I have an IIS7.5 intranet website which I have secured using Windows Authentication.
I want to allow access to a file in a sub-folder of the website without prompting for Windows credentials.
My web.config is shown below. When I browse to http://myserver:9876/SomeFolder/test.html I am still prompted for Windows credentials :
I found a work around for the problem, which I thought wasn't possible due to wcf. I just changed the authentication scheme to 'Anonymous' on "SomeFolder" and it works.
I haven't answered my question, so it still would be interesting to know if my original approach was possible.
Related
I have a web site I have been working on locally with VS 2012. Its intended to use Windows authentication. In my web.config I have windows auth set
<authentication mode="Windows" />
However, when I browse to the site after putting it on IIS7, I get prompted for a login.
Entering the login, I get access to the site without error.
In IIS manager, under Authentication > Windows Authentication ? Providers, I moved NTLM up to
the top. Also, I have a host header name for the site, and this name has an internal DNS route defined. Also, on IIS, under Authentication, I have Windows auth enabled, and anonymous disabled.
How can I allow users on my domain to browse to the site without having to provide a login?
Even though, this is like way old question, i stumbled upon this situation, not just in IE but in all the browsers and found out to be having a pretty decent and simple fix. I posted my answer in other question similar to this.
https://stackoverflow.com/a/62908487/11121833
Posting it here too, for anyone who may visit this question looking for solution.
I have been trying to implement a webDAV connection on an existing IIS ASP.NET web site. This issue surrounds permissions and connectivity when "Enable anonymous access" is unchecked and disabled.
I have tried every combination available. The server is w2k3 Web Edition, no AD, IIS6, so "Digest authentication for Windows domain servers" is not an option in the Authenticated Access section of Authentication Methods of the Virtual Directory I am sharing in the web site.
I have read about and tested the Registry Edit of the following key, \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\WebClient\Parameters\BasicAuthLevel
and change the value to 2
agianst each possible authentication method. It seems to disable connectivity more then helping.
I am trying to map a path to a virtual directory on the web server, a function of the webDAV protocol, works great if anonymous access is enabled, but obviously can not be for this project.
I would like to at least get the Windows Authentication to work and disbale Anonymous Access.
I have been testing this on both a development server and production server and the behavior is consistent. On a Win7 OS I can not get the Windows Authentication dialog box to appear.
A few tests on XP, the box appeared but would not authenticate, but this may have been related to other config issues.
I have also tested with Permissions to the Everyone group just to see if I can connect.
Any further suggestions would be appreciated.
UPDATE: I found this article that explains a portion of the problem and work around though not entirely fitting for the issue explained above.
http://support.microsoft.com/kb/943280/en-us
Try adding permissions for Network_services and the IIS User on that box. that has always gotten me over the permissions issues I have faced. You need to add these from within IIS as at least with IIS 7 it seems to over rule the permissions from windows explorer. Not sure if IIS 6 does the same but I just do it by default now.
UPDATE: I found this article that explains a portion of the problem and work around though not entirely fitting for the issue explained above. http://support.microsoft.com/kb/943280/en-us
We have an old ASP.NET application hosted in IIS6/Win2k3. It's a document generation application that uploads the documents to SharePoint 2003. The application uses an application pool under the user sharepointservice, which is the administrator of the SharePoint site. The web application, which has been recently migrated to .net 2.0 from 1.1, uses NTLM authentication to identify our intranet users.
As the IT administrators are on holidays, I, the developer, has been given local admin rights to the Win2k3 box. The issue is, whenever I deploy the website, though the documents are uploaded appropriately to the SharePoint site via the application, the users are not able to download them. The error is
HTTP Error 403 - Forbidden: Access is denied
I know the IT guys use a service account, not their domain user accounts.
I have already tried to modify the permissions in IIS for that website. I even put Everyone and <Domain>\Users to have read access to all of those folders, to no avail. I've scoured the net, there are no definitive answers. Am I missing something else?
I hate answering my own question, but this did it for me:
The application pools for the SharePoint site were modified from the default. So I reset them, including the AppPools for _layouts, _vti_bin, and _wpresources. Their AppPools are now the default, and are the same.
This link gave me the lead.
You are probably being prompted by permissions for the file system. Check the directories where IO is happening and make sure the user sharepointservice is using in the app pool has read/write permissions.
I just had this problem and solved it after following these instructions:
http://support.microsoft.com/kb/2543306
It seems the webapplication took so long that it hadn't created everything correctly when the IIS timed out. So I was receiving strange errors like yours.
We have IIS 7 running on the Windows 2008 Server which hosts many intranet websites. We want to use windows authentication for the website and its url will be http://pay
So, I add the C:\InetPub\pay folder and bind it to the IIS7.
Disable the Anonymous Authentication mode.
Enable the Windows Authentication mode.
When I access the website http://pay from the other computer, I got the message that
Unauthorized You do not have permission to view this directory or page
using the credentials that you supplied.
So, I go to the Windows Explorer and Add the Local\IUSR account and give access to the folder. But I still got the same error.
Finally, I added Everyone account and give access to the folder. This time, it works and windows authentication is also working well.
What I am afraid is that, does it open the read access to Everyone to the \MyServer\C$\Inetpub\pay folder? It contains the web.config which contains server and users credential and it would be the big security breach.
How can I achieve to use Windows Authentication without giving access to Everyone account?
Thanks in advance.
I believe what you you're looking for is the IIS_IUSRS group which you should give read access to your website folders when using Windows Authentication. The IUSR account you tried would be used in an Anonymous Authentication scenario.
More info on these groups in IIS7 here:
Understanding Built-In User and Group Accounts in IIS 7
Can you please post a small explanation of the prerequisites of using Windows Authentication?
I know that you have to turn Windows Authentication on from web.config or IIS and define domain.
Does the web server have to be connected to the Active Directory server or not, and how to get user info from Active Directory like name and description?
You don't have to be on a domain. The local server user accounts can be used with windows authentication. If the machine is on a domain, then either AD users OR local users can be used with windows authentication.
The minimum that has to be in place to use windows authentication in asp.net is that IIS has to have Windows Authentication enabled for the web site. IIS can still have other authentications enabled for the site too, even anonymous authentication can be used in conjunction with windows auth... as long as windows authentication is enabled also asp.net can use it.
Otherwise, your question is too broad for a good answer here. Authentication in asp.net is a very big topic; and when you add AD to the mix it gets bigger. I recommend checking out the MSDN documentation, reading through it, experimenting with it, then coming back here with more specific questions.