By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,156 Members | 1,037 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,156 IT Pros & Developers. It's quick & easy.

IIS/ASP.NET not recognizing writes to web.confg

P: n/a

I'm experiencing problems related to IIS/ASP.NET not recognizing writes
to web.config that my web application performs.

Specifically I have a web application that provides an interface
allowing authenticated domain users to be written to the "authorization"
section of the web.config file. Since i'm using Integrated Windows
Authentication, these users should then be able to issue the various
HTTP POSTS to the web application. However what I'm seeing is that the
users I add to the web.config file still are unauthorized.

IIS/ASP.NET simply doesn't detect modifications to the web.config file
I'm doing programmatically in my web application using the .NET
Configuration / WebConfigurationManager API.

If I use a non programatic way of modifying the web.config file after a
user has been added i.e. use notepad to open web.config. and save,
without making any changes, then IIS/ASP.NET recognise the change to
web.config and now the users become authorized to use my web
application.

Is this a bug?

-John Gonsalves

*** Sent via Developersdex http://www.developersdex.com ***
Mar 28 '07 #1
Share this Question
Share on Google+
15 Replies


P: n/a


By the way, I'm using .NET 2.0 and my web application is running on
Windows 2003 Server Enterprise Edition.

-John

*** Sent via Developersdex http://www.developersdex.com ***
Mar 28 '07 #2

P: n/a
If your code is able to add the users to the config file, could you
try adding the users programatically and then restarting the site
once, and then test it? Normally a web.config change causes the site
to be reloaded in memory for future hits, but the current requests
are served using the old settings. I am just taking an educated guess
but maybe when you are modifying the config file programatically, the
site never gets unloaded from memory to allow the new settings to take
effect.

If this is the case, maybe you can try picking up the users
dynamically from another xml file instead of web.config, which i think
is always tricky to modify on the fly.
Hope this helps.

Latish

Mar 29 '07 #3

P: n/a


I still have not received a response that works.

The feature I'm trying to use is the one where "allow users=" in the
authorization section while using Integrated Windows Security enforces
who can access the web application.

One of the services this web application offers is the ability to issue
a http post that includes a domain/user who I desire to give
authorization to (i.e. they are added to the web.config authorization
section using the Configuration / WebConfigurationMgr API).

Unfortunately IIS does not recognized any changes I make to web.config
programmatically, unless I manually use notepad to open the web.config
file and force a save without any additional modifications. (i.e. file
watcher is triggered on the notepad save but not on the
Configuration.save()).

This is clearly a bug and I need a workaround!

-John Gonsalves
Hewlett Packard

*** Sent via Developersdex http://www.developersdex.com ***
Apr 5 '07 #4

P: n/a
Did you try what i had suggested in the last post?
Latish

Apr 6 '07 #5

P: n/a
Also, is there a compelling reason for you to use web.config for this?
Can't you pick the settings from a Sql Server table or another config
file?

Apr 6 '07 #6

P: n/a


I could save the users to another file or database and do some
personalization in my web application to authorizing by comparing the
LogonUserIdentity.Name.ToString() with what I have stored.

But I was hoping that by adding these users programmatically to
web.config in the authorization section, would force IIS to do this for
me.

-John Gonsalves

*** Sent via Developersdex http://www.developersdex.com ***
Apr 6 '07 #7

P: n/a


Latish,

What you're suggesting won't work for me. The users are added to the
web.config file authorization section spuriously and infrequently. When
they are added I don't have the liberty of restarting the web site. I
need the new users to be given authorization by IIS automatically.

The functionality I need is using Windows Integrated Security:

1) Add a user to the authoriztion section in web.config as 'allow
users="newuser"', programmatically

2) Have IIS honor the added user, allowing them access to the web site.

There must be a way to do this using web.config.

-John Gonsalves

*** Sent via Developersdex http://www.developersdex.com ***
Apr 6 '07 #8

P: n/a
This seems to be a common problem ( i see similar questions in other
forums out there).
Check out http://www.developer.com/net/cplus/article.php/3531746

Perhaps you can use the Enterprise Library Configuration block.

Apr 6 '07 #9

P: n/a


Enterprise Library Configuration block appears to deal with
configuration changes being detectable by the web application.

I need IIS to detect my application changes, namely the authorization
section of the web.config file.

-John Gonsalves

*** Sent via Developersdex http://www.developersdex.com ***

Apr 6 '07 #10

P: n/a
On Mar 29, 12:39 am, John Gonsalves <john.gonsal...@hp.comwrote:
I'm experiencing problems related to IIS/ASP.NET not recognizing writes
to web.config that my web application performs.

Specifically I have a web application that provides an interface
allowing authenticated domain users to be written to the "authorization"
section of the web.config file. Since i'm using Integrated Windows
Authentication, these users should then be able to issue the various
HTTP POSTS to the web application. However what I'm seeing is that the
users I add to the web.config file still are unauthorized.

