Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms authentication in a subfolder problem, please help

Reply
Thread Tools

Forms authentication in a subfolder problem, please help

 
 
Kris van der Mast
Guest
Posts: n/a
 
      10-30-2003
Hi,

I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.

When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:

Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
----------------------------------------------------------------------------
----

Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.

Source Error:


Line 12: />
Line 13:
Line 14: <authentication mode="Forms">
Line 15: <forms loginUrl="loginnew.aspx"/>
Line 16: </authentication>


Source File:
c:\inetpub\wwwroot\TestProjects\FormsAuthenticatio nTestingArea\administratio
npages\web.config Line: 14


----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573

This is the code that I use:

root level
----------

web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>

<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise,
setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>

<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not
running
on the local Web server. This setting is recommended for security
purposes, so
that you do not display application detail information to remote
clients.
-->
<customErrors
mode="Off"
/>

<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
its settings for the application. Anonymous access must be
disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter
their credentials, and then
you authenticate them in your application. A user credential
token is stored in a cookie.
"Passport" Authentication is performed via a centralized
authentication service provided
by Microsoft that offers a single logon and core profile services
for member sites.
-->
<authentication mode="Forms">
<!-- <forms loginUrl="login.aspx"/> -->
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->

<authorization>
<allow users="*"/>
<!-- <deny users="?"/>-->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>

<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

</configuration>

For the pages here they just contain some user controls with text and
sometimes read out some xml documents.

------------------------------------------------------------------

administrationpages subfolder:
-----------------------------------

web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="true"
/>

<customErrors
mode="Off"
/>

<authentication mode="Forms">
<forms loginUrl="loginnew.aspx"/>
</authentication>

<authorization>
<allow users="*" /> <!--Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
<deny users="?"/>
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

</configuration>


newtestform.aspx

<%@ Page language="c#" Codebehind="newtestform.aspx.cs"
AutoEventWireup="false"
Inherits="FormsAuthenticationTestingArea.administr ationpages.newtestform" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>newtestform</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<P>
<asp:Label id="LabelMessage" runat="server"></asp:Label></P>
<P>
<asp:Button id="ButtonSignout" runat="server"
Text="Signout"></asp:Button></P>
<P>&nbsp;</P>
</form>
</body>
</HTML>


and code behind:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace FormsAuthenticationTestingArea.administrationpages
{
/// <summary>
/// Summary description for newtestform.
/// </summary>
public class newtestform : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label LabelMessage;
protected System.Web.UI.WebControls.Button ButtonSignout;

private void Page_Load(object sender, System.EventArgs e)
{
// Display the username
LabelMessage.Text = "Hello " + Context.User.Identity.Name;
}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ButtonSignout.Click += new
System.EventHandler(this.ButtonSignout_Click);
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion

private void ButtonSignout_Click(object sender, System.EventArgs e)
{
// Signout and redirect to login.aspx
System.Web.Security.FormsAuthentication.SignOut();
Response.Redirect(Request.UrlReferrer.ToString());
}
}
}


loginnew.aspx

<%@ Page language="c#" Codebehind="loginnew.aspx.cs" AutoEventWireup="false"
Inherits="FormsAuthenticationTestingArea.administr ationpages.loginnew" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>loginnew</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<P>
<asp:TextBox id="TextBoxUserName"
runat="server"></asp:TextBox></P>
<P>
<asp:TextBox id="TextBoxPassword" runat="server"
TextMode="Password"></asp:TextBox></P>
<P>
<asp:CheckBox id="CheckBoxPersistent" runat="server"
Text="Persistent"></asp:CheckBox>&nbsp;
<asp:Button id="ButtonLogin" runat="server"
Text="Login"></asp:Button></P>
<P>
<asp:Label id="LabelMessage" runat="server" Font-Bold="True"
ForeColor="Red"></asp:Label></P>
</form>
</body>
</HTML>

and code behind:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace FormsAuthenticationTestingArea.administrationpages
{
/// <summary>
/// Summary description for loginnew.
/// </summary>
public class loginnew : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox TextBoxUserName;
protected System.Web.UI.WebControls.TextBox TextBoxPassword;
protected System.Web.UI.WebControls.CheckBox CheckBoxPersistent;
protected System.Web.UI.WebControls.Button ButtonLogin;
protected System.Web.UI.WebControls.Label LabelMessage;

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ButtonLogin.Click += new
System.EventHandler(this.ButtonLogin_Click);
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion

private void ButtonLogin_Click(object sender, System.EventArgs e)
{
// Validate username and password text boxes
if (TextBoxUserName.Text == string.Empty || TextBoxPassword.Text
== string.Empty)
{
LabelMessage.Text = "Username and Password cannot be empty";
return;
}

// Authenticate the user
bool CookieValue = false;
if ((TextBoxUserName.Text == "Kris") && (TextBoxPassword.Text ==
"bla"))
{
if (CheckBoxPersistent.Checked)
{
CookieValue = true;
}
else
{
CookieValue = false;
}
// If valid, redirect to protected resource

System.Web.Security.FormsAuthentication.RedirectFr omLoginPage(TextBoxUserNam
e.Text,CookieValue);
}
else
{
// If invalid, display an error page
LabelMessage.Text = "Invalid credentials, please try again";
TextBoxUserName.Text = string.Empty;
TextBoxPassword.Text = string.Empty;
}
}
}
}


 
Reply With Quote
 
 
 
