Any way to do this? I've seen every other config file referenced but this one (Usually IIS) but I need it to be portable with the project. I have this one project that I need to demo with basic HTTP authentication over SSL, and I would not have thought this would be the hard part.
Put this code in the web.config file under system.web element:
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
</authentication>
</security>
Bear in mind that Basic Auth. must have been enabled on the server (through Turn On/Off Windows features)
Related
Edit: I do not need any patronising replies about how Silverlight is almost out of date. Of course I know this. When you work in software support for a company (a) you don't get to use a time machine to change choices made years ago and (b) you often have to support systems that aren't the latest because "just replace it" isn't necessarily possible. Yes this system is being phased out. If it is purely Silverlight that is reacting to a change from WebDev to IIS Express then please cite references to that effect.
I seem to have a very specific problem with my laptop that colleagues don't experience. When I run our Silverlight UI solution locally at the latest version I am always asked to sign in. However, my user credentials (the same ones I use to sign into my laptop) are always rejected.
The difference is that in the latest solution we are now invoking IIS Express.
Previously the solutions ran like this (via a launch batch file - I'm unclear what has altered within the solution) and if I return to using this form I am able to avoid the authentication
start webdev.webserver40.exe /port:{port number} /path:"%CD%\{application folder}"
whereas with IIS Express we are using this:
start iisexpress.exe /config:"%CD%\{solution folder}\.vs\config\applicationhost.config" /site:{site name as shown in applicationhost.config}
I've looked through the applicationhost.config file:
I've altered this at the end
<location path="{site path}">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</location>
The security block looks fine:
<access sslFlags="None" />
<applicationDependencies>
<application name="Active Server Pages" groupId="ASP" />
</applicationDependencies>
<authentication>
<anonymousAuthentication enabled="true" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="false">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
<authorization>
<add accessType="Allow" users="*" />
</authorization>
<ipSecurity allowUnlisted="true" />
to my untrained eye.
Finally I even updated the csproj.user file
<PropertyGroup>
<UseIISExpress>true</UseIISExpress>
<IISExpressAnonymousAuthentication>enabled</IISExpressAnonymousAuthentication>
<IISExpressWindowsAuthentication>disabled</IISExpressWindowsAuthentication>
<IISExpressUseClassicPipelineMode>false</IISExpressUseClassicPipelineMode>
</PropertyGroup>
use IIS Express was false and Windows was enabled and anonymous disabled.
but these settings were also true in the old code.
I'm really baffled as to what can be set on my machine.
Note: Windows 10, VS 2015.
I have a web API application developed in .Net with framework version 4.6.1, I am trying to enable basic & anonymous authentication using web.config file with default Domain, but its not working expected, anyone help me to enable using web.config.
i have tried the following code, but its not working
<system.webServer>
<security>
<basicAuthenticaion enabled="true" defaultLogonDomain="DomainName"/>
<anonymousAuthenticaion enabled="true"/>
</security>
</system.webServer>
You should add a tag of <authentication> and also pay attention to spelling of basicAuthentication and anonymousAuthentication(you spell them with basicAuthenticaion and anonymousAuthenticaion).
<system.webServer>
<security>
<authentication>
<basicAuthentication enabled="true"/>
<anonymousAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
By the way, other authentication methods may be off if you enable anonymous authentication as mentioned by Lex Li in comments. So please check if your requirements need to enable both of them.
I have a simple MVC web api 2 IIS hosted application which I want to enable windows authentication (initially not using Owin). I am running this on my development machine and running as local IIS.
So, from what I could find, I need to add the following to the web.config
1: to the following section the authentication mode="Windows"
<system.web>
<compilation debug="true" targetFramework="4.5.1"/>
<httpRuntime targetFramework="4.5.1"/>
<authentication mode="Windows" />
</system.web>
2: Then add the following
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true"/>
</authentication>
</security>
When I add the above and run the application (in debug from Dev studio), I get the following error
HTTP Error 500.19 - Internal Server Error
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
and then it specifically points to this web config entry
Config Source:
37: <authentication>
38: <windowsAuthentication enabled="true"/>
39: </authentication>
Anyone have any ideas why I would be getting this?
