My company is planning to upgrade all our users to windows 7, and with it upgrading all the user browsers to chrome.
We have several intranet sites using asp.net mvc and mvc webapi. I have set my intranet to the trusted domain setting, and I can confirm that when viewing a page in chrome the User.Identity.Name property is correctly set to my information.
However, when I try to do any action that requires sql server connectivity it fails instantly, complaining about Anonymous login which is disabled.
This is problematic, as we would like to get our users off IE.
After some digging it seems the best way to handle this is talking with our IT department to deploy software policies to enable kerberos delegation in the registry based on this information here:
http://www.chromium.org/administrators/policy-list-3#AuthNegotiateDelegateWhitelist
After adding this key to my registry i was able to "hop" to SQL Server without issues. I hope this helps others as this issue was driving me nuts.
Related
I'm learning asp.net core and I was following tutorials about identity and external login providers. I have succeded to create extrenal google and ms accounts for testing and locally it is working fine.
I have published test app to my VPN IIS public server to see how it is working (I have other apps there), but I started to have some illogical issues and I don't understand where the problem is.
I can sign in with ms account or google account to one computer.
If i try the same on other computer I'm getting "error 400 redirect_uri_mismatch" with google and almost the same for msaccount:
AADSTS50011: The redirect URI 'https://myserver/mysite/signin-microsoft' specified in the request does not match the redirect URIs configured for the application.
Just to add that, on msaccount response, I can see clause that 'Reply address did not match because of case sensitivity'. But that is nonsense because I have signed in with other msaccount (have 2 private accounts for google and for ms for testing) onto different computer and there was working fine.
Just to be sure I have entered proper casing return url address to azure dev portal, and same was happening. it seems like after app publish, first pc which gets msaccount / google user over external login blocks other pc..
I don't understand why extrenal login is working for one pc. First what comes to mind is that beacuse it is a test project and I have not verified domain (etc..) on google / microsoft and that there are some limitations for signing users in (perhaps need to pay??).
But, please, can someone confirm this? Or someone have the idea what is happening?
Tnx!
Renato
My server was breached recently where a person injected malicious javascript to all javascript files in all folders and in all websites on this dedicated server.
I moved to a new windows server 2019 with plesk Obsidian. Wordpress websites created on this new dedicated server using the WordPress toolkit prevents admin login. I have reset passwords but cant log in. I have migrated an old wordpress website to this new server and same problem I cant login to admin.
I also have my custom asp.net mvc applications and I am not able to login or register. For my asp.net mvc applications when I try to login I get
System.Web.Mvc.HttpAntiForgeryException:
The required anti-forgery form field "__RequestVerificationToken" is not present.
Though when you inspect code source you can see the hidden cookies. This was a live site that people have their accounts on it was working alright on my old windows 2016 webserver. I have just 2 days ago deployed a similar asp.net websites on an aws lightsail provision and is working perfectly well.
When I contact the server providers they tell me it is my websites and it has nothing to do with the server. Do I have no other option but to believe that this has nothing to do with the server setup or IIS configuration but WordPress and my asp.net mvc websites. I have been in this suspended state over a week now. I am just wondering if this has ever happened to anyone?
It turned out Web Application Firewall settings in Plesk was the culprit. I selected OWASP(free) and Fast configuration. After everything is working.
I have created a simple WebForm asp.net web site. I have disabled the Windows Authentication checks within the code but set IIS8 to "Windows Authentication" as well as the web.config. I perform the Indentity.IsAuthenticated check in the backend to ensure the user is authenticated.
My issue is I get "The page cannot be displayed, please check your URL is correct". (This is in IE)
If I set my authentication to Anonymous the site works fine. I disable Anonymous Authentication and enable Windows Authentication only and receive this error. I have done quite abit of reading now and think I am just missing something small.
I used the IIS "default site" and set it to Windows Authentication and got a login prompt (as expected).
