ASP.NET Development Server 403 Error - asp.net

I'm developing a web application in Visual Studio 2010 on Win 7, and now seem to have a new error that has just popped up. When I try to access the site which uses Windows Authentication, in Firefox, I get a 403 error, with no subcodes. Up until this poijnt, it has been working this way just fine. Firefox prompts me for my credentials, and I enter them and then I get the 403 error. No problems with it in IE, just Firefox.
I've checked the network-trusted-ntlm-automatic key in Firefox and deleted my session cookie, but still no luck. The problem seems to be limited only to Firefox.
If I set the app to be Anon access, it works with no problems, but the app needs to be Windows Auth.
I attempted Local IIS, but there wasn't an option for Windows Auth for the app on my local IIS, so that kind of removed that option for the time being.
Any ideas out there for how to get this working correctly again? I'll take answers that get me the Windows Auth option in my local IIS as well, because that would also fix the problem for me.

Check to make sure directory browsing is not enabled for the site. Also, make sure your default documents are setup so when you go to: http://www.yoursite.com/ (notice the slash at the end of the url) a default document is loaded. I have seen in some cases where IIS thinks you want to browse the directory rather than load a page. See if you still get the 403 error by going to a specific page.

I'm running windows 7, 64bit with IIS 6.1.
To turn on Windows Authentication, go to Control Panel -> Administrative tools and select IIS Manager.
In the left panel, expand Sites, Default Web Site, and select your Virtual Directory. You should see Asp.Net in the top panel and IIS in the middle. The first icon under the IIS section is Authentication, double click this. You can then disable annon and enable windows by selecting from the drop down list and clicking Enable / Disable from the actions on the right side of the page.
Hope this helps.

After some digging I finally found the answer, but it wasn't where I expected it.
I was digging through Event Viewer trying to figure out why I kept getting Account Lockout messages when trying to load the site with Firefox and did some searching came across an article that specified how to add multiple servers to the Firefox network.automatic-ntlm-auth.trusted-uris key in about:config.
I had specified:
http://host1; http://host2
and instead should have separated with commas
http://host1, http://host2
I changed it to commas and reloaded and it is now working correctly with the Windows Authentication in Firefox.
Hopefully someone else finds this particular fix useful. Small typo, big headache.

Related

Website hosted in IIS 8.5 won't show images in Chrome or Firefox

I ran into a bizarre issue today where I had to change the authentication on my website to pass through instead of specific user. The website started to load after that, however, in Chrome and Firefox, no images load along with css not loading. When I did open image in new tab, this is what I get...
The page cannot be displayed because an internal server error has occurred.
Anyone have any idea what is going on?
UPDATE:
The same issue happens in IE when not using the account assigned to application pool.
Turned out that it was an issue with a change in permissions. The service account we were using had been removed from the admin group on the server and placed back. Rebooting solved the issue

Site functions locally, "Internet Explorer cannot display the webpage" on server

I have an ASP.Net Website (not a web app, fwiw) that builds and works just fine locally through IIS on my dev laptop.
However, when I publish it to our QA box and try to view while I'm remoting into that server, I get a message from IE saying "Internet Explorer cannot display the webpage". Firefox just spits back a quick "Connection Timed Out"
There is absolutely nothing in the event log nor the IIS log about this. I'm unsure where I can look for more info.
I'm fairly confident it is an ASP.Net issue. I can install a sample site from our vendor, Ektron, into IIS and it will run. If I overwrite the sample's web.config with my own, it continues to run. If I then blow away the entire sample site and copy over my site from my local, I'll get the message about how "Internet Explorer cannot display the webpage".
I've tried to keep the environments as close together as I can. Both boxes are running IIS 7.5 under an integrated app pool for .Net 4.0. I browse via localhost on dev and via an IP on the server.
I am not terribly familiar with the Website template, so I might be missing something obvious (I hope!). I'm hoping someone can provide some guidance into how I can get more info on what the heck is going on so I can resolve this issue.
UPDATE
I think I'm getting closer. By using Fiddler (thanks for the suggestion, Amy!) I notice that it redirects the request to SSL. SSL requires a different license from our vendor, so that might be it. I'm still trying to understand why that redirect is taking place, but at least I have something now to look at.
I'd look into the SSL settings in the web.config / IIS - settings for Mime Types and also into Ektron's MIME Types in the MimeType.config file. I found that some .aspx pages like (ekajaxtransform.aspx) weren't functioning correctly because of firewall/proxy issues/restrictions.
Hope it helps. :)

Bypass Certificate Error

Is there a way to bypass/ignore/disable certificate errors ? I'm encountering this on IE8 and the server is using IIS 7. The situation is I created a asp.net website and Im accessing this website using "https". My other website got no problem with this scenario but my other website does. I just want to do the trick within web.config or any other way except (server side code, creating Self Signed certificate, redirecting the website).
Thanks In Advance!
why are you seeing error to begin with? if you don't have certificate installed then make sure your not using HTTPS anywhere on your site.
its browser based...you can not control the warning message.
In IE follow the steps below. It works for me.
Click Tools and select Internet Options
Click the Security
Select "Trusted Sites" icon and set the Security level to "Medium Low".
Close all the Windows. Then open the browser.

