I am trying to launch ASP.NET project on a local computer. IIS responds with 401.0 status code, stating that "authenticated user does not have access to a resource needed to process the request". Authentication mode is set to Windows in my web config, nonetheless logon method in Detailed Error Information is "Anonymous". Changing it to "None" brought no change. So how do I change authentication method that way so I log in via Windows Authentication?
I found out what happened and it’s hilarious. Turns out that Windows Auth was disabled in project properties, and anonymous auth was enabled instead. All the info I found before gave advice of opening project properties and switching auth method to Windows Auth. I tried to do this but somehow properties window didn't open, and they said that it was to open right on click on the project in solution explorer.
And it actually did open, although my laptop's screen covered the area of monitor where it opened. So when I closed my laptop I immidiately saw needed properties panel, switched auth method, fired up IIS and everything got into order.
So here's my wisdom: always make sure that you see the whole picture :)
Related
I have an old ASP.NET intranet application where the forms login page is demonstrating unusual behavior. If any version of IE has a cleared history (history, not cookies) when they submit to log in the page executes a blank post back and remains on the login page.
If they refresh the page or had been redirected to the login page from trying to directly access another page then they are logged in without trouble.
I have published additional copies of this application to the same IIS server and they initially did not exhibit this behavior however after some number of hours they began acting the same way. Republishing to the same instance does not "fix" the issue like publishing to a new site does and neither does removing the old application and then publishing to the same name.
I'm not sure where to go from here so any help would be appreciated.
To me these are the key observations I have made:
This only effects our production server. The same code published to two other servers do not exhibit this defect. This code has worked for years until recently.
I replaced the button click code with a Response.Redirect to Google. When the button is not behaving correctly this redirect was not being fired. This indicates to me that the button code is not being executed. After the page is reloaded/refreshed it redirects properly since the button code is now firing.
When the same code is published to this IIS server under a different name it does not exhibit this defect for a number of hours. What could happen after a few hours to cause this behavioral change? Republishing to the same IIS site does not fix the issue for a few hours like publishing to a new IIS site does.
I have removed the button code from this posting because it is in my opinion a red herring as the code doesn't appear to be being executed at all.
This is what the cookies looked like in the network tools when the site is working
The difference here from when the site is working to when it is not working is that the Form1 key is marked as Sent and not Received.
Something new I have also noticed is that when the site is not working the favicon shows as (aborted). I now believe that the request is being completely aborted because I have overriden the page's OnInit and the code I entered is not being executed when the site is not working.
Today my work opened a ticket with Microsoft to help get this problem resolved and they have said it was a "head scratcher."
I disagree with Nick's thought that there is a problem in the code because of your assertion:
This only effects our production server. The same code published to two other servers do not exhibit this defect. This code has worked for years until recently.
This suggests there is a difference between servers, the way they are configured or the code is deployed that is stopping it from working. As it is a forms authentication problem, I am reminded of the bug that screwed up forms authentication in IE10 - see IE10 User-Agent causes ASP.Net to not send back Set-Cookie (IE10 not setting cookies)
Are your servers identical? Running the same OS, .NET versions, patches, hotfixes etc?
Microsoft saved the day.
They told us that the older versions of IE will look for the favicon in the root folder in IIS and not the application path regardless of where you're pointing it to look. There we found that the root folder's authentication settings were set to Windows Authentication only. For whatever reason this was causing the forms authentication to be aborted until we added Allow Anonymous to the root folder.
I have an ASP.Net C# Web Application in which I have added Windows Live oAuth authentication (I am not using the code supplied by the Visual Studio project template for oAuth). I have two return pages in my application where the user should come back after authenticating with the Windows Live oAuth Service. The reason I have two end points is to distinguish two different modes in my application based on where the user returns.
Anyways, the problem is that when I add the second URL in the configuration screen of Microsoft Windows live at https://account.live.com/developers/applications/apisettings/, the Microsoft Live page simply does not save it. Here is what I am doing:
Go to https://account.live.com/developers/applications/index
Click Application name and then edit Settings
go To API Settings
Click "Add another redirect URL"
Added my second URL and clicked save.
The second text box where I entered the URL simply disappears and my second URL does not work in the oAuth flow.
If any of you has faced a similar issue, do you have a work around? If this is something Microsoft should fix, where should I raise this bug with Microsoft?
Update: I have also tried a work around of creating two applications, so that each one has one of the return URLs, but Microsoft does not allow two applications with the same root domain URL. :(
I have the same issue.
This is not your fault, and there is nothing other than Microsoft would be able to fix it.
I use this simple line of code inside my HttpHandler:
Directory.CreateDirectory(#"\\srv-001\dev\folderToCreate\");
I receive an UnauthoridezAccessException telling me that the access to the path is denied.
From here, I create a little Dos application in C# doing the same thing and I was able to create the folder. So, I thought that it might be that IIS is running on a different user than myself. I went to IIS and changed the Application pool to a Custom user, myself. But, unfortunately, I got the same exception.
I have try to create a Share folder on my computer and I can create directory. Also, when debugging I can see that System.Threading.Thread.CurrentPrincipal.Identity have its AuthenticationType to "", IsAuthenticated to false and name to "".
So, with all those tests I can conclude that the HttpHandler that receive the file cannot create a directory because of some security access.
