How do I secure one aspx page with basic authentication, in a website running IIS 8 (Windows Server 2012)? The Forms authentication is used elsewhere on the website, but I need a temporary protection to this particular file with Basic Authentication.
In IIS, I have disabled anonymous authentication on the folder where the file resides, and enabled the Basic Authentication. I have also created the new local user, and given it permissions to read the folder. I would like to use this username/password to access the resource.
Yet, I can access the file without seeing any user name/password prompts.
Try the steps below:
On the IIS Manager application, access your website and select the directory that you want to protect.
On the right part of the screen, access the option named: Authentication.
Disable the Anonymous authentication on the selected directory.
Enable the basic authentication on the selected directory.
In this example, i configured the IIS server to use the basic type of authentication and configured the IIS server to require authentication to access a directory. As an administrator, create a local user account.
net user /add xxxx
To test the installation, open the browser and try to access the protected directory. Enter the URL in the Browser, the IIS server will require you to perform the user authentication.
I have a SilverStripe 4.1 site (upgraded from 3.4) running on an Ubuntu Vagrant VM. I have the following .env file:
# Default Admin
SS_DEFAULT_ADMIN_USERNAME="admin"
SS_DEFAULT_ADMIN_PASSWORD="password"
# DB credentials
SS_DATABASE_CLASS="MySQLPDODatabase"
SS_DATABASE_SERVER="127.0.0.1"
SS_DATABASE_USERNAME="user"
SS_DATABASE_PASSWORD="pass"
SS_DATABASE_NAME="silverstripe"
# environment
SS_ENVIRONMENT_TYPE="dev"
The site otherwise works, and complains when .env is deleted, so it's being read by the site.
However, when I go to /admin to log in with the above admin username and password the login page just refreshes with this message:
You must be logged in to access the administration area; please enter your credentials below.
I've tried moving the .env file to different locations. Multiple dev/build?flush=all, a flush=all on the login page itself and manually deleting the silverstripe cache in /tmp. There are no errors on screen or in the logs.
Has anyone had this issue before, or can guess what may be causing this, or how I might trap any errors in a log?
The issue was the client side cookies on the site. Something in the cookies must have been incorrect after the update, causing the log in to never go to the correct admin URL.
Using an incognito browser tab (or another browser) worked correctly, showing that the cookies needed to be cleared. I cleared my domain cookies and then the log in worked correctly again.
I have a WordPress instance running locally on my mac with XAMPP.
It's working fine but when I want to install something I have to login with my ftp username and password.
I've tried to use my username and password which I use to logon to WordPress. Also I used my tried my database credentials. I really have no idea which other logon credentials I should have.
FTP credentials do not refer to your login details, it refers to credentials for File Transfer Protocol, it is given to you when you purchase a web hosting service or setup one yourself on your machine.
An alternative to this would be to download the plugin or theme you want and paste it to your /{website folder}/wp-content/themes or /{website folder}/wp-content/plugins
Try to
Right click to htdocs folder, choose Get info
Click the lock icon, type your MacOS account password to unlock below options.
Allow everyone Read & Write permission, the click the cog icon and choose Apply to enclosed items..., this should apply all r+w permission to sub-folders.
Done
I'm am using the Bonobo Git Server on IIS for a while and it works fine.
I hardly ever use the web interface and if I do, I log in as a normal user.
Today I logged in as the administrator but the admin links at the top are missing.
Normally I should see:
but I only get the normal user links, the create new repository button doesn't show up and when I go to:
../Settings/Index
I get an:
Unauthorized - You don't have permission for the selected action or page
I am sure I'm logged in as the admin user and the role membership has not been changed, but it seems I'm just a normal user.
There are no errors in the Bonobo or Windows logs.
I copied the site to my local server and the same files work just fine, I see the full admin interface.
I know some server hardening has taken place on the production server, but I don't know the details.
Does anybody has an idea what could case this?
I investigated the "server hardening" on the production machine and it turns out they remove many unused modules and handlers from IIS on the machine level.
They did tests on all sites and the Bonobo Git Server seemed to work fine.
Considering the problem, the admin user is not recognized as an admin, I looked at the source code for Bonobo and they are using User.IsInRole.
So it seems it they are using the ASP.NET membership provider.
I then looked at the removed IIS modules, one of them is:
System.Web.Security.RoleManagerModule
removing that locally resulted in exact the same problem I experienced on the production server.
So I ask the server admin to add that module back in:
New-WebManagedModule -Name RoleManager -Type System.Web.Security.RoleManagerModule -Precondition "managedHandler"
and everything is working fine, the admin user is a full administrator again.
I am trying to FTP to a new FTP site I setup with IIS 7.0 for the Windows Server Web (64-bit) edition. But I get the above error when I try to login to this site. But I can login to my other FTP sites.
Also, when I select this website from IIS Manager, the FTP section does not display in the middle section although it does display in Action panel. And I cannot successfully login to this FTP site either.
I have checked and I have Log on locally selected. I do not have allow only anonymous connections. I have Access this computer from the network selected.
I restarted my IIS and FTP services also.
