I'm trying to publish an intranet on the IIS of my local machine. I am running IIS version 7.5 on Windows 7 Enterprise. So far I am getting HTTP Error 401.2 - Unauthorized. I have Anonymous Authentication Disabled, ASP.NET Impersonation Enabled and set to Authenticated User, and Forms Authentication Disabled.
What do I need to change either in IIS or Browser? The intranet is an MVC 4 app. Many thanks for any help.
Make Anonymous Authentication Enabled and rest disabled.
I needed to install Windows Authentication protocol for my IIS. I installed minimally earlier and did not have this. So now I am using this protocol keeping all other ones being disabled and it is firing on all cylindars :)
Related
I have migrated a asp.net web site from IIS6 to IIS8.5. Almost all issues are fixed. But it seems that the identity of the user gets lost.
Related questions I found:
Cannot get authentication working in IIS 8.5
Configure windows Authentication in IIS 8.5 on Windows Server 2012
Receiving login prompt using integrated windows authentication
When I open the webpage from the server IE browser there is no login prompt (which would be fine if the integrated authentication was used)
When I open the webpage from a remote client I should get a login prompt for authentication (since the user on the client does not exist on the server). But there is none.
On the old platform IE6 was used. On the new platform IE is used with compatibility mode
In the old web page integrated windows authentication (only) is enabled and working.
In the new web page on IIS 8.5 I tried all kind of settings but none seem to do the trick.
Found out that actually the authentication itself is working.
This link was very helpful finding this out:
https://forums.asp.net/t/1179997.aspx?Get+Username+for+logged+in+user
But the user name gets lost in a different way. I will close this question and post another one.
I have an ASP.NET web application that uses an Application Pool with a custom identity set to connect to DB via Trusted Authentication.
I have this working correctly on a dozen servers, yet I am having an issue with one: IIS is not using the custom identity and is instead attempting to impersonate the user when initiating the DB connection.
I verified I have the app pool configured to use the custom account and my web.config has <identity impersonate="false"/>. In fact I'm using an exact copy of the code and web.config from another properly working box.
I do have Windows Authentication enabled for the app to get the user login, but not for impersonation, and this is working correctly on 12 of 13 servers. If I disable Windows Authentication on the impacted box, I get Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON when accessing the site.
I tried recreating the application pool and the the IIS Application to no avail.
Anyone seen this behavior before? I'm running out of ideas. Thanks!
ASP.NET MVC4
IIS 7.5
Server 2008 R2 64bit
We're setting up an ASP.NET 4.0 website on Windows Server 2008. The site uses Integrated Windows Authentication for authentication. (It does not use ASP.NET authentication or authorization.)
In IIS, we have only Windows Authentication enabled.
When we browse to the site using localhost as the host header, the site works fine. When we browse to it using the FQDN, the site prompts for username/password but doesn't accept the validly entered credentials.
Some items to note:
IE does have Integrated Windows Authentication enabled
The site with FQDN is entered in the Intranet zone in IE
We've tried adding the site to the Trusted sites to no avail
We did change the Identity on the AppPool from ApplicationPoolIndentity to Network Service with no success
We verified that IUSR has read and execute access to the directory and files
We've set NTAuthenticationProviders to both "NTLM" and "Negotiate,NTLM"
What are we missing?
Thanks.
We were informed finally that the server is not on the same domain as we had been led to believe so it couldn't authenticate against Active Directory. (We had been testing with a local account.)
I had a site hosted in IIS 7.5 with the Classic pipeline. I had set the authentication for that site so that Windows and Forms authentication were enabled, but anonymous was not. This caused the user to be prompted the first time they came to the site for the Windows authentication. Then it would bring them to the site as normal. This was set up for a review site for our client to be able to exclusively access that site without anyone accidentally stumbling upon it.
I just updated that site and moved it over to the Integrated pipeline. Now, when you first go to the site, it still prompts for the Windows authentication, but then it brings you to the loginUrl specified in the web.config for the forms authentication, which is not what I want.
From what I understand about the 2 pipelines' affects on authentication, I believe it is the issue. Is there any way I can replicate the behavior I was originally getting in Classic mode now that I've switched to Integrated mode?
Can you please post a small explanation of the prerequisites of using Windows Authentication?
I know that you have to turn Windows Authentication on from web.config or IIS and define domain.
Does the web server have to be connected to the Active Directory server or not, and how to get user info from Active Directory like name and description?
You don't have to be on a domain. The local server user accounts can be used with windows authentication. If the machine is on a domain, then either AD users OR local users can be used with windows authentication.
The minimum that has to be in place to use windows authentication in asp.net is that IIS has to have Windows Authentication enabled for the web site. IIS can still have other authentications enabled for the site too, even anonymous authentication can be used in conjunction with windows auth... as long as windows authentication is enabled also asp.net can use it.
Otherwise, your question is too broad for a good answer here. Authentication in asp.net is a very big topic; and when you add AD to the mix it gets bigger. I recommend checking out the MSDN documentation, reading through it, experimenting with it, then coming back here with more specific questions.