If we have an ASP.Net website that:
1. We want to pre-compile before deploying to the live servers for the usual reasons of performance (no delay on first hit) and security (source code not hosted on the servers)
2. Before starting the web application, we automatically generate its web.config file
3. By default we want to disable view state in all the pages by adding a
node in the generated web.config
The main issue was that even though the generated web.config file had the correct setting in it, the view state wasn’t being disabled. This confused us for quite a while.
It turns out that the default setting when a website is compiled by the ASP.Net compiler doesn’t allow subsequent updates to the site.
In our particular case, this meant the compiled pages were using the (default) value in our non-existent web.config at compile time, not the one actually on the server at runtime.
Once we realised that, the solution was easy: simply add a –u parameter to the compiler flags which meant:
-u specifies that the Aspnet_compiler.exe should create a precompiled application that allows subsequent updates of contents such as .aspx pages.
If this option is omitted, the resulting application contains only compiled files and cannot be updated on the deployment server. You can update the application only by changing the source markup files and recompiling.
Posts Tagged web.config file
ASP.Net Compilation Tool – do you want to allow updates without redeploying?
Saturday, March 6th, 2010
Tags: .aspx pages, ASP.NET, server, web.config, web.config file, –u parameter
Posted in Microsoft Technology | No Comments »
Site Authentication Required, Except Default.aspx
Friday, February 26th, 2010
What happens when you need to protect your whole site so that only Authenticated users can access your site.
To allow ONLY authenticated access to your site using Forms authentication you can add a section like this on e to your application’s web.config file.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="Login" protection="All"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
The problem is that it seems lots of folks don’t want users to automatically redirect to the Login.aspx page when they navigate to their site home page.
To require authentication for all the pages in your
web application EXCEPT the home page (Default.aspx))
Also add a location section to your web.config file that explicitly allows anonymous users to access JUST the default.aspx page.
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
You can use the web.config location element to specify folders as well as pages which makes it a very powerful construct.
Tags: Authenticated users, Authentication, Forms authentication, Login.aspx, protect site, web.config file
Posted in Microsoft Technology, Purely Technical | No Comments »
