Different result in IIS express and IIS - asp.net

I recently installed webmatrix on a windows 2008 machine.
I installed dotnetnuke using webmatrix, I visited the site using a browser on the server, finished installing the site, and everything works just fine.
I than created a site in IIS, and pointed it at the folder where I installed dotnetnuke.
When I visit the site using my domain name and on port 80 with a browser on my server, it takes me to the install page. When I visit the site using a remote computer, it says "This site is currently Unavailable Please check back later". Yet, when I visit it on iis express, it works perfectly!.
What is wrong?
thanks!

There are a number of things that could be going on at this point.
Incorrect permissions - Ensure that the ASP.NET Worker Process has full permissions to the DotNetNuke directory. (With IIS Express, you are using your user account IIRC)
Incorrect database access - Ensure that the connection information is correct for the database. As with the above, if the connection for example has a "Integrated Security=true" option defined, you will need to either change this to a SQL account or add the ASP.NET worker Process user to have permissions
It could be a missing Portal Alias, but the current versions of DNN don't have the same issue as you use to.
ALso make sure that the UsePortNumber option in the web.config is set to false.

Related

IIS 6 force IIS to display hostname instead of ip address for dotnetnuke

hope someone can provide me some insight on this iss problem!
Th situation is this, i understand that upgrading to IIS7 is absolutely necessary for security but will do so in the future but now, i'm using IIS6 and would like to force IIS6 to display qualified hostname of the IP address.
So far my other websites had gone through and been changed to display the qualified hostname but my dotnetnuke server (version 4.08.04), i am unable to locate the file(dnn or iis6) to change this.
I've used this procedure below for changing
IIS < 7
Force IIS to Display Hostname
It is possible to force IIS to display the hostname of the server instead of the IP address via the following:
Open a command window
Select "Start"
Select "Run"
Type in "cmd" and press enter or select the "OK" button
Browse to the "C:\inetpub\adminscripts" directory (or wherever this directory is located on your server)
Run the following commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc
The IIS web service will now return the qualified hostname instead of the IP address.
You can do this with a setting in DNN using the Ifinity Friendly URL provider http://www.ifinity.com.au/Products/Friendly_Url_Provider_For_DNN
Because you are on such an old version of DNN thought you might have to go back to a fairly old version of that provider to make it work. DNN 4.8.4 has quite a few security bugs, so upgrading to a later version of DNN (even on IIS 6) would be ideal.
I believe you could upgrade to DNN 6.2.8 (or whatever the last 6.* release was) without having to upgrade IIS, though you would need .NET 4.0 for any version of DNN after 5.1

