K
Kris van der Mast
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:
Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
----------------------------------------------------------------------------
----
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.
Source Error:
Line 12: />
Line 13:
Line 14: <authentication mode="Forms">
Line 15: <forms loginUrl="loginnew.aspx"/>
Line 16: </authentication>
Source File:
c:\inetpub\wwwroot\TestProjects\FormsAuthenticationTestingArea\administratio
npages\web.config Line: 14
----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573
This is the code that I use:
root level
----------
web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise,
setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not
running
on the local Web server. This setting is recommended for security
purposes, so
that you do not display application detail information to remote
clients.
-->
<customErrors
mode="Off"
/>
<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
its settings for the application. Anonymous access must be
disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter
their credentials, and then
you authenticate them in your application. A user credential
token is stored in a cookie.
"Passport" Authentication is performed via a centralized
authentication service provided
by Microsoft that offers a single logon and core profile services
for member sites.
-->
<authentication mode="Forms">
<!-- <forms loginUrl="login.aspx"/> -->
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<allow users="*"/>
<!-- <deny users="?"/>-->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
</configuration>
For the pages here they just contain some user controls with text and
sometimes read out some xml documents.
------------------------------------------------------------------
administrationpages subfolder:
-----------------------------------
web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation
defaultLanguage="c#"
debug="true"
/>
<customErrors
mode="Off"
/>
<authentication mode="Forms">
<forms loginUrl="loginnew.aspx"/>
</authentication>
<authorization>
<allow users="*" /> <!--Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
<deny users="?"/>
</authorization>
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
</configuration>
newtestform.aspx
<%@ Page language="c#" Codebehind="newtestform.aspx.cs"
AutoEventWireup="false"
Inherits="FormsAuthenticationTestingArea.administrationpages.newtestform" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>newtestform</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<P>
<asp:Label id="LabelMessage" runat="server"></asp:Label></P>
<P>
<asp:Button id="ButtonSignout" runat="server"
Text="Signout"></asp:Button></P>
<P> </P>
</form>
</body>
</HTML>
and code behind:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FormsAuthenticationTestingArea.administrationpages
{
/// <summary>
/// Summary description for newtestform.
/// </summary>
public class newtestform : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label LabelMessage;
protected System.Web.UI.WebControls.Button ButtonSignout;
private void Page_Load(object sender, System.EventArgs e)
{
// Display the username
LabelMessage.Text = "Hello " + Context.User.Identity.Name;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ButtonSignout.Click += new
System.EventHandler(this.ButtonSignout_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void ButtonSignout_Click(object sender, System.EventArgs e)
{
// Signout and redirect to login.aspx
System.Web.Security.FormsAuthentication.SignOut();
Response.Redirect(Request.UrlReferrer.ToString());
}
}
}
loginnew.aspx
<%@ Page language="c#" Codebehind="loginnew.aspx.cs" AutoEventWireup="false"
Inherits="FormsAuthenticationTestingArea.administrationpages.loginnew" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>loginnew</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<P>
<asp:TextBox id="TextBoxUserName"
runat="server"></asp:TextBox></P>
<P>
<asp:TextBox id="TextBoxPassword" runat="server"
TextMode="Password"></asp:TextBox></P>
<P>
<asp:CheckBox id="CheckBoxPersistent" runat="server"
Text="Persistent"></asp:CheckBox>
<asp:Button id="ButtonLogin" runat="server"
Text="Login"></asp:Button></P>
<P>
<asp:Label id="LabelMessage" runat="server" Font-Bold="True"
ForeColor="Red"></asp:Label></P>
</form>
</body>
</HTML>
and code behind:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FormsAuthenticationTestingArea.administrationpages
{
/// <summary>
/// Summary description for loginnew.
/// </summary>
public class loginnew : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox TextBoxUserName;
protected System.Web.UI.WebControls.TextBox TextBoxPassword;
protected System.Web.UI.WebControls.CheckBox CheckBoxPersistent;
protected System.Web.UI.WebControls.Button ButtonLogin;
protected System.Web.UI.WebControls.Label LabelMessage;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ButtonLogin.Click += new
System.EventHandler(this.ButtonLogin_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void ButtonLogin_Click(object sender, System.EventArgs e)
{
// Validate username and password text boxes
if (TextBoxUserName.Text == string.Empty || TextBoxPassword.Text
== string.Empty)
{
LabelMessage.Text = "Username and Password cannot be empty";
return;
}
// Authenticate the user
bool CookieValue = false;
if ((TextBoxUserName.Text == "Kris") && (TextBoxPassword.Text ==
"bla"))
{
if (CheckBoxPersistent.Checked)
{
CookieValue = true;
}
else
{
CookieValue = false;
}
// If valid, redirect to protected resource
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(TextBoxUserNam
e.Text,CookieValue);
}
else
{
// If invalid, display an error page
LabelMessage.Text = "Invalid credentials, please try again";
TextBoxUserName.Text = string.Empty;
TextBoxPassword.Text = string.Empty;
}
}
}
}
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:
Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
----------------------------------------------------------------------------
----
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.
