I'm using forms authentication and launching a site from Visual Studio 2010. It is using the Visual Studio Development (web) Server and not IIS. The web.config has:
<authenticaion mode="Forms">
<forms name=".MyApp" protection="All" cookieless="UseCookies"/>
</authentication>
The login page is using the ASP.NET login control. Before the user even logs in, I can see following:
HttpContext.Current.Request.LogonUserIdentity.AuthenticationType == "NTLM"
HttpContext.Current.User.Identity == System.Security.Principal.GenericIdentity
HttpContext.Current.User.Identity.AuthenticationType == "NTLM"
This user seems to be authenticated as a local system user and not a web user. Doesn't this mean the user will always be authenticated, regardless if they logged into the site or not?
How is a web user NTLM?
As far as I know cassini does does not support Windows authentication.
Its runs as a local system account and thats what you see as NTLM authenticated.
If you are developping/debugging security features for an Asp.Net application (or WCF) I highly suggest you deploy to IIS.
If I'm not mistaken you're seeing yourself as being the User (being authenticated) running Visual Studio (in your user context) when you are debugging using VS and it's dev server.
Visual Studio runs in your context (your Windows user account/permissions, etc.) - Request.LogonUserIdentity.User
It shouldn't affect your debugging of Web Forms/Forms Authentication. After successful Forms Auth Login, you can obtain HttpContext.User.Identity.Name of the "forms auth user" (web user).
Related
I have a website hosted on nodejs, using http-proxy-middleware where I proxy all the api calls to an ASP.NET API.
I have the ASP.NET api deployed on a remote IIS server (not on my computer but in the domain) with windows authentication on with NTLM only and I have this in the web.config:
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Windows" />
</system.web>
When I set up my website on a local IIS server (on my computer) and set its authentication to anonymous this works correctly, no login popups.
Calling the api from postman with NTLM authentication also works perfectly.
But when I deploy the website to the remote IIS server I can open the site without problems but when the site queries the API I get a login popup that does not accept my credentials (mydomain\myusername), it will instead show the popup again and again in chrome but stop after 3 tries in IE and return a 401 unauthorized error.
Because this works locally I'm thinking the problem must be somewhere with the IIS server but I cannot figure out what it is.
There was a problem with the IIS server, when trying to fix the problem I often switched between anonymous and windows authentication but the changes didn't work unless i restarted the IIS by writing iisreset /noforce in the command console afterwards
By doing this on the remote IIS it worked like it did on my local IIS.
I am using Windows Authentication of a specific account (not mine) to connect to database, for this, I've made changes in my web application's app domain's identity to that specific account and it works fine.
Database does not allow any other identity.
For the same web application I have a Visual Studio Test Project, the connection string in Test Project should also be authenticated for that specific account.
How can I do this?
I've tried impersonation but it did not work for test project
I am kind of new to asp.net.
I have created an application using Visual studio 2013 Web Express and MVC5. When I wanted to run the application, I was pressing the run button from VS and it managed to open it.
Now I switched the server from IIS Express to Local IIS. When I run the application in the browser, it gives me
Server Error in '/' Application. <br>
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18446
I guess because I don't have like Default.aspx file or something, I don't know what is the problem ??
This is a permissions issue. When you develop and run an application inside visual studio it has all the rights it needs. So you need to configure iis when wanting to demo/use the site directly from the webserver. After you have made the application inside IIS -> select the application and in the Actions pane you should see the link 'Edit Permissions'. Clicking that brings up the properties tab and under security add your account or an administrator account and elevate the rights until the site works.
I managed to get it working.
The problem was, I am using windows authentication to access the web application (VS asked me when the project first created). Now I didn't know I need to set it in the iis too.
All I did is enabling the Windows Authentication in iis > MySite > Authentication.
I have a service hosted in server. The service authentication is using Windows Authentication. I want to use this service in my website development in Visual Studio 2010. When I try to add a reference it says the following error.
“Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.”
What should I do to overcome it and be able to consume the service for development?
Note: The error message is obvious. What I am looking for is the best way to overcome this.