IIS7 Accessing Network Share

I am running IIS 7 on Windows Server 2008 R2 with PHP 5.4. One of my PHP scripts is trying to access a file on a protected network share using a UNC path. How can I change the IIS service account to an account that has permission to access the share? This is really easy to do on Apache HTTP server (you just change it), but it's not clear how to do with IIS. What can I do?
Update:
I was able to get things working using the "Connect As" option in the "Basic Settings" of my website and then specifying an account that has access to the network share. It appears that my problem is related to this question:
https://serverfault.com/questions/366234/iis-identities-application-pool-vs-connect-as-in-basic-settings
For IIS 7 running on Windows Server 2008 R2 ... In the IIS Manager, select the Application Pool under which your Web Site is running.
Click "Advanced Settings". There will be an entry for Identity (it is under the Process Model section). Click it, provide credentials for your account that has permission to access the share.
UPDATE
You should make sure that if you are using an Active Directory Domain Account, you provided that correctly under Identity for the running App Pool. For example, MYDOMAIN\myAccount.
After making this change, you will need to do the following:
Stop the Web Site.
Recycle your Application Pool.
Start the Web Site.
UPDATE II
From the comment discussion on this answer, #HydroPowerDeveloper was able to get the PHP script to be able to access the network share via UNC path using WebSite -> Basic Settings -> "Connect As" and setting the credentials there.
In the past, I have always used the approach of setting Identity via Application Pool and that has allowed my code to access Network shares via UNC path.
However, all of the sites/applications I have deployed on IIS are .NET based WCF or ASPX sites.
I would speculate (but am not 100% certain on this, would need research/testing to confirm) that the Identity specified in the Application Pool is used by executing .NET code, whereas the "Connect As" is used by the PHP script.
Generally the Application Pool is set using the least amount of privileges as possible.
http://msdn.microsoft.com/en-us/library/ff647402.aspx
The easiest route is to allow access to the current IIS account.
In Explorer, navigate to the shared directory.
Right Click -> Properties -> Security
If you don't see the expected IIS user in the list (Group or user names), edit and add the user as required.
I used "NETWORK SERVICE" -> Check names.
The detailed instructions are on that site.
In this way, the system is still restricted, we're ONLY allowing access to specific directories, we don't need to create any new users, we don't need to recycle the application pool and we don't need to perform any nifty impersonation code.
To resurrect an old question...
I've just been setting up a Win 2016 server that uses some Perl to access a UNC share. I set the Application Pool to an account that I verified had the correct permissions on that share. I then set up my site to 'Connect as...' (under 'Basic Settings') the same user. I still couldn't get access working.
Much head scratching later, I realised that my 'Virtual Directory', cgi-bin, was running under the original 'pass through' account. I then set up the virtual directory to 'Connect as...' the same account as the site and the application pool and, bingo, it all works fine.
So, remember to update any Virtual Directories as well as the site and App Pool...

Allowing remote access to IIS 7.5

I have developed an asp.net web site and deployed it to IIS on my local pc. I am trying to set up my pc to be a temporary web server, but no matter what I do, I cannot access it from another machine. I just get a "Server not responding message". I have turned off the firewall and MS Security Essentials, but it is making no difference. All the other tips I have seen do not work.
The trouble is there are so many ways to go wrong here.
You are currently running IIS and not just testing in Cassini?
You can go to IIS Manager and see Default Web Site?
You can do a Browse under Actions when Default Web Site is selected?
You can get to your machine from another machine?
On your machine, can you browse to http://your-machine/your site? (Not just http://localhost).
Ensure that remote access and http access is turned off on your firewall. Are the other machines you've tested within your domain?

How do I set up debugging under my local IIS for an MVC3 app?

My host is having issues getting my MVC3 app to work on their server, so I though I'd check it out myself. Until now I've been too busy developing under the built in server to worry about IIS, but today I tried my first deployment to the host with no joy. Then I tried one to my local IIS, with no joy. Then I tried telling VS to use IIS for debugging, to maybe resolve some local issues, with no joy.
What steps and configuration are required to use local IIS 7.5 to debug an MVC3 application?
EDIT: Going through a browser, after clearing up a permission problem for my Windows user on Temp ASP.NET Files, I now site with a I get a HTTP Error 403 (Forbidden), but the occassional basic auth login dialogue. Here I have tried a Forms auth user, my normal Windows user, and my Windows admin user, all to no avail.
When I try and debug under VS, I get a 500, internal error.
THE PLOT THICKENS: When I enable directory browsing on the site, I get a proper directory listing for the site root url. This suggests the the MVC3 routing is not working, but why not?
If you're getting a directory listing that means there's not a default file set (for IIS6). It usually means the request wasn't routed to IIS to deal with. thing are slightly different with II7 & it's integrated pipeline.
Simon

