I'm using Cassini to run an ASP.NET app on a machine where I don't have access to IIS. I'm using Cassini for .NET 3.5. My website uses Windows authentication and when run on Cassini
User.Identity.Name
returns an empty string. I'm guess this does this because it is allowing anonymous access to my website. This is documented here:
http://support.microsoft.com/?id=306359
The fix for the problem is:
Change the authentication mode in the Web.config file to Windows as follows:
<authentication mode="Windows" />
In the Internet Services Manager, right-click the .aspx file or the Web Project folder, and then click Properties.
If you clicked Properties for the Web Project folder, click the Directory Security tab. 3. If you clicked Properties for the .aspx file, click the File Security tab.
Under Anonymous Access and authentication control, click Edit.
In the Authentication methods dialog box, clear the Anonymous Access check box, and then select either the Basic, the Digest or the Integrated (NT Challenge/Response) check box.
Cassini doesn't have a UI to do this, can anyone point me in the right direction to modify to Cassini sourse code such that it doesn't allow Anonymous Access?
I am using the version from this website: http://blogs.msdn.com/dmitryr/archive/2008/10/03/cassini-for-framework-3-5.aspx
You should be able to accomplish this by simply checking the 'ntlm authentication' box on the web property page of your project.
This will send a flag to the VS dev server to require windows authentication and in conjunction with you auth=windows config you should get what you want.
In solution explorer pane select the Web Project and hit F4. (not right click+properties, thats different) - this will show property pane
In properties Pane then set:
Windows Authentication: Enable
Anonymous Authentication: Disabled
Run your project, Happy Days!
Related
My "Hello World" c#.Net application works fine on my local Windows 7. Moving to our server I get 401.2 error.
Here what I have done (following advices in some forums):
Changed the Anonymous authentication use to application pull user
Created a new application pull
Created a new Windows user with access to application folders
Set the authentication of the application pull to that user
Set the application pull for my application to that application pull
Please note that:
I receive the error both from within the server and outside
I receive this error from all the browser I tested: Chrome, IE 9.0 and Firefox
An html file in the same folder is visible
What am I missing?
Thanks,
Asaf
You don't need to create a new windows user. I know you've said what steps you've done, but I'm going to highlight what I do each time I add a new site.
Set the Identity of the Application Pool to
ApplicationPoolIdentity.
In the website, set Anonymous Authentication to Enabled. Click
Edit on the right and set the Authentication Credentials to
Application pool identity.
In the website, again, choose Basic Settings on the right. Click
the Connect As.. button and make sure Application User is
selected.
Give the appropriate access to the folder on your hard drive(s); i.e
Application Pool name = hello.com, the user is IIS
AppPool\hello.com.
I think your issue is that you haven't given the folder permissions for the Application Pool User. I think you've incorrectly given them to an unneccessary Windows account.
HTH
Do you have the correct version of .NET installed on Server? Also you need to register ASP.NET in IIS - c:\windows\Microsoft.NET\framework\v2.0.50727 (or v4.0....)
aspnet_regiis.exe -i
and after restart IIS with iisreset in command line
Newly installed IIS on a clean windows Server 2008 R2. Installed all security option. Then for the default web site authentication, enabled windows authentication and disabled all others. Then when access the default page iisstart.htm, it should give me a popup for authentication message.
but when I access the test page like: http://localhost/iisstart.htm, there is no popup. same as enabled Anonymous Authentication.
How to fix it?
I think your webservice is accessing files via your app pool identity, remove this user from the security access list on the file.
If you go to "localhost", then IE will see this as part of the "Intranet Zone". In the "Intranet Zone", IE will by default automatically send your current credentials to sites that use "Windows Authentication".
The result is that everything is probably working correctly.
First of all make sure you check if the app pool user can access the files of the website (NTFS security settings). See: IIS7 Permissions Overview - ApplicationPoolIdentity
After that (and double checking that only Windows Authentication is enabled in IIS) take into account that your URL must not contain dots! You can make an extra binding (see: https://technet.microsoft.com/en-us/library/cc731692(v=ws.10).aspx) that contains only letters and numbers and then add that binding to your local hosts file (open a text editor as administrator and then edit the file hosts in C:\Windows\System32\drivers\etc) to check.
I want to authorize the asp.net account to access some folders in my project.
However, I get this error::
System.UnauthorizedAccessException: Access to the path 'D:\ProgramingPart\FromYamn\WebExercise\WebExercise\AccordionImgs' is denied.
I am using win 7 so what is the name of the asp.net account that I should use?
This depends on a couple of things:
What identity is the application pool running as?
What IIS authentication method are you using?
If you are using IIS7 in Classic Pipeline Mode, what authentication method are you using for ASP.NET (see your web.config file).
Try running visual studio as Administrator.
Under Win7 the default IIS user is ApplicationPoolIdentity. This is somewhat confusing as it's not a real user account. In order to adjust the permissions you need to drop to the command line first and issue
icacls D:\ProgramingPart\FromYamn\WebExercise\WebExercise\AccordionImgs /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)
From there you can return to explorer and edit the permissions using the properties tab for the directory. Or you can simply type "IIS APPPOOL\DefaultAppPool" in the add users field in explorer, but I have a preference for icacls myself :)
Probably you want to add the permissions a bit further up the tree. In real shared hosting scenarios application pools tend to get their own, full user accounts, but Server 2008/Win7 added the app pool user so pools can be created, isolated without having to do that.
This worked for me:
On the folder of your application, which might be something like:
C:\Users\YourName\Documents\YourSite
or
C:\inetpub\wwwroot\YourSite
Right-click the folder, choose Properties, go to the Security tab.
You need to add IIS_IUSRS to this list, and probably give full control.
Then, in IIS Manager, assuming you've set up your project folder as an application here, click on your folder/application. Then click the Authentication option. Right click the Anonymous Authentication, and check the user identity. Mine is IUSR.
Go back to your folder security, and add this user, with full control too.
Hopefully it works now!
I'm developing an ASP.NET application which needs Windows Authentication. I have the web.config set up to deny anonymous users and use Windows mode for authentication, but my local development version still lets me pass right through to the site. In order to test different user set-ups, I need to force authorization so I can change users.
How do I set up my system (config files, VS2005 settings, IIS, etc?) to force the authorization window to popup on the site when I'm running on local asp.net development server? In other words, how do I get the authentication popup when running the site in Debug mode?
You will also need to configure IIS and have your application point to IIS instead of the local web server
To configure Windows authentication
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab.
Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated Windows > authentication is the only selected check box.
http://msdn.microsoft.com/en-us/library/ms998358.aspx
To configure your application to point to IIS
Right click on your web project, and then click Properties
Click the Web tab
Click the "Use Local IIS Web Server" radio button
Anyone aware of how to get the ASP.NET Dev Server to challenge for basic authentication credentials instead of assuming my current login?
If using Cassini then according to paragraph at bottom of this link - Limitations of the Cassini Web Server, you cant.
If using IIS, then update IIS authentication.
In IIS,
in the virtual directory of your site right click on your virtual directory,
select the Directory Security tab
select Edit button next to Anonymous access and authentication control
uncheck allow anonymous and integrated windows authentication
check basic authentication
Not an answer to your question, per se, but consider configuring your web project's properties to "Don't open a page. Wait for a request from an external application", and then hit your server with a browser that's been launched with alternative credentials.
Do you have Integrated Windows authentication checked off under Directory Security in IIS, instead of (or in addition to) Basic?