I am working in C# and ASP.NET making a webbased database application with integrated security such that the Windows user is used in access to the database. When I run the application in IIS Express from Visual Studio, everything is fine. When I publish the webpage under IIS, I get problem with the Windows Authentication.
In IIS Express, the following two code lines produce the same Windows username corresponding to the currently logged in user, which is also what I want:
string user = Page.User.Identity.Name;
string loginName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
but in the published form in IIS, the second line gives a different user: IIS APPPOOL\"the-name-of-my-Visual-Studio-solution". This user has no rights to the databases, and the application breaks down.
I have enabled Windows authentication in web.config:
<authentication mode="Windows" />
<identity impersonate ="false" />
<authorization>
<deny users="?" />
</authorization>
In IIS, the following settings are used (see pictures below):
IIS authentication settings
And this is the application pools settings:
IIS Application pools settings
Where to look for the problem?
Try these code :
string UserName = HttpContext.Current.User.Identity.Name;
string UserName = Request.LogonUserIdentity.Name;
The problem had to do with impersonation. For the proper authentication to take place, I had to do two things: 1) I had to enable ASP.NET impersonation in IIS for my application. (This can be done in web.config also, but I did not want that since I then had to makes changes in the server configuration to make it work.) 2) I had to change the Managed Pipeline Mode for the Application Pool from Integrated to Classic, this also in IIS, for my application.
Then it worked.
Related
I am deploying my ASP.NET application on IIS. Everything works well when I run it on Visual Studio with IIS Express but when I use IIS, the event viewer shows this error.
I added a login on SQL Server but still get the same error
Any idea on what I could be missing?
Grand DB_Owner permission for "IIS APPPOOL\test.bata.com". also check the connection string in web.config file
You can try to use custom identity in application pool with the windows user name password and use this string in web.config file.
<add name="umbracoDbDSN" connectionString="data source=YOUR_SERVER_NAME;database=nrc;Integrated Security=SSPI;persist security info=True;" providerName="System.Data.SqlClient" />
For more detailed steps you can refer to this link: https://forums.iis.net/t/1249665.aspx
I have a Application in Asp.net MVC running perfectly in Visual Studio 2015, with IIS EXPRESS (local computer).
I try execute this application in other computer (Windows Server 2008 R2 w/ IIS 7.5). I did a Deploy and i put in folder "C:\inetpub\wwwroot\testsite".
On execute localhost/testsite, the index page showying normaly, but, on submit the form (it's a login page), my IIS presents the "401.0 ERROR".
I am using "authentication mode forms":
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Forms">
<forms loginUrl="~/User/Login" timeout="2880" />
</authentication>
</system.web>
Pool application is "DefaultAppPool". The Authentication: "Anonymous = ON", "Forms = ON", others options = OFF.
I tried various tips from other posts here from StackOverflow, But I could not solve my problem =(
Thanks!
Select the web application returning 401 - Unauthorized, and double-click the Authentication feature. Right-click the "Anonymous Authentication" provider and select edit. Switch the default anonymous user account ("IUSR") to ApplicationPoolIdentity. Now, right-click the web application in the left pane, select Edit Permissions..., select the Security tab, click Edit -> Add and add IIS APPPOOL\NameOfAppPool. Make sure the Application Pool Identity has read and execute permissions of the folder.
If you want to enable logging, check out this TechNet article: http://technet.microsoft.com/en-us/library/cc754631(WS.10).aspx
There is a setting for the anonymous user to use the credentials of the application pool identity or a specific user. Sometimes, it is defaulted to a specific user and not anonymous user If this is the issue in your case, following settings will hopefully fix it:
IIS Manager → Sites → Website
Double click "Authentication"
Select Anonymous Authentication
From the Actions panel, select Edit
Select Application pool Identity and click ok
Solution: It is not the way you would like to solve ... But the way it worked was creating a new subdomain for my application.
I have a basic Visual Studio project, 2 folders in a site, one folder called 'pub' which should be publicly available, and one called 'auth' which requires you to sign in to view the contents. I have 2 location rules in the web.config that manage that.
I am also using a basic auth module (http://www.asp.net/web-api/overview/security/basic-authentication) which is added to modules in IIS and registered
In VS when I debug using IISExpress, everything works as expected, 'pub' let's me in no problem, and auth prompts me for credentials using 'basic' auth. But when I publish (through VS, delete all files prior to update) the site to IIS 7.5 every folder requires authentication, which is wrong.
Now if it is the BasicAuthModule that is causing the issue, then how do I get prompted for credentials using basic auth in IISExpress, but if it isn't the module then what is different between the IISExpress debug install and my servers?
There isn't really a lot of code to show, but here is my web.config with the code that we are using:
-system.webServer-
-modules-
-add name="BasicAuthHttpModule" type="WebHostBasicAuth.BasicAuthHttpModule" -
-/modules-
-/system.webServer-
-system.web-
-httpRuntime targetFramework="4.5" -
-authentication mode="Windows" -
-/system.web-
-location path="~/services/public"-
-system.web-
-authorization-
-allow users="*"-
-/authorization-
-/system.web-
-/location-
-location path="~/services/auth"-
-system.web-
-authorization-
-deny users="?"-
-/authorization-
-/system.web-
-/location-
Obvious answer, redesigned the site to have virtual directories for the auth and pub and changed the auth methods for each one.
I just though there should be a better way.
I'm having trouble accessing a network share using ASP.net C#.
I've used the identity in web.config
<identity impersonate="true" userName="username" password="password" />
And changed the machine.config file. I've also enabled impersonation in IIS.
I try to use this code:
System.IO.Directory.CreateDirectory("\\\\networklocation\\test");
And I get the following error:
Parser Error Message: Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.
The network share location has access to all users (everyone account).
Any ideas whats going wrong here?
Are you specifying the correct domain for the user?
<identity impersonate="true"
userName="domain\user"
password="password" />
why do you use impersonation if everyone account is active ?
remove the impersonation Section
I'm using the following code to authenticate via Kerberos.
IntPtr logonToken = WindowsIdentity.GetCurrent().Token;
string authenticationType = "WindowsAuthentication";
WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken, authenticationType);
//windowsIdentity.Name == equals "IIS APPPOOL\Classic .NET AppPool" when I want it to be the user
This only happens when I try and run my .NET application the Web Server. If I run the code locally on my machine for debugging, it shows my userid in the Name property. Any suggestions on how to get this working on a web server?
You need to enable impersonation in web.config:
To configure ASP.NET to impersonate the Windows identity supplied by IIS as the WindowsIdentity for the ASP.NET application, edit the Web.config file for the application and set the impersonate attribute of the identity configuration element to true, as shown in the following example.
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
</configuration>
When you run the code locally for debugging you're probably using the web dev server that runs as your logged-in user, which is why you'll see the correct user in debug.
Your problem is, your IIS server runs under its own identity, not yours. Therefore, WindowsIdentity.GetCurrent().Token returns IIS work process' identity.
You can configure your website to run under different identity (including yours) using IIS Manager console: