I'm having trouble accessing a network share using ASP.net C#.
I've used the identity in web.config
<identity impersonate="true" userName="username" password="password" />
And changed the machine.config file. I've also enabled impersonation in IIS.
I try to use this code:
System.IO.Directory.CreateDirectory("\\\\networklocation\\test");
And I get the following error:
Parser Error Message: Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.
The network share location has access to all users (everyone account).
Any ideas whats going wrong here?
Are you specifying the correct domain for the user?
<identity impersonate="true"
userName="domain\user"
password="password" />
why do you use impersonation if everyone account is active ?
remove the impersonation Section
Related
I am trying to connect to Azure Active Directory from an ASP.NET application. I am following this article by Microsoft to write the code:
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-webapp#prerequisites
Below are my values I am putting in the application:
<add key="ClientId" value="XXXXXXXXXX" />
<add key="Tenant" value="XXXXXXXXXXXXXXXXXXXX" />
<add key="Authority" value="https://login.microsoftonline.com/{0}/v2.0" />
<add key="redirectUri" value="https://localhost:5000/" />
For my redirect URI, I use https://localhost:5000/. This is what I configured in my App registrations in the Azure portal. When I run my application, I get this error:
When I change the redirectUri to https://localhost:44368/ then I can see the Microsoft login and Microsoft accepts the userId too, but I get an error after inputting my password saying :
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:
Any help will be highly appreciated.
The error says it all. You have to check in App Registrations > Manage > Authentication > Redirect URL and see if the URL https://localhost:44368/ is configured there or not. If its configured, you will be able to get the required response for sure.
I am working in C# and ASP.NET making a webbased database application with integrated security such that the Windows user is used in access to the database. When I run the application in IIS Express from Visual Studio, everything is fine. When I publish the webpage under IIS, I get problem with the Windows Authentication.
In IIS Express, the following two code lines produce the same Windows username corresponding to the currently logged in user, which is also what I want:
string user = Page.User.Identity.Name;
string loginName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
but in the published form in IIS, the second line gives a different user: IIS APPPOOL\"the-name-of-my-Visual-Studio-solution". This user has no rights to the databases, and the application breaks down.
I have enabled Windows authentication in web.config:
<authentication mode="Windows" />
<identity impersonate ="false" />
<authorization>
<deny users="?" />
</authorization>
In IIS, the following settings are used (see pictures below):
IIS authentication settings
And this is the application pools settings:
IIS Application pools settings
Where to look for the problem?
Try these code :
string UserName = HttpContext.Current.User.Identity.Name;
string UserName = Request.LogonUserIdentity.Name;
The problem had to do with impersonation. For the proper authentication to take place, I had to do two things: 1) I had to enable ASP.NET impersonation in IIS for my application. (This can be done in web.config also, but I did not want that since I then had to makes changes in the server configuration to make it work.) 2) I had to change the Managed Pipeline Mode for the Application Pool from Integrated to Classic, this also in IIS, for my application.
Then it worked.
I am deploying my ASP.NET application on IIS. Everything works well when I run it on Visual Studio with IIS Express but when I use IIS, the event viewer shows this error.
I added a login on SQL Server but still get the same error
Any idea on what I could be missing?
Grand DB_Owner permission for "IIS APPPOOL\test.bata.com". also check the connection string in web.config file
You can try to use custom identity in application pool with the windows user name password and use this string in web.config file.
<add name="umbracoDbDSN" connectionString="data source=YOUR_SERVER_NAME;database=nrc;Integrated Security=SSPI;persist security info=True;" providerName="System.Data.SqlClient" />
For more detailed steps you can refer to this link: https://forums.iis.net/t/1249665.aspx
<httpRuntime executionTimeout="600" maxRequestLength="11000"
requestLengthDiskThreshold="80"
useFullyQualifiedRedirectUrl="false"
minFreeThreads="8"
minLocalRequestFreeThreads="4"
appRequestQueueLimit="5000"
enableKernelOutputCache="true"
enableVersionHeader="true"
requireRootedSaveAsPath="true" enable="true"
shutdownTimeout="90" delayNotificationTimeout="5"
waitChangeNotification="0" maxWaitChangeNotification="0"
enableHeaderChecking="true" sendCacheControlHeader="true"
apartmentThreading="false"/>
<trust level="Full"/>
<customErrors mode="on" defaultRedirect="~/Contents/error.aspx">
</customErrors>
This is my error handling in web.config which is not working.
If there is any exception thrown it doesn't redirect to /Contents/error.aspx page
Is it because I set /Contents/error.aspx -
If not what's wrong with the error handling.
Have you configured the virtual directory as an ASP.NET application for the right framework version?
This error can be caused by a virtual
directory not being configured as an
application in IIS.
In IIS, you can have several applications, but they must be configured as an application. Generally, when you create a web project it maps directly to an IIS application.
Check with your hosting service on how to create an IIS application for your web app.
See IIS Setup
Take a look at here
Try using two '/' in the directory:
//Contents//error.aspx
Hope this helps :)
set customErrors mode="Off" in the web.config to see the actual error. As suggested by Sachin. It turned out to be a compilation Error I had to fix and could enable customErrors again.
I'm using the following code to authenticate via Kerberos.
IntPtr logonToken = WindowsIdentity.GetCurrent().Token;
string authenticationType = "WindowsAuthentication";
WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken, authenticationType);
//windowsIdentity.Name == equals "IIS APPPOOL\Classic .NET AppPool" when I want it to be the user
This only happens when I try and run my .NET application the Web Server. If I run the code locally on my machine for debugging, it shows my userid in the Name property. Any suggestions on how to get this working on a web server?
You need to enable impersonation in web.config:
To configure ASP.NET to impersonate the Windows identity supplied by IIS as the WindowsIdentity for the ASP.NET application, edit the Web.config file for the application and set the impersonate attribute of the identity configuration element to true, as shown in the following example.
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
</configuration>
When you run the code locally for debugging you're probably using the web dev server that runs as your logged-in user, which is why you'll see the correct user in debug.
Your problem is, your IIS server runs under its own identity, not yours. Therefore, WindowsIdentity.GetCurrent().Token returns IIS work process' identity.
You can configure your website to run under different identity (including yours) using IIS Manager console: