Tuesday, September 29, 2009
helped my "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level..." this morning
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Instead of moving my web.config from the sub-directory to the root, I copied it, and thus, there were two of the same file, one in the root, and one in the sub-directory. In my case, deleting the file from the sub-directory solved the problem, but the explanation below is a slightly more abstract explanation of the nature of the error that I found helpful.
Particularly #2:
"2. When you have sub-directories in your application, you can have web.config file for the sub-directory. However, there are certain properties which cannot be set in the web.config of the sub-directory such as authentication, session state (you may see that the error message shows the line number where the authentication or sessionstate is declared in the web.config of the sub-directory). The reason is, these settings cannot be overridden at the sub-directory level unless the sub-directory is also configured as an application (as mentioned in the above point).
Mostly we have the practice of adding web.config in the sub-directory if we want to protect access to the sub-directory files (say, the directory is admin and we wish to protect the admin pages from unathorized users).
But actually, this can be achieved in the web.config at the application's root level itself, by specifing the location path tags and authorization, as follows:-
<location path="Admin">
<system.web>
<authorization>
<allow roles="administrators" />
<deny users="*" />
</authorization>
</system.web>
</location>
However, if you wish to have a web.config at the sub-directory level and protect the sub-directory, you can just specify the Authorization mode as follows:-
<configuration>
<system.web>
<authorization>
<allow roles="administrators" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Thus you can protect the sub-directory from unauthorized access."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment