I have a SharePoint site (http) hosted in IIS and it works fine on the intranet but when accessing through internet the prompt to key in the credentials keeps on popping and user is unable to login. I tried the suggestions mentioned here but those didn't help.
http://expertsharepoint.blogspot.sg/2013/10/sharepoint-site-is-prompting.html
Also I tried to add the website to "trusted sites" as mentioned in some of the links but that also didn't help.
So I enabled the https and now I am able to access through the internet but this way the app using the web services and SharePoint csom fails because of invalid certificate. Please know that I am aware of the workaround to ignore the invalid cert but that will require the code change in the whole app and I am not in position to do that.
My question is what else can I try and is there a way to access a SharePoint site by HTTP through the internet?
Thanks!
Related
I am having trouble calling an SSRS report server over SSL. I cannot figure out whether the issue is with my code or the configuration of either my web site or the SSRS site (both are under my control).
Below is some background. I am providing as much information as I can, because I don't know where the problem is. Some of it may not be relevant.
Web site (ASP.NET 4.0) and SSRS (2008 R2) are running on same server.
Everything works fine when both are running using http/port 80
Error returned by the SSRS url is "The remote server returned an error: (401) Unauthorized."
Certificate is fine, just created and installed it.
Certificate specified under https binding in IIS, and under SSL info for SSRS.
Web site uses anonymous authentication.
Application Pool Identity of web site is same domain user as SSRS service account. This same user is assigned to the "Browser" role in SSRS.
I have tried opening the HTTPS URL both with and without specify port 443
SSRS URL uses same sub domain as web site and both match the certificate
In my code, before calling GetResponse, I set Credentials to CredentialCache.DefaultCredentials. Also tried DefaultNetworkCredentials and leaving that line of code completely out.
Even though SSRS is running on the same server as the web site, I cannot "see" the SSRS site in IIS (seems weird and a mystery I haven't been able to solve). I do not see more than one version of IIS installed.
Nothing in SSRS logs (nothing, no indication that SSRS ever even got the request)
My intuition says this is a configuration setting somewhere, rather than a code issue, but I cannot figure it out. I've read a little about impersonation and wondering if that is what I need. I'd rather not bypass certificate validation unless that is the proper approach in circumstances such as this. If this is the problem, I want to do it properly.
i am deploying an ASP.NET 4.0 Application to a production server .
The server is an intranet server. In the binding of the site, I assigned an IP Address and a port number and it works fine in the form http://xx.x.xx.x:888/. Then I would like our user to use a friendly URL to access to the website. So I asked our IT manager to assign a friendly URL to this url. the friendly URL is like this http://sitename.mycompanyname.ca:888.
The problem is when I try accessing the site with the friendly URL it keeps pop-asking me for my credential and never lets me get into the site. Thanks for your helping.
Server environment:
Windows 2008
IIS 7.5
Server and users are all in intranet.
*Update:
If I stop the site, it gives me another "Internet explorer cannot display the page" error. So I guess this site is taking care of the request for this host name
I found that I can browse this site using host name if I am on the production server.But it doesn't work if I try on another computer.
Just found that It doesn't work with IE 9 32 bit but it works with Chrome and firefox, which is very weird...
*
The site's authentication and authorization is like below
I don't see that you mentioned this, but did you try adding the port to your friendly URL? ie. http://sitename.mycompanyname.ca:888 ?
Let us know!
Ricky
Enable anonymous authentication. That's it ;)
http://technet.microsoft.com/nl-nl/library/cc770966%28v=ws.10%29.aspx
Is there a way to bypass/ignore/disable certificate errors ? I'm encountering this on IE8 and the server is using IIS 7. The situation is I created a asp.net website and Im accessing this website using "https". My other website got no problem with this scenario but my other website does. I just want to do the trick within web.config or any other way except (server side code, creating Self Signed certificate, redirecting the website).
Thanks In Advance!
why are you seeing error to begin with? if you don't have certificate installed then make sure your not using HTTPS anywhere on your site.
its browser based...you can not control the warning message.
In IE follow the steps below. It works for me.
Click Tools and select Internet Options
Click the Security
Select "Trusted Sites" icon and set the Security level to "Medium Low".
Close all the Windows. Then open the browser.
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...
The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.
What could be the reason for this?
UPDATE:
Only happening in Internet Explorer... they should deport it.
If you use FireFox with FireBug, open up the Net panel, it will show you the request making the permissions request. If you cancel it, it will show an access denied in red, and that will easily help you hunt the issue down.
Maybe it's because a file (image, css, etc.) is being referenced that doesn't exist?
