Remove NEGOTIATE from WindowsAuthentication in IIS - iis-7

I have a site running in IIS 7.5 that is accessed using a DNS alias different from the actual server name. In IE 8, integrated authentication is failing, but in Firefox and Chrome everything works fine. (IE presents a credential challenge a few times, then displays a 401.1 error page.)
I have figured out that this is due to IE using Kerberos (aka "Negotiate") over NTLM, and Kerberos requires registering a Service Principal Name (using SETSPN) so that the mismatch between the DNS name and the server name is properly handled.
My web site, however, doesn't need impersonation--it is enough to have delegation. So instead of messing with SetSPN, I would just like to remove "Negotiate" from the list of WindowsAuthentication methods in IIS.
I have searched for quite some time to find out how to do this in IIS. I have played with many appcmd commands--but I just can't find online examples, or figure out how by reading MSDN documentation or using appcmd /? to make appcmd commands apply only to a particular application within a site rather than to the entire web server. A few search-hours later over two days, and at least 3 dozen web pages visited, I am still coming up fruitless.
How in tarnation do I get this done--it seems like it should be so easy!

Open the Configuration Editor in IIS. It comes with IIS 7.5, or you can download the IIS administration pack for IIS 7.0. Navigate to the scope you want to affect (server, site, or application) and then open the icon:
.
Change the Section to system.webServer/security/authentication/windowsAuthentication:
Click on the providers item, and then click Edit Items on the right. Select the "Negotiate" item and click "Remove":
Close the dialog and click Apply in the Actions pane on the right.
Your problem is solved! No more Kerberos/negotiate!
Note: you can also click Generate Script in the actions pane to display the code that will make the change in either C#, javascript, or with appcmd from the command line.
For reference, here is the appcmd statement to do the job without using the Configuration Editor.
appcmd.exe set config "Virtual/path/to/application" -section:system.webServer/security/authentication/windowsAuthentication /-"providers.[value='Negotiate']" /commit:apphost

Related

System.ArgumentException: Format of the initialization string does not conform to specification starting at index 0

Firstly, I am aware this problem has been dealt with before here, and the solutions are always corrections to the connection string.
However, in our case, the connection string is correct, because most of the time it works fine. What happens is at some point the site 'stops' and starts logging this error. Simply recycling the app pool clears it, and everything is good again until the next time. A site might run fine for hours or days, but then it falls over and every request logs this error.
Since it is a transient error, I suspect it is somehow memory or service related? Either some kind of service that handles the connection from the ASP.NET site fails within the app pool, or there is some shortage of memory so whatever process is required to handle the connection fails.
It is not just a single server, I have seen this issue occur on various customers' servers, so I don't think it is some obscure glitch with a particular server. I have also seen sites that were running fine for a long time start to experience this issue (which suggests to me it is related to resource availability).
For the sake of completeness, this is the connection string from a site that exhibits this problem:
<add name="SQLConnection" connectionString="Data Source=localhost\sqlexpress;
Integrated Security=True;Initial Catalog=databasename"
providerName="System.Data.SqlClient" />
But like I said, this works absolutely fine for hours/days, until the problem occurs.
Just surfing with error message and got one link from Microsoft.
Seems to me like your problem.
Can have a look on this.
http://social.msdn.microsoft.com/Forums/en-US/9f191038-dbf6-4306-8f66-ec211a1e933a/format-of-the-initialization-string-does-not-conform-to-specification-starting-at-index-0?forum=adodotnetdataproviders
Thanks
Can you please check following points:
Make sure the account has full permission (both read and write) on folder:
"C:\INETPUB\WWWROOT\BE SITE WORK(FINAL)\4SIGHT\WEBSITE\BARAMATIESTATES\BARAMATIESTATES\”
I recommend that set “C:\INETPUB” folder allow all user access and edit, at least give full administrator right to IIS account.
2 Make sure IIS account is sysadmin of SQL Server.
Setting IIS Permissions for an Object
You can set permissions for any object in IIS, including Web sites, folders, files, and scripts. To set the permissions for an object in IIS:
Log on to the Web server computer as an administrator.
Click Start, point to Settings, and then click Control Panel.
Double-click Administrative Tools, and then double-click Internet Services Manager.
Right-click the Web site that you want to configure in the left pane, and then click Properties.
If you want to set the permissions for a Web site's home folder, click the Home Directory tab.
If you want to set the permissions for a folder in a Web site, click the Directory tab.
If you want to set the permissions for a file or a script in a folder, click the File tab.
Click the corresponding permissions that you want to set for the object.
To turn on script processing for a Web site or folder, click Scripts Only from the Execute permissions list.To turn off script processing, click None.
Click OK.
if the issue still persist let me know :)