Why is LOGON_USER Server Variable is blank on New Windows / New Tab?

We are noticing some very strange behavior on an installation of a .NET2-based webapp on Server 2008. Our app uses old school Integrated Windows Authentication and simply reads the LOGIN_USER server variable from the request collection. There's a good reason for this, but that's somewhat irrelevant to the question, since the underlying WindowsAuthentication code from ASP.NET does the same thing.
Anyway...
When you enter the URL in the browser, it loads up just fine and displays the username (from LOGIN_USER) no problem.
When you click on a link within the web app, it loads the page just fine and authenticates without any problems.
When you hard refresh (Ctrl-F5) it also works just fine.
However, when you click open in a new window or open in a new tab, the LOGON_USER variable is blank
Any ideas? Am I missing some IIS7 setting somewhere?
Tested clients are Windows 7 with IE8 or Windows XP with IE6.
I experienced something very similar on IIS6 a few years ago. The issue then was caused by both anonymous and windows authentication being turned on for the site. Turning off anonymous authentication fixed the issue.
Though this was on IIS6 it might be something to look into.
The problem went away on it's own............ for now. After a reboot. Really. Shoulda thought to reboot earlier.
Also: anonymous auth was not enabled (otherwise, LOGON_USER would always be blank).
So, if you ever encounter this problem.... reboot!

Authentication dialog when running with Visual Studio web server

When using Visual Studio's built in web server, every time I make a page request the standard login box pops up and asks for credentials. It doesn't work if I actually put in my credentials, so I just have to hit cancel 5 times so it will go away.
When I run the application through IIS (locally or on test server) it works just fine (no login box comes up).
Anyone know how to fix this or have any idea what might be causing it?
I assume you mean JavaScript alert box-looking login dialog, right? This dialog pops up when you make a request to a portion of website where anonymous access is disabled from IIS. It is different from ASP.NET authentication.
Do you have some portion of web site protected? Or are you making any HTTP request to external sites, like images and etc?
If your page looks ok after hitting cancel multiple times, it must be one of those HTTP request to protected file like images, css, js or whatever.
I'd look in Fiddler or Firebug to see if any request is failed when you hit cancel in that login dialog.
I'd also try clearing cache/authenticated session on the page that runs on IIS to see if it actually shows you that login dialog.
I had this same issue. However, my solution was different and the issue seemed different as well.
I had been working on a ASP.NET 2.0 web application, using VS 2008. Everything was working fine with the built-in IIS server. I hadn't opened this project for about a week and then when I chose "View in browser" in VS, I was prompted for my windows login creds. This project never did this before, so I was a bit baffled. I checked all the web.config settings and everything seemed fine. My project settings seemed correct as well. I decided to test the project by opening this same project in VS on a separate dev box on my network using a network path. I again chose "View in browser" and it worked fine. No logon prompt.
This told me that the issue wasn't with the actual web project itself, rather my dev environment. I checked all my browser settings as suggested above, and they were correct. I then compared my project settings while I had the same project (same physical files) opened in both dev boxes. I noticed a difference...
Under the Start Option in the Property Pages, the Web Server was set to use the Default Web server in both cases. However, on the box that was asking for my creds, the NTLM Authentication checkbox was selected. I unselected this and it resolved the issue.
I'm not sure how this was possible since I was opening the same project files, and would assume the project settings would be exactly the same. And the fact it was working fine a week ago really perplexed me. I chalked it up to an issue with VS 2008 on the box with the issue. I hope this helps anyone else that may be running into this issue.
This was because localhost was not in my trusted sites so it wouldn't do automatic NTLM authentication... I'm not sure why it was that way, but it was... adding localhost to the list fixed it.
In your project, there should be a vwd.webinfo file.
The following lines control authentication when debugging (in IISExpress). Set as follows to avoid all dialogs.
<VisualWebDeveloper>
<iisExpressSettings anonymousAuthentication="enabled" windowsAuthentication="disabled" useClassicPipelineMode="false"/>
</VisualWebDeveloper>
If windowsAuthentication="enabled" you may still get a dialog, even if anonymousAuthentication="enabled" :-)

Resources