I've created a WebApi with .Net.
On localhost (Visual Studio) all works well.
Also, when I publish it on a IIS 7 on a Windows Server 2008, it works well too.
Now I want to secure some methods.
I've created as
public class BasicAuthHttpModule : IHttpModule
and in the web.config I configured this as
<system.webServer>
<modules>
<add name="BasicAuthHttpModule" type="WebHostBasicAuth.Modules.BasicAuthHttpModule"/>
</modules>
</system.webServer>
The mehod I want to secure has [Authorize] above it.
On my localhost (debug in Visual Studio) it works well again.
With Postman I see that I can access the method with the specified username/password.
But when I put this on the IIS server, I get a 500 Internal Server Error:
500 – Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed
Must I configure IIS somewhere to achieve this, or has this an other cause?
Ensure that you have "Basic Authentication" installed for your IIS server.
Follow the steps as to how to manage which features are installed for IIS on your server by following the steps provided here: http://technet.microsoft.com/en-us/library/cc771209.aspx
Ensure that the feature "WWW-Service" -> "Security" -> "Basic Authentication" is selected.
Alternatively, ensure that the IIS user has the required rights to the folder/files of your site. Depending on what your site does, "Read and Execute" could be enough.
The user that is used for IIS7 is IIS_IUSRS.
Additional reading on the users of IIS can be found here: http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis
Already solved it!
I've discovered that there were two <modules> inside the <system.webServer> what caused the error
Related
I migrate an dotnet framework web api application from vs 2010 to 2019.
I want to use IIS express for developpement mode debug.
My application is built with a api back in dotnet framework 4.5 using xml and not json and a front in dotnet winform.
sorry for the french messages.
thanks a lot for your suggest.
I've been stuck with this for a week
Vincent
I tried to change the web.config, the applicationhost.config (in the user iis express directory and the .VS\config directory.
add modules to IIS manager
Try removing this line from your web.config,
<identity impersonate="true"/>
Or,
as Described in here;
Your application's Web.config file specifies "identity
impersonate='true'".
In IIS 7 Integrated mode, client impersonation is not available in
some early request processing stages. Therefore, IIS will generate the
migration error message. If your ASP.NET Web application impersonates
client credentials (most common with intranet scenarios), you may want
to set the validateIntegratedModeConfiguration attribute to false.
Add this section to your config to overcome this issue,
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
thanks for your help
I have tried
validateIntegratedModeConfiguration="false"
and it worked only when I deleted the lines created in the applicationhost.config (but it's not a solution)
we finally found: the problem was that I modified the .csproj file; but the file used for the user configuration is the .csproj.user.
It is modified with the "property" tab of VS.
I had seen it in a post for an mvc web application, since we are using an api, I thought it was different because it is an api.....
My colleague showed me the options in the panel... and now it works!!!!
[]You have to modify in properties :
anonymous authentication : disable
windows authentication : enable
pipiline mode : classic
and that's all
Make sure all the following .NET modules are installed.
.NET SDK 6.0.100
.NET Runtime 6.0.0
.NET hosting 6.0.0
note that the above are the current versions the versions may differ.
also change the version of .config files by running as Administrator whether you open the .json on Notepad or your IDE.
make sure your Internet Information Services is up to date and have selected all features on IIS
I need to enable Windows Authentication from my web.config, without setting it in IIS.
I have the following elements in the web.config:
authentication mode="Windows
identity impersonate="true
However windows authentication is not working. How do I resolve this problem ?
For IIS Express
You can set it up here. You may also wish to disable anonymous access
For IIS
I found it was necessary to set this under system.webServer
<system.webServer>
[…]
<security>
<authentication>
<anonymousAuthentication enabled="false"/>
<windowsAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
This does almost the same thing as the #Dimitar suggestion - use IIS Manager to change the setting. The difference is that the config file avoids a manual step - but adds this next one:
Note:
By default, IIS Feature Delegation locks some of those settings (Basic & Windows auth), so you'll need to go to the root of the IIS server, and enable those to be read/write. E.g.:
A more detailed description of accessing Feature Delegation is here.
If by this you mean running your project from Visual Studio (IISExpress - not IIS), then you can try to do the following:
In Visual Studio -> Click on the root of your project -> Press F4 in order to open the properties pane -> Look for "Windows Authentication" and mark is as "Enabled" -> Run your project.
Unfortunately you must use IIS to enable Windows authentication. You cannot do it in Web.config alone. (At least up to IIS 8.5, the current version as of this post.)
This is because the Web.config elements for enabling Windows authentication (<system.webServer><security><authentication><windowsAuthentication>) can only be defined in applicationHost.config (C:\Windows\System32\inetsrv\config).
If windows authentication is not installed on IIS it won't work. If it is installed setting in web.config should be fine
UPDATED - pointed to the wrong directory at first. Thanks for the tip Wiktor. Still not succeeded in running the MVC4 application via
I am trying (for a while now.. :)) to set up a simulated multi tenant webapp on my development PC. I learned that this is not possible with visual studio's internal webserver, so I am trying to set up IIS.
I added the fake tenants in my hosts.
127.0.0.1 localhost
127.0.0.1 tenant1.mydomain.com
127.0.0.1 tenant2.mydomain.com
In IIS I made a new website test(port 8081), and just pointed it to C:\Azure\Websites\. In that directory I added a Hello World html file to see if this bit works.
I navigated to localhost:8081 => Hello world
I navigated to tenant1.mydomain.com:8081 => Hello world.
Cool, first proof of life.
Next step: getting this working with a MVC4 webapp created in VS2012.
