windows authentication issue on server but not from local pc - asp.net

I have my c# asp.net web application set up for windows authentication.
<authorization>
<deny users="?" /> <!-- Denies access to the anonymous user. -->
</authorization>
I have 2 issues.
Firstly, if I navigate to my site from my local PC, I get asked for a username/password to which I enter the credentials I use to log on to the server and these are successful and I gain access. However if I navigate to the site on the server via the internet browser, I get asked for the credentials to which I supply same - but it never lets me access, keep getting pop up to re enter my credentials. Any ideas why this might be so? Do I have incorrect configuration?
Secondly, is it possible to set up windows authentication when access the site from my local PC asking for username/password, but when accessing it on the server, I am not asked for such and can access the site without providing any details?

Have you selected "Integrated Windows Authentication" in the IIS for your web site?
What mode you have for the authentication in your web.config?

Related

Windows Authentication on ASP.net application

I have a strange issue with aps.net which using windows Authentication, here is the scenario, I have APS.net application using the Windows Authentication, NTLM ... all my users on the Active Directory have access to the web application when they want, the issue that sometimes some users can't access to the system anymore, where they used to have access before, when they put their username#domain and the password in the pop-up login in the browser, the pop-up keep popping up like they have put a wrong username or password, we tried to log in to other services like email, laptop, using the same user name and password and it works fine, but not with the web application! any idea how or where to start my investigation? logs file? something similar? here is my IIS authentication setting:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
After many days of investigating the issue, it turned out that the issue is because of expired password.

IE11 keeps asking for credentials on intranet

We are creating an intranet site and want to use SSO. The problem is however, that Internet Explorer (11) keeps asking for credentials. By specifying the username and password we are able to access it. Then the intranet application can be used without a problem. When Internet Explorer is closed however it asks for credentials again. The problem occurs on the testing machine (running in a domain) and also on my laptop at home which I also use to develop on. I access the test server with Remote Desktop and then test the site on the same machine as it is running on, which is Windows 2012R2 running IIS 8.5.
On the test server the application (ASP.NET MVC with SignalR and WebAPI) is using a URL that will not be automatically recognized as an intranet site although it is in the same IP range. Therefore I have added the site explicitely to the intranet zone in the settings of IE.
When I then right click on the site and request the properties I can see it is in the intranet zone. This is for as far as I could find the solution in these situations but for us there is something else going on.
This is the system.web section of web.config:
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
In IIS I have tried enabling both Windows Authentication and Digest and also just one of those. The other authentication options are disabled, including Anonymous Authentication.
I also added the site to the trusted zone which did not help. Also changed the zone settings (for intranet and trusted) to do "Automatic logon on with the current username and password" but that didn't help either (I don't understand the setting Automatic logon only in Intranet zone though, because it seems a zone specific duplicate setting of the afore mentioned setting but ok). I also checked the advanced settings to be sure that Integrated Windows Security is enabled.
At the moment we're completely out of ideas.
Two more to your checklist:
make sure you have disabled anonymous authentication
make sure the domain controller is accessible from both the client PC and the IIS hosting the web app. Chances are the domain controller doesn't recognize the application server as coming from the same domain.
http://www.wiktorzychla.com/2012/06/iis-75-integrated-security-with-no.html
I have set the Full control to "Domain Users" in the Security Tab (NTFS permissions) of my Application Folder. Which resolved the problem in IE 11 but chrome is continuously asking for User name and password.

IIS 6 Windows Authentication Issue

The issue is I can't view the page using Window Authentication.
This is my steps.
I created a website in my server Windows Server 2003 IIS 6 with .Net Framework 2.
Then Inside the root folder, I created a folder. Let's call it "FolderA".
In "FolderA", I created a page. Let's call it "fileA.aspx".
The website is running fine. As I turn on the Anonymous Access.
But for "fileA.aspx", I need to turn on the Window Authentication coz I don't want everyone to go in and view that page.
So, I select "FolderA", go to Properties,
So, I turn off the Anonymous Access and make sure Window Authentication is turned on.
Then I browse from my PC. It prompted me the Login Diaglog Box.
I key in my credentials I used to log in for the server and I can access the page.
That is working fine.
However, when I view it from the server itself, it prompted me the Login Diaglog Box.
But when I key in my credentials, it is saying "Access Denied".
I even tried using Administrator credentials.
It is still access denied.
Is there any setting to set or anything to change in web.config?
http://support.microsoft.com/kb/896861
Review event logs on the server to see if you happen to hit this.
Did you allow authenticated users and deny not authenticated users?
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>

ASP.NET MVC3 401.1 Error in IIS7.5

I have setup an ASP.NET MVC3 website using Windows Authentication and am getting a 401.1. The error code is 0x8009030e on the 401 page. Users should be able to access the site using their domain credentials.
I don't get the error if I logon to the machine and hit the website via localhost (http://localhost/mysite). However, even logged onto the server, if I hit the website through the server name (ie http://machinename.com/mysite) I still get the error.
The website uses it's own .net 4.0 app pool and using integrated mode. The site is configured for Windows Authentication only in the config.
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
...and in IIS. I don't have extended properties configured, and have enabled kernel-mode authentication (both are the default). I've tried toggling "IIS Manager Permissions" without any luck.
Any ideas?
I had to do two things to get this working properly:
Make the app pool use "Classic" instead of "Integrated" mode. After making, the change I was getting a 403.x error.
I solved the 403.x error by granting (Read/Execute) NTFS permissions to the "Domain Users" group.

asp.net website add to Trusted site problem?

I have asp.net application which is running great but I installed same application on new server when I run my application browser shows “You are not authorized to view this Page”. When I add my application link in trusted site it work properly without any error message.
I am scared why my application behaves differently for that particular server.
Please suggest possible solution to avoid above mentioned problem.
The most obvious thing that springs to mind is that you are on a network with a domain account. The site you are accessing, for one reason or another, is not being picked up as local intranet and so, by default, your browser is not forwarding your domain credentials to the remote site.
Once you add it to the trusted sites, it will.
Can you have a look at the bottom right of your browser (assuming IE here) and tell me what "zone" it says (local intranet, internet, etc) when accessing the remote server. If it doesn't say "Local Intranet" it may be the cause.
Are you accessing this server by IP address? This will always fail to resolve as "Local Intranet".
Thanks very much for your reply. When we try to access application by using IP Address
a logon dialog box is presented to enter credentials and browser's status bar shows "Local Intranet" zone.
In our web.config file we have given form authentication as follows
<authentication mode="Forms">
<forms name="OurApplication" loginUrl="login.aspx"/>
</authentication>
<authorization>
<allow users="*"/>
<!-- Allow all users -->
</authorization>
In the IIS authentication section under directory security tab following setting is applied.
Enable Anonymous Access is true
Integrated Windows Authentication is true.
With the above settings same application is working fine on DR and UAT Servers but not on the production server.
Please tell me the way to avoid the logon dialog box.
Best Regards,
Neil

Resources