I have a simple ASP.Net page with VB code running on WIN7 Enterprise VM with IIS 7.5 on which I need to get the visitors domain username on load and store it in a string variable.
The page is hosted internally on our domain and IIS is setup to authenticate anonymously.
I am getting the username with the following code: Environment.Username but of course it always says that the logged on user is IUSR
I installed the Windows Authentication component for IIS but don't know how to get it to work properly. I only started with ASP and IIS last month so I am very new to this. I only want this to apply to a specific folder so I selected it and enabled Windows Authentication, set it NTLM, and disabled Anonymous + ASP Impersenation. That didnt work. I think I tried every combination possible and all I am getting is either error 500, 404 because it tries to redirect to some login page which doesnt exist and sometimes I would get a username/password prompt but even then it wont accept anything
I dont want to prompt users, I just want to pass their existing logon info and open the page. Can someone please tell me how to set this up. I spent all day looking at hundreds of forums and sites and could not get it to work.
I also added the following to the web.config file:
<Identify impersonate="true" />
Thanks
Make sure you specify authorized users in web.config:
<authentication mode="Windows" />
<authorization>
<allow roles="mydomain\someADgroup"/>
<allow users="mydomain\somuser"/>
<allow users="*" /> <!-- if you want it open to anybody, as long as they are authenticated-- on the domain!>
</authorization>
Related
I have a strange issue with aps.net which using windows Authentication, here is the scenario, I have APS.net application using the Windows Authentication, NTLM ... all my users on the Active Directory have access to the web application when they want, the issue that sometimes some users can't access to the system anymore, where they used to have access before, when they put their username#domain and the password in the pop-up login in the browser, the pop-up keep popping up like they have put a wrong username or password, we tried to log in to other services like email, laptop, using the same user name and password and it works fine, but not with the web application! any idea how or where to start my investigation? logs file? something similar? here is my IIS authentication setting:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
After many days of investigating the issue, it turned out that the issue is because of expired password.
Although my tool works on my own machine (ASP.NET 4.5) It begins this:
http://localhost/KnownErrorDatabase/login?ReturnUrl=%2fKnownErrorDatabase%2fHome&AspxAutoDetectCookieSupport=1
And i did an exact copy of it from exporting it from the iis into an ZIP File, and importing it on the server (NOTE: I did check the authentification mode (Everythings Checked!)
Although my local IIS Starts with the Login, the Server not. The Page works and, on my local IIS, other PC's in the intranet can login etc. But now the Error: If i click the login button (that refers to the page) i get redirected to the Homepage of the WebApp... Does anybody know whats the matter at it? IIS is on both machines on version 7.5
Greetings Ethnor
This is the result of a setting in IIS. Your default page is probably set to your home page instead of your login page. Otherwise, your IIS server is set to allow Anonymous users. So, no authentication/login is happening. Check the authentication settings in IIS.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
Adding this to my web.config fixed the problem
I'm developing a public web site in vs2010,
can I keep the authentication as windows authentication and just enable anon access
or should I leave it with the default forms authentication.
The site will NOT require any type of logging in mechanism...so really I dont see a point in forms authentication, but most users will not have windows authentication either.
So I am confused, in my asp.net web.config file what authentication do I use for a public website?
I also asked this question which is kind of related: developing site in vs2010 but changed to local IIS and prompts
But I am not having any luck with this :(. The site when using local IIS keeps prompting for a user name and password (See the stackoverflow question I posted above), ive checked the app pools, the security, and the permissions and it still prompts me for a user name and password. It prompts me about 10 times and if I keep cancelling out of it the page comes up but the images are not displayed nor is the CSS rendered. So it looks like it prompts for each image on the site, but all folders inherit from the parent and I've added Network, Network service, ASPNET user, the default app pool user...I dont know what else to do.
So two issues:
1) What do I specify in my web config for a public site
2) How do I get rid of this prompting!
Thanks
You don't need to specify specify any authentication. Just deploy it as is, with the Web.Config out of the box.
<authentication mode="None" />
Go here for more reading.
Because it is prompting you with a login dialog, try using an authorization element in your web.config file with any authentication you like. Use "*" to allow access to all users by default. Refer to this article for more detail.
<authorization>
<allow users="*" />
</authorization>
Your web.config file has two sections that control requests for login. These are
<authentication> ... </authentication>
and
<authorisation> --- </authorization>
Authorization controls who can access what, and Authentication determines how the credentials of a particular user are established to see if they have the correct authorization to access your site.
An example of their usage might be
<authorization>
<allow users="*" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="40320" cookieless="UseCookies" slidingExpiration="true" />
</authentication>
which allows access to all users to the root of my applications and their credentials are determined using forms authentication.