I started a new MVC4 webapp and stored it in:
C:\Azure\Websites\MvcApplication1
I just use the default generated website for the test, so I pressed F5 and verified the site is opened in firefox. So the goal is to get this working from IIS.
Created a new website test2 (port 8082)
Set test2 app pool to .net4.0
Point the physical directory to C:\Azure\Websites\MvcApplication1\MvcApplication1\
Navigate to localhost:8082
HTTP Error 500.21 - Internal Server Error
Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list
Uninstalled ASP.NET and reinstalled it again. Same results.
when I change web.config from
preCondition="classicMode,runtimeVersionv4.0,bitness32"
to
preCondition="integratedMode,runtimeVersionv4.0,bitness32"
Then I get this error:
HTTP Error 404.2 - Not Found
The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
Can I stress the fact that I am a n00b regarding IIS configuration... :)
Any ideas?
ISAPI and CGI Restictions in IIS:
Add isapi dll for .net 4 32bit
Add isapi dll for .net 4 64bit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
And it works. Finally!
Thanks Wiktor
First configure IIS according this site:
IIS 7.5 handler "extensionlessurlhandler-integrated-4.0" has a bad module "managedpipelinehandler" in its module list
For the above issue, you must go to Control Panel >> Installed Programs and Features >> Repair your .NET Framework by double clicking on it.
first configure IIS as
Manual configuration
Open your Control Panel and click Programs and Features » Turn Windows features on or off.
Turn on Internet Information Services.
Under Internet Information Services, turn on the following features:
Web Management Tools » IIS 6 Management Compatibility » IIS Metabase and IIS 6 configuration compatibility.
Web Management Tools » IIS Management Console, IIS Management Scripts and Tools, and Management Service.
Under World Wide Web Services, turn on the following:
All features under Application Development features, except Server-Side Includes.
Common HTTP Features » Default Document, Directory Browsing, HTTP errors, Http Redirection, Static Content.
Security » Basic Authentication, Request Filtering, Windows Authentication.
Under Microsoft .NET Framework 3.5.1 » Windows Communication Foundation HTTP Activation.
After you have created your website, open the Internet Information Services (IIS) Manger.
Expand your server node.
Expand Sites node and click your website.
In section IIS on the right, double-click Authentication.
Perform one of the following:
If you are using Forms authentication, make sure Anonymous Authentication and Forms Authentication are enabled and all other authentications are disabled.
If you are using Claims-based authentication, make sure only Anonymous Authentication is enabled and all other authentications are disabled.
Click your website again and in IIS section, double-click Handler Mappings.
Make sure you have enabled handler mappings for *.svc and *.xamlx with executable path set to one of the following:
For 64-bit OS: %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll
For 32-bit OS: %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
Close the Internet Information Services (IIS) Manger.
It works on localhost, but finds no default document on the webserver and complains about directory browsing being disabled. IIS7 on both, and both websites/app pools seem to be configured identically.
I've used the web api template in VS2012, which doesn't actually have any views. It only has an Index controller action in the HomeController.
Any ideas on why this could produce different behavior in the two environments?
So this addition to my web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<system.webServer>
fixed the problem. It seems to be required in the web.config for IIS7 on Windows 2008 Server, but not for IIS7 on Windows 7.
I had a user trying to publish a MVC4 application on IIS7 getting this error, it turned out it was because the user had set the application pool to use .Net 2 instead of .Net 4. Instead of getting an error indicating this though they received the above error, and it was only when we added the above module the real issue was uncovered.
We are trying to host a WCF service via the web. We set the web.config to have the service require windows authentication. The problem we are having is the following:
When we host our service in a regular IIS, the service runs fine and there is no issues with the "Windows Authentication" mode. However, when we try to run it from our developer boxes we get the following error: "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service."
Our developers boxes are not hosting the service through the regular IIS but rather through Visual Studio's ASP.NET Development Server. We tried going into the web project properties and said to enable NTLM authentication but that still did not fix it. Does anyone know how to fix it? Does VS ASP.NET Development Server even support Windows Authentication? Is the only option for hosting the service with Windows Authentication is to use IIS and forget about ASP.NET Development Server?
In order to configure IIS Express security settings:
look for the IIS express symbol in the taskbar (system tray).
Right click and select "All Applications".
Click on the name of the site you want to change (although I believe the change is site wide)
Click on the path in the config section below (it will open the applicationhost.config file)
Search for the authentication section and make your changes
Example changes can be found here:
http://toadcode.blogspot.ca/2011/08/security-config-in-iis-express.html
ASP.Net Development Server is very limited. It only serves requests originating from the same machine that it is running on, and it will not serve files that are outside of its application scope. It is based on the Cassini server. Cassini does not support WCF web services. Documentation for ASP.Net Development Server says that it does support NTLM. If you are just browsing to a page from the local machine it should work fine unless the page is referencing an unavailable resource.
check out http://msdn.microsoft.com/en-us/library/58wxa9w5.aspx for more info.
I would install and configure IIS on your local dev machine and use that in preference to using the inbuilt webserver. To use local IIS to debug select "User Local IIS web server" on the web tab of the project properties. Using IIS rather than the inbuilt webserver also means that you can configure your app in exactly the same way as it will be configured on the production server and this will reduce the no of potential surprises when you move to the production environment.
The solution to my authorization issue was to go into the F4 project properties and set the following:
Anonymous Authentication: Disabled
Windows Authentication: Enabled
Apparently these properties update the IIS applicationHost.config directly.
http://provenstyle.com/blog/2015/10/02/Visual-Studio-2015-Windows-Authentication-And-IIS-Express/