Source Error:
Line 12: />
Line 13:
Line 14: <authentication mode="Forms">
Line 15: <forms loginUrl="loginnew.aspx"/>
Line 16: </authentication>
Source File:
c:\inetpub\wwwroot\TestProjects\FormsAuthenticationTestingArea\administratio
npages\web.config Line: 14
----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573
This is the code that I use:
root level
----------
web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise,
setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not
running
on the local Web server. This setting is recommended for security
purposes, so
that you do not display application detail information to remote
clients.
-->
<customErrors
mode="Off"
/>
<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
its settings for the application. Anonymous access must be
disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter
their credentials, and then
you authenticate them in your application. A user credential
token is stored in a cookie.
"Passport" Authentication is performed via a centralized
authentication service provided
by Microsoft that offers a single logon and core profile services
for member sites.
-->
<authentication mode="Forms">
<!-- <forms loginUrl="login.aspx"/> -->
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<allow users="*"/>
<!-- <deny users="?"/>-->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
</configuration>
For the pages here they just contain some user controls with text and
sometimes read out some xml documents.
------------------------------------------------------------------
administrationpages subfolder:
-----------------------------------
web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation
defaultLanguage="c#"
debug="true"
/>
<customErrors
mode="Off"
/>
<authentication mode="Forms">
<forms loginUrl="loginnew.aspx"/>
</authentication>
<authorization>
<allow users="*" /> <!--Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
<deny users="?"/>
</authorization>
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
</configuration>
newtestform.aspx
<%@ Page language="c#" Codebehind="newtestform.aspx.cs"
AutoEventWireup="false"
Inherits="FormsAuthenticationTestingArea.administrationpages.newtestform" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>newtestform</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<P>
<asp:Label id="LabelMessage" runat="server"></asp:Label></P>
<P>
<asp:Button id="ButtonSignout" runat="server"
Text="Signout"></asp:Button></P>
<P> </P>
</form>
</body>
</HTML>
and code behind:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FormsAuthenticationTestingArea.administrationpages
{
/// <summary>
/// Summary description for newtestform.
/// </summary>
public class newtestform : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label LabelMessage;
protected System.Web.UI.WebControls.Button ButtonSignout;
private void Page_Load(object sender, System.EventArgs e)
{
// Display the username
LabelMessage.Text = "Hello " + Context.User.Identity.Name;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ButtonSignout.Click += new
System.EventHandler(this.ButtonSignout_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void ButtonSignout_Click(object sender, System.EventArgs e)
{
// Signout and redirect to login.aspx
System.Web.Security.FormsAuthentication.SignOut();
Response.Redirect(Request.UrlReferrer.ToString());
}
}
}
loginnew.aspx
<%@ Page language="c#" Codebehind="loginnew.aspx.cs" AutoEventWireup="false"
Inherits="FormsAuthenticationTestingArea.administrationpages.loginnew" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>loginnew</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<P>
<asp:TextBox id="TextBoxUserName"
runat="server"></asp:TextBox></P>
<P>
<asp:TextBox id="TextBoxPassword" runat="server"
TextMode="Password"></asp:TextBox></P>
<P>
<asp:CheckBox id="CheckBoxPersistent" runat="server"
Text="Persistent"></asp:CheckBox>
<asp:Button id="ButtonLogin" runat="server"
Text="Login"></asp:Button></P>
<P>
<asp:Label id="LabelMessage" runat="server" Font-Bold="True"
ForeColor="Red"></asp:Label></P>
</form>
</body>
</HTML>
and code behind:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FormsAuthenticationTestingArea.administrationpages
{
/// <summary>
/// Summary description for loginnew.
/// </summary>
public class loginnew : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox TextBoxUserName;
protected System.Web.UI.WebControls.TextBox TextBoxPassword;
protected System.Web.UI.WebControls.CheckBox CheckBoxPersistent;
protected System.Web.UI.WebControls.Button ButtonLogin;
protected System.Web.UI.WebControls.Label LabelMessage;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ButtonLogin.Click += new
System.EventHandler(this.ButtonLogin_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void ButtonLogin_Click(object sender, System.EventArgs e)
{
// Validate username and password text boxes
if (TextBoxUserName.Text == string.Empty || TextBoxPassword.Text
== string.Empty)
{
LabelMessage.Text = "Username and Password cannot be empty";
return;
}
// Authenticate the user
bool CookieValue = false;
if ((TextBoxUserName.Text == "Kris") && (TextBoxPassword.Text ==
"bla"))
{
if (CheckBoxPersistent.Checked)
{
CookieValue = true;
}
else
{
CookieValue = false;
}
// If valid, redirect to protected resource
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(TextBoxUserNam
e.Text,CookieValue);
}
else
{
// If invalid, display an error page
LabelMessage.Text = "Invalid credentials, please try again";
TextBoxUserName.Text = string.Empty;
TextBoxPassword.Text = string.Empty;
}
}
}
}