Can't Access application config file with APPSETTINGS through fire

[Guest]

We have a client with an ISA Server 2000 configured in cache only mode, and a
checkpoint one firewall. Integrated authentication is required for requests.
We can replicate the problem with an ISA Server 2000 configured in integrated
mode, with integrated authentication required, and the Web Proxy used. The
problem is this:

We have a no-touch deployment client side .NET application configured at a
URL. When navigating to this URL, the application downloads with no problem,
but all access to APPSETTINGS to retrieve application settings fail - they
return blank values. If we disable use of the Web Proxy on the ISA server on
our replicated setup, everything works. This is not an option on the client
site.

The problem appears to be that the behind-the-scense XML requests used by
the .NET framework to access the app.config file are sent as anonymous
requests, which are blocked by the firewall.

Is there a solution to this one?

Any help appreciated.

 

[Guest]

John,

There may be another issue here. As you know, all requests coming in must
have a registered 'handler'. So a request for an app.config file must have a
registered handler for '.config' files. I beleive, such files are blocked by
default. You may have to add the following to the web.config in your root
folder:

<httpHandlers>
<remove verb="*" path="*.config" />
<add verb="*" path="web.config" type="System.Web.HttpForbiddenHandler" />
</httpHandlers>

This will allow users to download the app.config but not the web.config
(which would contain some sensitive stuff!!!)

Hope this works for you.

Sujit D'Mello