I do not have the option for Basic Authentication in IIS Manager under IIS=>Authentication. I do have the following options:
Anonymous Authentication
ASP.NET Impersonation
Forms Authentication
I am using Windows 7 professional N, and according to this, Basic Authentication should be available to me.
Does anyone have any ideas?
Go to Control Panel\Programs -> Turn Windows features on or off, and enable Basic Authentication under IIS:
I don't have enough rep to add a comment to the chosen answer, but I feel like it's important to add that you'll likely need to close and reopen IIS Manager before it will show up in the list of choices for Authentication.
Otherwise you could go mad trying to figure out why you did the above and the list didn't change.
You might have to install the basic authentication module for IIS.
For Vista/Win7 it is: Control Panel -> Programs -> Turn Windows features on or off
For Server 2008: Server Manager -> Roles -> Web Server -> Add Role Services
Then in the treeview it is: Internet Information Services -> World Wide Web Services -> Security - > Basic Authentication
Click the checkbox and install. Then you should be able to see the basic authentication option.
(source: https://serverfault.com/questions/29521/iis7-basic-authentication-module-missing)
Related
On Windows Server 2012 R2, after installing update KB4340558 (update history) / KB4338424 (installed updates) we can no longer instantiate .NET .DLLs (interop) in classic ASP in 32-bit mode using server.createobject. We receive the error 0x800A01AD "ActiveX component can't create object"
When we uninstall the update, the error disappears. Despite my best efforts, I was unable to find an alternate solution to uninstalling. We would prefer to reinstall the update and make whatever changes were necessary to Windows Server and/or the DLL's to allow the COM objects to be instantiated properly. There are no clues in the system logs, no clues in the CVE database, and no clues in the errors ASP is generating. Please help!
We were affected with multiple customers too.
I ruled out invalid strong-name signing of our assemblies, since the .NET Assemblies from the Framework itself were affected by that access-denied error too.
Finally I managed to solve the issue by configuration.
Apparently the authenticating identity of the website has now to match the identity of the app-pool. Or IUSR has no longer enough permissions.
EDIT: 19.07.2018
Warning! This change also has a side-effect:
The asp-classic event "Session_OnEnd" was no longer called and therefore resources eventually could no longer be freed.
But there is a fix for that, too!
The ASP-Config-Property "system.webServer/asp/runOnEndAnonymously" has to be "false", then the event fires again.
EDIT 2: 23.07.2018
As Dijkgraaf pointed out, Microsoft now considers this "new behaviour" a bug. So i guess my "solution" should now be considered a workaround until a new patch comes to rescue.
We run our application pool under a specific identity, to enable a network share and database access. I too thought we were stuck after reading #keydon's answer above.
However, there are three places that we must configure the identity:
The Application Pool - should use the specific identity
The Website "Connect As" - should use the "Application pool identity"
The Anonymous Authentication option, under the Authentication feature - should use "Application pool identity"
That last one was the thing that we were missing - years of considering only the first two meant that we mis-read the great advice above.
Microsoft is aware of the issue and the relevant KB is "Access Denied" errors and applications with COM activation fail after installing July 2018 Security and Quality Rollup updates for .NET Framework
This has impacted BizTalk, SharePoint, IIS with classic ASP and .NET application that uses impersonation.
Workarounds for Classic ASP are as follows
IIS Hosted Classic ASP calling CreateObject for .NET COM objects may receive an "ActiveX component can't create object" error:
If your web site uses Anonymous Authentication: Change the Web Site Anonymous Authentication credentials to use the "Application pool identity".
If your site uses Basic Authentication or Windows Authentication: Log into the application once as the application pool identity, then create an instance of the .NET COM component.
Afterwards other site users will be able to active the .NET COM component without the failure.
Alternatively, if you are using Windows Authentication and accessing the web site from the console of the Windows Server where the ASP application runs: Creating an instance of the .NET COM component also resolves error for other site users.
We support a Classic ASP site running in IIS Anonymous Authentication. The application instantiates a DLL .NET object exposed as COM visible.
After applying recent security Windows Updates and reboot OS our application crashed with following error:
Microsoft VBScript runtime error '800a01ad'
ActiveX component can't create object: 'NameOfObjectInDLL'
In our case, this last advice fixed our problems.
