web-config

问题 Oi, some vendor is telling my bosses that not encrypting the web.config is big security hole. This sounds like bunk to me. I mean, if someone compromises the server aren't we screwed anyways? 回答1: The encryption does not mean that you are protected. The private key needed for decryption is stored on the server, so if your server is compromised your web.config can be decrypted. We only encrypt the connection string section of the web.config. It helps prevent other prying eyes from easily

问题 I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work. for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

问题 Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory: <authorization> <allow roles="Global, Region" /> <deny users="*" /> </authorization> I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this: <authorization> <allow

问题 I'm currently developing custom error pages in my error handling code for my MVC application. But I'm unclear as to which HTTP status codes I'm meant to cover. Question: is there a typical list of HTTP status codes that should be catered for? Alot articles which explain how to do MVC error handling and custom error pages but appear to only show several of the HTTP Status Codes: 403, 404, and 500 in their error handling code. What about HTTP Status Code: 408 as an example? Should this be

问题 I'm migrating to Nhibernate 2.0 GA but have some trouble with setting cache expirations in memcached provider. I see in the NHibernate.Caches.MemCache sources that there is a property for expiration and a default value for 300 seconds. There are also properties for cache regions but the config section handler does not seem to map them. Is there some other way cache expiration times are set that is not provider specific -- Here is functional web config section (without an expiration settings

问题 Whenever I add this line to my web.config in the system.webServer section: <serverRuntime /> With our without properties, IIS 7.5 just serves up a blank page instead of the website. I created a new empty Web Application using IIS and added the line to the web.config; blank page. What am I doing wrong? 回答1: I had this exact problem and solved it by unlocking the serverRuntime section of the applicationHost config. Command to run at console: %windir%\system32\inetsrv\appcmd unlock config

问题 This issue happens seemingly randomly after publishing. The site will work fine and then bam, I get this error parsing the webconfig. I just republish and it works fine for a bit again. When publishing, I checked the box to remove existing files so there shouldn't be garbage laying around. This is an MVC4 project using .net 4.5 and Azure Access Control Service (ACS) integrated with Yahoo!. This error occurs when redirecting back from Yahoo. This way happening every time, but I found a post

问题 When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http. <rewrite> <rules> <rule name="Redirect to https"> <match url="(.*)"/> <conditions> <add input="{HTTPS}" pattern="Off"/> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/> </rule> </rules> </rewrite> But when I run the same code in my local machine it gives the below error. This site can’t provide a secure

问题 When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http. <rewrite> <rules> <rule name="Redirect to https"> <match url="(.*)"/> <conditions> <add input="{HTTPS}" pattern="Off"/> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/> </rule> </rules> </rewrite> But when I run the same code in my local machine it gives the below error. This site can’t provide a secure

问题 Is it possible to separate ConnectionStrings and mailSettings from web.config? Devel environment has different IP addresses for connectionstrings and smtp mails because of development and testing. We dont want to do tests and devel using live machines and live IP addresses. Is it possible? 回答1: I found the answer on MSDN: <configuration> <connectionStrings configSource="connections.config"/> </configuration> With file connections.config containing <connectionStrings> <add name="name"