 
John Saunders
Guest
Posts: n/a
 
      10-30-2003
"Kris van der Mast" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I've created a little site for my sports club. In the root folder there

are
> pages that are viewable by every anonymous user but at a certain subfolder
> my administration pages should be protected by forms authentication.
>
> When I create forms authentication at root level it works but when I move

my
> code up to the subfolder I get this error:
>
> Server Error in '/TestProjects/FormsAuthenticationTestingArea'

Application.
> --------------------------------------------------------------------------

--
> ----
>
> Configuration Error
> Description: An error occurred during the processing of a configuration

file
> required to service this request. Please review the specific error details
> below and modify your configuration file appropriately.
>
> Parser Error Message: It is an error to use a section registered as
> allowDefinition='MachineToApplication' beyond application level. This

error
> can be caused by a virtual directory not being configured as an

application
> in IIS.
>
> Source Error:
>
>
> Line 12: />
> Line 13:
> Line 14: <authentication mode="Forms">
> Line 15: <forms loginUrl="loginnew.aspx"/>
> Line 16: </authentication>
>
>
> Source File:
>

c:\inetpub\wwwroot\TestProjects\FormsAuthenticatio nTestingArea\administratio
> npages\web.config Line: 14



This error usually means what it says. Is your subdirectory configured as an
application in IIS?
--
John


 
Reply With Quote
 
 
 
 
Kris van der Mast
Guest
Posts: n/a
 
      11-02-2003

"John Saunders" <john.saunders at surfcontrol.com> wrote in message
news:(E-Mail Removed)...
> "Kris van der Mast" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi,
> >
> > I've created a little site for my sports club. In the root folder there

> are
> > pages that are viewable by every anonymous user but at a certain

subfolder
> > my administration pages should be protected by forms authentication.
> >
> > When I create forms authentication at root level it works but when I

move
> my
> > code up to the subfolder I get this error:
> >
> > Server Error in '/TestProjects/FormsAuthenticationTestingArea'

> Application.
>
> --------------------------------------------------------------------------
> --
> > ----
> >
> > Configuration Error
> > Description: An error occurred during the processing of a configuration

> file
> > required to service this request. Please review the specific error

details
> > below and modify your configuration file appropriately.
> >
> > Parser Error Message: It is an error to use a section registered as
> > allowDefinition='MachineToApplication' beyond application level. This

> error
> > can be caused by a virtual directory not being configured as an

> application
> > in IIS.
> >
> > Source Error:
> >
> >
> > Line 12: />
> > Line 13:
> > Line 14: <authentication mode="Forms">
> > Line 15: <forms loginUrl="loginnew.aspx"/>
> > Line 16: </authentication>
> >
> >
> > Source File:
> >

>

c:\inetpub\wwwroot\TestProjects\FormsAuthenticatio nTestingArea\administratio
> > npages\web.config Line: 14

>
>
> This error usually means what it says. Is your subdirectory configured as

an
> application in IIS?


This wasn't necessary. The application blew because I had left the
authentication in the web.config of the subfolder. Removing this part (and
some others like the one of sessionstate) solved the problem.

Grz, Kris.


 
Reply With Quote
 
John Saunders
Guest
Posts: n/a
 
      11-04-2003
"Kris van der Mast" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
>
> "John Saunders" <john.saunders at surfcontrol.com> wrote in message
> news:(E-Mail Removed)...
> > "Kris van der Mast" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Hi,
> > >
> > > I've created a little site for my sports club. In the root folder

there
> > are
> > > pages that are viewable by every anonymous user but at a certain

> subfolder
> > > my administration pages should be protected by forms authentication.
> > >
> > > When I create forms authentication at root level it works but when I

> move
> > my
> > > code up to the subfolder I get this error:
> > >
> > > Server Error in '/TestProjects/FormsAuthenticationTestingArea'

> > Application.
> >

>
> --------------------------------------------------------------------------
> > --
> > > ----
> > >
> > > Configuration Error
> > > Description: An error occurred during the processing of a

configuration
> > file
> > > required to service this request. Please review the specific error

> details
> > > below and modify your configuration file appropriately.
> > >
> > > Parser Error Message: It is an error to use a section registered as
> > > allowDefinition='MachineToApplication' beyond application level. This

> > error
> > > can be caused by a virtual directory not being configured as an

> > application
> > > in IIS.
> > >
> > > Source Error:
> > >
> > >
> > > Line 12: />
> > > Line 13:
> > > Line 14: <authentication mode="Forms">
> > > Line 15: <forms loginUrl="loginnew.aspx"/>
> > > Line 16: </authentication>
> > >
> > >
> > > Source File:
> > >

> >

>

c:\inetpub\wwwroot\TestProjects\FormsAuthenticatio nTestingArea\administratio
> > > npages\web.config Line: 14

> >
> >
> > This error usually means what it says. Is your subdirectory configured

as
> an
> > application in IIS?

>
> This wasn't necessary. The application blew because I had left the
> authentication in the web.config of the subfolder.


That's what I was getting at. Your subfolder was not configured as an
application, but the web.config in the subfolder used something which could
only be used at machine or application level.
--
John


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms Authentication in a subfolder Brett Robichaud ASP .Net Security 2 04-10-2004 03:58 PM
how to by-pass forms authentication in a subfolder Zeng ASP .Net Security 1 11-25-2003 11:15 AM
Forms authentication in a subfolder problem, please help Kris van der Mast ASP .Net 3 11-04-2003 02:27 AM
Re: Forms authentication for subfolder yields 404 joe ASP .Net 0 07-17-2003 02:00 AM



Advertisments