In an attempt to simplify our web.config, I wanted to break out the NWebsec configuration into a separate file using the configSource attribute:
web.config<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="nwebsec">
<section name="httpHeaderSecurityModule" type="NWebsec.Modules.Configuration.HttpHeaderSecurityConfigurationSection, NWebsec, Version=4.2.0.0, Culture=neutral, PublicKeyToken=3613da5f958908a1" requirePermission="false" />
</sectionGroup>
</configSections>
<nwebsec configSource="App_Config\NWebsec.config" />
<!--- remainder of file omitted for brevity -->
</configuration>
App_Config\NWebsec.config<?xml version="1.0"?>
<nwebsec>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<redirectValidation enabled="true">
<!-- omitted for brevity -->
</redirectValidation>
<securityHttpHeaders>
<!-- omitted for brevity -->
</securityHttpHeaders>
</httpHeaderSecurityModule>
</nwebsec>
When I make a request to the application I now receive a HTTP 500 error with no other details. There is also nothing related in the Windows Event Viewer.
Is what I'm attempting possible with NWebsec configuration?
How do I get more detail on the error which is occurring and causing the HTTP 500 response?
I believe this is because the nwebsec element is defined as a sectionGroup:
<sectionGroup name="nwebsec">
<section name="httpHeaderSecurityModule" type="..." />
</sectionGroup>
The configSource attribute works for the section element only.
Amending the web.config:
<nwebsec>
<httpHeaderSecurityModule configSource="App_Config\NWebsec.config" />
</nwebsec>
In addition to amending the root element of the referenced file (App_Config\NWebsec.config), enables this to work as desired:
<?xml version="1.0"?>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<redirectValidation enabled="true">
...