I am having the following issue happening randomly and am hoping someone can point me in the right direction.
My website is using Identity for logging in and the deny element in my application folder web.config to disallow unauthenticated users:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
99% of the time when a user logs in successfully they are allowed access to the applications start page BUT once in a while they are not allowed access and are returned instead to the sites home page which contains the "Login" link. I can tell the application recognizes the user as logged in because they are not returned to the login page which is what happens if someone tries to directly access a page via the URL that requires authentication. This is preventing users from accessing the application and the only thing that gets it working again is a restart of the web server at which point the logins work exactly as they should.
Does anyone have any ideas as to what could be happening here?
Thanks in advance for any ideas.
I have written a blog in basic of wif .. which also contain a small 3 page project too with web config setting .. I hope this will help you..
Related
Hi Guys please need your expertise with regards to my problem...
My scenario is my web app can be access by users active directory I don't have any login...
once the authorized user access my web app I wan't them to be restricted in typing directly to the url by typing a particular aspx page.Is any one knows how to do it?
Regards.
You cannot restrict a user from typing in a url in a browser - that just does not make sense.
You will need to restrict access to your pages using standard ASP.NET roles or authorization, or some other method.
As blorkfish suggested you can use forms authorisation to restrict user from access a page or a folder by redirecting him/her to a default/login page. Here is an Example:
<configuration>
<system.web>
<authorization>
<allow roles="Admin,User"/>
<deny users="*"/>
</authorization>
</system.web>
This a web config file that you can place in a folder containing some web pages. So in this example only users with the role "User" and/or "Admin" will be allowed to open a page within this folder. All the rest will be denied and (if settup in root web.config) redirected to default page.
I have a simple ASP.Net page with VB code running on WIN7 Enterprise VM with IIS 7.5 on which I need to get the visitors domain username on load and store it in a string variable.
The page is hosted internally on our domain and IIS is setup to authenticate anonymously.
I am getting the username with the following code: Environment.Username but of course it always says that the logged on user is IUSR
I installed the Windows Authentication component for IIS but don't know how to get it to work properly. I only started with ASP and IIS last month so I am very new to this. I only want this to apply to a specific folder so I selected it and enabled Windows Authentication, set it NTLM, and disabled Anonymous + ASP Impersenation. That didnt work. I think I tried every combination possible and all I am getting is either error 500, 404 because it tries to redirect to some login page which doesnt exist and sometimes I would get a username/password prompt but even then it wont accept anything
I dont want to prompt users, I just want to pass their existing logon info and open the page. Can someone please tell me how to set this up. I spent all day looking at hundreds of forums and sites and could not get it to work.
I also added the following to the web.config file:
<Identify impersonate="true" />
Thanks
Make sure you specify authorized users in web.config:
<authentication mode="Windows" />
<authorization>
<allow roles="mydomain\someADgroup"/>
<allow users="mydomain\somuser"/>
<allow users="*" /> <!-- if you want it open to anybody, as long as they are authenticated-- on the domain!>
</authorization>
I have added a web application to an existing site. The existing site uses basic authentication over https, but the new web application is running in a subfolder where I disabled basic authentication and enabled anonymous authentication (which is disabled for the rest of the site).
So a straight html page works as expected, you can access it without credentials. You can even see it yourself here: https://csssreg.fhcrc.org/physicianSurvey/faq.html
But I placed the new application's aspx page in this folder and I get the 401.2, as you can see here: https://csssreg.fhcrc.org/physicianSurvey/physicianPathologySurvey.aspx
I've been wracking my brain and straining my fingers googling this issue, but nothing solid has turned up. Does anyone have any suggestions as to how I can allow anonymous access to the aspx page? Any help would be greatly appreciated.
This:
<authorization>
<allow users="*" />
</authorization>
Grant access to any authenticated user.
To grant anonymous access you need to use
<authorization>
<allow users="?" />
</authorization>
It turns out there was an error in the global.asax that was causing the page to be redirected to a default error page, and that page was the 401 culprit. Go figure! But thanks to both commenter for at least helping me change my perspective just enough to get the thing.
The issue is I can't view the page using Window Authentication.
This is my steps.
I created a website in my server Windows Server 2003 IIS 6 with .Net Framework 2.
Then Inside the root folder, I created a folder. Let's call it "FolderA".
In "FolderA", I created a page. Let's call it "fileA.aspx".
The website is running fine. As I turn on the Anonymous Access.
But for "fileA.aspx", I need to turn on the Window Authentication coz I don't want everyone to go in and view that page.
So, I select "FolderA", go to Properties,
So, I turn off the Anonymous Access and make sure Window Authentication is turned on.
Then I browse from my PC. It prompted me the Login Diaglog Box.
I key in my credentials I used to log in for the server and I can access the page.
That is working fine.
However, when I view it from the server itself, it prompted me the Login Diaglog Box.
But when I key in my credentials, it is saying "Access Denied".
I even tried using Administrator credentials.
It is still access denied.
Is there any setting to set or anything to change in web.config?
http://support.microsoft.com/kb/896861
Review event logs on the server to see if you happen to hit this.
Did you allow authenticated users and deny not authenticated users?
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
Firstly I just want to say I'm not an ASP developer, I'm PHP through n through...
So my problem is this, all of a sudden a client site has started prompting for users to be logged in when viewing pages in a sub directory, when I download the web.config file I can see the authentication mode set to "Windows" this would appear to be an issue but it was working up until now, so I set it to None and uploaded the file (there isn't a web.config in the sub directory, just the site root) and it continues to prompt me for the login.
Is there something I need to do to "refresh" the server or something? I've looked through the hosting control panel and can't find anything about anonymous access or restarting the server, its on a shared hosting account and the control panel is pretty below average
Any help is greatly appreciated!! I'm in a panic and the hosting company don't have ASP support on hand
Thanks,
Mark
In the folder that you want anonymous access, just use the web.config authorization section to allow anonymous users:
<configuration>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
The * essentially means Everyone so it just saying that for the current directory, everyone is allowed access- you only need this in the web.config...nothing more.
If you are still receiving prompts after this, then the folder itself must have permissions at the operating centre level (NTFS permissions) which do not allow Anonymous access...Although you say the ASP support isn't at hand, I presume you can raise help tickets with them to enable this access?
Edit
I should add that this setting of authorization is different to setting an Authentication scheme (Windows Authentication, Forms Authentication etc). For example, you might have Forms Authentication for your website but specifically want anonymous access to a folder (like this case) so setting your authentication option isn't actually relevant.