ASP.NET Web Configuration Inheritance on IIS 6.0

February 16, 2008 at 2:25 PMAmer Gerzic

Couple of days ago, I installed BlogEngine.NET on my home server's root directory. Besides being extremely impressed by BlogEngine.NET, I noticed that all of my other sub-applications started crashing. Immediately, I knew that the installation of BlogEngine.NET affected all other web applications. After short investigation, I noticed that all of my sub-applications were trying to load handlers and modules defined in BlogEngine class library. Specifically, all web applications tried to load following:

      <add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
      <add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
      <add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
      <add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
      <!--The CleanPageModule below removes whitespace which makes the page load faster in IE. Enable at own risk -->
      <!--<add name="CleanPageModule" type="BlogEngine.Core.Web.HttpModules.CleanPageModule, BlogEngine.Core"/>-->
      <!--Remove the default ASP.NET modules we don't need--> 
      <remove name="PassportAuthentication" />
      <remove name="Profile" />
      <remove name="AnonymousIdentification" />

      <add verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" validate="false"/>
      <add verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="js.axd" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="monster.axd" type="BlogEngine.Core.Web.HttpHandlers.MonsterHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" validate="false"/>

At first, I was very confused that all sub-applications are loading web.config from the root application. I thought that each web application simply used the web.config from it's own virtual folder (besides machine.config). To investigate the issue, I started searching the web and after a short time I found the following article. The article explains the way IIS 6 is handling web configuration loading and inheritance. Frustrated with the result, I was determined to find solution to my problem. And then it hit me: <location> tag! With <location> tag, it is not only possible to control application security, but also selectively load parts of web.config. Actually, the accurate statement would be that <location> option allows user to control if "child" applications will inherit portions of web.config. In this way, I was able to pick and choose, which parts of web.config will be loaded in sub-applications. Following part of web.config explains everything:

<location inheritInChildApplications="false">

Adding <location> option solved my headache ...

Posted in: ASP.NET


ASP.NET 2.0 Email Confirmation

May 31, 2007 at 6:59 PMAmer Gerzic


Authentication and authorization as fundamental part of a web application was tremendously simplified with arrival of .NET 2.0. Basic authentication and authorization can be performed using different DBMS systems. There are numerous examples implementing authentication using Access database. One such example can be found in the article ASP.NET 2.0 Authentication using Access Database. In this article the example implements bare minimum to achieve desired goal, namely authentication and authorization using access database. However, authentication and authorization is only first part of the user management system. Second fundamental part of user management is allowing users to create an account at will. In such instances, users can sign up and become members of the community without administrator intervention. Furthermore, the user should be able to provide contact information (email) so that he/she can be contacted if necessary. Contact information must be verified. This article focuses on very simple ways to achieve such goal.

Posted in: ASP.NET | C#

Tags: , , , , , , ,

ASP.NET 2.0 Forms Authentication Using Access Database

March 4, 2007 at 5:56 PMAmer Gerzic


Authentication and authorization is one of the basic components of web application development. When I first started web development, I quickly realized that authentication and authorization of resources were performed in variety of ways. Throughout years, I developed variety of web applications, primarily for my own use. With arrival of ASP.NET 1.0, authentication and authorization were simplified. ASP.NET 2.0 takes this feature even further by providing the user with powerful tools to quickly implement authentication and authorization. With these tools, a user can utilize MS SQL 2005 Server, XML data source, MS Access database and other data sources to retrieve user information. In this article I will focus on bare minimum needed to implement forms authentication using access database.


Posted in: ASP.NET | C#

Tags: , , , , , ,