We're having trouble getting Forms Authentication to work with a virtual directory in IIS.
We have a main site, and then a microsite setup within a virtual directory. This mircosite has its own admin system within an "Admin" folder, which has authentication on it but currently it is not kicking in and the admin section is browsable by anyone.
The web.config with the admin folder has the following:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
<customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Error.aspx"/>
</system.web>
</configuration>
Could anyone give me any clues as to why this might not be working?
Cheers!
What happens if you set this in the web.config at the root of your site instead:
<location path="MicroSite/Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Related
I have got an app service with 3 virtual paths shown below.
Virtual path Physical path Type
/ site\wwwroot Application
/app2 site\wwwroot\app2 Application
/app3 site\wwwroot\app3 Application
How can I use web.config to control access to my site using Azure Security Groups? I've got 3 security groups and I want to allow access as below.
Allow sg1 to have access to my root /.
Allow sg2 to to have access to my root & /app2.
Allow sg3 to to have access to my root & /app3.
In my on-prem IIS box i was able to do something like below to control access.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Windows"/>
<authorization>
<allow roles="GLOBAL\sg1"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="app2">
<system.web>
<authorization>
<allow roles="Global\sg1"/>
<allow roles="Global\sg2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="app3">
<system.web>
<authorization>
<allow roles="Global\sg1"/>
<allow roles="Global\sg3"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can I replicate this in Azure app services?
I tried a simple base case, as per below. I can go to my / fine as it has no restrictions but I get the error The page cannot be displayed because an internal server error has occurred., when browsing to /app2
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="app2">
<system.web>
<customErrors mode="Off"/>
<authentication mode="Windows"/>
<authorization>
<allow roles="GLOBAL\sg1"/>
<allow roles="GLOBAL\sg2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Please help :(
Can I replicate this in Azure app services?
No, you cannot since what you describe is Active Directory behavior. App Services do not integrate with AD.
Next best thing would be Azure AD authentication, but this will require code changes and look quite different in the end: https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
I have a simple internal site using IIS 8.5 Basic Authentication.
In one specific html file I want to restrict even further to some users/roles.
UPDATE: This is my Web.config, I can still access the inhouse.html file in a browser with my Windows (LDAP) account. I want to block all users to access this. Then to only allow a few users.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.6" />
<httpRuntime targetFramework="4.6" />
<authentication mode="Windows" />
</system.web>
<location path="inhouse.html">
<system.web>
<authorization>
<remove users="*" roles="" verbs="" />
</authorization>
</system.web>
</location>
</configuration>
Try this:
<location path="inhouse.html">
<system.web>
<authorization>
<remove users="*" roles="" verbs="" />
--add the users you want here.
</authorization>
</system.web>
</location>
It depends on the rest of your web.config as to whether system.webserver or system.web applies.
I have PHP application that I develop on my local Server 2008 dev server, I then push this to my live site on Azure Cloud Services. This all works fine. In one of my sub folders I have a web.config file with the following in it:
<configuration>
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
</authorization>
</security>
</system.webServer>
If I attempt to go in to that folder, or view any file in a browser on my dev server I receive the message:
401 - Unauthorized: Access is denied due to invalid credentials.
Which is great!.. If I attempt to go to a file in that folder on my live site, it displays the file just fine. It is completely ignoring the web.config file. I have connected to the running cloud instance of my live site, and can see the web.config file in there.
Why is it being ignored on Azure, but working fine on my dev site?
In case anyone else has the same issue, you need to add a location element to your root web.config/web.cloud.config. It needs to be directly within the configuration element like so:
<configuration>
.....
.....
<location path="--folder or file--">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
**After login i am not able to access page.After login again redirect to login page.
I am using two level of folder structure. CMS folder contain two folder.
1. User.
2. Admin.
---CMS
----User
----Admin
Means CMS/{USER}{Admin}.**
In main web.config
In main web.config i am set loginurl and allow all user.
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<authentication mode="Forms">
<forms name="HESCMS1.0" loginUrl="~/CMS/User/Login.aspx" timeout="40" slidingExpiration="true" cookieless="UseCookies" protection="All" requireSSL="false" enableCrossAppRedirects="false"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<customErrors mode="Off"></customErrors>
</system.web>
<system.web>
<httpRuntime requestValidationMode="2.0"/>
</system.web>
In User folder web.config:
Set role for admin user
<system.web>
<authorization>
<allow roles="CMSUserAdmin" />
<deny users="*"/>
</authorization>
</system.web>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
In Admin folder web.config:
Set role for super admin.
<system.web>
<authorization>
<allow roles="CMSSuperAdmin"/>
<deny users="*" />
</authorization>
</system.web>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
This is my first post in stack so have not so much experience.
I've setup ELMAH on a asp.net mvc 3 site with the correct configuration detailed on another SO question here. Everything works great on my local virtual dev IIS server but when I deploy to an IIS server when I try to go to /Admin/Elmah.axd I get the standard IIS "404 - File or directory not found.". Is there an IIS setting I'm missing?
<location path="admin">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
You have got to add the httphandler to the System.Webserver part of the web.config so that IIS routes it:
<system.webServer>
<handlers>
<add verb="POST,GET,HEAD" path="admin/elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" name="Elmah"/>
</handlers>
</system.webServer>
I fixed the problem by installing the asp.net mvc elmah controller. You can find it here.