I am using IIS Express to deploy MVC4 application. This website runs perfectly on same computer. But in Lan it gives me error 401.
<authentication mode="Forms">
<forms loginUrl="~/" slidingExpiration="true" timeout="20">
</forms>
</authentication>
In home controller
[HttpPost]
[AllowAnonymous]
public ActionResult Index(LoginModel model, string returnUrl)
{
}
I am starting IIS server from command prompt in Administrator mode. IIS responds to the request with error 401.
Any clue?
I realize this is an older post but I had the same error on IIS 8.5. Hopefully this can help another experiencing the same issue (I didn't see my issue outlined in other questions with a similar title).
Everything seemed set up correctly with the Application Pool Identity, but I continued to receive the error. After much digging, there is a setting for the anonymous user to use the credentials of the application pool identity or a specific user. For whatever reason, mine was defaulted to a specific user. Altering the setting to the App Pool Identity fixed the issue for me.
IIS Manager → Sites → Website
Double click "Authentication"
Select Anonymous Authentication
From the Actions panel, select Edit
Select Application pool Identity and click ok
Hopefully this saves someone else some time!
If you're using IIS 7 do something like this:
Select your site.
Click on error pages.
Edit feature settings.
Select detailed errors.
Make sure that you enabled anonymous authentication on iis like this:
In case anyone is still looking for this, this solved the problem for us:
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
Open IIS and select the website that is causing the 401
Open the "Authentication" property under the "IIS" header
Click the "Windows Authentication" item and click "Providers"
For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
Here is the link where this was found.
I had this issue on IIS 10. This is how I fixed it.
Open IIS
Select The Site
Open Authentication
Edit Anonymous Authentication
Select Application Pool Identity
I realize its an old question, but this came up in my searches. Had a similar issue for an MVC application recently built, deployed for the first time, and Authentication mechanism wasn't completely hashed out.
It wasn't an IIS setting in my case, it was a Controller that was not [AllowAnonymous] decorated. I was using a Render.Action/Html.Action in a Layout.cshtml and the User was unauthenticated. So the Layout tried to load an Authenticated Action in an UnAuthenticated context.
Once I updated the action to AllowAnonymous, the problem went away, and this is what led me to it.
Hope this helps someone.
I faced this error when I created an empty project with the MVC folders and then deployed the application to the server. My issue was that I didn't define the authentication in Web.config, so all I had to do was add this line to a system.web tag.
<system.web>
<authentication mode="None"/>
</system.web>
I faced similar issue.
The folder was shared and Authenticated Users permission was provided, which solved my issue.
I had a similar issue today. For some reason, my GET request was fine, but PUT request was failing for my WCF WebHttp Service
Adding the following to the Web.config solved the issue
<system.web>
<authentication mode="Forms" />
</system.web>
i faced the same issue under IIS 8.5. A working solution for me was changing the IIS to display detailled errors. See answer from sna2stha. But i think it is not a good idea to forward detailed error messages to browsers in production enviroments.
I added/changed the existingResponse attribute in the httpErrors-Section, so the IIS not handled any extisting Asp.net Response:
<system.webServer>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
This works for me.
In my case, what made it work was changing the Anonymous User identity from Specific user (IUSR) to Application Pool Identity. Weird enought because other sites are using the specific user IUSR and work fine.
As so many answers have demonstrated, the error might be caused by a variety of reasons. In my case it was connected to authorization rules: they were added much later after the application was deployed. This feature of IIS is turned on as a Windows component (World Wide Web Services->Security->URL Authorization).
This particular section inside web.config was to blame:
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Deny" users="?" />
<add accessType="Deny" users="user1,user2" />
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
Thus the record for users="?" blocked access to a path with anonymous authentication too since it inherited the rules by default. However, in IIS you can go to a particular folder/file that should be accessed anonymously and choose Authorization Rules:
Here it's possible to overwrite the rules locally by removing the old one and optionally adding the allowed rule instead to make it more explicit:
Right click on the main directory where the project files are located.
Properties-> Security-> Edit-> Add-> type IIS_IUSRS and click on "Check Names" button.
The result will look like ComputerUsername\IIS_IUSRS
For example: DESKTOP-M0R6PVF\IIS_IUSRS
and then click on "Ok" button.
I had a slightly different problem. The credential problem was for the underlying user running the application, not the user trying to login. One way to test this is to go to IIS Management -> Sites -> Your Site -> Basic Settings -> Test Settings.
I had a permissions issue to a website and just couldn't get Windows authentication to work. It was a folder permissions rather than ASP.NET configuration issue in the end and once the Everyone user was granted permissions it started working.
You can press F4 on the web project to get the "Project Properties" window.
Then make sure Anonymous Authentication is Enabled in the "Development Server" section:
In my case,
My application is developed in MVC and my home controller class was decorated with [Authorize] which was causing this issue.
So I've removed it because my application don't require any authentication.
Related
I am trying to use Windows Authentication in a VS 2013, MVC 4 project that was originally done in VS2011.
