I'm attempting to write a custom Authentication module using http://www.15seconds
.com/Issue/020417.htm
I looked at http://support.microsoft.com/defaul...b;EN-US;307996,
but it doesn't setup things the way I want (ie, I want to integrate into an
existing web application).
So I want to deny unauthenticated users access to everything except the defa
ult page.
I have an error in web.config. When I comment out these lines:
<location path="default.aspx" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Things work. As soon as I put them in, I get this error message:
Server Error in '/Commencement' Application.
----
--
Runtime Error
Description: An application error occurred on the server. The current custom
error settings for this application prevent the details of the application
error from being viewed remotely (for security reasons). It could, however,
be viewed by browsers runni
ng on the local server machine.
Details: To enable the details of this specific error message to be viewable
on remote machines, please create a <customErrors> tag within a "web.config
" configuration file located in the root directory of the current web applic
ation. This <customErrors>
tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom err
or page by modifying the "defaultRedirect" attribute of the application's <c
ustomErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Which is odd, because I have customErrors mode="Off" set. I've looked this r
esult up in "Programming ASP.NET", Chapter 19, p. 886, which has the exact s
ame syntax. Any assistance would be appreciated. Here's the entire webconfig
file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting t
his value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation a
bout
debugging ASP.NET files.
-->
<compilation defaultLanguage="c#" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages,
"Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes,
so
that you do not display application detail information to remote clients.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible m
odes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows)
according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their creden
tials, and then
you authenticate them in your application. A user credential token is stored
in a cookie.
"Passport" Authentication is performed via a centralized authentication serv
ice provided
by Microsoft that offers a single logon and core profile services for member
sites.
-->
<authentication mode="None" />
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can all
ow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?"
means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" /> <!-- Deny unauthenticated users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!--
<location path="default.aspx" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
-->
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an
application.
Set trace enabled="true" to enable application trace logging. If pageOutput
="true", the
trace information will be displayed at the bottom of each page. Otherwise,
you can view the
application trace log by browsing the "trace.axd" page from your web applica
tion
root.
-->
<trace enabled="true" requestLimit="10" pageOutput="false" traceMode="SortBy
Time" localOnly="false" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a parti
cular session.
If cookies are not available, a session can be tracked by adding a session i
dentifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sq
lConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>Alright, found the error. It was in the </system.web> being nested within th
e external <system.web> tags. On to debugging the HTTPModule.
rasheed_almasri wrote:
