WCF web service gives error after hosting - asp.net

I have hosted a WCF web service in IIS. But when i fire url I get the following error message.
"IIS specified authentication schemes 'Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used."

You can resolve this issue by disabling the basic authentication on your IIS. It depends that which IIS version you are working with? but for IIS 7, you can do this by updating you web.config file as follows:
<system.webServer>
<security>
<authentication>
<basicAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>

Related

Disable Basic-Authentication without IIS manager

My ASP.NET MVC web application handles the authentication itself by explicitly sending the 401 status code and the www-authenticate header to make the browser display the basic authentication dialog.
My hosting provider doesn't provide access to the IIS manager and has the IIS BasicAuthenticationModule always enabled.
Unfortunately, the custom basic authentication implemented by my application is therefore now "hidden" by the IIS BasicAuthenticationModule. Any time I send a 401, the BasicAuthenticationModule seems to think it's his responsibility to handle the authentication. It also overrides the custom www-authenticate header of my application.
Is there a way to disable the IIS module for just my web application using the web.config only? I already tried adding the following settings to the web.config:
<configuration>
<system.webServer>
<modules>
<remove name="BasicAuthenticationModule" />
</modules>
</system.webServer>
</configuration>
But that just generates a lock violation error. This setting didn't do the trick either:
<configuration>
<system.web>
<authentication mode="None" />
</system.web>
</configuration>
Any other suggestions?
If you disable any authentication on IIS manager and check web.config, you will find that there is no configuration about authentication in it. Because configurations are saving in applicationhost.config file. That is why you need to use IIS manager.(Only administrator can use IIS manager)
But according to microsoft docs, you can use appcmd to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.
appcmd.exe set config "site name" -section:system.webServer/security/authentication/basicAuthentication /enabled:"False" /commit:apphost

CAS policy Error

please, someone can help me to fix this error, "This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility, please use the NetFx40_LegacySecurityPolicy configuration switch." I can not generate my pdf files. it's an Asp.Net application to host on a Win 2008 R2 server. IIS 6.5. I already added
<runtime>
<NetFx40_LegacySecurityPolicy enabled="true" />
</runtime>
in my web.config but it did not solve the problem.
The error occurs because CAS policy is obsolete in .net Framework 4.0. The Xml node you've added is for Windows Forms applications. For Web applications, please add the following in web.config:
<system.web>
<trust legacyCasModel="true"/>
</system.web>

Compatibility error on WCF rest service

when I added
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
in wcf rest service and
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
in webconfig
im getting error as
The service cannot be activated because it does not support ASP.NET compatibility. ASP.NET compatibility is enabled for this application. Turn off ASP.NET compatibility mode in the web.config or add the AspNetCompatibilityRequirements attribute to the service type with RequirementsMode setting as 'Allowed' or 'Required'.
Actually its working fine when I run service in localhost but its throwing the error when I host the service..
Actually I need this bcos im planning to implement caching in wcf rest service..
Please help ....
you can do this by updating you web.config file as follows:
<system.webServer>
<security>
<authentication>
<basicAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>

Issues with some users in Win Authentication in ASP.NET

I would like to get some help in my strange issues,
I have an ASP.Net 2.0 application with VB.NET Code behind,
I set up my application to enable only Win authentication
So in IIS all disabled except Windows auth,
In My Web.Config i have the following under system.web:
The Web.Config contains the following :
authentication mode="Windows"
authorization>
deny users="?"/>
/authorization>
identity impersonate="false"/>
Now some users when they enter to my ASP application they get prompted for user name and password , then they logged in successfully,
some users the application fails on Page.User.Identity.Name
and return Object Reference Error,
Im using VS2010 and ASP.NET 2.0 frameword 2.0 and IIS 7 under Win 2k8 R2 latest SP's installed.
All users are Domain users.
Thank you,
Can you access the username by HttpContext.Current.User.Identity.Name? You can also check if authentication was successful, and what method of auth was used.
Windows authentication uses kerberos by default in iis I believe, which may not work for a lot of reasons (I think there are problems in Firefox for example ), when this fails, it is falling back to ntlm. Try removing the negotiate authentication provider and use just ntlm. If this works, you will have the fun of diagnosing kerberos problems :-)
Trogvara,
Thank you for your posting ,
I'm new to the site and tried to formatted but it did what we see now,
the Web config setting is :
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<authorization/>
<identity impersonate="false"/>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
Hope that clears the setting in Web.config
Thank you,

ASP.NET Authentication Issues on IIS7 - User.Identity.Name is empty for Windows authentication

We have an ASP.NET application on ASP.NET 4.0 using MVC 3 which uses Windows authentication.
When run from Visual Studio 2010 everything works as expected but when rolled out to IIS7 the Windows logged in user never gets populated (checking User.Identity.Name). No dialog prompt for user credentials comes up either.
The web.config setting:
<authentication mode="Windows" />
In IIS I can see that Windows authentication is enabled, as is Anonymous (disabling Anonymous results in a 403 Forbidden and no content being shown).
I've tried both enabling and disabling "Kernel-mode authentication" (useKernelMode="true"), but this doesn't seem to make any difference. Though I do remember that we had to disable this setting on another site on a different server to get the authentication to work properly (might point to a potential issue further down the stack?).
In case it's useful, from IIS's applicationHost.config:
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<digestAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<windowsAuthentication enabled="true" useKernelMode="false">
<providers>
<clear />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
</security>
Any ideas what the issue could be?
Thanks in advance for any suggestions.
Update 1
I managed to find another IIS7 server to test on and I found if I disabled Anonymous access everything worked as desired. However I still have issues on the original IIS7 server even when I disable Anonymous access as well (I'm keeping Anonymous disabled now). So there must be some issue further down the stack I guess. Any ideas? Something I need to fix as it's going to keep popping up and biting us I imagine.
Update 2
If I enable Digest Authentication on the problem IIS7 box then I am challenged with the login prompt dialog and everything works as expected if I provide suitable credentials. But being an internal web app with users already logged in to the domain we don't really want to challenge them this way. Credentials should be passed through transparently as it works on the second IIS7 box.
Update 3
Some progress... I've found that if the web app is in the root and not a sub site then directly editing the applicationHost.config file for IIS7 to give the following authentication settings allows the site to work as expected:
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true">
<providers>
<clear />
<add value="NTLM" />
</providers>
</windowsAuthentication>
<digestAuthentication enabled="false" />
</authentication>
Using IIS7's UI to configure the authentication doesn't give quite the right results. authentication items are either missing after wards (as I guess IIS7 assumes they are being inherited) or they have the wrong settings (windowsAuthentication seems to need the providers configuration above present to work correctly).
Unfortunatly the web application in question is actually a sub application as there's an internal version (using windows authentication > www.site.com/internal) and an external version (using forms authentication > www.site.com/external). I still can't get the authentication to work as a sub application yet. I just get a "Error Code: 403 Forbidden".
In this case it was a Microsoft ISA Server issue. Seems the request was being routed internally through ISA for the Windows Authenticated site, once ISA was removed the problem disappeared.
I don't know a lot about ISA and how it routes requests but I assume it must have been stripping out some important information from the request because of some rule someone will have configured.
As a side note in case it helps diagnose similar setups: I was told by the network admin staff that internal traffic was not routed through ISA, but pinging the website internally showed that ISA was actually in play.
You mentioned that disabling anonymous access worked on another server, but on your main server you are experiencing 403 errors. Therefore, I would check the file based permissions on the folder where your site is running from. In the past I have needed to grant the \Network Serivce account full control to the site folder and all subfolders or I would experience 403 errors. Check the file permissions on the server that is working and see if there are differences with the server that is not working.
Also, if this is not the issue, I would recommend comparing all of the other IIS settings between the two servers, since you know it works on one and not the other. Find the difference.

Resources