I have a hybrid classic ASP + ASP.NET MVC 4 application running under Win Server 2k3 (IIS6) which we have upgraded to use MVC 4.
The ASP app is attached to the .NET application via a virtual directory. They run in the same application pool (if that matters). This particular app is an admin control panel, and uses basic authentication:
Before upgrading the project, when access the url for the virtual folder, the browser would display a login prompt, where I enter my domain-qualified username and password. The ASP code then retrieves the user name via Request.ServerVariables("AUTH_HEADER"), compares that against an application-level permissions list stored in the database, and enables or disables features in the admin site based on that.
After upgrading the project, I still get the login prompt, but Request.ServerVariables("AUTH_USER") returns an empty string.
I've added the old project into a new website so I can run them in parallel on the same server. The old code continues to work. The new code refuses to. The admin virtual directory in each version of the .NET application points to the same physical location on disk, and the authentication configuration for the folder in both .NET apps is identical.
Suggestions? Note that the MVC 4 app is using the .NET 4 framework, not .NET 4.5, which is not installed on the server.
Note that, although the default domain field in the screenshot is blank, it is properly configured. I've removed it from the image for obvious reasons.
Request.ServerVariables("AUTH_USER") can be obtained when you configured your application to use Forms authentication not Windows Authentication. If it is Windows Authentication you should use Request.ServerVariables("LOGON_USER")
Related
I have created a .Net Core RC2 Web Application using VS2015 with windows authentication.
I then copied the project over to Mac OSX El Capitan and launched the app using the Terminal.
The application started as expected, however, as the application is running on my Mac there is no Windows user to display.
How can you return the Mac user and display the name?
This would also be useful for Linux users.
To get the username of a user visited the website
You may be thinking of the "Windows Authentication" feature of IIS. IIS does some magic to authenticate the user visiting the website against a Windows domain and then forwards that Windows auth token to ASP.NET Core. ASP.NET Core can only use this feature when hosted using IIS (or IIS Express) and using the IIS Integration middleware. See https://github.com/aspnet/IISIntegration. Because IIS is Windows only, this means it is not possible to get a client username when hosting the website on Linux or OSX.
To get the username of the account hosting the web server
As of .NET Core 1.0, there is no cross-platform API for getting a username directly. If you are on windows, System.Security.Principal.WindowsIdentity works, but this will throw PlatformNotSupported on Linux/macOS.
By convention, many systems set the username in an environment variable. You can use System.Environment to fetch this.
var username = Environment.GetEnvironmentVariable("USERNAME") ??
Environment.GetEnvironmentVariable("USER");
Another but more complicated approach is to p/invoke to native system calls that return information about the user, such as getpwuid_r (See the man pages for Linux and OSX.)
I have a .NET 2.0 ASP.NET app built using VS2013. It runs fine on IIS7.5/Windows7 in a .NET 2 Classic Pipeline App Pool. However when I try to run it on IIS6/Windows 2003 server I get 404 Page Not Found.
I have installed .NET 2 (+SP2) on the Windows2003 server of course, as well as registering with IIS using aspnet_regiis -i. I have set the framework version of the app accordingly. I have checked the file system permissions and confirmed that the IUSR_* account can access the web app files. The authentication type for the app is 'None'. The default page list includes Default.aspx which is correct.
It's seems ASP.NET isn't kicking in, what am I missing?
Turns out I had neglected to allow the ASP.NET Web Service Extension:
IIS 6.0 Serves .html and .asp, but not .aspx
I have built an ASP.NET MVC 3 web application (with exlusively Razor/cshtml pages) that runs fine on my local machine with IIS Express. Now I'm trying to publish it to a remote server that is running Windows Server 2003 and IIS 6 and has just been upgraded to .NET Framework 4.0.
I was able to successfully publish all the files to the proper directory on the remote server using Visual Studio 2010's Publish dialog (Publish method: FTP), and I've followed the instructions for including all the DLLs needed to run ASP.NET MVC on a machine that doesn't have it installed, but now I'm pretty much stuck.
The first issue is that I don't have access to the remote server's IIS. I may be able to get the hosting company to add a virtual directory or change a setting, but I'm not sure they know what they're doing, and at the moment, I wouldn't know what to tell them anyway.
