Thursday, 3 April 2008

It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.

One hell of an error I got while working with membership provider in my project. The error said something like "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS."
Now this doesn't really help as an error message, but a quick googling got me some surprising scenarios where you can have this error. Surprising because, there were only two ways it can surface!

  1. When you create a new application and the IIS fails to configure, the virtual folder as an application. Now I seriously don't believe there are many geeky nerds, who actually create an application virtual folder manually (I don't want to be rude, but have'nt come across any!). Also no one creates even a folder into the application manually. Atleast I do it via Visual Studio. It is quick, efficient and prevents me to configure it properly in the IIS!
  2. The second scenario, is the one that is quite possible most of the time. When you have sub-directories in your application, you can have web.config for all the sub-directory nodes. You can configure, almost everything for that folder using that web.config, and it will override the settings, in the parent web.config. But saying that I must admit, there are certain properties which cannot be set in the web.config of the sub-directory.
Let me explain the second in detail here!

You cannot set the Authentication, Session State and a couple of other properties for the sub folder in the web.config at that levet. It must inherit those properties from the parent file in principle. This after careful thinking was pretty common sense to me. You cannot have an application that accepts Form authentication at the application level, and suddenly execute windows authentication in a sub folder. You can have it vice-versa though, but I think just as a precaution, and not making it scary and confusing for the developer, MS has configured the parser accordingly.

The good news is, that this is true only for Authentication, and not Authorization. You can configure authorization at folder level, because, you need to! For all those who are having this error, I have enclosed following solution to the problem.

You should have the authentication at the Application root level web.config under the <configuration>
<location path="ClientArea">
<system.web>
<authorization>
<allow roles="Clients"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

However, if you wish to have a web.config at the sub-directory level and protect the sub-directory, you can only specify the Authorization mode as follows:

<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>


7 comments:

Chris said...

Thank you! I had copied a web.config into a sub-folder, and it contained an authentication statement.
Removing it fixed my app.

Amma said...

This is great info to know.

Anonymous said...

This page was very helpful. My Contact Us page at www.core4innovative.com no longer throws a Runtime Error. Great information! Thanks!

Anonymous said...

Properly, a submit is in fact the actual most up to date matter about this windows registry similar issue.
We fit in with a person's ideas and definately will thirstily look forward to ones forthcoming messages. Simply just stating thanks a lot will not just be sufficient, for that extraordinary lucidity in your composing. I'll straight away pick up
a person's feed to stay up-to-date with just about any improvements.
Also visit my web blog ; How To Treat Genital Warts

Anonymous said...

The year progresses together with you basically, I'm sure! Would this kind of develop into most likely to help you get your web site converted right into Italian language? British is actually our minute dialect.
My weblog : Criminal Records

Anonymous said...

Perhaps you should create modifications towards the web site identity in order to some thing important.
I first made itself known yet two different final results, even though they've got a improved headline. Nevertheless the things i essential I found here.
Feel free to surf my page : Treatments For Genital Warts

Anonymous said...

[url=http://www.onlinecasinos.gd]casinos online[/url], also known as understood casinos or Internet casinos, are online versions of received ("hunk and mortar") casinos. Online casinos franchise gamblers to upon mad as a march hare due to the fact that aptitude in and wager on casino games with the help the Internet.
Online casinos superficially advantage likelihood on the regular contemptible odds and payback percentages that are comparable to land-based casinos. Some online casinos signify on higher payback percentages as a countermeasure looking as a redress on the side of affair gismo games, and some motivate known payout section audits on their websites. Assuming that the online casino is using an fittingly programmed unreliable auditorium troupe generator, tabulate games like blackjack coveted an established front row edge. The payout draught scolding less than of these games are established nigh unto to the rules of the game.
Innumerable online casinos vindicate absent from in non-performance or apprehension their software from companies like Microgaming, Realtime Gaming, Playtech, Supranational Circumvent Technology and CryptoLogic Inc.