I have a webapp which is a .NET 4, webforms app running on IIS 7.5 on Server 2008. Recently and apparently sporadically users trying to use the app on a mac are being presented with an error page stating:
401 Unauthorized - Access is denied due to invalid credentials.
You do not have the permission to view this directory using the credentials that you supplied.
The page doesn't provide any further information or substatus codes. I have checked the IIS error logs for more information and have found that this issue does seem to be unique to users on a mac most commonly Safari but it does also happen on other browsers such as Firefox. Again no substatus code is provided in these logs.
The error message provided seems to be consistent with a 401.1 however I am using forms authentication and not windows authentication. I have been unable to reproduce this myself and at the moment it apparently happens at random for users and not consistently after a set of specific steps.
This error occurs when users are in the app or trying to log in, I do not think it is related to them entering invalid credentials as I have validation to handle that and it can happen to users already logged into the app.
As I can't reproduce the error I am not sure how to approach solving this problem, I would like some guidance to this regard and any solutions or ideas that you guys can come up with. If more information is needed let me know and I can update the question.
EDIT:
I had an idea that maybe some configuration on a mac was causing a WWW-Authenticate header to be sent when it isn't required, but after using TamerData to add the header I found I still couldn't replicate the issue. All authentication in IIS is disabled with the exception of anonymous and forms.
EDIT 2:
I have now been able to successfully reproduce the issue, it occurs when an unauthenticated user attempts to access a protected page with a ?ReturnUrl=value parameter. This will cause IIS to display the error page described above. I can fix this behaviour by removing the ReturnUrl parameter on any unauthenticated attempts to access a protected page and redirect the user to the login page in Begin_Request.
However this issue has been reported most commonly on a page which is redirected to immediately after a user has just logged in. So for some reason the user is still being sent a 401 error when they are in fact authenticated. Any idea why this would be?
Related
I recently renewed my domain name after it expired. However, when I try to view my website, a login box popups.
This is new. I tried putting in my wordpress admin username and password all to no avail. Infact I get a '401 Authorization Required' error.
I have been at this for some days now. I contacted my hosting provider. They said they could view my website and that everything is fine. They however instructed me to clear my browser cache and cookies, which I have done. Still, the problem persist.
I tried viewing the site with an IP proxy site and truly I could see my website without any errors or login pop up box.
How do I solve this problem?
A 401 request usually means that your client (e.g. your web browser) is not able to authenticate itself with the server therfore cannot view the resource.
You have cleared your cache and cookies and you're prompted by a login
box, following this a 401 error appears. The site is viewable from
proxy.
Things to check,
Flush your DNS
Are the login details correct? its possible to get this error from incorrect logins
Check the URL for errors, make sure you're using the intended url
Try deactivating your wordpress plugins if problems still persist
Any further information you can provide, including images would help a lot.
I have successfully, or so I thought, connected up to our IDP for single sign on with shibboleth. I went to the Shibboleth test login page and was prompted by our IDP to login. Once I logged in, it gave me an error saying that the site can't be reached and that the server IP address could not be found. I have tried going to the logout and status pages and get that same error. I am not seeing anything in the shibd logs that indicate any errors. I have tried resetting my shibboleth daemon and my IIS and still am getting the same error.
Could this be something to do with my shibboleth2.xml configuration? I am not sure how the server IP address would be affected by this.
I can provide any needed information you may need!
If your secured url is https://local-or-some-domain/secure, when you hit that URL and you are taken to idP, after successful login you are taken back to the same URL but the browser says nothing found.
If above is your scenario then congratulations, you have successfully integrated the shibboleth SP with idP. Most of the time error occurs because there is no page hosted to the URL we secured.
If above is not your scenario then you may want to elaborate little more.
I'm working on a web api project which is secured by Azure AD endpoint v2.0. However, I get tons of 401 errors, even I copy the code from the working examples for Github.
My question is how can I debug the 401 error in a most efficient way? As there is little information for the error message:
{
"Message": "Authorization has been denied for this request."
}
You can use Fiddler to dig into the details of exactly what is being sent and received, when.
Have you made sure the user you're attempting to authenticate with does not have multifactor authentication enabled? You'll get 401's for seemingly no reason if MFA is enabled and you try to auth programmatically. If you have already disabled it, post up your auth code here and we'll take a close look.
I have a fresh asp.net application which has facebook authentication button on it. When I do the authentication on localhost it works flawlessly but when I publish and try to do it on work4me.azurewebsites.net it comes up with the error:
An error occurred while processing your request.
I have set the appID, app secret, domain, correct URL, and http://work4me.azurewebsites.net/signin-facebookas the oauth redirect URI. But it seems like it is hanging for a bit saying "waiting for domain name" before giving me the error.
If I try to enable facebook authentication on the azure portal it works however after logging in the application crashes and gives me the error "Server Error in '/' Application.".
I have followed the guide to enable facebook authentication on azures website but with no luck.
What am I doing wrong here?
EDIT:
It seems to get past that point now, and the error is with the redirect URI. However I have followed this example and use the URL https://work4me.azurewebsites.net/.auth/login/facebook/callback as the guide says but still it wont work, giving me the error that the URI is blocked.
It's been a few months since I first tried this, but I was able to get it working both locally and on Azure, by following the online instructions.
Did you enable User Secrets during development to access your credentials from Application Secrets? If so, you need to create environment variables in your Azure Web App to mirror these values under Application Settings.
Let me know if you still have any issues, then I can look into it some more.
All the best! :)
Here's what I want to do (which I've done before but I'm clearly doing something that is not obvious to me...):
ASP .NET 3.5 Intranet Application
Want to have Windows Authentication against AD setup on the website
When the user requests the page, fetch the user's username with the following code:
System.Web.HttpContext.Current.User.Identity.Name
I have IIS 7.5 and have setup the web application, disabled anonymous access and enabled Windows Authentication.
When the page is requested, the prompt for username / password is entered.
I entered the details but the prompt keeps coming up and eventually comes back with 401.
What on earth have I missed?
It seems to be a broblem with the Authorization (dond confuse with Authentication they completely diffrent), becuse the Authentication has been passed successfully after you've written the right user name and password, please try to set the appropriate privilegs to the user you try to login with, then try again. You can do that by set ting the right roles in the Authorization tab in the Security/Application tool of ASP.NET or by defining it manually by creating the right class... You'd better also chack the IIS policy if you deal with production code on IIS. If this is not working please post the Authentication code you've written.
Figured out what was wrong. Was nothing to do with Authorization at all but I stupidly had written code a few days back throwing a 401 error when a certain condition was not met. Removing that proved that the setup done worked perfectly :)