Forms authentication while Anonymous authentication disabled - asp.net

I configured a web application to use Form authentication. When open Login page I got the following error:-
Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
It works fine when enable Anonymous Authentication. I need to understand why? Is that normal behavior?

Related

IIS Forms Authentication throws a 401 Error

We are currently setting up forms authentication for our web app.
The plan is for users to be redirected to a login page on our main system when they want to access files.
IIS Settings
Setting the IIS "Authentication" to anonymous gives access to the files.
BUT when we change the authentication to "Forms" and disable everything else we are met with a constant 401 error when trying to access the file.
401 Error
There is no redirect. It just throws this error.
The Web config has been changes to allow "?" (anonymous) and allow="*".
This does not change the 401 error.
When anonymous access is enabled (alongside forms auth) there is no redirect. The users have direct access to the files. (As if forms authentication is not even enabled?
Web Config
Please note that I also had to add machine keys to my web.config and also had to add the domain name in the authentication tags (also in the web config). After also adding a cookie.domain in my C# side the authorisation is finally working between domains.
--This has to be done when working with 2 subdomains. Eg: 1.website.com and 2.website.com.

IIS LogonUserIdentity on WindowsAuthentication enabled and impersonation disabled not working

I've an ASPNET MVC3 application running fine on Forms authentication on IIS10. When I've tried to change to Windows authentication, I want to use LogonUserIdentity.Name to check the username on my own users table but on the first request it's working fine and returning the name of the Logged user on the system but on all other (ajax) requests is returning the IIS User.
What could be wrong? I've searched a lot and verified the following article (https://richhewlett.com/2011/02/15/getting-a-users-username-in-asp-net/) and I've Windows authentication enabled and impersonation disabled (not defined really).

Basic Authentication with ASP.Net Web Services on IIS7.5 in Classic Mode

I have implemented web service with Basic Authentication with .Net 4. To implement basic authentication I have implemented HttpModule. When I call my web service via Internet Explorer, it prompts for Username password, I enter valid username/password and it works perfectly fine.
However when I deploy me web service on Dev Environment and call my service in internet explorer. That gives me user prompt; I enter valid username/password but it keeps prompting me username/password, eventually after three tries I get Error message 401.2 - access is denied.
My Authentication settings are:
Anonymous Access Enabled
Basic Authentication Disabled
Windows Authentication Disabled
In my HttpModule every time User is authenticated, I log if authentication was successful. And I can see in log file, all three times authentication was successful. But it still error out. :(
By the way If I run web services in Integrated mode, it works fine. Unfortunately my requirement is to run web services in Classic mode.
Environment Details:
OS: Windows Server 2008 R2,
IIS: 7.5 Classic mode
I am stuck with this from last 4 days. Please help!
Call me crazy, but wouldn't you have to have Basic Authentication Enabled to be authenticating anyone successfully?
I'm guessing that you have identity impersonation turned on and anonymous turned on which is causing your ASP.Net application to execute as the "IUSER_" account. The "IUSER_" account does not have access to a specific resource you are trying to access (could be API call, file, bla, bla).
If you do have identity impersonation turned off and you have anonymous turned on then your ASP.Net code should be running as the application pool account. Which means that account does not have access to a specific resource you are trying to access (bla, bla, bla).
Here is an old skool MSDN article that discusses IIS and ASP.Net security. Like I mentioned it is old, but the concepts still ring true.

How to change authenticate method on IIS 7?

I've got an error which tells me unauthorized. How and where to change that webserver allows anonymous (public) access?
HTTP Error 401.2 - Unauthorized
401.2 - Logon failed due to server configuration.
Something has happened on my local machine when I made the latest update for IIS, but now I'm not sure what has happened.
Note the following methods here:
http://support.microsoft.com/kb/942043
Select your website on the tree left hand side inside IIS Manager.
Double click on Authentication section from the menu (Authentication section is under the IIS caregory)
Enable Anonymous Auth. there as follows :
You can bind a user to this app by Editing the Anonymous Auth. Section. this will gives you box like this :
This should be set to IUSR by default.

401.2 Error with Forms Authentication

I'm getting a 401.2 error when I move my web app from our test server to our production server. The app uses forms authentication and it runs perfectly on the test server.Anonymous access is enabled on both servers. What else could be causing the 401.2 error? (401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.). Any assistance would be very welcome!
Thanks,
Caroline
First make sure in your web.config everything is ok.
Here you can find Microsoft Support article for 401.2 Error.

Resources