I have created an ASP .NET Web Application with MVC and Authentication as Individual User Accounts.
I have populated the app with some controllers, actions and views. Some of them are [AllowAnonymous] and other [Authorize].
It works perfectly in IIS express. I can create multiple accounts. And logging. And see the pages I have access to.
When I deployed the app to my local IIS, the authentication stopped working. I can create accounts. But I cant log in. When I try to log in it only redirects me toward the home page and I cant see the pages. When i try to put fake access it detects that they are incorrect.
I tried to fiddle around in the IIS settings but a don't know what to do.
Please, help me.
In IIS, for the site search for Authentication feature and enable windows authentication and disable Anonymous.
You need to keep your application to run anonymous authentication instead of windows authentication. Otherwise, you login page will get into infinite loop.
Besides,are you trying to connect a localdb with individual user account template in IIS?
Have you tried to set applciation pool like this in applicationhost.config and remove "AttachDbFilename=....." from your web.config connection string? If I take the steps above, I can get both register and create work in my IIS.
<add name="my app pool" autoStart="true">
<processModel identityType="ApplicationPoolIdentity" setProfileEnvironment="true" />
</add>
Related
I have created a simple WebForm asp.net web site. I have disabled the Windows Authentication checks within the code but set IIS8 to "Windows Authentication" as well as the web.config. I perform the Indentity.IsAuthenticated check in the backend to ensure the user is authenticated.
My issue is I get "The page cannot be displayed, please check your URL is correct". (This is in IE)
If I set my authentication to Anonymous the site works fine. I disable Anonymous Authentication and enable Windows Authentication only and receive this error. I have done quite abit of reading now and think I am just missing something small.
I used the IIS "default site" and set it to Windows Authentication and got a login prompt (as expected).
The server is running IIS8, windows 2012. Windows Authentication is installed as a feature, IIS site settings is set to use Windows Authentication only, as is the web.config. The web.config doesn't have Authorization tags for deny and allow but has <authentication mode="Windows" />. The errors occur on both IE and FireFox. No windows events are logged so i assume it's purely a authentication error that isn't displaying the site. The AppPool is set to Identity.
I think what confuses me most is the "default site" (with no code or logic) works and my site doesn't. The default site also doesn't have a web.config.
Any ideas would be grateful.
The issue may have to do with Kereberos.
I had the same issue and whilst troubleshooting server side issues, my co worker indicated that he was able to access the site.
It was then I realized my issue was a client side issue. Something may have been wrong with my Kerberos tickets. Maybe the domain controller that initially issued the ticket to me went offline. Rebooting my workstation was what got windows authentication working for me again.
Some other things you can try are:
Try changing your windows authentication provider to NTLM as a test.
Click on the site -> Click Authentication -> Click Windows Authentication -> Click Providers
Move NTLM to the top or add it if it isn't there.
Click ok.
IISReset. And try again.
If you prefer to use Kerberos, you may have to set the service principal names using the setspn.exe command.
For more information on Kerberos
https://blogs.msdn.microsoft.com/chiranth/2014/04/17/setting-up-kerberos-authentication-for-a-website-in-iis/
Other things to check:
- Check your authorization rules and .NET Authorization Rules to ensure All Users are allowed to access the site.
Look in your IIS logs located at C:\inetpub\logs for more clues. In the folder, you'll find a folder for each site named after the site's id. You can find the site id clicking Sites on the IIS Management console. The site ids of each site will be displayed there.
Verify the application pool identity of the site has enough permissions.
Is it possible to have the c# code for my asp website to run as the user who is authenticated through windows authentication?
After spending a bit of time researching I understand I would need impersonation, but when I configure impersonation for example like this: <identity impersonate="true" /> I get an error from IIS about how the web config is setup wrong for integrated pipeline. Bypassing the error with: does work but the code is not executed as the authenticated user but instead as the defaultAppPool and so the IIS user.
I know this is probably not the best question, I just can't wrap my head around impersonation with windows authentication.
You can verify user with LDAP/AD combination. This means user enters username and password from his own windows account and sends this data t server that can check if this data right. Of course this will work for Local networks with single LDAP server.
