Machine level authentication - asp.net

When I submit a form to other page in my ASP.NET site, it asks for windows authentication. How do I remove this?

There are two ways to set up windows authentication. One is in IIS and one is in web.config. So basically you need to check that there is no <authentication mode="windows"> tag in your main web.config or in a web.config in the specific folder where the aspx page in question is located. Furthermore you also need to go to the IIS manager (inetmgr) and make sure that windows authentication is not enabled in the folder in question.

Related

How to enable Windows Authentication for Asp web app?

Windows Authentication seems super simple, but I am still having trouble. So I decided to create a brand new Asp web app project with the Windows Authentication template. Of course, this works. In the designer, <asp:LoginName runat="server" /> works, and in code-behind User.Identity.Name works.
The only setting I can find is in web.config: <authentication mode="Windows"/>.
Back to my own web app project, I verified that I have the same web.config setting. However, the asp.LoginName tag and the User.Identity property have a blank string, i.e., no user name. Also, when using <deny users="?"/>
the page returns a 401.2 Access Denied response.
As I am testing both projects on the same dev machine, both in VS2015, the problem cannot be in settings of IIS Express or VS2015. Also using the same Firefox browser, although I also tried IE.
Is there a project setting in VS2015 that I overlooked?
Update:
I kind of solved this issue by copying all project source files to the brand new Asp web app project. In fact, I was in the process of converting a Web Site project to a Web Application project. I still do not know why I could not get Windows Authentication to work by configuration, but at least I can get going with further development.
However, I am still hoping for an answer . . . :-)
On your Web.config you must add:
<authentication mode="Windows" />
Your server must be a member of AD.
Check:
https://support.microsoft.com/en-us/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net
You can write whatever you want in web.config, but if the desired mode of authentication is not enabled in [solution]/.vs/config/applicationhost.config , it will not work. Because the leading dot makes this a hidden path, this config is hard to find. No idea if this is a bug or a feature ...
See also my other question on another test case of this problem: https://stackoverflow.com/a/48806942/1845672

Mixing Forms and Windows Security in ASP.NET

I am having trouble using Mixed Forms Authentication and Windows Security.
I am not too familiar with IIS and security. I found this article today:
https://msdn.microsoft.com/en-us/library/ms972958.aspx#mixedsecurity_topic5
I first started by adding an authentication mode to my web.config file:
<authentication mode="Forms">
<forms loginUrl="~/Login"></forms>
</authentication>
the tutorial above says my loginURL should be WinLogin.aspx, I guess this is where my confusion starts.
As in the tutorial above it states the following:
Using the IIS Manager, right-click the WinLogin.aspx file, click Properties, and then go to the File Security tab to edit the authentication and access control for this single file. Then simply un-check Enable anonymous access and check Integrated Windows authentication.
I don’t see WinLogin.aspx in my IIS Manager.
My question is, do I need to create a site in my IIS Manager and create a WinLogin.aspx file my project?
I am using MVC, so if I add my project to IIS, do I follow the same steps for WinLogin.aspx but for my Login Controller file? LoginController.cs ? I am very confused on this subject.
Thanks,
According to the tutorial, you'll need two files, WebLogin.aspx and WinLogin.aspx. WinLogin.aspx just exists to test the Integrated Windows Authentication, otherwise users would login via WebLogin.aspx. The tutorial for WinLogin.aspx should be in the source code for the article (linked to at the top of the article).
Instead of WebLogin.aspx, you can provide a route to your MVC login page.

Asp.net Windows Authentication not working

Confused about Windows authentication.
I tried in the below way.
1) I have created 2 pages Home.aspx and Admin.aspx
2) Created Virtual directory and placed my application in the IIS.
3) Antonymous access is false and Integrated windows security is true.
4) In the web.config file haven given this code.
<authentication mode="Windows"/>
<authorization>
----------------------
</authorization>
5) Created new user under Computer management.
trying with various roles section in tag.
But what ever I am entering as a roles it is not asking the credentials.
seems some where near to roles section in tag is making problem.
please help me out what was the tag need to add for windows authentication.
Thanks in advance for your help.
You must also make sure your URL does not contain dots!
See my answer on: WIndows Authentication not working

Visual Studio Application looking for login.aspx

I have an asp.net version 4 web application that runs in IIS. It has worked well, but suddenly is looking for login.aspx.
I don't have and never have had login.aspx in the application. Why would it look for it now, and how do I fix it?
If this site is virtually a child of another site, then that could be the problem.
web.config files have a virtual inheritance hierarchy. The definition of the login page could be coming from a site higher in the virtual hierarchy.
If the higher web.config were to introduce a different login page, then that would affect your site. You would then have to use your web.config to override the changes made in the higher web.config.
I'm not too sure if you've found the answer already but if you don't need authentication in your website then set the authentication mode to none. Like below
<authentication mode="None"/>

Windows authentication for intranet site pages

I'm building an intranet web site (asp.net 3.5) which has windows authentication. Two questions:
When the code behind makes a trusted connection to the SQL server, will it connect with app pool credentials or current page user credentials?
Right now, with a blank page, when the internal user (logged in to the domain) tries to hit the page they get challenged with windows login screen, and their credentials don't work.
Is there anything else I need to setup in web.config or IIS for the windows authentication to work, other than adding <authentication mode="Windows"/>?
You can configure the Windows identity of your ASP.NET application as the Windows identity supplied by IIS by enabling impersonation. That is, you instruct your ASP.NET application to impersonate the identity supplied by IIS for all tasks that the Windows operating system authenticates, including file and network access.
To enable impersonation for your Web application, in the application's Web.config file set the impersonate attribute of the identity element to true, as shown in the following code example.
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
Source
You don't want to use imporsonate as suggested by kd7. Because then you will need to give your users rights on the database. Might be okay for SELECT operations, but I don't think your DBAs will go along if you also need to UDATE/DELETE operations. already addressed by kd7.
When you enable "Windows" authentication, you need to not only configure your application to use it, you also need to configure IIS as well.
You also need to make sure that your AppPool user has proper permissions on the File System for your site.
Depending on IIS version, the procedure for enabling windows authentication is different. You can google it.

Resources