I have a folder called reports with sub folders. Each folder has a webconfig file which specifies user access. This webconfig work on my local machine but not the server. Any ideas?
Still does not work. Is there something I have to do on the webserver. I already given "Network Service" admin rights to the folder. Here is my entire webconfig:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<location path="~/Reports/FD3">
<system.web>
<authorization>
<deny users="*"/>
<allow users="FD3"/>
</authorization>
</system.web>
</location>
<location path="Masters.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<!-- This is used to customized CreateUserwizard. Email requirement is disbled within the properties of the createloginwizard-->
<!--<roleManager enabled="true"/>-->
<membership defaultProvider="SqlProvider"
userIsOnlineTimeWindow="20">
<providers>
<clear/>
<add name="SqlProvider"
applicationName="/webportal"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="HighlanderVMconn"
enablePasswordReset="true"
requiresUniqueEmail="false"
requiresQuestionAndAnswer="false"
passwordFormat="Hashed"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
maxInvalidPasswordAttempts="2"
passwordAttemptWindow="5"
/>
</providers>
</membership>
<roleManager
defaultProvider="SqlProvider"
enabled="true"
>
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="HighlanderVMconn"
applicationName="/webportal" />
</providers>
</roleManager>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<!--<forms name=" Authentication" loginUrl="~/Login.aspx" protection="All" path="/" timeout="30" />-->
</authentication>
<authorization>
<deny users="?" />
</authorization>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
</system.web>
</configuration>
Url authorization evaluated from inner most web.config expression to outermost in hierarchy. So, what u mentioned in inside folder gets evaluated first and evaluation stops at the moment once current condition got satisfied while traversing the expression
from inside.
So, try pasting this in web.conifig inside reports folder
caolong
Member
5 Points
31 Posts
Server ignoring my webcofig settings
Jan 07, 2013 07:45 PM|LINK
I have a folder called reports with sub folders. Each folder has a webconfig file which specifies user access. This webconfig work on my local machine but not the server. Any ideas?
<?xml version="1.0" encoding="utf-8"?> <configuration> <system.web> <authorization> <allow users="FD3" /> <deny users="*" /> </authorization> </system.web> </configuration>radamanthys
Member
228 Points
74 Posts
Re: Server ignoring my webcofig settings
Jan 07, 2013 07:52 PM|LINK
Why don't establish the access permissions on root web.config location section?
caolong
Member
5 Points
31 Posts
Re: Server ignoring my webcofig settings
Jan 07, 2013 08:02 PM|LINK
<location path="~/Reports/FD3"> <system.web> <authorization> <allow users="FD3"/> <deny users="*"/> </authorization> </system.web> </location>I placed this in the root and it does not work at all:
radamanthys
Member
228 Points
74 Posts
Re: Server ignoring my webcofig settings
Jan 07, 2013 09:11 PM|LINK
I can see at this part, you need first deny the anonymous users and after, define the allowed users.
<deny users="*" />
<allow users="FD3" />
caolong
Member
5 Points
31 Posts
Re: Server ignoring my webcofig settings
Jan 07, 2013 09:23 PM|LINK
Still does not work. Is there something I have to do on the webserver. I already given "Network Service" admin rights to the folder. Here is my entire webconfig:
<?xml version="1.0"?> <!-- For more information on how to configure your ASP.NET application, please visit http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <location path="~/Reports/FD3"> <system.web> <authorization> <deny users="*"/> <allow users="FD3"/> </authorization> </system.web> </location> <location path="Masters.css"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <system.web> <!-- This is used to customized CreateUserwizard. Email requirement is disbled within the properties of the createloginwizard--> <!--<roleManager enabled="true"/>--> <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20"> <providers> <clear/> <add name="SqlProvider" applicationName="/webportal" type="System.Web.Security.SqlMembershipProvider" connectionStringName="HighlanderVMconn" enablePasswordReset="true" requiresUniqueEmail="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" maxInvalidPasswordAttempts="2" passwordAttemptWindow="5" /> </providers> </membership> <roleManager defaultProvider="SqlProvider" enabled="true" > <providers> <add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="HighlanderVMconn" applicationName="/webportal" /> </providers> </roleManager> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Forms"> <!--<forms name=" Authentication" loginUrl="~/Login.aspx" protection="All" path="/" timeout="30" />--> </authentication> <authorization> <deny users="?" /> </authorization> <compilation debug="true" targetFramework="4.0"> <assemblies> <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> </assemblies> </compilation> </system.web> </configuration>mani2009it
Member
207 Points
82 Posts
Re: Server ignoring my webcofig settings
Jan 17, 2013 10:32 AM|LINK
Hello,
Url authorization evaluated from inner most web.config expression to outermost in hierarchy. So, what u mentioned in inside folder gets evaluated first and evaluation stops at the moment once current condition got satisfied while traversing the expression from inside.
So, try pasting this in web.conifig inside reports folder
<?xml version="1.0" encoding="utf-8"?> <configuration> <system.web> <authorization> <deny users="?" /> <allow users="FD3" /> <deny users="*" /> </authorization> </system.web> </configuration>