I am developing an asp.net 4 mvc 2 web application that is a subsite of the main one.
for example the main website is
www.example.com
and the website that I am working on it is going to be
voip.example.com
when a user is typing voip.example.com if the user is not authenticated yet ,my website redirects them to
accounts.example.com
where the login page is, and when they authenticate ,the main website create a cookie with name of
ExampleAuth
and a domain name of
.example.com
and expiration time is till 2015 and redirects to my website voip.example.com.
I am using AuthorizeAttribute form authentication on my website and when the AuthorizeCore method runs on my request that is redirected from main website the result of AuthorizeCore should be true.
On my PC with a win7 and IIS 7.5 it is working just fine but when I deploy it on a server that is windows server 2008 with IIS 7 or even in a windows server 2008 r2 with IIS 7.5 it seems that my web application couldnt access to the authentication cookie that is set by main website.
I think it is some kind of security configuration of IIS or windows server that cause this behaviour because I am using mvc's built in form authentication methods and everything nothing customized.
Recently I uploaded it on a server with windows Server 2008 r2 and IIS 7.5 and it worked but on my server with the same version of iis and windows it isnt working so I think it should be some kind of configuration or .... that cause this behavior.
does anyone know why this is happening ?
It seems there was a bug in asp.net mvc authentication and I solved it with installing
KB2656351 and KB963697 microsoft patches.
Related
I have migrated a asp.net web site from IIS6 to IIS8.5. Almost all issues are fixed. But it seems that the identity of the user gets lost.
Related questions I found:
Cannot get authentication working in IIS 8.5
Configure windows Authentication in IIS 8.5 on Windows Server 2012
Receiving login prompt using integrated windows authentication
When I open the webpage from the server IE browser there is no login prompt (which would be fine if the integrated authentication was used)
When I open the webpage from a remote client I should get a login prompt for authentication (since the user on the client does not exist on the server). But there is none.
On the old platform IE6 was used. On the new platform IE is used with compatibility mode
In the old web page integrated windows authentication (only) is enabled and working.
In the new web page on IIS 8.5 I tried all kind of settings but none seem to do the trick.
Found out that actually the authentication itself is working.
This link was very helpful finding this out:
https://forums.asp.net/t/1179997.aspx?Get+Username+for+logged+in+user
But the user name gets lost in a different way. I will close this question and post another one.
I have an ASP.NET web application that uses an Application Pool with a custom identity set to connect to DB via Trusted Authentication.
I have this working correctly on a dozen servers, yet I am having an issue with one: IIS is not using the custom identity and is instead attempting to impersonate the user when initiating the DB connection.
I verified I have the app pool configured to use the custom account and my web.config has <identity impersonate="false"/>. In fact I'm using an exact copy of the code and web.config from another properly working box.
I do have Windows Authentication enabled for the app to get the user login, but not for impersonation, and this is working correctly on 12 of 13 servers. If I disable Windows Authentication on the impacted box, I get Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON when accessing the site.
I tried recreating the application pool and the the IIS Application to no avail.
Anyone seen this behavior before? I'm running out of ideas. Thanks!
ASP.NET MVC4
IIS 7.5
Server 2008 R2 64bit
I have not dealt with classic ASP for over 13 years (and IIS and ASP.NET for a while as well) and today I had to move a classic ASP website to a new server - Windows 2012 with IIS 8.5 from Windows Server 2003 with IIS6. I copied the website directory onto one of the drives (the same drive letter as it was on the old server) and went to IIS Manager and created an application for that directory.
Locally I can access the application via http://localhost/AppAlias/Default.asp and it renders in IE but when I access it remotely via http://ServerName/AppAlias/Default.asp, it does not rende rin IE, instead I get "Internet Explorer cannot display the webpage" error. When I open the same URL in Chrome, it renders just like it does when accessed locally.
I checked IIS settings on the server for ASP applications and under Basic Settings I clicked on Test Settings. Authentication uses Pass-through and it seemed fine but authorization had a warning mark on it. The message was "Cannot verify access to path E:\Pages\Test\AppAlias" and in details I found the following:
The server is configured to use pass-through authentication with a built-in account to access the
specified physical path. However, IIS Manager cannot verify whether the built-in account has access.
Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain,
and the application pool identity is NetworkService or LocalSystem, verify that \$
has Read access to the physical path. Then test these settings again.
I gave Network Service read access but still having an issue. Can anyone help?
I am having issue with Active Directory password expired users.
They can login to application and access application though password is expired.
When i try to run same code from local it give me Membership.ValidateUser as "false" ( pointing to same Active Directory)
Why there is diffference on Windows Server 2008 R2 IIS 7 and my Windows 7 IIS 7?
Is there any specific setting on IIS or AD i need to do?
My application - VSTS 2010, ASP.NET 4.0, C# 4.0
Can anyone please help?
Windows Server 2008 R2 behavior is different. Somehow it allows though Change Password on Next logon is checked.
Please share your experience.
I'm developing an Asp.net MVC application, and in it I use webbrowser class to login to a website.
this works fine in local computer but when I publish my project in server, after navigating to website and trying to login to web site the webbrowser class navigates to cookie required page. I have a dedicated windows server 2012 R2, what should I do?
After one day battling we solved the problem by changing AppPool identity to administrator.