IIS > Authentication > Anonymous Authentication - Edit > "Application pool identity"
screenshot1
This is only to confirm the solution provided by keydon, combined by the one provided by TimP. And give them thanks!!
In our case we've changed the following 3 parts (and an additional 4th for new permissions):
Web server Authentication properties: set Anonymous Authentication with "Application pool identity" instead of "Specific User".
Application Pool "Identity" property: set to "ApplicationPoolIdentity" instead of "LocalSystem".
Web Site "Connect As" for physical path: set to "Application user (pass-through authentication)" instead of "Specific User".
Add permissions for "Application Pool Identity user name" in the shared folder where the web application files are. Have a look to https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities#securing-resources
Thank you!!
(I'm sorry I can't vote your solutions because I'm starter and I don't have any reputation)
net application on visual studio and i need to make connection with sharepoint costum list to update/insert/delete.
Is there any tutorial or anyone can give some help?
There are multiple things you need to consider.
Code to write
Download and reference SharePoint Client dll's (e.g. SP 2013 -> 15
here)
Check out these samples -> https://msdn.microsoft.com/en-us/library/office/ee539976(v=office.14).aspx
Authentication
'Normal' service account authentication
AddIn Authentication (https://dev.office.com/sharepoint/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins)
For a test drive i recommend the first authentication option, as the AddIn option requires a lot of configurations steps...
Make sure the service account of your Web Application (IIS Pool Account Identity or any other credentials) has sufficient permissions in SharePoint
Create the ClientContext as seen in the samples above
Okay so full disclosure I am new to IIS and WCF so I bought a book and am stuck. I can develop on my dev box at work as it is Windows 7 with IIS 7 but at home on Windows 8 and IIS 8 I believe there are two issues and I just do not know which step is potentially causing the issue. I am developing on .NET 4.5 environment with Visual Studio 2012 Professional for both environments.
Basically I believe IIS to be set up wrong as I am following a book called 'Windows Communication Foundation 4, Step be Step'
http://www.amazon.com/Windows-Communication-Foundation-Step-Microsoft/dp/0735645566
I followed the set up instructions but they are a little different at home and am curious what to do to correct this error:
"The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: ' "
This code occurs after I create a WCF service library web project, it is referencing an entity framework model. You create a console app that references the web service and it runs fine. You deploy that web service to IIS and change the config file to reference that location and it blows up with the error above ONLY on the windows 8 machine, the Windows 7 runs just fine.
I noticed two steps I could not do in the setup and believe they are the culprits but don't know how to adjust for Windows 8 yet.
From VS command prompt: 'aspnet_regiis -iru', this does not work AT ALL for IIS 8. Don't know what options when you open IIS to set for the generic okays for asp.net operations. - I did attempt to go into IIS and under 'Authentication' turn on Anonymous authentication and ASP.NET. Still did not fix anything.
The book came with a sql object that then registered two users to the database for 'Adventureworks'. Obviously I am guessing since part 1 did not work or due to Windows 8 settings these users do not exist, hence they cannot be registered. The code for the register users is:
'CREATE USER [IIS APPPOOL\DefaultAppPool] FOR LOGIN [IIS APPPOOL\DefaultAppPool]
GO
EXEC sp_addrolemember N'db_owner', [IIS APPPOOL\DefaultAppPool]
GO
GO
CREATE USER [IIS APPPOOL\ASP.NET v4.0] FOR LOGIN [IIS APPPOOL\ASP.NET v4.0]
GO
EXEC sp_addrolemember N'db_owner', [IIS APPPOOL\ASP.NET v4.0]
GO'
I know SQL code but I know that the users don't exist they are trying to reference so may I add them through IIS or through Control Panel? I was not sure so I did not know IIS so thought I should ask first.
Any help is much appreciated as I know this is probably just a simple method.
Okay I think I got it but not the way I would have hoped to. It seems that I need to run the service with Anonymous Access in IIS 8. Go to 'Authentication' under the default site 'disable' ASP.NET impersonation. But.... for some reason IIS8 and WCF options for .NET 4.5 were not enabled by default for Windows 8. So I found this: http://proq.blogspot.com/2012/09/wcf-on-iis-and-windows-8.html and enabled them.
