Menu
On my local machine, I work on multiple web sites and run them under IIS under a "Default" web site. That way I can access the sites through this type of URL: http://localhost/App1/. Here's the structure:
LocalDev (site)
App1 (application)
App2 (application)
App3 (application)
The problem I'm encountering is that in App1, I'm trying to enable Windows authentication on a subdirectory of App1, like this:
<configuration>
<location path="internal">
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Unfortunately, when I then try to access http://localhost/App1/internal/url.aspx, I get this error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
App1 is set up as an application, not a virtual directory. I've tried changing my machine.config to allow changing the authentication section anywhere:
<configuration>
<configSections>
<sectionGroup name="system.web" type="System.Web.Configuration.SystemWebSectionGroup, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<section name="authentication" type="System.Web.Configuration.AuthenticationSection, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="Everywhere"/>
</sectionGroup>
</configSections>
</configuration>
What do I have to do to allow my sites to set their own authentication modes?
781
Windows Authentication mode provides the developer to authenticate a user based on Windows user accounts. This is the default authentication mode provided by ASP.Net. You can easily get the Identity of the user by using User.Identity.Name. This will return the computer name along with the user name.
On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.
You can configure the <authorization> element at the server level in the ApplicationHost. config file, or at the site or application level in the appropriate Web. config file. You can set default authorization rules for the entire server by configuring authorization rules at the server level.
You need to enable Windows authentication at the application level in the Web.config, then further define authorization at the folder level, allowing all users at the root and denying all unauthenticated for the internal folder.
In IIS, make sure both Anonymous Authentication and Windows Authentication are enabled for the application. Then, modify your Web.config as follows:
<configuration>
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="internal" allowOverride="true">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
You can't change the Authentication mode within a subdirectory. Only WebApplications can define this setting which applies to the entire application. A location element is only used in subdirectories to change authorization, not authentication settings.
You need to create the subdirectories as Web applications in IIS.
If you are saying the child subdirectory is in fact already a web application in IIS (the error suggests this is not the case), then you need to disable inheritance. This has nothing to do with whether you have a web.config in the root. If not it just means it's using the default machine config settings.
You can disable inheritance by adding a web.config in the root, with the following element wrapping your system.web.
<location path="." inheritInChildApplications="false">
<system.Web>
...
</system.Web>
</location>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