The server is running IIS8, windows 2012. Windows Authentication is installed as a feature, IIS site settings is set to use Windows Authentication only, as is the web.config. The web.config doesn't have Authorization tags for deny and allow but has <authentication mode="Windows" />. The errors occur on both IE and FireFox. No windows events are logged so i assume it's purely a authentication error that isn't displaying the site. The AppPool is set to Identity.
I think what confuses me most is the "default site" (with no code or logic) works and my site doesn't. The default site also doesn't have a web.config.
Any ideas would be grateful.
The issue may have to do with Kereberos.
I had the same issue and whilst troubleshooting server side issues, my co worker indicated that he was able to access the site.
It was then I realized my issue was a client side issue. Something may have been wrong with my Kerberos tickets. Maybe the domain controller that initially issued the ticket to me went offline. Rebooting my workstation was what got windows authentication working for me again.
Some other things you can try are:
Try changing your windows authentication provider to NTLM as a test.
Click on the site -> Click Authentication -> Click Windows Authentication -> Click Providers
Move NTLM to the top or add it if it isn't there.
Click ok.
IISReset. And try again.
If you prefer to use Kerberos, you may have to set the service principal names using the setspn.exe command.
For more information on Kerberos
https://blogs.msdn.microsoft.com/chiranth/2014/04/17/setting-up-kerberos-authentication-for-a-website-in-iis/
Other things to check:
- Check your authorization rules and .NET Authorization Rules to ensure All Users are allowed to access the site.
Look in your IIS logs located at C:\inetpub\logs for more clues. In the folder, you'll find a folder for each site named after the site's id. You can find the site id clicking Sites on the IIS Management console. The site ids of each site will be displayed there.
Verify the application pool identity of the site has enough permissions.
I am using windows authentication for my intranet application which was developed in MVC 4.0.
To get the current user using below code.
string userid = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToUpper();
in Web.config file, i set authentication mode="Windows" and in IIS Enabled Windows Authentication and disabled Ananymous.
Its working fine in local but when i deployed application to windows server 2012 and IIS 8.5 ,am facing two issues which i am unable to fix.
First issue is when user browse the application on their machine they should get logged on user same its fine for one user. But suppose two users browsing the url at same time its displaying same name for both users, its random and displaying any one's name of both two users. I have NOT used session or Caching or cookies in my entire application.
Second issue is randomly users getting credentials popup , when they give correct username and password its not worked.Issue is completely random not sure when they get.
Request you to help on these issues, i tried a lot but didn't find any solution.
That does not seem the right place to get the user info from.
using System.Web;
//...
var name = System.Web.HttpContext.Current.User.Identity.Name
//...
Try this one.
If your site is truly not caching anything, and you have set the no-cache headers appropriately, then it might be a caching proxy server.
I'm having a strange problem while using impersonation with ASP.NET MVC. I have a site that checks the status of different servers by reading some configurations files on each one of them. The app can also modify such files. Because the app will be used by several people (all of them with administrative grants in the servers),I need to have a log of all the changes done. I enabled Windows authentication to my site in IIS7 and also enabled id impersonation by adding the following to my web.config file.
<identity impersonate="true"/>
Just to be sure that the impersonation is working correctly, every time a user logged in I use the following to obtain the user that will be sending all the requests.
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
When I enter the site from my Visual Studio environment, everything works correctly, the user logged is my NT id rather than the NETWORK SERVICE user and I'm able to access the remote files without problems. However, when I publish the site to our server it stops working. Even though it does seem that the impersonation is working because the NT id of the logged user is shown as the windows identity, I cannot access the files. What I found even weirder is that if I access the site directly on the server's browser, everything works ok, so I'm not sure where's the problem. In resume, here's what I'm dealing with.
Id impersonation works from development environment
Id impersonation works browsing directly in the server where the site is.
Id impersonation doesn't work when accessing the site from a browser outside the server. Even though the logged user name corresponds to the impersonated user profile, the site can not access the remote files.
Does anybody have an idea of what might be wrong? I'm kind of lost with this one...
In order to access remote files on behalf of an impersonated client, your server needs to be trusted for delegation. See this KB article for more info, or just google "trusted for delegation".