IIS/ASP.NET simply doesn't detect modifications to the web.config file
I'm doing programmatically in my web application using the .NET
Configuration / WebConfigurationManager API.

If I use a non programatic way of modifying the web.config file after a
user has been added i.e. use notepad to open web.config. and save,
without making any changes, then IIS/ASP.NET recognise the change to
web.config and now the users become authorized to use my web
application.

Is this a bug?

-John Gonsalves

*** Sent via Developersdexhttp://www.developersdex.com***
I believe it's an error in your code. The following code is working
well for me

string[] users = {"alexey"};
AuthorizationRule authorizationRule = new
System.Web.Configuration.AuthorizationRule(Authori zationRuleAction.Deny);
authorizationRule.Users.AddRange(users);
Configuration config =
WebConfigurationManager.OpenWebConfiguration("~");
AuthorizationSection authorizationsection =
config.GetSection("system.web/authorization") as AuthorizationSection;
authorizationsection.Rules.Add(authorizationRule);
config.Save();

Once it is executed the web.config is updated and I'm blocked

Apr 6 '07 #11

P: n/a
On Mar 29, 12:39 am, John Gonsalves <john.gonsal...@hp.comwrote:
I'm experiencing problems related to IIS/ASP.NET not recognizing writes
to web.config that my web application performs.

Specifically I have a web application that provides an interface
allowing authenticated domain users to be written to the "authorization"
section of the web.config file. Since i'm using Integrated Windows
Authentication, these users should then be able to issue the various
HTTP POSTS to the web application. However what I'm seeing is that the
users I add to the web.config file still are unauthorized.

IIS/ASP.NET simply doesn't detect modifications to the web.config file
I'm doing programmatically in my web application using the .NET
Configuration / WebConfigurationManager API.

If I use a non programatic way of modifying the web.config file after a
user has been added i.e. use notepad to open web.config. and save,
without making any changes, then IIS/ASP.NET recognise the change to
web.config and now the users become authorized to use my web
application.

Is this a bug?

-John Gonsalves

*** Sent via Developersdexhttp://www.developersdex.com***
I believe it's an error in your code. The following code is working
well for me

string[] users = {"alexey"};
AuthorizationRule authorizationRule = new
System.Web.Configuration.AuthorizationRule(Authori zationRuleAction.Deny);
authorizationRule.Users.AddRange(users);
Configuration config =
WebConfigurationManager.OpenWebConfiguration("~");
AuthorizationSection authorizationsection =
config.GetSection("system.web/authorization") as AuthorizationSection;
authorizationsection.Rules.Add(authorizationRule);
config.Save();

Once it is executed the web.config is updated and I'm blocked

Apr 6 '07 #12

P: n/a
"John Gonsalves" <jo************@hp.comwrote in message news:%2****************@TK2MSFTNGP05.phx.gbl...
Enterprise Library Configuration block appears to deal with
configuration changes being detectable by the web application.

I need IIS to detect my application changes, namely the authorization
section of the web.config file.

-John Gonsalves

*** Sent via Developersdex http://www.developersdex.com ***

John, were you aware that IIS has nothing to do with the web.config? It's all ASP.NET.

I would strongly suggest not using the authentication section of web.config to store users. You should use a database for that. If nothing else, consider that writes to web.config are not transactional, and a system crash while you're writing could result in an invalid web.config file, which would leave your entire application unavailable.

John

Apr 7 '07 #13

P: n/a
On Apr 7, 2:16 am, "John Saunders" <john.saunders at trizetto.com>
wrote:
"John Gonsalves" <john.gonsal...@hp.comwrote in messagenews:%2****************@TK2MSFTNGP05.phx.gb l...

Enterprise Library Configuration block appears to deal with
configuration changes being detectable by the web application.

I need IIS to detect my application changes, namely the authorization
section of the web.config file.

-John Gonsalves
John, did you check my response to this thread?

Apr 7 '07 #14

P: n/a


Yes John, I read and understand your recommendation. Apparently
web.config authorization section wasn't meant to be updated and have
those changes be honored as far as IIS/ASP.NET enforcing any rule
changes made.

I'll add a database table for users.

Thanks for the help. I'd still like to know if what I've been
experiencing is a defect.

-John Gonsalves

*** Sent via Developersdex http://www.developersdex.com ***
Apr 9 '07 #15

P: n/a
On Apr 9, 6:34 pm, John Gonsalves <john.gonsal...@hp.comwrote:
Yes John, I read and understand your recommendation. Apparently
web.config authorization section wasn't meant to be updated and have
those changes be honored as far as IIS/ASP.NET enforcing any rule
changes made.

I'll add a database table for users.

Thanks for the help. I'd still like to know if what I've been
experiencing is a defect.

-John Gonsalves

*** Sent via Developersdexhttp://www.developersdex.com***
http://groups.google.com/group/micro...e7c450bf9cd102

Apr 9 '07 #16

This discussion thread is closed

Replies have been disabled for this discussion.