Cannot use a leading to exit above the top directory

Question

I have a asp net web site with it we have admin area with login page for admin only and all site is allowed for all - i need to ask how to define the right security configuration for it as i get this error   Cannot use a leading    to exit above the top directory   Description  An unhandled exception occurred during the execution of the current web request  Please review the stack trace for more information about the error and where it originated in the code    Exception Details  System Web HttpException  Cannot use a leading    to exit above the top directory   Source Error    An unhandled exception was generated during the execution of the current web request  Information regarding the origin and location of the exception can be identified using the exception stack trace below     Stack Trace      HttpException  0x80004005   Cannot use a leading    to exit above the top directory      System Web Util UrlPath ReduceVirtualPath String path   8862087    System Web Util UrlPath Reduce String path   52    System Web Util UrlPath Combine String appPath  String basepath  String relative   214    System Web UI Control ResolveClientUrl String relativeUrl   180    System Web UI WebControls Image AddAttributesToRender HtmlTextWriter writer   68    System Web UI WebControls WebControl RenderBeginTag HtmlTextWriter writer   20    System Web UI WebControls WebControl Render HtmlTextWriter writer   20    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI Control RenderControl HtmlTextWriter writer   25    System Web UI Control RenderChildrenInternal HtmlTextWriter writer  ICollection children   134    System Web UI Control RenderChildren HtmlTextWriter writer   19    System Web UI HtmlControls HtmlForm RenderChildren HtmlTextWriter writer   163    System Web UI HtmlControls HtmlContainerControl Render HtmlTextWriter writer   32    System Web UI HtmlControls HtmlForm Render HtmlTextWriter output   51    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI HtmlControls HtmlForm RenderControl HtmlTextWriter writer   40    System Web UI Control RenderChildrenInternal HtmlTextWriter writer  ICollection children   134    System Web UI Control RenderChildren HtmlTextWriter writer   19    System Web UI Control Render HtmlTextWriter writer   10    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI Control RenderControl HtmlTextWriter writer   25    System Web UI Control RenderChildrenInternal HtmlTextWriter writer  ICollection children   134    System Web UI Control RenderChildren HtmlTextWriter writer   19    System Web UI Page Render HtmlTextWriter writer   29    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI Control RenderControl HtmlTextWriter writer   25    System Web UI Page ProcessRequestMain Boolean includeStagesBeforeAsyncPoint  Boolean includeStagesAfterAsyncPoint   1266  my configuration file       lt authentication mode  Forms  gt     lt forms name   ASPXFORMSAUTH  protection  All  loginUrl  Admin LoginPage aspx  path     enableCrossAppRedirects  true  gt     lt  forms gt   lt  authentication gt   lt authorization gt     lt deny users       gt   lt  authorization gt

User · Answer

You have an image or a favicon link of the style ="../" somewhere, that if the "../" were valid, would go beyond the top of the site, like this:

Image:

http://example.com/Images/test.jpg

Page

http://example.com/Pages/test.aspx

Valid on that page: ../Images/test.jpg
Would throw an error: ../../Images/test.jpg

User · Answer

I had the problem occur on my system in a very strange way  In my system customers create products that sit inside a directory structure of product categories  So ProductA might sit in the folder CategoryInner inside the folder CategoryOuter  I had just added a feature where my URL would show the category nesting on the URL thusly   http   www somedomain com product CategoryOuter CategoryInner ProductA aspx  Obviously the nesting on the URL was just for SEO purposes  and to show the user what category their product was sitting in  But when I used ResolveClientUrl on some URLs that used to work  it must ve been confused by the extra fake pathing  The error message was popping up in the debugger on some line that was never the problem so it took me quite some time to figure out what was going on  I wnet through and removed all of my ResolveClientUrl calls that acted on anything that didn t start with a   and made the rest of the paths absolute paths

User · Answer

What this means is that your web page is referring to content which is in the folder one level up from your page  but your page is already in the website s root folder  so the relative path is invalid  Judging by your exception message it looks like an image control is causing the problem   You must have something like    lt asp Image ImageUrl     foo jpg    gt    But since the page itself is in the root folder of the website  it cannot refer to content one level up  which is what the leading     is doing

User · Answer

You can use   img myImage png instead  of    img myImage png to avoid this error in ASP NET pages

User · Answer

It means that one of the paths has a      at the beginning of it that would result in exiting the web site s root folder hierarchy  You need to google  asp net relative paths  or something like that to help you with your problem   BTW  a hint to where the problem is is included in the exception page that you saw  It will actually tell you what file it found the problem in   To head off future occurences of this exception  do a search in the entire solution for this string         If you find any of those in files in the root path of your web site  address them

User · Answer

I moved my project from  standard  hosting to Azure and get the same error when I try to open page with url-rewrite  I e  rule is     lt add key   iPod-eBook-Creator html  value   Product ProductDetail PRODUCT UID IPOD EBOOK CREATOR    gt    try to open my site iPod-eBook-Creator html and get this error  page my site Product ProductDetail PRODUCT UID IPOD EBOOK CREATOR can be opened without any problem    I checked the fully site - never used    to  level up

User · Answer

I got same problem    and I did it   My code before    lt link rel  stylesheet  href     css style default css  type  text css    gt    And the problem solved after I changed my code into this    lt link rel  stylesheet  href  css style default css  type  text css    gt    So I think  href      is not allowed  because I don t have problem when I use       in  src

User · Answer

I know these answers are enough  but I ll show the place that s throwing an error   If you have the structure like the below      Src Master cs -  Master Form Page    Invoice SubFolder InvoiceEdit aspx -  Sub Form Page    If you enter the sub form page  you ll get an error when you use similar like that you ve used in master page  Page ResolveClientUrl    Style img logo small png     Now ResolveClientUrl is situated in the master page and trying to serve the root folder  But since you are in the subfolder  the function returns something like       Style img logo small png  This is the wrong way   Because when you re up two levels  you are not in the right place  you need to go up only one level  so something like

User · Answer

In my case it turned out to be commented out HTML in a master page   Who knew that commented out HTML such as this were actually interpreted by ASP NET    lt  --  lt link rel  icon  href        favicon ico  gt  -- gt

User · Answer

I had such a problem and the answer  although frustrating to find  was solved by doing a search on the offending page for the      in the error message   I am using Visual Studio Express and the solution was changing        Images   to    Images      Hopefully this will help someone

[asp.net] Cannot use a leading ../ to exit above the top directory

Examples related to asp.net

Examples related to .net

Examples related to security

Examples related to url

Examples related to configuration