I am running Win7, IIS7, and have put together a website for an intranet using Windows Authentication. When I type in my IP for my URL I am able to access the website but other users logged into the intranet are unable to see the site. IE simply gives them a 'Website cannot be displayed'.
Below is the website's webconfig where I'm impersonating and have Windows as the Authentication mode.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<identity impersonate="true" />
<authentication mode="Windows"></authentication>
</system.web>
</configuration>
Are there any read permissions that I'm missing?
Below are the current users and groups that have access to the site:
IIS_WPG
Administrators
USERS(myusername\Users)
IIS_IUSRS(myusername\IIS_IUSRS)
The users group should be a domain level Users group. It looks like you're currently only allowing local users
Ex:
USERS(mydomain\Users)
Don't you need a username and password in the impersonate area? or maybe not because you have windows authentication...
<identity imersonate="true" username="someUser" password="somePassword" />
Related
I'm trying to use HttpContext.Current.User.Identity.Name to get the user's Windows login details from the internal network, however it's empty.
I've tried changing the authentication mode in Web.Config with no joy:
<system.web>
<authentication mode="Windows" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
I've also heard that in the project properties you should enable Windows authentication and disable anonymous authentication like so:
But then I get a re-direct loop, with the message "This webpage has a redirect loop" in Chrome.
I've also checked that Windows Authentication is installed on my machine:
Any ideas on how to fix this please?
Many thanks
When I have:
<authentication mode="Windows"/>
<identity impersonate="true/>
in web.config I get the current user with:
string currUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
Changing my project web server settings to Local IIS instead of IIS Express resolved the issue for me, though I'm not sure why this is the case if anyone has additional information about this.
Right click the project
Click Properties
Go to the Web tab
In the Servers section, select Local IIS from the dropdown
IIS Configuration:
Anonymous Authentication Enabled
ASP.NET Impersonation Enabled
Windows Authentication Enabled
*the rest is disabled
Web.Config:
<add name="ADConn" connectionString="LDAP://192.168.0.21" />
.
.
.
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
<deny users="?" />
</authorization>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
<identity impersonate="true"/>
<membership defaultProvider="ADMembership">
<providers>
<add name="ADMembership"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConn"
connectionUsername="dominic"
attributeMapUsername="sAMAccountName"
connectionPassword="p#ssw0rd" />
</providers>
</membership>
And in my web application:
[Authorize]
public class HomeController : Controller
{
I'm trying to convert my application from Form to Windows Authentication. With this configuration, the page prompts me with login dialog. When I use my AD account, I can't login, but when I use my local account, I can visit the page. Why? How would I tell my application to use a specific AD? Is my configuration correct?
Important notes:
My IIS and AD are on different machines and they are not on the same domain.
My IIS and client is on the same machine.
My application works with Form Authentication using AD.
IIS version: 6.1
MVC version: 4
AD OS: Windows 2008
Client and IIS OS: Windows 7
Here is what I think is happening
When you try to open the application, the browser will send your current AD credentials (if IE is configured to do this automatically)
Since you are using asp.net impersonation, If the AD account doesn't have access to the application folder it will try to use the anonymous user account instead which also doesn't have access.
You might need to add security access to application folder for the anonymous user defined in IIS otherwise remove the anonymous access from IIS
you can check the following link for the setting permission guidelines
Guidelines for Resolving IIS Permissions Problems
I've worked at this quite a bit, but cannot seem to find a good solution.
I have a ASP.NET app (.Net 3.5) with IIS which pulls the user machine name and username from the account. This works on my local machine, but when uploading using IIS it gives null or IIS APPPOOL/appname. On IIS I have "Integrated Windows Authentication" and "Anonymous" set and in my Web.config file
<authentication mode="Windows"/>
<identity impersonate="true"/>
And I am trying to access the user information a number of different ways, some are:
HttpContext.Current.User.Identity.Name
System.Threading.Thread.CurrentPrincipal.Identity.Name
System.Security.Principal.WindowsIdentity.GetCurrent().Name
Environment.UserName
Each of these work on my local machine, but when uploaded to the IIS server, everything gives invalid information. The app is internal, but I still need it to grab the Username without giving a login screen. Ideas?
Update: I've changed IIS to Anonymous Authentication Disabled and Windows Auth Enabled. And my web.config file I've tried the following
<authentication mode="Windows"/>
<!-- <identity impersonate="true"/> -->
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Sorry about the update, but are there any ideas?
For anyone following this and needing an answer, the problem lies in IIS. In the Authentication area in IIS only have ASP.NET Impersonation and Windows Authentication enabled, the others should be disabled. And in Windows Authentication, go to Advanced Settings and UNCHECK the Enable Kernel-mode authentication. The Authorization Rules area should allow for all users (note this is done in IIS, not in the config file) And the following code in config is necessary.
<system.web><authentication mode="Windows"/><identity impersonate="true"/></system.web>
Hope this helps someone, here's a couple links that helped me. Good luck!
http://msdn.microsoft.com/en-us/library/aa302377.aspx
http://www.eggheadcafe.com/tutorials/aspnet/1f12cd61-6bb3-4ffd-bac1-124d40837006/aspnet-request-identity--an-analysis.aspx
I would like my asp .net web application to only allow users belonging to DomainName\Domain Users to access the site. Right now I have "Anonymous access" disabled and "Windows Integrated Security" enabled on IIS. I also have the following code in my web config:
<authentication mode="Windows" />
<authorization>
<allow roles="DomainName\Domain Users" />
<deny users="*" />
</authorization>
When I attempt to access the website it prompts me for the username and password to connect to webserver.example.com. I am a member of the domain users group but it does not allow me access. What am I doing wrong either in the syntax or in my IIS settings?
Is Anonymous Authentication Disabled in IIS ? Only Integrated Windows Auth should be enabled on the web application.
EDIT from comments:
I see you have Anonymous disabled. Try adding <identity impersonate="true" /> within <system.web> and see if your behavior changes.
I'm currently working on a page within one of my company's internet sites that is in response to some production issues we have. The page will be published with the rest of the web site to our DMZ, however I'd like to set-up some quick authentication so only users on our domain (assuming they access the site internally) can access the page. I'd like to use Windows authentication to do so.
Is there a quick way to accomplish this?
If I understand the question correctly, you want to enable security just on one page in your application - not the entire app.
Under IIS, you can manage the security settings on a page by page basis. In the IIS manager, pick the page, and change the security settings so that anonymous is off, and only Windows auth is accepted. You should get prompted for a login when you visit that page.
From Scott Gu's blog
To enable Windows Authentication
within an ASP.NET Application, you
should make sure that you have
“Integrated Windows Authentication”
(formerly called NTLM authentication)
enabled within IIS for the application
you are building. You should then
add a web.config file to the root
directory of your ASP.NET application
that contains an
section which sets the mode to
“Windows”.
You should also then add an
section to the same
web.config file that denies access to
“anonymous” users visiting the site.
This will force ASP.NET to always
authenticate the incoming browser user
using Windows Authentication – and
ensure that from within code on the
server you can always access the
username and Windows group membership
of the incoming user.
The below web.config file demonstrates
how to configure both steps described
above:
<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
EDIT:
You can apply the auth settings to just a path in this way:
<location path="mypath.axd">
<system.web>
<authorization>
<allow roles="MyRole, AnotherRole" />
<deny users="*" />
<deny users="?" />
</authorization>
</system.web>
</location>
You can simply use Windows Authentication settings in IIS. Just turn off Anonymous Access in IIS and set your NTFS permissions on the Web folder to the users whom you want to have access to the site. Your IIS admin should be able to handle this quite easily.