Forms Authentication in Subfolder: "It is an error to use a section..." Error

Background: I develop using VS2005 on my office PC, and edit our web pages that exist on a development server (Win2003).  I open the site to edit by using File > Open > Web Site > Remote Site > http://testserver/mysite.  Our web site's root folder is defined as an application, and the web.config is located in the root.  It is now the only web.config file on the site.  I have added a subfolder two levels down from the root that contains asp.net 2.0 pages that will use Forms authentication.  Because of errors I was getting putting the authentication configuration in a web.config file located in that subfolder, I deleted that web.config file and put the authentication settings in the root web.config file in a location section.  So, the web.config in question now reads:

<location path="subfolder1/securefolder" allowOverride="true">
  <
system.web>
    <
authentication mode="Forms">
      <
forms name=".myCookie" loginUrl="subfolder1/login.aspx" />
    </
authentication>
    <
authorization>
      <
deny users="?" />
    </
authorization>
  </
system.web>
</
location>

I still get the error "Error 1 C:\Documents and Settings\<mylogin>\Local Settings\Temp\VWDWebCache\testserver\subfolder1\securefolder\mypage.aspx: ASP.NET runtime error: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (C:\Documents and Settings\<mylogin>\Local Settings\Temp\VWDWebCache\testserver\web.config line 31)."

I don't know if it's significant, but notice the error points to the VWDWebCache folder on my local PC, which, of course, is not defined as an application, and I don't see it (or any cached version of my development web site, for that matter) in my local IIS Manager so that I can make it an application on my local PC.

Is this not the right way to set up an authenticated subfolder?  Is it not possible to set up an authenticated subfolder?

0
RSewell
6/26/2007 7:54:44 PM
asp.net.security 27051 articles. 1 followers. Follow

2 Replies
614 Views

Similar Articles

[PageSpeed] 5

I believe the problem is that the authentication section needs to be at the application level of your web.config and can not be in a location node. Try something like what's below: (Note I haven't tested this, so take it with a grain of salt, but I remember running into this issue way back when and I think that was the cause)

<configuration>


    <appSettings/>
    <connectionStrings/>
    <system.web>
    <compilation debug="true" strict="true" explicit="true" />
<authentication mode="Forms" >
<forms name="mycookie" loginUrl="login.aspx" timeout="30" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
   </system.web>

<location path="mydirectory">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>


</configuration>

 
 

 

 

 

0
dvallone
6/26/2007 9:58:02 PM

That was it!  Thank you.  Odd how that particular configuration is so hard to find in the documentation and the web (or it was for me), and yet it has to be a very common setup.

0
RSewell
6/27/2007 4:09:19 PM
Reply:

Similar Artilces:

Problem with Using Forms Authentication to Secure Subdirectory
Ok first let me say that this is a typical rented server off DiscountASP.net so I dont have direct IIS manager access. My app is pretty simple. I have the root / and a /Admin subfolder that I will allow the client to edit data on the customer interface. Mostly simple price listings. I want to restrict access to the /Admin folder obviously but leave the rest of the site wide open. I'm getting the following error. I only have one web.config file in the root. and the Admin subfolder is just a simple subfolder I created myself. Do I have to create the ADmin folder as its own application? I w...

I am trying to run a login sample, so in "Web Site Administration Tool" i clicked "Use the security Setup Wizard to configure security step by step." and got this famous error: An error was encountere
After this i have the lengthy description of the rror The following message may help in diagnosing the problem: Specified argument was out of the range of valid values. Parameter name: site at System.Web.Configuration.WebConfigurationHost.InitForConfiguration(String& locationSubPath, String& configPath, String& locationConfigPath, IInternalConfigRoot configRoot, Object[] hostInitConfigurationParams) at System.Configuration.Configuration..ctor(String locationSubPath, Type typeConfigHost, Object[] hostInitConfigurationParams) at System.Configuration.Internal.InternalConfigConfigur...

myDiv.style["display"]="none"; gives me an error while using a div in a User Control: Syntax error
Hi I have this part of my ascx user control that gives me a client side error : Syntax error <DIV id="dvRecurant"><asp:textbox id="txtFoisRecurant" tabIndex="7" runat="server" Height="20px"> </DIV> <script language="javascript">dvRecurant.style["display"]="none"</script>Thanks a lot, I appreciate your taking the time to help me. The the following client-side code: dvRecurant.style.display="none";/Fredrik Normén - fredrikn @ twitterMicrosoft MVP, MCSD, MCAD, MCTASPInsidersMy Blog Try:dvRecurant.style.display="none";Hope this helps. Home Is Where the...

superreview granted: [Bug 225809] Don't fall back to insecure authentication if "use secure authentication" is checked : [Attachment 135915] same patch with revised error message
Scott MacGregor <mscott@mozilla.org> has granted Scott MacGregor <mscott@mozilla.org>'s request for superreview: Bug 225809: Don't fall back to insecure authentication if "use secure authentication" is checked http://bugzilla.mozilla.org/show_bug.cgi?id=225809 Attachment 135915: same patch with revised error message http://bugzilla.mozilla.org/attachment.cgi?id=135915&action=edit ------- Additional Comments from Scott MacGregor <mscott@mozilla.org> I'd suggest shortening the alert message to: You cannot log in to %S because you have ...