It worked fine on VS2011, but when I moved to VS2013 on the same machine, using IIS 7 problems ensued.
I have windows authentication set in web.config (and anonymous authentication disabled):
<security>
<authentication>
<anonymousAuthentication enabled="false"/>
<windowsAuthentication enabled="true"/>
</authentication>
</security>
However, these attributes are grayed (greyed) out in the "f4" properties window for the VS2013 solution.
When I debug the program, I get the following error:
HTTP Error 500.19 - Internal Server Error with Error Code 0x80070021
I have tried editing C:\Windows\System32\inetsrv\config applicationHost.config per similar posts in forums, and restarting the services, but the problem still persists.
Does anyone know how to please solve this?
Thanks in advance.
What works for me is the following line in web.config -->
<system.web>
<authentication mode="Windows" />
</system.web>
It appears that upgrading an MVC project from VS 2011 to 2013 (at least if this happens) is not an easy thing to do. I finally punted and started a new VS 2013 project and imported various controllers, views, etc. into that project, which actually worked surprisingly well. If you reach this page in a search and some of the other sites with answers have been failing for you, you may wish to do likewise.
I recently updated my project to use SDK 2.0 and tried to publish it to staging environment. Visual studio reported success but there is nothing at the site generated URL, just a "webpage not available" or whatever is the default browser message for not existing URLs. In Azure management portal however the status is RUNNING and there is even some curve in CPU percentage chart. I updated all references in my role project to be the same as in blank new azure project for 2.0 sdk version, the only new references are added by 'Identity and Access tool' for OAuth purposes. Can anyone tell me what can be possibly wrong or how can i figure this out myself? I enabled diagnostics, but it shows 0 errors in every tab. Of course everything runs fine in my local environment
upd: my problem was actually quite simple: something went wrong with port forwarding and i had to add :8080 to url explicitly, so i removed all of my endpoints and added just a simple port 80 one with no internal port set. The accepted answer pointed me the way to discover this problem
Visual Studio and Azure Management Portal only report that the server is up and running. They have no way of knowing if there is an actual issue with the code or deployment.
Webpage not available is not the same as 404 nor is it the same as dns not found. Webpage not available usually means a server error of some kind. Most likely some .DLL's are missing from deployment
If you are running on WebRoles, you can RDP into the server and look into the Windows Event viewer to see if any errors occur
Alternatively, you can turn off custom errors via web.config (check this link out for sample directions: http://www.serverintellect.com/support/programming/custom-errors.aspx )
At the end of the day, you need to find out what is the real cause of the issue
Make sure you have the following in your web.config. Mine is added just before the line
<customErrors defaultRedirect="GenericError.htm" mode="Off">
<error statusCode="500" redirect="InternalError.htm" />
</customErrors>
If you are using web.config transforms and have a web.debug.config you add the following code to it:
<customErrors mode="Off" defaultRedirect="GenericError.html" xdt:Transform="Replace">
<error statusCode="500" redirect="InternalError.htm"/>
</customErrors>
You still have to make sure you have a custom errors section in your web.config for the replace to happen.
Sorry for the newbie question, but I can't seem to figure this out. I have been basically following this example from Microsoft on how to create a web site with logins:
http://msdn.microsoft.com/en-us/library/879kf95c.aspx
I did deviate from the example some in that I went ahead and created roles (Admin, user). I created a folder called "Admin" and inside there is a web page. I configured the Security wizard to Deny access to that page for Anonymous, User, and All Users. When I run the page in Visual Studio it will not let me see the page unless I log in, but once I log in I can see the page. When I publish the web site and try it from another computer (or even the local one for that matter) it will let me see the page without logging in.
I am certain I have no idea how to correctly publish the database. When I first published the page the login that I created in the security wizard was not valid, so I copied the aspnetdb into the App_Config folder in my application directory and it would now let me log in, but it does not seem to be holding the access rules that I have set. I'm pretty certain that I am not publishing correctly but I've been unable to figure out what the correct way to move the settings over is when publishing.
I found the answer apparently it is considered a bug is VS (maybe maybe not)...
but the answer can be found here
http://www.tino.nl/index.php/2008/06/17/publishing-an-aspnet-site-that-uses-membership-components/
The access rules are NOT in your database but in the web.config. Perhaps your web.config is not correctly deployed with the app.
You can edit the Deny/Access rules in the web.config using the location element ( http://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.100).aspx ) for the folders or individual pages:
<configuration>
<location path="Logon.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
So you need to make sure the rules at your local machine are also in the web.config on the server.This is not done automatically.
Recently we migrated our development environment from VS2008 to VS2010 (Ultimate).
For one solution (for now all C#, .NET Framework 3.5 and ASP.NET 2.0) which contains 6 projects VS auto-upgraded it without any problems.
The solution projects are:
ASP.NET website
VS2010 Web Deployment project for above site
Web Services Application
VS2010 Web Deployment project for above WSA
A class library.
Another class library.