The second issue is that I need my web app to live inside an existing site (the web app is basically a protected members area of the main website). So, pretend the main site is http://www.foobar.com. I'd like my web app to be accessed by entering the URL http://www.foobar.com/members.
Questions
Is it possible to publish my web app without access to the remote server's IIS?
If not, what exactly do I need to tell the hosting company to add or change in IIS?
Do the settings under the Web tab of project properties affect publishing or just local debugging? At the moment, I have it set to use IIS Express, and the Project URL is "http://localhost:7373/". Do I need to change these?
Given that the remote server is running Windows Server 2003 and IIS 6.0, is it possible to use Web Deploy or am I limited to FTP?
If I can use Web Deploy, what do I put for the Service URL? All I have right now is a URL in the format of ftp://www.foobar.com/www and a username and password.
If I need to use FTP, what steps do I need to take to get the app working once the necessary files have been uploaded to ftp://www.foobar.com/www/members? I'm not worried about database, security certificates, registry, GAC, etc., I just want to know the steps necessary to get the home page of my web app to come up when I put http://www.foobar.com/members.
Have you had a look at this article by Scott Hanselman?
In addition to that article, please read the following thread on StackOverflow on pretty much the same environment as yourself.
Edit
Your first step should be to get the hosting company to set up the virtual directory with the following parameters (IIS 6):
ASP.NET Version: 4.0.30319 (or later)
Local Path: [root ftp path for main website]\Members
[ ] Script source access (unchecked)
[x] Read (checked)
[ ] Write (unchecked)
[ ] Directory browsing (unchecked)
[x] Log Visits (checked)
[x] Index this resource (checked)
Application Name: Members
Execute Permissions: Scripts only
Application Pool: ASP.NET 2.0
I've created an ASP.NET web tool that will just be used by a few people in my team where I work. I deployed it on our internal (Win2k, IIS6) web server by creating a new website in IIS and assigning it port 81. Users can access it with an address like http://myserver:81. All the other web stuff on the server is classic ASP and is accessed with addresses like http://myserver/path/to/myfile.asp.
This works fine, but I'd rather set it up so that the ASP.NET app is not configured as a separate web site, and is just accessed via a folder path like the classic asp stuff. That way users wouldn't have to specify the port and we wouldn't get the overhead of an additional web site for every little ASP.NET app we make.
The problem is when I build the site in visual studio, it compiles all the .cs files into one .dll file, and if I just copy everything over to some folder on the server and type the address of the .aspx file, it can't seem to access any of the c# functions in that .dll file.
Can an ASP.NET app be set up like this, short of writing all C# code within the .aspx files?
Assuming you want your application to run as a subfolder of a website bound to http://192.168.1.1:
Build your website, and drop it into a subfolder called "A" in the root website folder
Verify that Network Service and IUsr accounts have read access (at least) to your Subfolder
Verify that the application pool serving the website is using the same version of the .NET Framework as your application (Probably 2.0 if you're using IIS 6)
Verify that the application pool is running under the Network Service Identity
Right click the folder in IIS, and convert it to an application
Make sure you setup an adequate default file on the application, such as default.aspx
Access http://192.168.1.1/A/ and your application should load
Note: All applications in the website must run the same version of the .NET Framework
Hi: I'm reading up on ASP.NET, and just came to a chapter that explains how to upload a file to your website. It says that in order to save a file to your file system, in the case of every OS except Win Server '03, an ASP.NET page executes in the security context of the ASPNET account. I don't have an ASPNET account running on my machine (win xp pro sp3; .NET 3.5). The program runs fine, by the way, I'm just trying to understand what an ASPNET account is exactly, and why it doesn't seem to show up on my list of user accounts. Thanks.
ASPNET is only used if use IIS. This was the norm in ASP.Net 1.1
However in new versions of Visual Studio IIS is not needed, so it uses an internal web server.
If ASPNET exists in a command window ( Start -> Run cmd Clikc OK) type and press enter
net user ASPNET
you should see the details of the account and in Task Manager you will see a process asp_wp.exe
File Access
The Network Service account has Read and Execute permissions on the IIS server root folder by default. The IIS server root folder is named Wwwroot. This means that an ASP.NET application deployed inside the root folder already has Read and Execute permissions to its application folders. However, if your ASP.NET application needs to use files or folders in other locations, you must specifically enable access.
http://msdn.microsoft.com/en-us/library/ff647402.aspx