Try following links for info: https://www.codeproject.com/Articles/18742/Simple-Active-Directory-Authentication-Using-LDAP
https://msdn.microsoft.com/en-us/library/ff649227.aspx
I would not want elevated rights in IIS. I would hand all data needed to do the job to another service that really does this work (as the right user).
So I have spent almost all day researching for a solution to this question and have tried a multitude of things to no avail. First, let me set the situation up. The core solution I need is to access a user's Windows Credentials on a site hosted on IIS 6.1 Server. Everything else regarding access to pages and other role based functionality I have already handled. As a side note, this site is going to be accessed through an intranet and by far the primary browser IE9.
Now when running the project locally, something like
HttpContext.Current.User.Identity worked fine.
But, as mentioned in the premise of the problem, when a user accesses the site, that function is returning the server's window's credentials and not the users. (Specifically it was returning something like AppPool\Project)
So, I tried changing the IIS server settings. I disabled Anonymous Access, changed the apps configiration to Network Service, Enabled Windows Authentication, moved NTFM as the primary provider, changed the web config to have this:
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
(I have tried changing impersonate to both true and false)
I have also tried different ways of returning the name of the user, like User.Identity, Environment.Name etc. etc.
Here is what I am trying to avoid:
ASP.NET Default Windows Role Based Setup - This solution was used in another project, but the end users did not like receiving a login window when they did not have access to a page.
Changing Internet Explorer Settings- During my research, I saw some solutions proposed changing the trusted sites. I do not have the ability to change this information and would like a solution that does not require a user to modify their IE settings (The option to use Integrated Windows Credentials is already checked for all users)
If anyone has a solution to this problem, it would be greatly appreciated.
A brief background:
I am creating a web application and need this to pull data from SCOM 2012 DB(SQL Server 2012), this DB is set to Windows Authentication only, this will not be changed in the foreseeable future as the company are unwilling to do this.
Problem:
I have looked around extensively on this issue however I am unable to find a solution.
I need to create a connection to the DB running as a specific windows user to pull back to data. To make this clear I do not want to impersonate the end user using the web app. I have the credentials for the account I would like to use for this however I need some assistance in doing this if its possible!
The connection has to be made in the context of the windows user that has login access to the database. You cannot do it through the connection string.
You can do this by setting the app pool identity to this specific user (which is fairly standard practice). Or you can have a method that impersonates the user for the call to the database, though that is a little more involved. See How do you do Impersonation in .NET? for examples.
If the company is inside a domain, and the user running the iis has permisions on the SQL Server, all you have to do is use windows authentication and that's it.
Check out:
http://msdn.microsoft.com/en-us/library/2xzyzb0f(v=vs.100).aspx
You could set up a web service between your web app and your database, and run your web service under the account that has access to the database by putting
<system.web>
<identity impersonate="true" userName="domain\login" password="pwd" />
...
</system.web>
into the web service's web.config.
Then your web app could call the web service to get/save the data.
I know this works because I an working with an app that does this. Perhaps you could just put the impersonate into your web app's config file and access the database directly, but I don't have any experience with that.
For an ASP.NET MVC 2 application, we are using HttpContext.User.Identity.Name to get the user name for authentication purposes. This works fine when testing. Users who are in the database are able to access areas for which they have permissons, and redirected to a 401 page otherwise. The 401 page displays their username, explaining that this user is not authorized to access this content.
However, in a deployed environment, all attempts to access any portion of the application redirect to the 401 page, and the displayed username is blank!
How can we enable the deployed application to access the username of the request?
From my research, I should go to the following screen and enable Windows Authentication, but it's not in the list!
We had an issue like this to, what we ended up doing was turning off Anonymous Access in IIS. Remember to check the Integrated box at the bottom.. Hope this helps
Ah, if you are using IIS 7, you probably need to install it first! Here's a good overview. FTA:
The default installation of IIS 7 does not include the Windows
authentication role service. To use Windows authentication on IIS, you
must install the role service, disable Anonymous authentication for
your Web site or application, and then enable Windows authentication
for the site or application.
If you're not seeing it as an option, you probably don't have it installed.
(Dictated from my Winodws 7 machine,) Go to your Start menu and type: Turn Windows features on or off.
Next, in the dialog's treeview, go to Internet Information Services - World Wide Web Services - Security and then check the Windows Authentication checkbox.