How can I grand access to my HttpHandler to be able to create a directory (and files) to a network folder?
actually, i thought of one other thing to check. not only is there the app pool identity, but there is also an identity associated with anonymous authentication. if you are on iis 7/7.5, you should be able to see the authentication icon for the web application and doubleclick that. selecting anonymous authentication and then clicking edit will reveal a dialog that gives you the option of specifying a user or the app pool user. i bet if you choose app pool user, that will fix it.
if you are on iis 6, i don't recall as clearly, but i'll give it a shot. don't have iis 6 in front of me to verify, but i remember there being an anonymous access button you can click that would bring up a dialog where you could specify the user. don't think you had the option there of using the app pool identity and had to specify the account explicitly.
I have a MVC application and I can't get it working on IIS 7. Debugging in VS2010 works fine, but when I publish the website to my local IIS7, I see nothing but blank pages.
Here is what I have done:
On the project, right click and click Publish. In the Publish Web window I set these settings:
Publish method: Web deploy
Service URL: localhost
Site/application: Default Web Sit\Africa
both, Mark as IIS application on destination and Leave extra files on destination (do not delete are checked.
In IIS, my application runs under a application pool with supports .net 4.0 and managed pipeline is set to integrated.
I don't get any error while publishing, but when I navigate to my site I only see blank pages. Nothing happens.
What goes wrong?
EDIT:
When I navigate to http://localhost/Africa/ I see a blank page. When I navigate to http://localhost/Africa/Views/Home/ I get a 500 error.
How can I solve this?
I ran in to the same exact problem, it took quite a bit of digging to solve.
I finally found the solution to it on this page: Getting an ASP.MVC2/VS2010 application to work in IIS 7.5
Yeah, I know that this is an old thread but for the sake of saving someone else's time I'm adding this. Also make sure you have HTTP Errors, HTTP Redirection, and Static Content enabled in IIS.
In your application pool advanced settings, make sure you have Enable 32-bit applications set to true.
Some other things to try:
Change the application pool to classic.
Make sure you have the correct version of MVC installed on your server.
If you are getting 500 errors, you can turn on Failed Request Tracing and check the logs. If you are getting 500 errors and no logs are being created, you need to check your web.config.
Blank page normally doesn't necessary mean it's not working, if you default page doesn't have anything, it will be blank.
If you run into some error, you normally will see an error page.
I have created site on my local machine that works fine on debug mode but when i put the site on local iis (7.5) of my machine i get
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
Authentication Settings
I have windows impersonation and windows authentication enabled and everything else in that section is disabled
All the folder have full permissions
Can anyone tell me what's going on?
As a quick and dirty fix, grant the IIS_IUSRS group Read/Execute or Modify permissions to your web folder... BUT DON'T DO THIS ON AN INTERNET FACING SERVER, read on....
To fix this properly you should grant the Application Pool Identity for your site Read/Execute or Modify permissions to your application's web folder. To do this:
Open IIS Manager, navigate to your website or application folder where the site is deployed to.
Open Advanced Settings (it's on the right hand Actions pane).
Note down the Application Pool name then close this window
Double click on the Authentication icon to open the authentication settings
Disable Windows Authentication
Right click on Anonymous Authentication and click Edit
Choose the Application pool identity radio button the click OK
Select the Application Pools node from IIS manager tree on left and select the Application Pool name you noted down in step 3
Right click and select Advanced Settings
Expand the Process Model settings and choose ApplicationPoolIdentity from the "Built-in account" drop down list then click OK.
Click OK again to save and dismiss the Application Pool advanced settings page
Open an Administrator command line (right click on the CMD icon and select "Run As Administrator". It'll be somewhere on your start menu, probably under Accessories.
Run the following command:
icacls <path_to_site> /grant "IIS APPPOOL\<app_pool_name>"(CI)(OI)(M)
For example:
icacls C:\inetpub\wwwroot\mysite\ /grant "IIS APPPOOL\DEFAULTAPPPOOL":(CI)(OI)(M)
If all is good icacls.exe will report:
processed file: c:\inetpub\wwwroot\mysite
Successfully processed 1 files; Failed processing 0 files
In my case this had nothing to do with permissions. This is the "loopback check" protection. The problem was because I was connecting from the local machine that had the IIS.
Symptoms are: You connect and you get a browser prompt to insert credentials 3 times, then an HTTP 401.1 error.
Testing from a different computer works well.
Some sites will tell you to disable the "loopback check", but instead you have to add the FQDN domain you're connecting to to a whitelist, as described in this serverfault response:
https://serverfault.com/a/485011/415362
i also had the same issue. i simply remove the application. created a new floder and hosted it again. problem solved.
Somewhat late in coming, but an alternative that I sometimes forget is time difference. In a domain environment, run "Net Time /SET" to synchronise with the AD Box.
Additional Reading:
For all of this to work and to ensure security, the domain controllers and clients must have the same time. Windows operating systems include the Time Service tool (W32Time service). Kerberos authentication will work if the time interval between the relevant computers is within the maximum enabled time parameters. The default is five minutes. You can also turn off the Time Service tool and install a third-party time service. Of course, if you have problems authenticating, you should make sure that the time is correct for the domain controllers and the client that is experiencing the problem.
(Source: https://sourcedaddy.com/windows-7/server-authentication.html)
Heavier Reading:
.... In addition, IT professionals should understand how Windows Time Service works because Kerberos security is highly dependent on time services. ....
(Source: https://redmondmag.com/articles/2012/02/01/understanding-the-essentials-of-the-kerberos-protocol.aspx )