I have a strange issue with aps.net which using windows Authentication, here is the scenario, I have APS.net application using the Windows Authentication, NTLM ... all my users on the Active Directory have access to the web application when they want, the issue that sometimes some users can't access to the system anymore, where they used to have access before, when they put their username#domain and the password in the pop-up login in the browser, the pop-up keep popping up like they have put a wrong username or password, we tried to log in to other services like email, laptop, using the same user name and password and it works fine, but not with the web application! any idea how or where to start my investigation? logs file? something similar? here is my IIS authentication setting:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
After many days of investigating the issue, it turned out that the issue is because of expired password.
Related
I have the application pool of a web application set to run as a user called WebUser.
I have the following sections in my web.config:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="false" />
I have created a file called a.txt and given only WebUser permissions on it. If I navigate to this file then I get a 401 error. However if I give my own user account access to this file then I can access it.
So it seems that the application is impersonating my identity. How can I make it run as the application pool user instead?
EDIT: Also - if I enable impersonation and make it impersonate WebUser then I still get a 401 error.
Thanks,
Joe
Ok I solved this by going to the site's advanced settings and changing the Physical Path Credential Logon Type to Interactive. I also had to set Physical Path Credentials to Specific User and enter WebUser's credentials, this stopped it from impersonating the authenticated user when accessing files.
Joe
I have a simple ASP.Net page with VB code running on WIN7 Enterprise VM with IIS 7.5 on which I need to get the visitors domain username on load and store it in a string variable.
The page is hosted internally on our domain and IIS is setup to authenticate anonymously.
I am getting the username with the following code: Environment.Username but of course it always says that the logged on user is IUSR
I installed the Windows Authentication component for IIS but don't know how to get it to work properly. I only started with ASP and IIS last month so I am very new to this. I only want this to apply to a specific folder so I selected it and enabled Windows Authentication, set it NTLM, and disabled Anonymous + ASP Impersenation. That didnt work. I think I tried every combination possible and all I am getting is either error 500, 404 because it tries to redirect to some login page which doesnt exist and sometimes I would get a username/password prompt but even then it wont accept anything
I dont want to prompt users, I just want to pass their existing logon info and open the page. Can someone please tell me how to set this up. I spent all day looking at hundreds of forums and sites and could not get it to work.
I also added the following to the web.config file:
<Identify impersonate="true" />
Thanks
Make sure you specify authorized users in web.config:
<authentication mode="Windows" />
<authorization>
<allow roles="mydomain\someADgroup"/>
<allow users="mydomain\somuser"/>
<allow users="*" /> <!-- if you want it open to anybody, as long as they are authenticated-- on the domain!>
</authorization>
i have applied windows authentication for asp.net project and it is working. when i try to access any secure page then first time login dialog comes....but why. when i already login to windows before running project then why should i again give my windows credential to access asp.net web project any secure pages.
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>
so guide me how to suppress the login dialog pop up. thanks
You need to configure your browser to automatically log you in. Your site probably needs to be in the local intranet zone. Windows Integrated Authentication is built into Internet Explorer. Some other bowsers may not support it.
I have my c# asp.net web application set up for windows authentication.
<authorization>
<deny users="?" /> <!-- Denies access to the anonymous user. -->
</authorization>
I have 2 issues.
Firstly, if I navigate to my site from my local PC, I get asked for a username/password to which I enter the credentials I use to log on to the server and these are successful and I gain access. However if I navigate to the site on the server via the internet browser, I get asked for the credentials to which I supply same - but it never lets me access, keep getting pop up to re enter my credentials. Any ideas why this might be so? Do I have incorrect configuration?
Secondly, is it possible to set up windows authentication when access the site from my local PC asking for username/password, but when accessing it on the server, I am not asked for such and can access the site without providing any details?
Have you selected "Integrated Windows Authentication" in the IIS for your web site?
What mode you have for the authentication in your web.config?
I've worked at this quite a bit, but cannot seem to find a good solution.
I have a ASP.NET app (.Net 3.5) with IIS which pulls the user machine name and username from the account. This works on my local machine, but when uploading using IIS it gives null or IIS APPPOOL/appname. On IIS I have "Integrated Windows Authentication" and "Anonymous" set and in my Web.config file
<authentication mode="Windows"/>
<identity impersonate="true"/>
And I am trying to access the user information a number of different ways, some are:
HttpContext.Current.User.Identity.Name
System.Threading.Thread.CurrentPrincipal.Identity.Name
System.Security.Principal.WindowsIdentity.GetCurrent().Name
Environment.UserName
Each of these work on my local machine, but when uploaded to the IIS server, everything gives invalid information. The app is internal, but I still need it to grab the Username without giving a login screen. Ideas?
Update: I've changed IIS to Anonymous Authentication Disabled and Windows Auth Enabled. And my web.config file I've tried the following
<authentication mode="Windows"/>
<!-- <identity impersonate="true"/> -->
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Sorry about the update, but are there any ideas?
For anyone following this and needing an answer, the problem lies in IIS. In the Authentication area in IIS only have ASP.NET Impersonation and Windows Authentication enabled, the others should be disabled. And in Windows Authentication, go to Advanced Settings and UNCHECK the Enable Kernel-mode authentication. The Authorization Rules area should allow for all users (note this is done in IIS, not in the config file) And the following code in config is necessary.
<system.web><authentication mode="Windows"/><identity impersonate="true"/></system.web>
Hope this helps someone, here's a couple links that helped me. Good luck!
http://msdn.microsoft.com/en-us/library/aa302377.aspx
http://www.eggheadcafe.com/tutorials/aspnet/1f12cd61-6bb3-4ffd-bac1-124d40837006/aspnet-request-identity--an-analysis.aspx