However, when we build we have 1 error:
Could not load file or assembly 'ClassLibrary1BLL, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An API call exited abnormally. (Exception from HRESULT: 0x800300FA (STG_E_ABNORMALAPIEXIT))
After research I finally tracked this to one entry in the ASP.NET website config:
If I build with this line the problem occurs:
<identity impersonate="true" userName="DOMAIN\user" password="password"/>
However, if I comment out and build with the following line (without the supplied credentials) the solution builds fine AND then amend the web.config back to the above (with the credentials) the site runs fine - the credentials only cause a problem for the build.
<identity impersonate="true"/>
Now here is the strangest issue - the Web Services Application builds fine with the supplied credentials - the build error ONLY occurs for the ASP.NET website. This all holds true whether the projects are built individually or the solution rebuilt.
Any pointers how I can successfully build with the supplied credentials will be greatly appreciated.
Check the permissions of the impersonation user.
After just setting the flag to false, <identity impersonate="false"/>, it also came to life for me.
However, once setting it back to true, it built fine, but when I loaded the site, I got:
The current identity (XN-DTDEV\Fusion)
does not have write access to
'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary
ASP.NET Files'.
Now this machine is on a domain, and that user is local, which should have administrative privileges. When I checked back, it didn't. It looks like there is a policy re-setting the local administrators each reboot.
I realize there's already an accepted answer, but for anyone else coming to this page via a search on the error code....
Review the permissions of the user that you're trying to impersonate.
In my situation, I was only getting the error on my development machine, rather then on our staging or deployment servers. (For a while I got around this by removing the 'identity' node from config in my dev environment and just adding the line in post-build so it wasn't a problem anyone other than me..
In my environment we have a specific user that all our web apps impersonate when running. I had created the user account, but hadn't explicitly set its account permissions. When I added the user as an Adminstrator on my dev machine, this problem went away completely. (Not ideal, I know, but it "works for me", and has minimal harm since that user account is locked down on our 'real' servers anyways..)
after changing permissions on "Temporary ASP.NET Files" you need to delete its contents and allow the new files to inherit the new security permissions
If any of the solutions mentioned before didn't work, and you're using impersonation.
The answer is to give permission for the user that you're impersonating access to the following folders :
C:\Windows\Microsoft.NET\Framework[v4.0.30319 or the version that you're using]\Temporary ASP.NET Files
Your site directory.
also you might need to create folder as the following :
C:\Windows\Microsoft.NET\Framework\[v4.0.30319 or the version that you're using]\Temporary ASP.NET Files\[Application-Name-Goes-Here]
But try the previous first, it worked for me.
Those two changes for granting the impersonated user permission to be able to save the temp data, and pull the dll files, and any needed files from the directories
Thanks for the reply mattdwen - unfortunately your suggestion never worked (the 'Temporary ASP.NET Files' folder permissions were correct) but did provide the hint that lead to me (HACK) resolving the problem. After reading your answer I tried the following which led me in a different direction:
(1) I successfully rebuilt the solution 3 times using <impersonate="true"/>, <identity impersonate="false"/> and <identity impersonate="true" userName="DOMAIN\different-user" password="password"/> (here "different-user" is a local admin).
(2) I then amended the web.config back to the original <identity impersonate="true" userName="DOMAIN\user" password="password"/> and ONLY rebuilt the ASP.NET website project - success.
This has led me to conclude (strongly hinted at by the original error message) that VS when rebuilding the solution is unable (for as yet unknown reason) to build one of the Class Libraries or its dependencies with <identity impersonate="true" userName="DOMAIN\user" password="password"/> in the ASP.NET website project.
The Class Library in question has a number of references to 3rd party components, Office interops, etc. which for now would be too time consuming to attempt to eliminate one by one and discover the real underlying reason.
Therefore, I have temporarily implemented the hack (cringe) to add the original user to local admins.
So I am very new to web development and have a .NET MVC site that I have been working on. Unfortunately, Visual Studio removes most of the work in running a simple site in debug. I am trying to learn about more of what gets generated when you build and fire up a website through Visual Studio so I can have more control over deploying additional sites.
PROBLEM
So in IIS I created a new site and defined the Site name, and pointed the physical path to the Web directory of my project (contains the web.config).
In Visual Studio, under the Web project properties changed
Start Action -> "Don't open a page, wait for request"
Servers -> "Use specific IIS web server" and specify the URL of the site name I defined in IIS (i.e. local.acme.com).
Cleaned solution, rebuilt and tried navigating to http://local.acme.com. After getting past some original permissions issues (dir requiring permissions for IIS_USERs), it tries to automatically direct me to a view that doesn't exist:
http://local.acme.com/Account/LogOn?ReturnUrl=%2f
NOTE I created the project as a "EMPTY" MVC 2 Web application, so no default .NET MVC account view should exist.
Any thoughts
Check your web.config . does it contain any entry for membership and authentication
An entry, something like this in <system.web>
<authentication mode="Forms">
<forms loginUrl="Account/LogOn" />
</authentication>
Remove the <authentication> element from Web.config.