Avoid Windows Authentication popup for default page - asp.net

We have a site that uses Windows Authentication to allow access to the webpages. Most if not all pages are written in classic asp. I recently added a "public" homepage written in asp.net so that users can change their password if they forget it. I tried setting up the homepage as the default in IIS 6, and set all the associated files with that homepage to allow anonymous access.
Problem is, we still get the popup for Windows Authentication. If you type in directly: http://www.website.com/default.aspx the page pulls up no problem. But when you try to navigate to simply http://www.website.com, we keep getting the windows authentication prompt.
I tried removing the global.asa file and an unused global.asax file thinking it was hitting one of these first, but that didn't work. Here are the files that allow anonymous access:
default.aspx
/Homepage -- directory with all code files and other public webpages
web.config
/bin -- folder containing the code generated by VS 2010]
I feel like something that doesn't allow anonymous access is getting accessed first, but can't figure out what it is. Any ideas?

I imagine you have two applications under your Default Website in IIS Manager (IIS 6.0?) One is your classic asp application, with anonymous authentication, and it uses an application pool with "No Managed Code". The other is your ASP.NET application, with windows authentication, which uses an application pool set up for .NET 4.0, or something.
Make sure the Default Website is set for anonymous authentication. Those settings get inherited.

Related

IIS7 IUSR account permissions not working with forms authentication and file upload

I am trying to deploy an asp.net 4 app to a new microsoft server 2008 R2
I have set up the application as I have done dozens of times before and set the folder permissions appropriately.
I have tried setting the application pool name directly to have write permissions
I have tried setting IUSR, IIS_IUSRS, NETWORK SERVICE and Users.
I have confirmed that windows authentication is disabled and anonymous is enabled as well as forms authentication is enabled. Logging in works fine i can access all pages normally except if i try to write to the folder. Then a password is required box pops up which looks like windows authentication (even though its disabled)
Every post here states and in my past experience says if I set the folder permissions for the defaultidentity application pool it should work, but for some reason this server wont let me do it!
Any help would be most appreciated.
Welp this turns out to be a really weird one. For some reason when SQL reporting services is installed it reserves the folder name "Reports" in any IIS Web application folder regardless of whether your actually using Reporting services. Its not created by default or anything, but if you happen to create folder titled "Reports" dont expect to access anything from it. After many hours of frustration it turns out it's a random reservation which doesn't throw any error just somehow overrides your authentication protocol to use windows authentication for their reserved folder.
Thanks Microsoft!

ASP.NET site with Anonymous authentication

I have am asp.net 3.5 web site with a asmx web service and a test aspx page (the page tests the web service using javascript).
I need to run this site with anonymous authentication, so I setup the site in IIS as such.
Now, if I am trying to open the test page in the browser, I get 401.3-Unauthorized error.
Any ideas what should I do to fix it? Do I have to give read access for the physical file to Anonymous Login?
Also, what version of IIS are you using? Also if you are using the IIS mgr and you check anonymous authentication, you need to give it a valid username and password, have you done this?
A 403 can mean several things. It can mean you don't have authentication correctly configured, or it can mean that the ASP.NET worker process does not have rights to access the pages (the security is set to only allow you to access them, for instance). There are other scenarios as well, but these are the two most common.

Configure IIS 6 web application on a personal server

A group of us wrote a .NET web application for our University class and in order to let our prof test with it I am setting it up on my webserver at home. Here is what I have done so far:
I created a new account on my domain, I then granted that account Read, write access to the folder where the app is stored. I have setup an application pool that uses this new account as its identity and created a new site that uses the new application pool.
I initially was receiving the Service unavailable error message, so I realized I had to add my account to the IIS_WPG account. So now I am stuck at the "page cannot be found". The website is pointing to the correct folder (I can see the aspx page list from within the IIS browser) but when browsing the site either in IIS, on a browser on the server or on a browser within my network I keep getting Page cannot be found. The home directory is pointing to default.aspx which is what our app uses.
The app of course works just fine when running from within the IDE, but now that I am trying to get it to work it doesn't want to.
Any thoughts?
Thanks.
you should give error details first.
for now, I suggest you check the 'network service' account's permission.this is the ASP.NET's account.
then publish your site to *.aspx file and *.dll file. to see if there is any errors.
So I found the issue. What I didn't know is that by default, IIS 6 does not turn on support of active server pages and .NET pages in Web Service Extensions. Once I had turned this on the site began to work just fine.

Unable to view .aspx file as guest through web browser - IIS always pops up authetication required window

I have a new dedicating hosting server and am running IIS 6 on windows 2003.
I've set all the user permissions to the web-directory to allow an internet guest user to access it.
.htm and .asp files are able to be viewed without any problems. Browsing the .aspx file/application locally under the admin authentication works without any problems.
As soon as I try to access a aspx file through the external internet (as any normal guest would do), a authentication required window pops up. WHY?!
AuthDiag reveals authentication anonymous access is denied..... even though I have enabled anonymous access in IIS... but then how are the .htm and .asp files being displayed!
You using No or Forms authentication? If you are using no authentication, change your web.config (I imagine you have "Windows"). Otherwise, if you are using Forms authentication, change it to , but you will have to set up Forms if you have not already. Then redeploy it.

Using Windows Authentication with ASP.NET MVC

I am sure this is a basic answer, but my search powers are not helping me today. I have an ASP.NET MVC 2 (.NET 3.5) application. It is hosted on IIS 6.
For the sake of this question I have two urls.
http://example.com/
http://example.com/admin
I want admin to be available to any user on the domain, and the root to be available to all users. The server is on the domain but the domain is example1.com, so they are not the same.
Since this is ASP.NET MVC there is no Admin folder to set rights on. I have tried setting the whole site to block anonymous request and have had it allowing all request. Then in the web.config I set it up to deny unauthenticated users in the admin folder and/or allow anonymous access to the root.
What I end up getting is a login prompt that doesn't work. I've tried the user name and example1\username but it always fails to login.
What am I missing?
==== Clarification/Answer ====
Pandincus gave a great code suggestion, adding [Authorize] to the class is a very clean way to make this work. However my problem ended up being the fact that I was doing all of this on the same box. I had a HOSTS entry for example.com on my box and was hitting it via the URL. When I put a HOSTS entry on my other box and hit the site it allowed me to log in without issue. My question was slightly incomplete as I should have mentioned this and the fact that http://localhost/ was working just fine.
Don't use the web.config to set access. Thats how you would do it in asp.net web forms.
Configure your web.config to use windows authentication.
Use an [Authorize] attribute on any admin controller you have.
Any controllers without an [Authorize] attribute should be open to the public automatically. So, only put your attribute on the controllers you want to lock down.

Resources