SharePoint 2007 Remote File Access Denied CAS

I have code running in an ascx within PageLayout within SharePoint 2007 that accesses files on a remote server i.e. File.Create("\servername\sharename\folder\file.txt"). The code runs within a SharePoint web application that has CAS trust set to Full in the web.config. The File.Create throws the following exception:-
System.UnauthorizedAccessException
Access to the path '\\servername\sharename\folder\file.txt' is denied.
The share is shared to Everyone with Full Control and the NTFS permissions are set to Everyone with Full Control. The web application app pool is running under a domain account also with explicit permissions to access that resource (not that this should be needed).
I ran Process Monitor on the remote machine and no hits were being recorded on the server. This leads me to believe that it is an issue with the SharePoint Code Access Security settings. Like I've said above, the trust in the web.config is set to Full.
Is it possible that CAS is still blocking the remote access? Can anyone think of any other area to review?
Update
A bit more information...
I've tried making the app pool acct domain admin and the problem still occurs. When using the same method to access a drive on the local machine it works fine. Running the same code in SnippetCompiler outside of sharepoint using the app pool account works fine.
Hope this helps, let me know if you can think of any more avenues of investigation or tests I can try.
Update
Im not sure if this would affect the issue but the local server is running Windows Server 2003 and the remote server is running Windows 2000.
Update
I've just tried running the code through a web part and it works fine. The file structure I use in the project that is failing is as follows:-
wss
- VirtualDirectories
- SharePointWebApp
- ...sp web app files
- .
- .
- PageLayoutControls
- control.ascx
- .
- .
Then in IIS I have the following structure:-
IIS
- Websites
- SharePointWebApp (pointing to \wss\VirtualDirectories\SharePointWebApp)
- PageLayoutControls (virtual directory pointing to \wss\VirtualDirectories\PageLayoutControls)
Then within the PageLayouts I reference the controls using the following:-
<%# Register TagPrefix="TEST" TagName="MyControl" Src="~/PageLayoutControls/control.ascx" %>
<asp:Content ContentPlaceholderID="PlaceHolderMain" runat="server">
<TEST:MyControl id="myControl" runat="server"/>
</asp:Content>Let me know if you need more info.
Update
The mystery deepens...
When I access the sharepoint site from Internet Explorer (6 or 7) on the SharePoint web front end server I do NOT get the exception.
When I access the sharepoint site from Mozilla Firefox from the SP web front end server I DO get the exception.
When I access the sharepoint site remotely from ANY browser I get the exception.
Also, it makes no difference what user I use to log on to the site, as long as they have permissions to access the sharepoint site.
Any thoughts?
Update
Hmm, I've now found that if I access the sharepoint site remotely and the sharepoint site tries to do a File.Create() locally (i.e. File.Create("C:\temp\abc.txt")) then it works. If I access the sharepoint site from the sharepoint box and do a File.Create() remotely (i.e. File.Create("\ServerName\ShareName\FolderName\file.txt")) then it works.
It only fails when I access the sharepoint site remotely and have the sharepoint site try to do a File.Create() remotely as well. Kind of a double hop problem. This makes me think it may be an NTLM / Kerberos issue.
Currently, we are running using NTLM authentication.
Has anyone else experienced this sort of issue?
Update
Yep, I'm pretty sure this is an NTLM issue not allowing a double hop. I just changed the authentication on the sharepoint site to use Basic Authentication and its worked. Changed it back to Integrated Authentication and it failed.
Now to decide whether to move the farm to use Kerberos or find another way around the issue. :-/
Update
Just giving SPSecurity.RunWithElevatedPrivileges a shot now. One thing though, is RunWithElevatedPrivileges meant to be used in this context? Previously, I've only used it to get access to lists and libraries within SharePoint rather than accessing a file access the network.
Any thoughts?
Update
Yep, SPSecurity.RunWithElevatedPrivileges resolves the issue. :-)
I wonder if this is the double-hop issue and that your code is trying to access the resource as the impersonated user, but that fails because NTLM will not impersonate to another server (Kerberos would).
Have you tried SPSecurity.RunWithElevatedPrivileges? That would remove the impersonation (RevertToSelf) and then maybe the application pool owner can just act as himself (herself?) whereas maybe it couldn't before.
Just a thought and should be pretty easy to try out.

Resources