Hi,
I said Web.config not Machine.config.
In my C:\WINNT\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config I see
<httpHandlers>
<add path="*.config" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" />
....
</httpHandlers>
That's the line I suggested you would neeed to remove.
Regards,
Viv
>>Since MS say these settings are the default I thought you would need to *remove* them from the relevant root web.config. But it was just a thought - haven't had time to check it out..... (Also not at all sure it's a good idea from a security POV)
>
>The Machine.config file does not contain any entries in that section. I have read that the default should be that some definitions are in there. So, this is why I added it in here. IAC, my global.asax file was conflicting with the httpHandlers defined in here because of the events I have defined in it.