IIS 7 Windows Server 2008 / CSS file not loading within aspx

I've found out several topics related to this issue yet I couldn't find an answer which worked for my problem, which is following:
I moved my Asp.Net 4.0 site to a new server (IIS 7, Windows Server 2008). The server side is working fine but the CSS style sheet is not loading.
When I use firebug, I see the following on the part where css should be loaded
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Despite this message,I can display the content of the css (in text) on the web (such as ../Styles/button.css ..etc)
I have tried some solutions such as staticFile handler mapping on IIS or adding ASP roles on server manager (through control panel).
Any help would be appreciated
Kind regards
The articles/topics that you have found is talking about the same thing as Uali's answer, which is correct, but it doesn't always solve everyone's problem. The problem is also not about your css per se.
Before proceeding, make sure that you have enabled Static Content as the other answer instructed.
Then do these steps in the IIS Manager window with your virtual directory selected.
Open Handler Mappings.
Click Add Managed Handler in the Actions Panel located in the right.
In the request path field, type: *.css
In the type textbox, enter: System.Web.StaticFileHandler
In the name textbox, type in any descriptive name you want such as css fix.
Click OK.
Update:
I also forgot to say that you can do the same thing for .jpg, .png, .gif or any other file types if necessary.
Please Make sure Your IIS 'Static Content' is enabled.
Do to This follow these steps:
Open Control Panel
Click Programs
Click Turn windows features on or off in Programs and Features.
Open Internet Information services -> World Wide Web Service ->Common HTTP Features
Make sure Static Content is checked, Mark checked if it
is not.
Hopefully it will help you.
The process of enabling Static Content on Windows 7 is different from that on Windows Server 2008.
To install the Static Content feature on Windows Server 2008 and Windows Server 2008 R2, follow these steps:
a. Open Server Manager, and then expand Roles.
b. Right-click Web Server (IIS), and then click Add Role Services.
c. Under Web Server, click to select the "Static Content" check box.
d. Click Next to complete the installation.
Here is the complete step by step guide for both situation for reference.
http://support.microsoft.com/kb/2196177

HTTP Error 403.14 - Forbidden Error when accessing website

So I have all the updated code, the entire solution builds. It works on everyone else's machine, however when I try and access localhost/extranet on my machine, it gives me this error:
HTTP Error 403.14 - Forbidden
Detail Error Info:
Module DirectoryListingModule
Notification ExecuteRequestHandler
Handler 0x00000000
Requested URL http://localhost:80/extranet/
Physical Path C:\svn\K2\trunk\appteam\web\Chatham.Web.UI.Extranet\
Logon Method Anonymous
Logon User Anonymous
Now I tried going into IIS7, and enabling directory browsing, this removed the error, but still didn't bring up my website. I also tried going in and disabling the default document, re-enabling it, everything, nothing worked. I've also restarted IIS a few times to no avail.
Any ideas?
It sounds like your IIS is not processing the routing rules for your application and is trying to find a default.aspx, index.htm, etc. Since it cannot, it is wanting to display the directory listings (which is why you were getting the 404.14).
I just checked my dev setup and I think that your AppPool has to be set on Integrated as opposed to Classic on the Managed Pipeline for the AppPool. I have ran into this before, there may be ways to use the Classic Pipeline, but this would/should be the quickest way to resolve your issue. To check/change the pipeline mode, click on Application Pools from the menu on the left side of IIS, find your AppPool and look in the managed pipeline column. If it is set to Classic -> Right click the AppPool, choose basic settings, then change the dropdown from Classic to Integrated.
If I am incorrect, someone please feel free to correct me on this in the comments.
Edit - Just to add, you can run an MVC app in the Classic Pipeline mode, but you have to do the IIS 6 tricks to get it to work properly. Mainly, you need to turn on wildcard script mapping for MVC to work in Classic mode, If not it expects an .aspx file (or similar) to exist for it to handle the execution pipeline over to .NET from IIS.
Causes this error is removed Global.asax file from your root directory of your site.
To solve this problem add a Global.asax file to your project.
See here: How to add Global.asax file to ASP.NET MVC4 project
In IIS, you need to find out which app pool your application is running from. Just right click the web application under Sites>Manage Web Site>Advanced Settings. The first property should be the app pool.
Now, click Application Pools. You should see a column called "Identity". Add that user to the ACL of the C:\svn\K2\trunk\appteam\web\Chatham.Web.UI.Extranet\ directory. If it just says 'ApplicationPoolIdentity', it can be a little tricky figuring out the user. If it's just running under DefaultAppPool, you can use IIS AppPool\DefaultAppPool.
My solution was because I didn't have ASP.NET installed via "Turn Windows Features on and Off" so it was simple. I figured it out by enabling directory browser and trying to go to my views folder which then gave a more descriptive answer and pretty much said that there was a problem with a module because ASP.NET is not properly installed. It then dawned on my to go and install it.
Change the 'start page' by right click on the page and select 'Set as Start Page' that you want to open first when the web application starts first. This might solve your problem. :)
Also make sure in IIS Application Pool settings that Enabled 32-bit Applications under Advanced Settings is set to FALSE. I spent hours trying to fix this and that was my issue. Windows Server 2012 IIS 8.5
I solved this problem by setting exact .net framework. My website was using v4.0 version of .net.
Workaround to handle the problem:
Open command line as an administrator
Go to directory "C:\Windows\Microsoft.NET\Framework\v4.0.30319"
Execute the following: aspnet_regiis.exe -i
Open IIS and change Pipeline Mode of Your application to Integrated
Hope this helps
In my case the HTTP Redirection feature was missing on the server (with IIS 10).
Adding the feature resolved the issue and the site started to load fine.