Error during method "CreateMailMessage" from "MailDefinition" object
 Hi, I am having trouble to send E-mail when using maildefinition object. I need to read email body from external txt file, then do some replacements and send it. Only way (what i know - instead of writing my own code), how to get the text  to the body of MailMessage is using the MailDefinition method BodyFileName() When I set everythig up after atempt to send the email I get this error: "The specified string is not in the form required for an e-mail address." I am sure, that the adress i right(it' even valiated throug regularexpretion validator).  Does any b...

ALERT - Error Trying to validate certificate from "secure internet banking site" using OCSP
Name: Bob Steele Email: bobsteeleatwestnetdotcom.au Product: Firefox Summary: ALERT - Error Trying to validate certificate from "secure internet banking site" using OCSP - Server Error Comments: Dear Sir / Madam, Since installing Firefox 2 I have been unable to do internet banking with either; internetbanking.suncorpmetway.com.au or https://www1.netbank.commbank.com.au/netbank/bankmain.htm The following Alert pops up over the window and once acknowledged, the site refuses to load. The Error; ALERT - Error Trying to validate certificate fr...

"Error Group: WINSOCK" "Error Code:11004"
Hi Just setup iPrint on the server and tried to install the printer to the laptop and got the following message: Error code:11004 Error message: Winsock 11004 - The DNS name has been found in the database, but its associated data is not correct. Error group: WINSOCK Error code:11004 Anyone know what associated data it is referring to? Thanks in advance -- iangh2 A quick Google found this on http://www.sockets.com/err_lst1.htm WSANO_DATA (11004) Valid name, no data record of requested type Berkeley description: The requested name is valid, but does not hav...

[ID 20000620.005] MM_Win32, pm_to_blib section causing "Error -- Expecting macro or rule defn," then "Error -- rem: No such file or directory"
To: perlbug@perl.com Subject: MM_Win32, pm_to_blib section causing "Error -- Expecting macro or rule defn," then "Error -- rem: No such file or directory" Reply-To: an400@ncf.ca This is a bug report for perl from an400@ncf.ca, generated with the help of perlbug 1.28 running under perl v5.6.0. This error is occurring in all my generated makefiles. Commands executed: 1) perl makefile.pl verb verb cc=gcc lib=d:/server/lib 2) dmake -f makefile -v output ends at : DMAKE.EXE: makefile: line 650: Error -- Expecting macro or rule defn, found neither D...

Error: while using "MD5" and "SHA1" algorithms.
Hi, when i tries to insert password other than "ratnesh" and "iaza1234" the error is generated. "incorrect syntax 'i58g9e6c6s31de5s1e2d' "private void butInsert_Click(object sender, System.EventArgs e) {SqlConnection myConn = new SqlConnection("workstation id=JASIM;packet size=4096;user id=ASPNET;data source=JASIM;persist security info=False;initial catalog=Test");  string Encrypt_MD5 = FormsAuthentication.HashPasswordForStoringInConfigFile(txtpassword.Text,"MD5"); SqlCommand InCommand = new SqlCommand("CreateUser ...

LDAP Authentication Using ADMembershipProvider
Hi there,  I am creating a user login page for applications. As a start, I am trying to authenticate user thru LDAP authentication. I got my reference from :   http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000026.asp   The user authentication seems to work if I follow the below steps :-   LDAP connection string : LDAP://<serevername>.xxx.zz.<companyname>.com     using default attributeMapUsername   Therefore, the login name will be : username@xxx.zz.<company...

Error on <form enctype="multipart/form-data" runat="server">
Hi to all... i have this problem which occured when i was uploading a picture into the SQL 2000. i am using VB script and Microsoft Visual Studio 2005... the error on"<pages enableEventValidation="true"/>"... can anyone help me??  i am using a master template for my webpage... everything work jus fine before i insert this "<form enctype="multipart/form-data" runat="server">" at the top of the page after "<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server&...

Using "Windows" authentication to authenticate BUT "Forms" to maintain the user's session?
Is there a way to do this?Basically I want to ensure and pick up users who are already authenticated via AD but use Forms Authentication under the covers once they've been authenticated.  Ideally I'd like to roll this into a custom membership provider so that both internal users (who will have already logged into their machines and been authenticated via AD) and outside users (who will need to use a login control provided on a page) both can have their sessions as maintained in the same way ... AND be associated and use a common roles and profile provider.Any help would be appre...

authentication mode="Forms" error
Hi I am getting the following error:   Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.Source Error: Line 256: below and uncomment the Windows Authentication stuff. Line 257: --> Line 258:...

authentication mode="Forms" error
Hi I am getting the following error:   Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.Source Error: Line 256: below and uncomment the Windows Authentication stuff. Line 257:...

Web resources about - Forms Authentication in Subfolder: "It is an error to use a section..." Error - asp.net.security

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

Authentication - Facebook-Entwickler
Please note: On October 3, 2012, the offline_access permission will be removed. If you are building...

Facebook Adds Two Factor Authentication for Login and Redesigns Family Safety Center
... announced the release of several new tools to help users stay safe while using the site. Soon, users will be able to enable two factor authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


YouTube - How To Hack Twitter's New Two Factor Authentication
Veröffentlicht am 23.05.2013 Connect! http://toopher.com http://facebook.com/toopherinc http://twitter.com/toopher CEO Josh Alexander wants ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

Hands on: Twitter two-factor authentication
Optus and Vodafone customers need not apply when it comes to Twitter's two-factor authentication.

Resources last updated: 1/20/2016 2:23:39 AM