We have an issue where forms authentication works correctly locally when run from Visual Studio but not remotely from a server running IIS 7. We have also determined that it works correctly on the remote server if we browse to the local site from the server. More specifically, when logging in using the login screen sometimes we are taken into the application and sometimes we are redirected back to the login screen. For the times when we are taken in we are at a one click maximum situation where, if we click on any item inside the site, we are immediately sent back out to the login page. We are using .NET 4.0 We are using location to set permissions on a per directory basis in the web.config:
<location path="Admin">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
We have tested that the issue must have something to do with this setting because as soon as we change deny users="" to allow users="" it works when testing remotely to the test server. Again, the issue only occurs when promoting to the test environment and testing remotely and works perfectly when running in Visual Studio or when browsing to the localhost site from the remote server. My guess is an IIS 7 setting but we have played around with a few of the settings to no success.
It has a simple solution. in your IIS 7 click on the top most node(Your server node) then click on "Modules" in IIS part of the home page.
Double click Default Authentication and uncheck the "Invoke only for ..." option
Double click Forms Authentication and uncheck the "Invoke only for ..." option
your forms authentication will work perfectly
Related
i have applied windows authentication for asp.net project and it is working. when i try to access any secure page then first time login dialog comes....but why. when i already login to windows before running project then why should i again give my windows credential to access asp.net web project any secure pages.
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>
so guide me how to suppress the login dialog pop up. thanks
You need to configure your browser to automatically log you in. Your site probably needs to be in the local intranet zone. Windows Integrated Authentication is built into Internet Explorer. Some other bowsers may not support it.
Although my tool works on my own machine (ASP.NET 4.5) It begins this:
http://localhost/KnownErrorDatabase/login?ReturnUrl=%2fKnownErrorDatabase%2fHome&AspxAutoDetectCookieSupport=1
And i did an exact copy of it from exporting it from the iis into an ZIP File, and importing it on the server (NOTE: I did check the authentification mode (Everythings Checked!)
Although my local IIS Starts with the Login, the Server not. The Page works and, on my local IIS, other PC's in the intranet can login etc. But now the Error: If i click the login button (that refers to the page) i get redirected to the Homepage of the WebApp... Does anybody know whats the matter at it? IIS is on both machines on version 7.5
Greetings Ethnor
This is the result of a setting in IIS. Your default page is probably set to your home page instead of your login page. Otherwise, your IIS server is set to allow Anonymous users. So, no authentication/login is happening. Check the authentication settings in IIS.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
Adding this to my web.config fixed the problem
The issue is I can't view the page using Window Authentication.
This is my steps.
I created a website in my server Windows Server 2003 IIS 6 with .Net Framework 2.
Then Inside the root folder, I created a folder. Let's call it "FolderA".
In "FolderA", I created a page. Let's call it "fileA.aspx".
The website is running fine. As I turn on the Anonymous Access.
But for "fileA.aspx", I need to turn on the Window Authentication coz I don't want everyone to go in and view that page.
So, I select "FolderA", go to Properties,
So, I turn off the Anonymous Access and make sure Window Authentication is turned on.
Then I browse from my PC. It prompted me the Login Diaglog Box.
I key in my credentials I used to log in for the server and I can access the page.
That is working fine.
However, when I view it from the server itself, it prompted me the Login Diaglog Box.
But when I key in my credentials, it is saying "Access Denied".
I even tried using Administrator credentials.
It is still access denied.
Is there any setting to set or anything to change in web.config?
http://support.microsoft.com/kb/896861
Review event logs on the server to see if you happen to hit this.
Did you allow authenticated users and deny not authenticated users?
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
I have setup an ASP.NET MVC3 website using Windows Authentication and am getting a 401.1. The error code is 0x8009030e on the 401 page. Users should be able to access the site using their domain credentials.
I don't get the error if I logon to the machine and hit the website via localhost (http://localhost/mysite). However, even logged onto the server, if I hit the website through the server name (ie http://machinename.com/mysite) I still get the error.
The website uses it's own .net 4.0 app pool and using integrated mode. The site is configured for Windows Authentication only in the config.
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
...and in IIS. I don't have extended properties configured, and have enabled kernel-mode authentication (both are the default). I've tried toggling "IIS Manager Permissions" without any luck.
Any ideas?
I had to do two things to get this working properly:
Make the app pool use "Classic" instead of "Integrated" mode. After making, the change I was getting a 403.x error.
I solved the 403.x error by granting (Read/Execute) NTFS permissions to the "Domain Users" group.
I have a problem using windows authentication and the authorization-tag in web.config for my asp.net application. When I host the application in IIS (both in IIS 6 and IIS 7) the authorization-tag is ignored. When I run the application in asp.net development server that comes with visual studio 2010, it works perfect.
Why will it not work in IIS? And how to solve it?
<system.web>
<identity impersonate="true" />
<authentication mode="Windows" />
<authorization>
<deny users="*"/>
</authorization>
</system.web>
Without seeing the web.config it sounds like you haven't configured IIS. When you use Windows authentication what ASP.NET is expecting is for the web server to do the authentication - so you must configure it to do so, simply putting it in web.config is not enough.
For IIS6:
In IIS Manager, double-click the
local computer; right-click the Web
Sites folder, an individual Web site
folder, a virtual directory, or a
file; and then click Properties.
Click the Directory Security or File
Security tab, and then, in the
Authentication and access control
section, click Edit.
In the Authenticated access section,
select the Windows Integrated
Authentication check box.
Click OK twice.
For IIS7:
Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.