How to set up a asp.net application on IIS

I've copied a whole folder which keeps a website inside from a web server to another computer.From the original server I can easily run the web application. Now I need to know what exactly I have to do in order to be able to run the application on the second computer too. I think there are some special considerations with IIS. What and how do I have to set up in IIS?
Follow these steps.
create a new site from left menu By right clicking and add new website.
Give physical path to that folder
Map with the site url
Give permissions to Directory as (like everyone)
Set up the default page if (index page is not present in the directory)
Set framework which ever you are using.
Install the IIS Windows component for whatever version of Windows you're using.
Create a new site in IIS
Point this new site to your web root
Configure DNS for the site (maybe using your hosts file)
There are some considerations to make depending on which version of IIS you are using. It would be helpful to know if you are using 6 or 7.
If you are under 7, you need to copy the site to your IIS directory (typically wwwroot) and then setup the basic settings in IIS by choosing your application pool and such. Application pools are typically (but not always) setup by .Net Framework. You may need to setup your default page and set it as an application. There are many blogs and sites out there that will tell you how to setup this basic functionality but are specific to your application.
For configuring IIS
1. Firstly, in Programs and features go to Turn on and off windows features...in that tick everything under IIS..go to sub folder and tick everything everywhere
Go to Internet Explorer> Setting> Internet Options> Advanced> untick Show friendly http error messages option
Go to IIS manager
a. In default application pool> advanced settings > Set true enable 32-bit program option
b. Go to Asp> setting> expand debugging properties> there will an option of error messages some 2nd last or last option that would be false...set it to true..apply changes
Run vbscript and asp only in Internet Explorer (edge 10 in developer options for pop ups)

Classic ASP Error 405

I have several development sites on my wix XP laptop (all classic asp). Doe anyone know why i need to type localhost/site/default.asp (i keep getting a 405 error on iis 5.1) and not just localhost/site
You need to add "Default.asp" as a default document. From this page ...
With iis 4.0 and iis 5.0 the change is
performed as follows:
Start the Internet Service Manager (Start - Programs - Administrative
Tools - Internet Services Manager).
Expand the computer and select the web site.
Right click on it and select Properties.
Select the documents tab.
Check the Enable default document box and click Add to add a new default
name. The order of the search can be
changed by clicking the up and down
arrows.
Click Apply and then OK.
Per comment ... okay, check your script map settings, per this article.
Sounds like you need to configure your default document type in IIS to be default.asp.
First off we need to clear up the web site thing. You only have one web site, the default web site. (It is possible to munge the metabase on XP to create multiple web sites but IIS 5.1 will only serve one of them, the others will have to be stopped).
You have multiple applications which are virtual directories under a common default website.
Have you checked that Default.asp is in the list of default documents for the application not the website? In IIS manager open properties dialog on each applications virtual directory and check the config there.
If you have then you've got a strange one on your hands. At this point I would always advise checking permissions. Does the application allow anonymous access, if so does the anonymous user have access to the folder and files?
This might seem strange advice since accessing the default.asp directly works but in my experience when the configuration looks good and should work but isn't 90% of the time its the result of permissions not correctly set up.
A 405 http response status code means "Method Not Allowed". The Wikipedia article List of HTTP Status Codes has this definition for the error:
A request was made of a resource using
a request method not supported by that
resource; for example, using GET on
a form which requires data to be
presented via POST, or using PUT on a
read-only resource.
You can try the third XP PRO IIS Admin, which can add more than one site to the IIS 5.1, you can switch the site with no difficulty.

Resources