In my web confi file I have different locations like this
<location path="path1">
<system.web>
<httpRuntime executionTimeout="110" maxRequestLength="15000"/>
</system.web>
</location>
<location path="path2">
<system.web>
<httpRuntime executionTimeout="110" maxRequestLength="15000"/>
</system.web>
</location>
I've tried with
ConfigurationManager.GetSection("location")
but this returns null
Help me to get all location sections and read each execution timeout within the location
Related
I have a folder, ~/Account that has numerous pages in it. I want all the pages protected from anonymous access except the Login.aspx page (for obvious reasons). I cannot seem to come up with the correct web.config to do this. Here is the one I have at present:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="~/Account/Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Can anyone give me a hand at the correct settings? Thanks!
As a test, I have created an empty c# web application.
then I created 5 empty pages in the same folder(directly under webApplication folder):
WebForm1.aspx
WebForm2.aspx
WebForm3.aspx
WebForm4.aspx
login.aspx
after that I tried to limit access to some of these pages.
WebForm1, WebForm2 should be access by all (Anonymous users)
WebForm3 must be access by only authenticated users.
WebForm4 must be access by only admins.
so I modified web.config file to be like following:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<authentication>
<forms defaultUrl="WebForm1.aspx" loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
<location path="WebForm3.aspx">
<system.web>
<authentication></authentication>
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="WebForm4.aspx">
<system.web>
<authentication></authentication>
<authorization>
<allow roles="admins"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
now all users can access WebForm1 and WebForm2 (public pages)
but trying to browse WebForm3.aspx or WebForm4.aspx displays error, and does not redirect to login page first for admin.
Server Error in '/' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error:
Line 18: <location path="WebForm3.aspx">
Line 19: <system.web>
Line 20: <authentication></authentication>
Line 21: <authorization>
Line 22: <allow users="*"/>
Source File: E:\testApp\testApp\web.config Line: 20
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34280
how to control accessing all pages with kipping them in the same folder? the real application structure is similar to this one.
According to the <authentication> documentation.
This element can be declared only at the machine, site, or application level. Any attempt to declare it in a configuration file at the subdirectory or page level will result in a parser error message.
Removing these from your <location> tags should get it working again.
<location path="WebForm3.aspx">
<system.web>
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="WebForm4.aspx">
<system.web>
<authorization>
<allow roles="admins"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I'm currently trying to add password authentication to two of my pages Page1.aspx, and Page2.aspx which are both located in the "Admin" folder but am not sure what I'm missing to make it work. The code that is in my web.config file is shown below, what am I missing or misplacing in the code?
Clarification: I want to require a login which I have a page called 'Login.aspx' to two pages within one folder and I just want to set the location path to that folder instead of two location paths, one to each page.
<system.web>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode ="Forms">
<forms timeout = "30">
<credentials passwordFormat ="MD5">
<user name ="admin" password ="21232F297A57A5A743894A0E4A801FC3"/>
</credentials>
</forms>
</authentication>
</system.web>
<!-- Require login for Admin Directory -->
<location path ="Admin">
<system.web>
<authorization>
<deny users ="?"/>
</authorization>
</system.web>
</location>
I just want to ask if theres a way to increase the executionTimeOut of a particular page? and not the whole application?
<configuration>
<system.web>
<httpRuntime executionTimeout="90" maxRequestLength="4096" useFullyQualifiedRedirectUrl="false"
minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="100" />
</system.web>
</configuration>
Page.Server.ScriptTimeout = 90;
Or
use location element in config file
<configuration>
<location path="UploadPage.aspx">
<system.web>
<httpRuntime executionTimeout="90" maxRequestLength="4096" />
</system.web>
</location>
</configuration>
See To Increase Request Timeout only on particular Web Page and Increase ASP.Net timeout on a per page level
put in Web Config File
<location path="Report.aspx">
<system.web>
<httpRuntime executionTimeout="3600" maxRequestLength="10240"/>
</system.web>
</location>
Note this is is a slight variation on a previous question that I had..
I am using c# .NET Web Forms 4.0
I have a folder like the following that I need to password protect so anybody(any external users can also view site) wanting to view the page needs to first enter a userid, password (that we tell them) in order to view the page.
example:
www.abc.com/srlv/
so under srlv I have web pages that need to be password protected.
Note that we need to authenticate only if the user goes to a file under /srlv/
Note that these are .html files, not .aspx files.
www.abc.com/srlv/index.html, www.abc.com/srlv/about.html
but if the user goes to say www.abc.com it will allow them to view the website without any authentication
I was thinking of using the following:
<authenticaton mode="Forms">
<forms loginUrl="/srcs/login.aspx" timeout="30" defaultUrl="/srlv/index.aspx" cookieless="UseUri">
<credentials passwordFormat="Clear">
<user name="Usw" password="pass123"/>
</credentials>
</forms>
</authentication>
but how do I say authenticate only if you go to any files within
www.abc.com/srlv/
You can use the location element in web.config to configure permissions for sections of your website
<configuration>
<location path="srlv">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
This will deny access to anonymous users.
You need to create a web.config file in the target folder with the following contents.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="Usw"/>
<deny users ="*,?" />
</authorization>
</system.web>
</configuration>
It simply says, to allow user Usw but deny everyone else.
Location can help you..
http://support.microsoft.com/kb/316871
Simply get access to all unauthorized users and block only specific folder.
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the Default1.aspx page only. It is located in the same folder as this configuration file. -->
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the unauthenticated user access to all of the files that are stored in the Subdir1 folder. -->
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>