Hey, i will try to be as clear as possible:
I have a site on domain1. I need to open a ModalDialog with a Page on domain2. My Domain2 is protected not to allow anonymous access so i get a login window like:
My problem is, for this one functionality, i want users to be able to see that ASPX, through the ModalDialog, without authenticating.
I tried using the ftp way:
http://user:password#www.domain.com/uploadcv.aspx
and i get a javascript error.
My site is hosted in IIS6, Windows Server 2003 and i have full access to the server.
Can anyone help me here? Thanx
If the site is protected, how will the user access without authentication. What is the authentication scheme being used ?
Related
I'm using webmatrix, razor, c#. I've created a web site for friends, it's on godaddy. I've created web pages to upload or delete images for the gallery, they work ok on webmatrix on my laptop, but get an "access denied" error with godaddy, understandably since I'm an anonymous user.
Godaddy says it is doing windows authentication and the godaddy gui shows me the folders and the user accounts and their permissions.
Can anyone tell me please how to keep the rest of the web site anonymous but to do this with the web pages which amend the gallery:
1. some kind of authentication to get into
2. they also authenticate to godaddy so they have permissions to create/delete files in the relevant folders
I can't see how the WebSecurity class can help. I've read that by default it creates its own database of user accounts, so this could achieve 1, but not 2. I've also read that it can be configured to use windows authentication instead of its own database, but that to do this anonymous access must be disabled.
I'd be grateful for any help, I certainly am stuck. For anyone kind enough to reply, please bear in mind I'm not a web developer, I'm a server admin!
I'm not sure if you're attempting to allow the end users to go to their galleries using GoDaddy AND thru the website. That sounds like a difficult security challenge.
One approach is to only allow the web application to have access to all the files and folders on the server. Then you can forget about Windows authentication. Have the users authenticate using the WebSecurity classes and pages.
_PageStart.cshtml is a file whose code runs everytime a page is opened by a user. In there you can put code which controls who has access including anonymous activity. For example, users are always allowed to go to the account pages in the account folder, because that's where they sign in. So they are still anonymous before signing in. The code is simple:
// You're always allowed to go to the login pages
if ( Request.RawUrl.StartsWith( "/Account") )
{
return;
}
If the code returns from here and doesn't take any other action, the page will open normally.
I have am asp.net 3.5 web site with a asmx web service and a test aspx page (the page tests the web service using javascript).
I need to run this site with anonymous authentication, so I setup the site in IIS as such.
Now, if I am trying to open the test page in the browser, I get 401.3-Unauthorized error.
Any ideas what should I do to fix it? Do I have to give read access for the physical file to Anonymous Login?
Also, what version of IIS are you using? Also if you are using the IIS mgr and you check anonymous authentication, you need to give it a valid username and password, have you done this?
A 403 can mean several things. It can mean you don't have authentication correctly configured, or it can mean that the ASP.NET worker process does not have rights to access the pages (the security is set to only allow you to access them, for instance). There are other scenarios as well, but these are the two most common.
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...
The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.
What could be the reason for this?
UPDATE:
Only happening in Internet Explorer... they should deport it.
If you use FireFox with FireBug, open up the Net panel, it will show you the request making the permissions request. If you cancel it, it will show an access denied in red, and that will easily help you hunt the issue down.
Maybe it's because a file (image, css, etc.) is being referenced that doesn't exist?
A couple of things I would check out:
Are there any images/other files that are added to your page using the FQDN? If so, are any of these pointing to an external site or staging site that might require credentials?
Is it possible that someone has removed permissions from the application pool credentials on the web server for some specific file or files the site is requesting?
Is the site load balanced or part of a farm? It could be that one or many servers are configured incorrectly, and the rest are ok. Then if by chance you hit the bad servers, you could get the prompt.
This application is using windows integrated authentication in IIS. No anonymous login.
It's also using an application pool defined to log on with a domain user.
If a try to browse any page, it pops up the username and password dialog box and even though I entered a valid user (including the domain administrator) it doesn't log on into the app. I keep getting the username/password dialog. If I logon locally (in the IIS box), it works OK.
Also, if I change the application pool to use Network Services, it works OK.
The domain user is already a member of the local IIS_WPG group in the IIS box.
Am I missing something here?
If you use a domain account for the Application Pool you have to run a series of scripts on the domain controller. So, apparently it's not recommended to use a domain account, rather a local server account. Microsoft has this issue documented on a case:
http://support.microsoft.com/default.aspx/kb/871179
I suspect the NTFS file persmissions on the .aspx files don't allow the users you are logging in as the needed access to read/execute them. What are the file permissions on the files you are trying to view? What do your authorization and authentication elements in web.config look like?
This sounds like it's related to the privilges assigned to the domain user. i.e. whether they, or indeed the server, are permitted to impersonate the user that is logging in. Or, something regarding "Trusted for delegation" in the server's settings in AD. Either way, you'll probably get a better response on serverfault =)
Try entering the same user of the appPool as the anonymous user (Web Site Security tab)
I had the same user/pwd Popup problem in Svr 2003.
I solved it by CHECKING ANONYMOUS ACCESS in directory security of DEFAULT WEB SITE.
It promps you if you want to also affect your sites you click OK.
That did it.
I just installed IIS7.5 on my brand new windows 7 box.
I created a new site using .NEt 2.0 DefaultAppPool, and set up permissions on the database and on the disk for that DefaultAppPool user.
All seemed good, until I deployed and visited my site http://localhost:9000
The page itself worked and returned html, but all static content and scripts were redirected to the logon page.
e.g.
/Scripts/jquery-1.3.2.min.js ==>/logon?ReturnUrl=%2fScripts%2fjquery-1.3.2.min.js
This same code when I publish to a live website works flawlessly and is in fact production code.
I had this working fine in Vista IIS7 too, but obviously I haven't set up something properly.
Anyone know how to fix this?
Any help is greatly appreciated.
Regards,
CV
UPDATE: all URL requests are being redirected to logon page
so if i enter http://localhost:9000/ into the browser i go to http://localhost:9000/logon
which is specified in my config file.
What on earth is deciding my visits should be redirected there? the homepage doesn't have the AUthorize attribute on it.
Ensure that forms and windows authentication are not both set, it should be one or the other - IIS may even give you a warning about it. I was having some strange static file redirect issues and this is what turned out to be the problem.
See this answer: Why is my style sheet redirecting me to login?
Set Anonymous Access to use the Application Identity instead of IUSR in IIS.
I faced the same error. To solve this issue, you should enable Anonymous Authentication, which will run under the App Pool identity instead of IUSR in IIS