The issue is I can't view the page using Window Authentication.
This is my steps.
I created a website in my server Windows Server 2003 IIS 6 with .Net Framework 2.
Then Inside the root folder, I created a folder. Let's call it "FolderA".
In "FolderA", I created a page. Let's call it "fileA.aspx".
The website is running fine. As I turn on the Anonymous Access.
But for "fileA.aspx", I need to turn on the Window Authentication coz I don't want everyone to go in and view that page.
So, I select "FolderA", go to Properties,
So, I turn off the Anonymous Access and make sure Window Authentication is turned on.
Then I browse from my PC. It prompted me the Login Diaglog Box.
I key in my credentials I used to log in for the server and I can access the page.
That is working fine.
However, when I view it from the server itself, it prompted me the Login Diaglog Box.
But when I key in my credentials, it is saying "Access Denied".
I even tried using Administrator credentials.
It is still access denied.
Is there any setting to set or anything to change in web.config?
http://support.microsoft.com/kb/896861
Review event logs on the server to see if you happen to hit this.
Did you allow authenticated users and deny not authenticated users?
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
Related
I have the following in my web.config file.
<location path="login.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
This means that upon going to the login page the user is prompted to enter there Active Directory login to access the page. Is there anyway to make IIS/ASP.net automatically pick up this information so I can use the following
HttpContext.Current.User.Identity.Name
On the login page to establish an automatic login.
If this string is not empty I will check it against a database table containing a list of permitted users that is managed by an external application (also manages permissions within the website)
The reason I would like to have this process automated is that if the user does not have there name entered into this database they should be presented with a normal login screen which has various override logins (forms authentication) naturally whilst this is not automated the end user would have to enter a login (which may be valid within the context of the active directory) but invalid as far as the web application is concerned.
I have found that removing the section
<deny users="?"/>
Does not prompt for an active directory login, but also the
HttpContext.Current.User.Identity.Name = String.Empty
You need to make sure that Windows Authentication set on and Anonymous Authentication set off on IIS
In case your Windows Server doesn't include a windows authentication scheme:
Open up Server Manager (one way to do this is by right clicking the computer node from within the start menu and choosing Manage). Expend the Roles node. Right click the Web Server (IIS) and choose Add Role Services. You'll get the following wizard, just scroll down a bit and check Windows Authentication under the security node.
http://weblogs.asp.net/zroiy/archive/2008/08/17/missing-windows-authentication-provider-for-iis-7-on-windows-server-2008.aspx
We have an issue where forms authentication works correctly locally when run from Visual Studio but not remotely from a server running IIS 7. We have also determined that it works correctly on the remote server if we browse to the local site from the server. More specifically, when logging in using the login screen sometimes we are taken into the application and sometimes we are redirected back to the login screen. For the times when we are taken in we are at a one click maximum situation where, if we click on any item inside the site, we are immediately sent back out to the login page. We are using .NET 4.0 We are using location to set permissions on a per directory basis in the web.config:
<location path="Admin">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
We have tested that the issue must have something to do with this setting because as soon as we change deny users="" to allow users="" it works when testing remotely to the test server. Again, the issue only occurs when promoting to the test environment and testing remotely and works perfectly when running in Visual Studio or when browsing to the localhost site from the remote server. My guess is an IIS 7 setting but we have played around with a few of the settings to no success.
It has a simple solution. in your IIS 7 click on the top most node(Your server node) then click on "Modules" in IIS part of the home page.
Double click Default Authentication and uncheck the "Invoke only for ..." option
Double click Forms Authentication and uncheck the "Invoke only for ..." option
your forms authentication will work perfectly
I have my c# asp.net web application set up for windows authentication.
<authorization>
<deny users="?" /> <!-- Denies access to the anonymous user. -->
</authorization>
I have 2 issues.
Firstly, if I navigate to my site from my local PC, I get asked for a username/password to which I enter the credentials I use to log on to the server and these are successful and I gain access. However if I navigate to the site on the server via the internet browser, I get asked for the credentials to which I supply same - but it never lets me access, keep getting pop up to re enter my credentials. Any ideas why this might be so? Do I have incorrect configuration?
Secondly, is it possible to set up windows authentication when access the site from my local PC asking for username/password, but when accessing it on the server, I am not asked for such and can access the site without providing any details?
Have you selected "Integrated Windows Authentication" in the IIS for your web site?
What mode you have for the authentication in your web.config?
Firstly I just want to say I'm not an ASP developer, I'm PHP through n through...
So my problem is this, all of a sudden a client site has started prompting for users to be logged in when viewing pages in a sub directory, when I download the web.config file I can see the authentication mode set to "Windows" this would appear to be an issue but it was working up until now, so I set it to None and uploaded the file (there isn't a web.config in the sub directory, just the site root) and it continues to prompt me for the login.
Is there something I need to do to "refresh" the server or something? I've looked through the hosting control panel and can't find anything about anonymous access or restarting the server, its on a shared hosting account and the control panel is pretty below average
Any help is greatly appreciated!! I'm in a panic and the hosting company don't have ASP support on hand
Thanks,
Mark
In the folder that you want anonymous access, just use the web.config authorization section to allow anonymous users:
<configuration>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
The * essentially means Everyone so it just saying that for the current directory, everyone is allowed access- you only need this in the web.config...nothing more.
If you are still receiving prompts after this, then the folder itself must have permissions at the operating centre level (NTFS permissions) which do not allow Anonymous access...Although you say the ASP support isn't at hand, I presume you can raise help tickets with them to enable this access?
Edit
I should add that this setting of authorization is different to setting an Authentication scheme (Windows Authentication, Forms Authentication etc). For example, you might have Forms Authentication for your website but specifically want anonymous access to a folder (like this case) so setting your authentication option isn't actually relevant.
I have a webpage that emits files (images) (through Response.TransmitFile) that is working ok.
However, when I publish the site to IIS (5.1), it starts randomly to emit 401 and 403 status codes instead of the expected files(images)
The IIS site is supposed to have Windows Integrated Authentication without allowing anonymous users, however, I configured the locations on my web.config to allow users to get the files
<location path="ViewFile.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I have set permissions for The users \IUSR_, \ASPNET, My own domain user, and even for everyone, but i don't get to solve the problem.
Any suggestions at how can I handle the problem?
Edit 1:
When I activate anonymous authentication in IIS, the site works fine, but then the domain authentication doesn't appear. I understand that the anonymous authentication prevails over anyother authentication
Some points to get you started:
What do you see in the Windows Event
log?
If you take out the authorization
configuration, does it work OK -- or
do you still get 401 and 403 codes?
You mentioned that it happens
'randomly' -- is it connected with
certain users? Or times of heavier
load? Or certain files?
TransmitFile doesn't buffer in memory
-- are these large files?
Update 6/29/2011 5:02pm - You didn't mention you were publishing locally before. Have you tried this configuration hack? I have had to use it when using Windows Authentication and IIS locally.