Note: When I type the service address in Mozilla Firefox, it asks for my windows credentials -upon entering credentials it gives me the service descriptions. The problem is when I use it via Visual Studio.
If I understand you correctly, your service is already running happily and using Windows Authentication, so it requires the calling application, your web site to also be using Windows Authentication.
When you try and add a reference, VS will start your site in the background using whichever web server is defined in Project Properties. You say that you are starting your site using the built-in web server (also known as Cassini or Webdev). You need to ensure that your site is using Windows Authentication. You do this from the service's Project Properties (right-click on the root folder and select Properties). In there you will see a Web tab which has an NTLM Authentication checkbox - make sure that is checked.
Also, make sure that you use:
<system.web>
<authentication mode="Windows">
...
in your web.config.
However, if you want to use IIS itself, I assume you have it installed and know how to define a web application. Depending on which version of Windows you are running, you may or may not have IIS installed or it may not be installable (using Programs and Features from Control Panel). If you don't have IIS, you can install IIS Express from here: http://learn.iis.net/page.aspx/868/iis-express-overview/
After you have installed IIS and defined your application root, and pointed the directory to your local source folder, enable Windows (NTLM) Authentication for that web app/site. How you do that depends on which version of IIS you are running but it is normally by clicking on the Authentication icon. You probably need to disable Anonymous as well as enable Windows Authentication, so that all requests are forced into Windows authentication. For browsers that do not support automatic NTLM authentication, I also turn on Basic Forms authentication as well.
Once you have an IIS application defined, you can use that for debugging from Visual Studio instead of the built-in web server. You also do that from Project Properties by choosing 'Use Local IIS Server' and selecting the Url of the IIS site you created above. Alternatively, VS can create the IIS site definition for you if it doesn't yet exist.
Either of the above methods should ensure that when VS starts your site to add a reference, it will be using authentication, as well as at runtime. Note that you can add a reference manually, without the need for starting the site. Then you just need to make sure you have Windows authentication at runtime, as described above.
We are trying to host a WCF service via the web. We set the web.config to have the service require windows authentication. The problem we are having is the following:
When we host our service in a regular IIS, the service runs fine and there is no issues with the "Windows Authentication" mode. However, when we try to run it from our developer boxes we get the following error: "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service."
Our developers boxes are not hosting the service through the regular IIS but rather through Visual Studio's ASP.NET Development Server. We tried going into the web project properties and said to enable NTLM authentication but that still did not fix it. Does anyone know how to fix it? Does VS ASP.NET Development Server even support Windows Authentication? Is the only option for hosting the service with Windows Authentication is to use IIS and forget about ASP.NET Development Server?
In order to configure IIS Express security settings:
look for the IIS express symbol in the taskbar (system tray).
Right click and select "All Applications".
Click on the name of the site you want to change (although I believe the change is site wide)
Click on the path in the config section below (it will open the applicationhost.config file)
Search for the authentication section and make your changes
Example changes can be found here:
http://toadcode.blogspot.ca/2011/08/security-config-in-iis-express.html
ASP.Net Development Server is very limited. It only serves requests originating from the same machine that it is running on, and it will not serve files that are outside of its application scope. It is based on the Cassini server. Cassini does not support WCF web services. Documentation for ASP.Net Development Server says that it does support NTLM. If you are just browsing to a page from the local machine it should work fine unless the page is referencing an unavailable resource.
check out http://msdn.microsoft.com/en-us/library/58wxa9w5.aspx for more info.
I would install and configure IIS on your local dev machine and use that in preference to using the inbuilt webserver. To use local IIS to debug select "User Local IIS web server" on the web tab of the project properties. Using IIS rather than the inbuilt webserver also means that you can configure your app in exactly the same way as it will be configured on the production server and this will reduce the no of potential surprises when you move to the production environment.
The solution to my authorization issue was to go into the F4 project properties and set the following:
Anonymous Authentication: Disabled
Windows Authentication: Enabled
Apparently these properties update the IIS applicationHost.config directly.
http://provenstyle.com/blog/2015/10/02/Visual-Studio-2015-Windows-Authentication-And-IIS-Express/