I have an ASP.net website which is set to operate on Windows Authentication. It runs on IIS7 with windows authentication on. Every user who isn't from administrator group, Internet Explorer keep prompting for user credenials. Though when user clicks on cancel, the web site runs ok as long as user does not click on any page control.
I have a master page with telerik controls on it. This page contains AJAX Manager and ScriptManager. If user call an aspx page without master page, the credential windows doesnt appear.
Telerik resources are registered in web.config..and as I said the website works without problem for admin group. Normal users are also from the same domain..but for them login windows keep coming...
any idea?
The website is not registerd under trusted intranet sites..but this shouldnt be a problem as otherwise admin should also get error message.
Regards
I am answering my own question as it might be helpful for others too.
I was finaly abled to track down the issue with the help of Process Monitor. http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
It turned out that one of the CSS file didn't have enough permissions for normal users.
Related
I have run the application using IE. It allows to login the application.After loggedin, I have copied the Url in IE and paste it into (different)chrome browser. It will allow to login.
wanted Output: It will not allow to login on different browser.. For example user already login..
Any suggestions?
Thanks,
Panjanatham
I have just started working on ASP.NET Identity. I created a web forms project in VS2013 using the Web Forms template.
Then I added BotDetect CAPTCHA in Register.aspx. I Registered the first user so that the Identity schema is created. so far so good.
Now, I observe a very strange thing - I start debugging my application - it shows me the home page. I click on "Log In" menu and the login page is shown. I enter the credential and click on Login. The user successfully logs-in (signinManager.PasswordSignIn returns SignInStatus.Success); however the LoginView does not switch to LoggedInTemplate.
Now, I just go to Register page and then go to Login page, then Login and this time the LoginView switches to LoggedInTemplate properly.
This has happened consistently - unless I go to the Register page the LoginView won't switch to LoggedInView.
Further, I commented the CAPTCHA code (but not the configuration done in the web.config). Now, even if I go to Register and then try to Login nothing happens (LoginView remains in AnonymousTemplate).
Is there any connection between LoginView and BotDetect CAPTCHA?
Please let me know if any more info is needed.
Thank you.
UPDATE:
I removed the BotCAPTCHA entirely from the project and now the LoginView correctly switches to LoggedInTemplate! My guess is that BotCAPTCHA does URL Rewriting and this is affecting it. I have posted this to BotCAPTCHA support and will Update here once they reply me.
hi i would like to know how would you lougout an user if he modifies the url or refreshes the web pages like in bank web sites
in asp .net.
Thanks for your answers
I have implemented a solution similar to Vignesh Kumar's answer by using roles and restricting access to pages based on the roles a user has. When a user logs in I check which pages they can access based on their assigned roles and build the navigation menu accordingly so that they're not able to navigate to restricted pages.
In my master page's Page_Load method I check whether a user has access to the page they're trying to access and if not I log them out and redirect them to the login screen.
I recently decided to change from using Windows Authentication for my internal web applications to Forms Authentication. I've not used the latter very much and one site explained you have to enable both Forms and Anonymous for this to work. The idea is to verify user passwords against an active directory then grant them access accordingly. I had this working just fine locally and when publishing to IIS 7.5 it still worked. It was just a basic Visual Studio project that would redirect to our homepage.
The problems arose when I tried accessing this same project securely with https, I included the full domain and it would load the new login page but when I clicked login it would do nothing. Since then I've scoured the web and found numerous mentions of this and that and tried many of them to no avail.
It was only later I created a blank project with a single button and one line of the code on the page to see if a post back had fired. After publishing I only enabled Anonymous Authentication in IIS and browsing to this basic test app using http when you clicked the button, false on the page changed to true - indicating a post back. Yet with https it just remains false. I think this may be why the active directory login wasn't working as it too had Anonymous enabled.
I'm still pretty new at the secure side of things but with the details passing over I have to use a secure connection just for the login then it can redirect to the usual applications we use internally.
I'd appreciate any thoughts you may have regarding this.
Thanks!
We use this configuration (anonymous IIS access, forms authentication, and https) successfully all of the time.
There are three things that you should do to track this issue down:
1) Verify that there are no javascript errors in the page that break the button (i.e. a javascript file not being delivered to the page)
2) Check the windows event logs for exceptions from asp.net/iis.
3) Install and run fiddler, select Fiddler Options... from the Tools menu, click on the HTTPS tab and ensure all of the checkboxes are checked, then run your website and look at the requests and responses, particularly when you press the button.
I've been having trouble getting my ASP.NET application to automatically log users into the Intranet site I'm building. No matter the googling or the experimentation I applied, there is always a login box displayed by IE7.
I've got Windows authentication mode set in the Web.config, disabled anonymous access and configured the correct default domain in IIS, but it's still asking the user to log in and, more annoyingly, the user is required to provide the domain too (DOMAIN\auser), which is causing problems with non-technical visitors. Thank Zeus for password remembering functionality.
I'm not the network administrator so it's possible that something about Active Directory is set up incorrectly, or it could just be me missing something very simple. Please note that I don't want to impersonate the user, I just need to know that the IPrincipal.Name property matches that of a valid record in my user database, hence authenticating the user to my application.
To this end, it would be very useful to have a checklist of all configuration requirements for AD, ASP.NET and IIS to work together in this manner as a reference for debugging and hopefully reducing some user friction.
It sounds like you've covered all the server-side bases--maybe it's a client issue? I assume your users have integrated authentication enabled in IE7? (Tools -> Internet Options -> Advanced -> Security). This is enabled by default.
Also, is your site correctly recognized by IE7 as being in the Local Intranet zone? The IE7 default is to allow automatic logon only in that zone, so users would be prompted if IE thinks your site is on the internet. I believe using a hostname with a dot in it causes IE to place the site into the Internet zone.
Open Active Directory Users and Computers MMC snap in
Expand computers section from TreeView (left side)
Check if the computer is registered in your domain.
Also, you have to login with a domain account on that computer, otherwise that authentication box will be shown.
In IIS, enable annonymous access and allow the web.config to handle user authentication.