Also, I noticed when I switch to IIS express, that in the project properties, the Windows Authentication is set to disabled, and grayed out so I cannot set it here either.
Thanks in advance for any help!
If you read applicationHost.config, you will see that authentication related sections are locked down and cannot be overridden in web.config,
<section name="windowsAuthentication" overrideModeDefault="Deny" />
Thus, you need to specify that in applicationHost.config, instead of web.config. Both IIS and IIS Express have such restriction.
I'm trying to use Windows Authentication in my ASP.NET application. Whenever I try to view the app it sends me to a login page. How can I make it work without having to manually login via the browser?
web.config
<system.web>
<authentication mode="Windows"></authentication>
<anonymousIdentification enabled="false"/>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<customErrors mode="Off"></customErrors>
<identity impersonate="true"></identity>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime />
</system.web>
error after updating IIS Express
Most likely causes:
No authentication protocol (including anonymous) is selected in IIS.
Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
The Web server is not configured for anonymous access and a required authorization header was not received.
The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
applicationhost.config
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
Windows Authentication with IISExpress
Update your web.config
Make sure your web.config file both enables windows authentication and also denies anonymous authentication. HttpContext.Current.User.Identity.Name will be blank if the app falls through to anonymous authentication. Your config should look something like this:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
Error 401.2 Unauthorized
Sometimes, you might get the error 401.2 Unauthorized: Logon failed due to server configuration error. If you do, verify that you have permission to view this directory or page based on the credentials you supplied. Also make sure you have the authentication methods enabled on the Web server.
Updating applicationhost.config
You also might find you have to update the IISExpress applicationhost.config file (dont’ worry – I didn’t know it either). This is essentially the file version of the IIS configuration tool, where you can configure the web server itself. Finding the applicationhost.config file can be tricky. It might be in:
%userprofile%\documents\iisexpress\config\applicationhost.config
or
%userprofile%\my documents\iisexpress\config\applicationhost.config
Once you find it, update the following lines (paying special attention to enabled=true):
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
This is the article
We use Windows authentication for almost all of our intranet apps, including SharePoint. Employees must login if their browser doesn't automatically send their Windows credentials automatically to the site.
On IE, this is a matter of the browser's configuration. I think there are also ways to configure Chrome and Firefox to send Windows login automatically. I think Chrome will follow Window's internet settings (on the client) just like IE. Try to set the User Authentication options to "Automatic Logon with current username and password".
See below screenshot for an illustration to where that is.
Also note that this involves the user's browser sending a Windows Token to the application. The application must understand and trust the source of this token, and this would work with the support of a "domain" in which both the user and application reside in. I think it will work on a single machine (while you are debugging), but if you want this to work on multiple computers on a network, you need to look into creating a domain. A typical way to create a domain is Active Directory.
Let me know.
When debugging my web app in VS 2017, I found I needed to update [solution path]\.vs\config\applicationhost.config. I replaced the authentication section with:
<authentication>
<anonymousAuthentication enabled="false" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
More here: https://stackoverflow.com/a/4813716/555142
Open IIS (Windows + R 'inetmgr')
Select the IIS Server (Root Node)
Double Click - 'Authentication'
Windows Authentication - Right-click and select 'Enable'
Forms Authentication - Right-click and select 'Disable'
Restart the IIS Server
I was able get it working by removing the negotiate provider.
<windowsAuthentication enabled="true">
<providers>
<add value="NTLM" />
</providers>
</windowsAuthentication>
I came up with a necessity to work with my asp.net mvc site from a remote pc while developing. So, I configured it to use IIS Express.
