetication. So:
Launch Notepad
Open in Notepad file: %userprofile%\Documents\IISExpress8\config\applicationhost.config
Search for <windowsAuthentication
Change the enabled attribute from
true to false
Save
That will disable Windows Authentication for all sites, you could alternatively add a location path at the bottom of the file right before the last </configuration> line for the specific site (YourSite in this case) add:
<location path="YourSite" overrideMode="Allow">
<system.webServer>
<security>
<windowsAuthentication enabled="false" />
</security>
</system.webServer>
</location>
This will only disable that for the specific site.