I'm using VSEW 2013 and running windows 10.
I created a login page (Login.aspx) and a signup page (SignUp.aspx). I used the standard controls and did not add any code behind to them. They are out of the box controls.
What works:
Creating an account on signup.aspx page
Validating user login on Login.aspx page
On my computer, after login, it shows that I didn't log in yet. But when my friends test it, they don't have any problems with it.
Here is a drop box link to all of the files and you can test it yourself and see that it works.
https://www.dropbox.com/sh/do3f533s0hacy4x/AADuWBbIBpaxDy7SIPG9_7s6a?dl=0
Username: kyle
password 123456
However, signup.aspx works (well it won't send you an email because I didn't do that yet) so you can create your own account.
I've tried:
Verified that cookies are enables
Disabled Antivirus
Disabled Firewall
Checked Windows Defender (it's off)
Tested in Chrome, Edge, and Firefox.
Deleted all localhost cookies.
I cannot figure out why my computer won't let me log in successfully but everyone else can.
Please help me solve this problem.
Looking at your web.config, for some odd reason this section is there:
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
This section coupled with the fact that your authentication mode is set to forms:
<system.web>
<authentication mode="Forms" />
...
</system.web>
Would make it so that authentication wouldn't work at all, which is like what your describing. Try removing that first section, if you want to keep using Forms Authentication.
It's odd that this configuration would work on other computers, I can't explain that, but I would try removing that section of code where FormsAuthentication is being turned off and see if that helps.
Related
I installed version 6.3.0 of the bonobo server on a windows 2008 r2 box. I followed the instructions and all it was well with the out-of-the-box settings.
Now, I wanted to enable Windows Authentication. The goal is that the developers don't have to enter a password when they access the remote repository.
I started with this article. Firstly, I am not sure about the sequence of making the changes. Should it be done before running it the first time? Or after? It's not clear. Anyway, I did it both ways, and in both cases it doesn't work.
Scenario 1: Left everything out-of-the-box, I added myself as a user. After I made the web.config change I was still presented with the login page, and when I typed the password, I was redirected back to the login page.
Scenario 2: I shut down IIS, I made all the changes, and before restarting IIS, I updated the web.config as per the windows authentication article. I also disabled Anonymous Access and enabled Windows Authentication. After I restarted IIS, when I tried to access it, I got:
The request filtering module is configured to deny a request where the query string is too long. I fixed this by adding: maxQueryString="32768" to the requestLimits tag.
Now I get ERR_TOO_MANY_REDIRECTS when I try to access the root page.
The documentation is not clear on how you have to configure this thing for windows authentication. It looks to me that you need to leave the out-of-the-box settings, define your users, make sure one of them is admin, then change the setting to windows authentication. As soon as you turn on the windows authentication the admin user can't be used. I assume the server is trying to find the current user in its own database.
One other thing, if you turn on windows authentication in the web.config, do you need to enable the Windows Authentication in the IIS Authentication for the app and turn anonymous access off? I would think so, but the documentation doesn't specify anything. What happens if I am logged in with an account on different domain than the box with the bonobo server?
Is there someone that can clarify what has to be done exactly to get the windows authentication running?
Thanks
I hope you could solve the problem meanwhile
if not, change the "AuthenticationProvider" to "Windows" and "MembershipService" to "ActiveDirectory".
Check your Web.config if the following is uncommented
<appSettings>
...
<add key="AuthenticationProvider" value="Windows" />
<add key="MembershipService" value="ActiveDirectory" />
...
<add key="ActiveDirectoryDefaultDomain" value="<your.domain>" />
<add key="ActiveDirectoryBackendPath" value="~\App_Data\ADBackend" />
<add key="ActiveDirectoryMemberGroupName" value="Developer" />
<add key="ActiveDirectoryTeamMapping" value="Developers=Developer" />
<add key="ActiveDirectoryRoleMapping" value="Administrator=Developer" />
...
</appSettings>
...
<system.web>
...
<authentication mode="Windows" />
...
</system.web>
I have a webpage(home.aspx) that requires Windows Authentication. If the browser automatically sends in valid credentials, then home.aspx is displayed. Otherwise, login.aspx is displayed.
In IE, I have checked off the "Prompt for User name and Password" checkbox in Internet Options > Local Intranet > Custom level > User Authentication.
I have following the steps in http://www.codeproject.com/Articles/11202/Redirecting-to-custom-page-when-quot-Access-de , and it works fine on my local development server. However, on the production server, it is a different story.
In IIS, Home.aspx has anonymous authentication disabled, and windows authentication enabled. Login.aspx has anonymous authentication enabled and windows authentication disabled.
In the development server, on a computer that is logged in using correct credentials, home.aspx shows up. And, when the browser does not send in the credentials, Application_EndRequest is hit with a 401 status code, then the default Windows Authentication Prompt shows.
After cancelling this dialog, login.aspx is shown. This is the correct behavior.
However, in production server, on a computer that is logged in using correct credentials, home.aspx shows up. And, when the browser does not send in the credentials, Application_EndRequest is hit with a 401 status code, then the default Windows Authentication Prompt shows. After cancelling this dialog, the default 401 page shows.
Does anyone what is going on the production server, and why I am not able to intercept the 401 status code and redirect to a custom web page.
In IIS 7, they added an attribute in web.config that controls the behavior of custom errors. By default, custom and detailed errors are only shown on the local browser. To show your custom errors, you need to change this in the web.config <httpErrors> element, errorMode attribute.