At first, a problem raised with windows authentication. My site is supposed to work in windows domain intranet, so I wanted to use integrated windows authentication. I managed to make it work on firefox with How To: Firefox and Integrated Windows Authentication from IIS Express Windows Authentication (answer by bees73). But IExplorer still asks to print login/password, even if I open it locally, specifying my ip instead of localhost.
The issue with IE is still not resolved, but let it be - if I print in my credentials, it does work locally.
My question is: when I open my site on a remote PC (both in firefox (no need to print login/password) and IE (I do have to print login'n'password)) my page is rendered without applying styling. It looks like no css is available. But I don't get any errors.
In the source code of the loaded page I do have line
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
but when I try to see the Site.css, it says, there was some internal server error.
I think I did not configure IIS Express properly and that's the problem. If it was OK, the integrated windows authentication had to work without asking login and password on IE at least I guess.
So, my config:
The project itself - to IIS Express, windows authentication - on, anonymous - off.
netsh http add urlacl url=http://myip:myport user=domainname\mylogin
netsh http add iplisten ipaddres=myip
in applicationhost.config:
Bindings:
<site name="MySite" id="2">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="D:\..." />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:myport:localhost" />
<binding protocol="http" bindingInformation="*:myport:myip" />
</bindings>
</site>
Authentication:
<sectionGroup name="authentication">
<section name="anonymousAuthentication" overrideModeDefault="Deny" />
...
<section name="windowsAuthentication" overrideModeDefault="Allow" />
</sectionGroup>
<authentication>
<anonymousAuthentication enabled="false" userName="" />
...
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
<add name="AnonymousAuthenticationModule" lockItem="true" />
<location path="MySite">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
The problem was connected with netsh and binding configuration in ISS Express. At first I setup it through my ip, and it resulted in confusing errors.
While searching for anything in the web I ran across Setting up IIS Express. All the same there, but it's suggested using pc name in netsh and iis applicationhost.config.
So, I added
netsh http add urlacl url=http://MyPCName:MyPort/ user=everyone
and
<binding protocol="http" bindingInformation="*:MyPort:MyPCName" />
and a miracle!! It worked.
As for the IE, I had to turn off the "Use Windows authorization" flag to make it work. Many thanks to Internet Explorer - Enable Integrated Windows Authentication. But nevertheless IE still asks for login and password, if an ip is used in url. If pc name is used it works silently.
Firefox either asks for login and password (and works if one enters valid credentials) or you should apply How To: Firefox and Integrated Windows Authentication (mentioned in my question) and then it works silently both with ip and pc name.
Hope this helps someone else.
EDIT
One remark: I had to launch VS2010 with administrtor permissions. If not, I still get HTTP 500 error based on the bad impersonation error. So, it looks like IIS Express, launched by VS2010 without administrator permissions under Windows 7, won't be able to work correctly.
As far as I understood, the clue is to give the appropriate permissions to IIS_IUSRS. But until that it's easier to launch VS 2010 with administrator privilages.
It may be due to the error in resolving the root path where Css is located.
You can try with Url helpers to resolve this issue.
<link rel="stylesheet" type="text/css" href="#Url.Content("~/Content/Site.css")" media="screen" />
In Asp.net development server(In visual studio environments) <link href="/Content/Site.css" rel="stylesheet" type="text/css" /> will work fine.. but while hosting in IIS, root path cannot be resolved using a relative path. With the help of Url helpers we can resolve this issue. Using Firebug you can see the load error of resources if any.
Edit:
In the web.config under the <system.web> section modify as follows.
<system.web>
<identity impersonate="true" userName="ServerName\Administrator" password="password"/>
</system.web>
Give the proper values for username and password. You can try giving folder permission to the IIS user groups(IUSR ,IIS_IUSR) to the folder where application is hosted.(Right click the hosted folder -> Properties under the Security tab, you can find the user groups and can give permissions)
try placing a web.config file in you Content folder. and put the following code in it.
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>