Cannot use a leading ../ to exit above the top directory
I have a asp.net web site with it we have admin area with login page for admin only and all site is allowed for all - i need to ask how to define the right security configuration for it as i get this error
Cannot use a leading .. to exit above the top directory. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Web.HttpException: Cannot use a leading .. to exit above the top directory. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [HttpException (0x80004005): Cannot use a leading .. to exit above the top directory.] System.Web.Util.UrlPath.ReduceVirtualPath(String path) +8862087 System.Web.Util.UrlPath.Reduce(String path) +52 System.Web.Util.UrlPath.Combine(String appPath, String basepath, String relative) +214 System.Web.UI.Control.ResolveClientUrl(String relativeUrl) +180 System.Web.UI.WebControls.Image.AddAttributesToRender(HtmlTextWriter writer) +68 System.Web.UI.WebControls.WebControl.RenderBeginTag(HtmlTextWriter writer) +20 System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer) +20 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +27 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +99 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +25 System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +134 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +19 System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +163 System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer) +32 System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +51 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +27 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +99 System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +40 System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +134 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +19 System.Web.UI.Control.Render(HtmlTextWriter writer) +10 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +27 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +99 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +25 System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +134 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +19 System.Web.UI.Page.Render(HtmlTextWriter writer) +29 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +27 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +99 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +25 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1266
my configuration file :
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" protection="All" loginUrl="Admin/LoginPage.aspx" path="/" enableCrossAppRedirects="true">
</forms>
</authentication>
<authorization>
<deny users="*" />
</authorization>
What this means is that your web page is referring to content which is in the folder one level up from your page, but your page is already in the website's root folder, so the relative path is invalid. Judging by your exception message it looks like an image control is causing the problem.
You must have something like:
<asp:Image ImageUrl="..\foo.jpg" />
But since the page itself is in the root folder of the website, it cannot refer to content one level up, which is what the leading ..\
is doing.
You can use ~/img/myImage.png
instead of ../img/myImage.png
to avoid this error in ASP.NET pages.
You have an image or a favicon link of the style ="../"
somewhere, that if the "../" were valid, would go beyond the top of the site, like this:
Image:
http://example.com/Images/test.jpg
Page
http://example.com/Pages/test.aspx
Valid on that page: ../Images/test.jpg
Would throw an error: ../../Images/test.jpg
It means that one of the paths has a ".." at the beginning of it that would result in exiting the web site's root folder hierarchy. You need to google "asp.net relative paths" or something like that to help you with your problem.
BTW, a hint to where the problem is is included in the exception page that you saw. It will actually tell you what file it found the problem in.
To head off future occurences of this exception, do a search in the entire solution for this string: "../". If you find any of those in files in the root path of your web site, address them.
In my case it turned out to be commented out HTML in a master page!
Who knew that commented out HTML such as this were actually interpreted by ASP.NET!
<!--
<link rel="icon" href="../../favicon.ico">
-->