A couple of things I would check out:
Are there any images/other files that are added to your page using the FQDN? If so, are any of these pointing to an external site or staging site that might require credentials?
Is it possible that someone has removed permissions from the application pool credentials on the web server for some specific file or files the site is requesting?
Is the site load balanced or part of a farm? It could be that one or many servers are configured incorrectly, and the rest are ok. Then if by chance you hit the bad servers, you could get the prompt.
I have code running in an ascx within PageLayout within SharePoint 2007 that accesses files on a remote server i.e. File.Create("\servername\sharename\folder\file.txt"). The code runs within a SharePoint web application that has CAS trust set to Full in the web.config. The File.Create throws the following exception:-
System.UnauthorizedAccessException
Access to the path '\\servername\sharename\folder\file.txt' is denied.
The share is shared to Everyone with Full Control and the NTFS permissions are set to Everyone with Full Control. The web application app pool is running under a domain account also with explicit permissions to access that resource (not that this should be needed).
I ran Process Monitor on the remote machine and no hits were being recorded on the server. This leads me to believe that it is an issue with the SharePoint Code Access Security settings. Like I've said above, the trust in the web.config is set to Full.
Is it possible that CAS is still blocking the remote access? Can anyone think of any other area to review?
Update
A bit more information...
I've tried making the app pool acct domain admin and the problem still occurs. When using the same method to access a drive on the local machine it works fine. Running the same code in SnippetCompiler outside of sharepoint using the app pool account works fine.
Hope this helps, let me know if you can think of any more avenues of investigation or tests I can try.
Update
Im not sure if this would affect the issue but the local server is running Windows Server 2003 and the remote server is running Windows 2000.
Update
I've just tried running the code through a web part and it works fine. The file structure I use in the project that is failing is as follows:-
wss
- VirtualDirectories
- SharePointWebApp
- ...sp web app files
- .
- .
- PageLayoutControls
- control.ascx
- .
- .
Then in IIS I have the following structure:-
IIS
- Websites
- SharePointWebApp (pointing to \wss\VirtualDirectories\SharePointWebApp)
- PageLayoutControls (virtual directory pointing to \wss\VirtualDirectories\PageLayoutControls)
Then within the PageLayouts I reference the controls using the following:-
<%# Register TagPrefix="TEST" TagName="MyControl" Src="~/PageLayoutControls/control.ascx" %>
<asp:Content ContentPlaceholderID="PlaceHolderMain" runat="server">
<TEST:MyControl id="myControl" runat="server"/>
</asp:Content>Let me know if you need more info.
Update
The mystery deepens...
When I access the sharepoint site from Internet Explorer (6 or 7) on the SharePoint web front end server I do NOT get the exception.
When I access the sharepoint site from Mozilla Firefox from the SP web front end server I DO get the exception.
When I access the sharepoint site remotely from ANY browser I get the exception.
Also, it makes no difference what user I use to log on to the site, as long as they have permissions to access the sharepoint site.
Any thoughts?
Update
Hmm, I've now found that if I access the sharepoint site remotely and the sharepoint site tries to do a File.Create() locally (i.e. File.Create("C:\temp\abc.txt")) then it works. If I access the sharepoint site from the sharepoint box and do a File.Create() remotely (i.e. File.Create("\ServerName\ShareName\FolderName\file.txt")) then it works.
It only fails when I access the sharepoint site remotely and have the sharepoint site try to do a File.Create() remotely as well. Kind of a double hop problem. This makes me think it may be an NTLM / Kerberos issue.
Currently, we are running using NTLM authentication.
Has anyone else experienced this sort of issue?
Update
Yep, I'm pretty sure this is an NTLM issue not allowing a double hop. I just changed the authentication on the sharepoint site to use Basic Authentication and its worked. Changed it back to Integrated Authentication and it failed.
Now to decide whether to move the farm to use Kerberos or find another way around the issue. :-/
Update
Just giving SPSecurity.RunWithElevatedPrivileges a shot now. One thing though, is RunWithElevatedPrivileges meant to be used in this context? Previously, I've only used it to get access to lists and libraries within SharePoint rather than accessing a file access the network.
Any thoughts?
Update
Yep, SPSecurity.RunWithElevatedPrivileges resolves the issue. :-)
I wonder if this is the double-hop issue and that your code is trying to access the resource as the impersonated user, but that fails because NTLM will not impersonate to another server (Kerberos would).
Have you tried SPSecurity.RunWithElevatedPrivileges? That would remove the impersonation (RevertToSelf) and then maybe the application pool owner can just act as himself (herself?) whereas maybe it couldn't before.
Just a thought and should be pretty easy to try out.