Cannot use a leading to exit above the top directory

Question

I have a asp net web site with it we have admin area with login page for admin only and all site is allowed for all - i need to ask how to define the right security configuration for it as i get this error   Cannot use a leading    to exit above the top directory   Description  An unhandled exception occurred during the execution of the current web request  Please review the stack trace for more information about the error and where it originated in the code    Exception Details  System Web HttpException  Cannot use a leading    to exit above the top directory   Source Error    An unhandled exception was generated during the execution of the current web request  Information regarding the origin and location of the exception can be identified using the exception stack trace below     Stack Trace      HttpException  0x80004005   Cannot use a leading    to exit above the top directory      System Web Util UrlPath ReduceVirtualPath String path   8862087    System Web Util UrlPath Reduce String path   52    System Web Util UrlPath Combine String appPath  String basepath  String relative   214    System Web UI Control ResolveClientUrl String relativeUrl   180    System Web UI WebControls Image AddAttributesToRender HtmlTextWriter writer   68    System Web UI WebControls WebControl RenderBeginTag HtmlTextWriter writer   20    System Web UI WebControls WebControl Render HtmlTextWriter writer   20    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI Control RenderControl HtmlTextWriter writer   25    System Web UI Control RenderChildrenInternal HtmlTextWriter writer  ICollection children   134    System Web UI Control RenderChildren HtmlTextWriter writer   19    System Web UI HtmlControls HtmlForm RenderChildren HtmlTextWriter writer   163    System Web UI HtmlControls HtmlContainerControl Render HtmlTextWriter writer   32    System Web UI HtmlControls HtmlForm Render HtmlTextWriter output   51    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI HtmlControls HtmlForm RenderControl HtmlTextWriter writer   40    System Web UI Control RenderChildrenInternal HtmlTextWriter writer  ICollection children   134    System Web UI Control RenderChildren HtmlTextWriter writer   19    System Web UI Control Render HtmlTextWriter writer   10    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI Control RenderControl HtmlTextWriter writer   25    System Web UI Control RenderChildrenInternal HtmlTextWriter writer  ICollection children   134    System Web UI Control RenderChildren HtmlTextWriter writer   19    System Web UI Page Render HtmlTextWriter writer   29    System Web UI Control RenderControlInternal HtmlTextWriter writer  ControlAdapter adapter   27    System Web UI Control RenderControl HtmlTextWriter writer  ControlAdapter adapter   99    System Web UI Control RenderControl HtmlTextWriter writer   25    System Web UI Page ProcessRequestMain Boolean includeStagesBeforeAsyncPoint  Boolean includeStagesAfterAsyncPoint   1266  my configuration file       lt authentication mode  Forms  gt     lt forms name   ASPXFORMSAUTH  protection  All  loginUrl  Admin LoginPage aspx  path     enableCrossAppRedirects  true  gt     lt  forms gt   lt  authentication gt   lt authorization gt     lt deny users       gt   lt  authorization gt

User · Answer

I had the problem occur on my system in a very strange way. In my system customers create products that sit inside a directory structure of product categories. So ProductA might sit in the folder CategoryInner inside the folder CategoryOuter. I had just added a feature where my URL would show the category nesting on the URL thusly:

http://www.somedomain.com/product/CategoryOuter/CategoryInner/ProductA.aspx

Obviously the nesting on the URL was just for SEO purposes (and to show the user what category their product was sitting in. But when I used ResolveClientUrl on some URLs that used to work, it must've been confused by the extra fake pathing. The error message was popping up in the debugger on some line that was never the problem so it took me quite some time to figure out what was going on. I wnet through and removed all of my ResolveClientUrl calls that acted on anything that didn't start with a ~ and made the rest of the paths absolute paths.

User · Answer

It means that one of the paths has a      at the beginning of it that would result in exiting the web site s root folder hierarchy  You need to google  asp net relative paths  or something like that to help you with your problem   BTW  a hint to where the problem is is included in the exception page that you saw  It will actually tell you what file it found the problem in   To head off future occurences of this exception  do a search in the entire solution for this string         If you find any of those in files in the root path of your web site  address them

User · Answer

I got same problem    and I did it   My code before    lt link rel  stylesheet  href     css style default css  type  text css    gt    And the problem solved after I changed my code into this    lt link rel  stylesheet  href  css style default css  type  text css    gt    So I think  href      is not allowed  because I don t have problem when I use       in  src

User · Answer

You can use   img myImage png instead  of    img myImage png to avoid this error in ASP NET pages

User · Answer

I know these answers are enough  but I ll show the place that s throwing an error   If you have the structure like the below      Src Master cs -  Master Form Page    Invoice SubFolder InvoiceEdit aspx -  Sub Form Page    If you enter the sub form page  you ll get an error when you use similar like that you ve used in master page  Page ResolveClientUrl    Style img logo small png     Now ResolveClientUrl is situated in the master page and trying to serve the root folder  But since you are in the subfolder  the function returns something like       Style img logo small png  This is the wrong way   Because when you re up two levels  you are not in the right place  you need to go up only one level  so something like

User · Answer

I had such a problem and the answer  although frustrating to find  was solved by doing a search on the offending page for the      in the error message   I am using Visual Studio Express and the solution was changing        Images   to    Images      Hopefully this will help someone

User · Answer

I moved my project from  standard  hosting to Azure and get the same error when I try to open page with url-rewrite  I e  rule is     lt add key   iPod-eBook-Creator html  value   Product ProductDetail PRODUCT UID IPOD EBOOK CREATOR    gt    try to open my site iPod-eBook-Creator html and get this error  page my site Product ProductDetail PRODUCT UID IPOD EBOOK CREATOR can be opened without any problem    I checked the fully site - never used    to  level up

User · Answer

In my case it turned out to be commented out HTML in a master page   Who knew that commented out HTML such as this were actually interpreted by ASP NET    lt  --  lt link rel  icon  href        favicon ico  gt  -- gt

User · Answer

You have an image or a favicon link of the style        somewhere  that if the       were valid  would go beyond the top of the site  like this   Image   http   example com Images test jpg   Page  http   example com Pages test aspx   Valid on that page     Images test jpg Would throw an error        Images test jpg

User · Answer

What this means is that your web page is referring to content which is in the folder one level up from your page  but your page is already in the website s root folder  so the relative path is invalid  Judging by your exception message it looks like an image control is causing the problem   You must have something like    lt asp Image ImageUrl     foo jpg    gt    But since the page itself is in the root folder of the website  it cannot refer to content one level up  which is what the leading     is doing

[asp.net] Cannot use a leading ../ to exit above the top directory

Examples related to asp.net

Examples related to .net

Examples related to security

Examples related to url

Examples related to configuration