Other parts of your site are allowed to have alternate authorization requirements through the use of a location tag in your web.config
However, neither section is required if no part of your site requires this functionality. However, you should be aware that there other places that this might be determined. There is a file called machine.config that determines the settings for the machine. Your web.config has priority over the machine.config, but if the authorization and authentication settings are made in the machine.config and not in you web.config then the machine.config wins.
Hope that helps. If you can post your web.config that might help us to point you in the right direction.
I have a webpage that emits files (images) (through Response.TransmitFile) that is working ok.
However, when I publish the site to IIS (5.1), it starts randomly to emit 401 and 403 status codes instead of the expected files(images)
The IIS site is supposed to have Windows Integrated Authentication without allowing anonymous users, however, I configured the locations on my web.config to allow users to get the files
<location path="ViewFile.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I have set permissions for The users \IUSR_, \ASPNET, My own domain user, and even for everyone, but i don't get to solve the problem.
Any suggestions at how can I handle the problem?
Edit 1:
When I activate anonymous authentication in IIS, the site works fine, but then the domain authentication doesn't appear. I understand that the anonymous authentication prevails over anyother authentication
Some points to get you started:
What do you see in the Windows Event
log?
If you take out the authorization
configuration, does it work OK -- or
do you still get 401 and 403 codes?
You mentioned that it happens
'randomly' -- is it connected with
certain users? Or times of heavier
load? Or certain files?
TransmitFile doesn't buffer in memory
-- are these large files?
Update 6/29/2011 5:02pm - You didn't mention you were publishing locally before. Have you tried this configuration hack? I have had to use it when using Windows Authentication and IIS locally.
We're getting ready to start migrating some of our IIS6 sites to IIS7, and the application currently uses Forms Authentication. We have started getting some requests from various sites to use the Windows Authentication for the users. While this is easy enough to implement (and I've shown internally that there is no issue with the app, as expected) the question then is how to continue to keep Forms authentication for when Integrated Windows doesn't work. I've seen several walkthroughs on how to have it configured on IIS6, and I could do the same thing on IIS7, but then I have to turn on Classic Mode processing. Any solution should also be back portable to IIS6, if possible, to keep the build tree simple.
So what are my options on this? Do I setup the app with Integrated Windows Authentication in IIS7, Forms Auth in the web.config, and redirect 401 errors to an "error page" allowing them to login using forms, then back to the regular app?
The case when Forms is likely to be needed is going to be reserved for Contract workers, our support staff, and if someone needs to access it on their site from their Extranet. So primarily it's for our staff to login to check functionality and confirm bug reports. I suggested we just maintain that for our support staff to work, we need a Windows login that will always be live, and then we'll just enforce local responsibility on who can login to the site, but I'm told that we would do better to have Forms Authentication.
Any thoughts? I can post some of the links of the articles I've already read through if that would help the forum better narrow my needs.
tl;dr: How to do mixed mode authentication (forms, windows) in IIS7 without changing to classic pipeline and still be able to use the build in IIS6 if possible.
No, that's not quite right, but I can't do a code block in a comment reply, so I'll post a new answer ...
The following code block allows me to control anon access from IIS7 without having to muck about in the metabase (where GUI changes on IIS6 get applied)
<location path="WindowsLogin.aspx" >
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
thanks for getting back to me, I have been playing round with several of the implementations on and off for a few weeks now, that I've read about on the internet (javascript, 401, 2 virtual directories) but still havnt really found anything that works as I wanted. We will be potentially rolling it out to more than one client-each with different hardware/setups even different versions of iis, so wanted it to be as generic as possible. Ive come up against a brick wall on a couple of the suggested solutions...
when you say for IIS7+ you removed anon access in web config, I assume like this: -
<location path="Authent/WinLogin.aspx" >
<system.webServer>
<security>
<authorization>
<add accessType="Deny" users="?" />
</authorization>
</security>
</system.webServer>
</location>
I spent a few days trying to get this to work, with a slight difference... I wanted the first login screen to present the forms login with an button underneath "Login With Windows Authentication".
I eventually gave up on all these techniques, as I never could quite get the satisfactory results. My workaround was as follows, and works perfectly:
Create a separate website "LoginWithIntegratedSecurity"
Set this up with integrated security
This web site creates a temporary "User Hash Key" in the database, which identifies the user
Redirects back to LogonPage in Forms Authentication website with Hash key in url
LogonPage in Forms Authentication checks for Hash key, and logs user in after database check
So if the User clicks the button "Login with windows Authentication", the server redirects to the windows authentication site (passing the "ReturnUrl"). This site challenges and logs in user, then redirects back, again passing the "ReturnUrl" as well as the HashKey.
This all happens very fast, and appears pretty seamless.
I know its a hacky workaround, but for my case it worked well.