Weird, anyways I know at some point I am going to have to register ASP.NET users on my local machine mimicking a server environment. But for the time being anonymous access seems to work. I am curious though if IIS knew it had two choices and anonymous was first why it failed? Does it take the most restrictive policy as the default for an access point binding at all times? I am completely new to IIS and it seems like I am going to have to learn it as well as the WCF.
EDIT: When running VS 2012 with some settings also be sure to run VS as ADMINISTRATOR or you may also have issues.
My intention is to access the SSAS Database without Windows authentication. The user outside the domain should be able to access the cube and built PIVOT tables around it. Thus I found that we can use HTTP access for this purpose.
I followed each and every step mentioned on the following links
http://msdn.microsoft.com/en-us/library/gg492140.aspx
http://bloggingabout.net/blogs/mglaser/archive/2008/08/15/configuring-http-access-to-sql-server-2008-analysis-services-on-microsoft-windows-server-2008.aspx
When I try to hit the URL in Mgmt Studio --> Analysis Services
http://localhost/olap/msmdpump.dll. I am getting the "Connection time out" and "404 error"
I went to MSDN forums for the same problem but no concrete results.
How do I test whether my SSAS 2008 is accessible with HTTP access.
Please help!!
I don't have a lot to go on from your question, but if I had to guess I'd say you probably didn't switch from integrated to classic in the application pool settings which left your handler mapping disabled giving you the 404.
I would start simple on your local development machine and follow the instructions allowing anonymous access to the site. Make sure that your site uses an application pool that has access to the cube in analysis services. Additionally, you cannot use the integrated pipeline in IIS, you will hve to use classic. When you create your script mapping (under Handler Mappings) in IIS, make sure that you follow the directions carefully from the following URL:
http://msdn.microsoft.com/en-us/library/gg492140.aspx
I just followed the instructions and it worked for me.
Switching on Anonymous authentication will work to grant access to the site, however I would suggest you use at least Basic HTTP authentication or even Windows Authentication. Just note, if you're using a remote SSAS instance (not on the same host), a double-hop authentication is required. For that, you will have to register SPNs and enable Kerberos authentication.
You find out how to do that by following the links referred to under
Microsoft - Configure HTTP Access to SSAS
Greetings,
Remo
Im getting the following error in 32 bit machine classic applicationpool
Handler "PageHandlerFactory-ISAPI-4.0_32bit" has a bad module "IsapiModule" in its module list.
and in 64 bit machine
Handler "PageHandlerFactory-ISAPI-4.0_64bit" has a bad module "IsapiModule" in its module list.
If we install isapi and cgi in webservices then this error is not coming. Is there any possible way to allow my program without installiing those in classic applicationpool. and my next question is, how to recognize the isapi and cgi restrictions are installed. Is there any registry check exists or any other check.
Thanks in advance.
The above answer helped me but needed some additional steps, here is the full process I had to do.
Go to Control panel -> Programs and Features -> Turn Windows features on or off. Make sure you have the following selected:
Next, refresh IIS Manager. You should now see ISAPI and CGI restrictions on the root level of features of IIS, click Allow for both versions of .NET v4.0
did you enabled asp.net for IIS in programs and features ? check it in
programs and features -> Turn windows features on or off -> internet information service -> world wide web services -> application development features -> asp.net !
Just to add: if there is more than one framework on the machine, please install the framework in IIS by using 'aspnet_regiis -i', which is the .NET framework home directory (e.g. on my machine, is C:\Windows\Microsoft.NET\Framework\v4.0.30319)
I had this issue on a 2016 server. I found an answer that solved my problem in 1 minute after spending HOURS trying to resolve it on my own.
https://forums.iis.net/t/1149768.aspx
Steps from that page that worked:
1. Take IIS backup.
2. Open IIS
3. Click on server module node at the top of the left hand tree and choose "Modules".
4. Right click on DynamicCompressionModule and choose "Unlock"
5. Right click on StaticCompressionModule and choose "Unlock".
6. Open desired websites -> Open Modules.
7. Right click on DynamicCompressionModules and choose "remove".
8. Right click on StaticCompressionModule and choose "Remove".
9. Do IISRESET.