The one different thing I noticed about this website in IIS different from the other site that has FTP working is that this one there are 3 virtual directories beneath the site. And that when I click on any one of these 3, then the FTP strip does appear in the center pane. Make sense?
How can I debug cause of this error? Any SW tools I can use?
Have you tried logging in from the FTP server? If you do this, and have "Show detailed messages from local requests" enabled under FTP Messages, then you'll get a clearer idea as to why the login if failing. In my case I got the following message (I am using IIS Manager Users, and Passthrough authentication)
530-User cannot log in.
Win32 error: Access is denied.
Error details: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
Error: Cannot read configuration file due to insufficient permissions
To solve this I gave the NETWORK SERVICES user read only access to the config directory specified in the error message. I'm not 100% sure this is the right thing to do, but it certainly fixed this issue for me.
in my situation, I was missing Role Service FTP extensibility, which is actually allows IIS Manager Auth.
This is pretty tricky, as you could allow IIS Manager auth, but still it would not work until you have not installed FTP Extensibility
In my case I forgot to enable the Basic authentication
There seem to be many different possible causes. In my case, I was unable to login with the plain "username" with the same error as mentioned.
It was solved when I logged in with ".\username" instead.
For some reason the FTP client was trying to login with a domain account, while I just wanted to login with a local computer account.
Hope this helps someone.
Try submitting your credentials in this format:
UserName: Domain|Username
Password: secretSquirrel
I had the same problem, I removed the FTP site and followed this:
http://www.iis.net/learn/publish/using-the-ftp-service/configure-ftp-with-iis-manager-authentication-in-iis-7
Prerequisites - I set the permissions on the folders using the 4 command samples but this did not alone fix the issue, so I cannot in good faith say this step is needed, but it is what I did and it now works.
CONFIGURE THE IIS MANAGEMENT SERVICE AND ADD AN IIS 7 MANAGER -
Just do step 4, removing the existing user first and then re-adding them.
Creating a New FTP Site and Configuring an IIS 7 Manager Account -
All the steps here
CONFIGURE THE FTP SITE TO USE IIS 7 MANAGER AUTHENTICATION
All 12 steps here, including the "administrator" setting in step 5.
Then it started working for me, I am guessing when I did this without a guide I skipped something simple.
In My case I have made that user a member of IIS_IUSERS.
Using IIS Users.
Do not isolate users -> User name directory was working fine. Users started in the right folder.
When I was switching to Isolate Users -> User name Directory I had the following error:
Response: 530 User cannot log in, home directory inaccessible.
Win32 error: The system cannot find the path specified.
For some reason, you need to add the LocalUser virtual directory that points to your root.
It has to be that exact name and it's case sensitive.
That worked for me.
Per this knowledgebase article, you would need the log on locally privilege enabled.
http://support.microsoft.com/kb/200475
I had the exact same error. In my case, I was using a local user defined on the server running FTP. The username was very short (3 characters). I could "run as" this user on the server, confirming that Windows was Ok with it, and allowed it to authenticate. But when testing FTP, it would return User cannot log in.
Solution? I renamed the user to be longer (4 characters). Of course, updated its name under Authorization as well. Then FTP worked. Hope it helps someone!
For me, I've configured the IIS as per usual procedure properly. The anonymous authentication was working but specific user are not.
because, the user accounts were created in IIS. Actually it was also supposed to be created Windows local accounts.
Then it worked.
Please Check the security of folder which is use that ftp .
see if the user or group you select for that ftp is associate with security of that folder .
In my case I had to remove domain from user.
So, your user should be like username, not like domain\username.
Hope it helps to somebody.
For some reason my user was "locked". So I could "unlock" it at local user manager (computer management). Now it works fine. I hope it helps.
I would recommend checking FTP logs first. The status code will give you more information about the issue. Here is the explanation of the status codes: The FTP status codes in IIS 7.0 and later versions
I had this issue because my IIS didn't support passive mode. After entering data in FTP Firewall Support module, the issue was solved.
More scenarios from this post 530 User cannot log in, home directory inaccessible
Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
I spent long time looking for a solution, I've tried every shared answer on the internet and nothing could solve the issue. It is an issue I was ignoring for years and I never could fix.
Ok, I've Plesk installed and I'm not sure if it has some effect on IIS FTP to do the following behavior ...
Using Process Monitor tool, and making ftp login request and watching the tool and doing your investigation using this tool, you can get a hint about the REAL reason of the problem.
For me, I found out that IIS FTP was trying to access the ftp folder from a path DIFFERENT than the actual ftp path I've set, I do not know why, but maybe Plesk has some effect on this.
The actual ftp path is
C:\inetpub\vhosts\zidapp
The path that IIS FTP was trying to access DURING the login process is
C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user
I fixed the issue by creating a folder link from 'actual' folder path to the path IIS was trying to access - using the tool mklink tool
CMD command
mklink /d C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user "C:\inetpub\vhosts\zidapp"
I've fixed the issue that way, so wen FTP is trying to access the folder from the wrong path, it is now goes to the correct one.
Please note doing folder shortcut wont work for this, you need a link like linux, not a shortcut ...
I hope it will help you :)
You can check the reference account you are using to log in.
Mine happened to be locked out causing the 530 error.