Web.config ignoring module

Question

I'm trying to use an http module and corresponding configuration section that I downloaded from http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx. However, my application seems to be ignoring these added items.

I set up a test application with the specified configuration and it ran fine. When I tried to add the same configuration to an existing application, it ran but did not perform as it should have with the new module. After going crazy trying to troubleshoot it, I changed the lines in the config file to read as:

<httpModules>
    <add name="SecureWebPage" type="V" />
</httpModules>

V is obviously not a valid type, but the application starts up and runs as if this erroneous line wasn't even there.

Does anyone have an idea as to why these sections seem to be completely ignored in my web.config?

Answer 1

The problem was that I'm using IIS 7 and the application was running the the DefaultAppPool. The default app pool, running in pipeline integrated mode, uses a different module definition scheme than IIS 6 did.

Either you can move the application to the Classic .NET app pool (what I did because our server runs IIS 6), or you can move the module definition within the web.config file as explained in this article (http://www.byteblocks.com/post/2010/09/16/HttpModule-Not-Working-In-IIS7.aspx).