<configuration>
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly" defaultResponseMode="File" >
<remove statusCode="500" />
<error statusCode="500"
prefixLanguageFilePath="C:\Contoso\Content\errors"
path="500.htm" />
</httpErrors>
</system.webServer>
</configuration>
DetailedLocalOnly is the default; other possible values are Detailed and Custom.
For more reading, here is the Microsoft article that talks about this configuration.
Aside: The article you linked is more than 10 years old, and is therefore quite suspect for "modern" development. One of the comments on the article, posted about 5 years later, points to this same problem and solution.
I been struggling with an issue lately. My website which is using forms authentication is behaving pretty wierd suddenly. Once forms authentication is timing out, I can see I'm logged out of my application but for some reason, I'm not getting redirected to the login page. This was working absolutely fine before. Not sure what has happened to it suddenly. I'm using SQL Server to store session state and when I made my application to inProc, everything looks fine.
I even deleted and recreated my ASP.NET Session state database but no luck yet. When I look into Event viewer, I have many entries with the following message:
"Forms authentication failed for the request. Reason: The ticket supplied has expired."
On little search, someone said, this could happen with app pool recycling. I even deleted and recreated my app pool now. But still, I'm not getting redirected to login page.
Can someone help me out here.
Thank you.
For Forms Authentication to actually block access to pages, you need to tell your application under what circumstances to block access.
This will block all users who aren't logged in and cause a redirect back to your specified login page. Place it right after your <authentication> tag for simplicity.
<authorization>
<deny users="?" />
</authorization>
If you want to limit on more specific terms, you can add <location> elements with more detail. See this article for more information.
I´m having a bit of trouble and I would like to see if you all could help me out!
For my WebApp in ASP.net, I need to be able to get the user name.
I had been able to do it through:
user = Principal.WindowsIdentity.GetCurrent.Name.ToString on my developement machine, but when i go to production, it shows ASP.net as user...
I also tried with
user = Context.User.Identity.Name.ToString
and in dev station i get a blank string, and in production, I get "AppPool/ASP.net4.0
Any Ideas as to how i could get this working?
This WebApp is supposed to work in the Intranet.
make sure that you've enabled Windows Authentication in your web.config (check your .config.xxx transforms too). You should see this tag in your web.config:
<system.web>
...
<authentication mode="Windows" />
...
</system.web>
We're getting ready to start migrating some of our IIS6 sites to IIS7, and the application currently uses Forms Authentication. We have started getting some requests from various sites to use the Windows Authentication for the users. While this is easy enough to implement (and I've shown internally that there is no issue with the app, as expected) the question then is how to continue to keep Forms authentication for when Integrated Windows doesn't work. I've seen several walkthroughs on how to have it configured on IIS6, and I could do the same thing on IIS7, but then I have to turn on Classic Mode processing. Any solution should also be back portable to IIS6, if possible, to keep the build tree simple.
So what are my options on this? Do I setup the app with Integrated Windows Authentication in IIS7, Forms Auth in the web.config, and redirect 401 errors to an "error page" allowing them to login using forms, then back to the regular app?
The case when Forms is likely to be needed is going to be reserved for Contract workers, our support staff, and if someone needs to access it on their site from their Extranet. So primarily it's for our staff to login to check functionality and confirm bug reports. I suggested we just maintain that for our support staff to work, we need a Windows login that will always be live, and then we'll just enforce local responsibility on who can login to the site, but I'm told that we would do better to have Forms Authentication.
Any thoughts? I can post some of the links of the articles I've already read through if that would help the forum better narrow my needs.
tl;dr: How to do mixed mode authentication (forms, windows) in IIS7 without changing to classic pipeline and still be able to use the build in IIS6 if possible.
No, that's not quite right, but I can't do a code block in a comment reply, so I'll post a new answer ...
The following code block allows me to control anon access from IIS7 without having to muck about in the metabase (where GUI changes on IIS6 get applied)
<location path="WindowsLogin.aspx" >
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
thanks for getting back to me, I have been playing round with several of the implementations on and off for a few weeks now, that I've read about on the internet (javascript, 401, 2 virtual directories) but still havnt really found anything that works as I wanted. We will be potentially rolling it out to more than one client-each with different hardware/setups even different versions of iis, so wanted it to be as generic as possible. Ive come up against a brick wall on a couple of the suggested solutions...
when you say for IIS7+ you removed anon access in web config, I assume like this: -
<location path="Authent/WinLogin.aspx" >
<system.webServer>
<security>
<authorization>
<add accessType="Deny" users="?" />
</authorization>
</security>
</system.webServer>
</location>
I spent a few days trying to get this to work, with a slight difference... I wanted the first login screen to present the forms login with an button underneath "Login With Windows Authentication".
I eventually gave up on all these techniques, as I never could quite get the satisfactory results. My workaround was as follows, and works perfectly:
Create a separate website "LoginWithIntegratedSecurity"
Set this up with integrated security
This web site creates a temporary "User Hash Key" in the database, which identifies the user
Redirects back to LogonPage in Forms Authentication website with Hash key in url
LogonPage in Forms Authentication checks for Hash key, and logs user in after database check
So if the User clicks the button "Login with windows Authentication", the server redirects to the windows authentication site (passing the "ReturnUrl"). This site challenges and logs in user, then redirects back, again passing the "ReturnUrl" as well as the HashKey.
This all happens very fast, and appears pretty seamless.
I know its a hacky workaround, but for my case it worked well.