I am using the web.config transforms available via VS2010. In this one case I'm wondering if it possible to 'surround' an element with another during transformation. Here is an example:
default web.config contains:
<configuration>
<system.web>
....
</system.web>
</configuration>
My transformed file should contain
<configuration>
<location inheritInChildApplications="false">
<system.web>
...
</system.web>
</location>
</configuration>
So essentially I want to 'wrap' the system.web element with a location element. My only thought was to do a transform so that I inserted before and after like:
<location inheritInChildApplications="false"
xdt:Transform="InsertBefore(/configuration/system.web)">
</location xdt:Transform="InsertAfter(/configuration/system.web)">
But the closing location element isn't valid xml according to VS (I'm guessing because of the Transform attribute). Just inserting a self-closing location element before system.web doesn't help either because the resulting system.web is still not 'surrounded'.
Currently it won't be possible to do this using web.config transformation, but it indeed should be feasible if you wrote a custom transform... There is a documentation update being worked on on how to write custom transforms but it is not yet out now...
I will post it as soon as it is available...
If you add an empty location tag in your webconfig where you would like it to be it will have no effect.
You can then put this in your transform file in the same location as the other one:
<location xdt:Locator="XPath(some xpath expression)"
inheritChildApplications="false"
xdt:Transform="SetAttributes(inheritChildApplications)">
with the closing tag too and all that.
Related
I have a .NET core 3.1 razor pages website. I'm using windows credentials (with Active directory) for authentication and I'm managing authorization using policies.
Using IIS express (the one you use when developing is working ok. My username is displayed)
Now I'm using the IIS manager to host this site using my machine IP, for example 'xxx.xxx.xxx.xxx:portNumber'. This is loading if anonymous authentication is on, but if I include windows credentials it is failing.
I followed the guide from here --> https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio
Basically I did what it is showed in the previous link. (Created the web.config file and followed the steps listed there)
web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
The following error is showing up when I try to enter authentication option in IIS manager in my site.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
After hitting accept button the following table loads.
And when I try to access the website, it is throwing
Error HTTP 500.19 - Internal Server Error
Module: WindowsAuthenticationModule
Notification: AuthenticateRequest
source of config
<anonymousAuthentication enabled="false" />
**<windowsAuthentication enabled="true" />** --> *this line is in red*
</authentication>
Here I changed a couple of lines in applicationhost.config file.
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
I changed both lines from Deny to Allow. Restart, but it doesn't work.
I've activated some windows features too like the following
I finally solved it. I referred to this post This configuration section cannot be used at this path - Windows 2016
I setted the following entries in the file located in
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="ipSecurity" overrideModeDefault="Allow" />
I mistakenly edited the applicationHost.config located in IISExpress in my documents folder. That's why this wasn't working.
We have an Azure Website hosting a static site (just some HTML, CSS, Javascript), which then communicates with our Azure Mobile Services by AJAX calls.
We would like to add some very simple authentication to this site (just a static username/password will be sufficient).
Please recommend the easiest way to do this.
Or may be there is some better option for serving static content, other then Azure Websites?
A very simple form of authentication with a static username and password can be achieved by leveraging ASP.NET's authentication and authorization, integrated with IIS as described in this article: Apply ASP.NET Authentication and Authorization Rules to Static Content with IIS 7.0's Integrated Pipeline Feature.
Se this sample GitHub project for an example. The relevant pieces of code are this Web.config file that you should place in the root directory (which would be public):
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="false" />
<authentication mode="Forms">
<forms>
<credentials passwordFormat="Clear">
<user name="Alice" password="secret" />
</credentials>
</forms>
</authentication>
<!-- Unless specified in a sub-folder's Web.config file,
any user can access any resource in the site -->
<authorization>
<allow users="*" />
</authorization>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules>
</system.webServer>
</configuration>
And this Web.config file that you could place in a subdirectory (which would be restricted):
<?xml version="1.0"?>
<configuration>
<system.web>
<!-- Anonymous users are denied access to this folder (and its subfolders) -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
You also need a Login.aspx file with the HTML form and server-side authentication logic. See the Login.aspx in the sample project for an example.
This way you would be able to host both public files at root level and private files at subdirectories. If you want to protect even the root level, just adjust the authorization rules accordingly.
For documentation on configuration options see these MSDN pages:
authorization Element (ASP.NET Settings Schema)
allow Element for authorization (ASP.NET Settings Schema)
deny Element for authorization (ASP.NET Settings Schema)
This is an old question that's been previously answered, but if you're looking for the easiest possible solution that requires no code or config changes, you can use Azure Websites Authentication / Authorization (disclaimer, I helped build this feature). Here are some links:
Blog Post:
http://azure.microsoft.com/blog/2014/11/13/azure-websites-authentication-authorization/
Demo Video:
http://azure.microsoft.com/en-us/documentation/videos/azure-websites-easy-authentication-and-authorization-with-chris-gillum/
EDIT:
And here is a more recent blog post describing how you can use social providers (Twitter, Facebook, Google, Microsoft Accounts) in addition to the default Azure AD: https://azure.microsoft.com/en-us/blog/announcing-app-service-authentication-authorization/
In our project, a user can upload documents to a directory. The problem is that a user cannot access those files via the URL.
After playing around with permissions in IIS, I was able to download a file by changing the permissions on the file (or folder) to allow "Read" by IIS_IUSRS. My issue is that the folders are also dynamically generated and I do not want to manually have to go through and change the permissions on each.
I'm attempting to get the web.config file to allow reading of these files, but I cannot get the proper configuration.
In the site's web.config file I have:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="path/to/upload/directory">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="false" />
<anonymousAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
However upon accessing the file again, I get a 500.19 error:
AnonymousAuthenticationModule
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default
(overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Following this answer, I set AnonymousAuthenticationModule to lockItem="false", anonymousAuthentication to Allow in applicationHost.config, and restarted the server. After all of that, I still get the same 500.19 error.
When you say the folders are generated dynamically, do you mean generated through code? If so, you could make sure the parent directory has the required permissions and then set the permissions on its subdirectories to "inherit". For a file, it would be
Dim perms = File.GetAccessControl(targetFile)
perms.SetAccessRuleProtection(False, False)
File.SetAccessControl(targetFile, perms)
I expect that you can find the equivalent for a directory.
We're running IIS 6 on Windows Server 2003 R2.
We want to add a virtual directory that runs under .NET 4.0 to a site that runs under .NET 2.0. We've given the virtual directory its own app pool, and we've configured the virtual directory to run under 4.0.
The parent site works fine, but the virtual directory throws errors that reference the parent site's web.config file. We need the virtual directory to use its own web.config file.
The GUI in the IIS Manager says that the virtual directory is using its own web.config file, but the error messages we get refer to items in the parent's web.config file.
I'm not sure how to solve the problem. My best lead so far is from a post on another site said that the problem could be solved with something like this:
<location path="." inheritInChildApplications="false">
</location>
Again, I'm not sure this will fix things, and I'm not sure how to figure out where to put it or what it ought to contain. The parent site is built on top of a CMS system, and its web.config file is reasonably complex.
I got this to work, so I want to leave the answer for the next person.
The location tags I mentioned in my question did the job. I got them to work by using them to enclose a system.web section:
<location path="." inheritInChildApplications="false">
<system.web>
.
.
(the stuff that made the site in the virtual directory break)
.
.
</system.web>
</location>
Is it possible to combine the app.config files and web.config files. I am self-hosting the service and hosting it in IIS and find myself having to edit two different files?
Yes, you could "externalize" your relevant config sections into separate files, and reference those from both app.config as well as your web.config.
Any .NET configuration section can be stashed into an external config file, so you can write:
<system.serviceModel>
<bindings configSource="bindings.config" />
<behaviors configSource="behaviors.config" />
<client configSource="client.config" />
....
</system.serviceModel>
Now, your external files will look exactly like the relevant config section inside your config:
bindings.config
<?xml version="1.0" encoding="utf-8" />
<bindings>
<basicHttpBinding>
<binding name="......." ...... />
</basicHttpBinding>
</bindings>
Note: Visual Studio's editor will complain about the configSource= attribute - but the Intellisense is mixed up - the configSource attribute is present on each configuration section, and it does work just fine!
Note #2: you cannot externalize the entire <system.serviceModel> since that is a configuration section group - and those do not have any means to be put into external files, unfortunately.
Yes, you can. Just add the <appSettings> section from your app.config into the web.config and merge if necessary.
In the past when I've wanted to read a serviceModel config section from a custom file location I've defined a custom subclass of System.ServiceModel.ServiceHost, and then passed the location of the custom config file to that subclass.
The technique is described here: Reading WCF Configuration From a Customer Location
With this technique you should be able to, contrary to the claim made by marc_s, place the entire service configuration in your WCF configuration file (app.config, I presume) in your IIS configuration file, and then pass the location of the IIS config file to the custom ServiceHost subclass as described above.