I am having an interesting issue with IIS 8. I can run the app just find. However after triggering a sql query I get the dreaded "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'".
The real kicker to all of this is that when I run in IIS Express with Visual Studio 2013 it works fine.
IIS Authentication Settings
Web.Config:
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
Any/All help is appreciated!
Make sure the account that is running the app pool in IIS has access to SQL server. If that doesn't work then try changing the account that the app pool is running under to like NetworkService or LocalService and see if that has any effect.
Also try changing some of the other app pool settings in the "Advanced Settings..." dialog such as the managed pipeline mode and enable 32-bit applications.
Thanks everyone for the help.
What ended up happening is that we just used a local sql account.
We are going to use AD to control who has access to the page.
Using the <deny roles="DOMAIN\Domain Users"/>
option in web config file.
Related
I'm having access denied errors when trying to create directories, move files etc. So I added (web.config) the impersonate user that have the right privileges to execute that functions.
So, in my web.config I have the current code:
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>...</handlers>
<aspNetCore .../>
</system.webServer>
</location>
<system.web>
<identity impersonate="true" password="password123" userName="DOMAIN\user123" />
</system.web>
</configuration>
And in my IIS, the DefaultAppPool pool have the Identity property set to ApplicationPoolIdentity.
iis pool configuration identity
And now I use WindowsIdentity.RunImpersonated() to run my code that create the folders and etc that I talked earlier with the purpose to use the configured user (DOMAIN\user123), and not the current User.Identity logged into, like DOMAIN\anyOtherCurrentUser:
WindowsIdentity.RunImpersonated(WindowsIdentity.GetCurrent().AccessToken, () => {
// create directory, move files, etc
});
The problem is when I run this code, calling WindowsIdentity.Getcurrent(), The user that I'm getting is the current one set on IIS Configuration IIS APPPOOL\DefaultAppPool and not the configured user in web.config DOMAIN\user123. Why this happens? How should I use this user configured in web.config?
You simply cannot.
Anything under <system.web> applies to only ASP.NET 4.x or older, and ASP.NET Core does not honor such.
Even for ASP.NET 4.x you should grant all permissions based on the application pool identity, not relying on impersonation for your own good.
I've exhausted every bit of me to get Windows Authentication to work on the server and I cannot find any help on the internet. Windows authentication is working on my local PC, below is what I've done so far, kindly assist me understand if there's something I am missing or did wrong?
Windows Server 2012 R2 (v6.2) with IIS (v8.5.9600)
Here's how my web.config looks like:
<system.web>
<httpRuntime targetFramework="4.5" maxRequestLength="1048576" />
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
And here's the authentication section in IIS:
I've added the website as a Trusted Site (also as a Local Intranet) in Internet Explorer and that didn't help:
Many threads (including this one here) advised I add 2 entries to the registry to:
Set the DisableStrictNameChecking registry entry to 1
and add my website url in: BackConnectionHostNames
I've done so as per below and still no luck, I've even gone as far as performing the above steps on both the server and my local PC as well:
And I've mirrored everything else on there as is on my local PC. The server was restarted after doing the above 2 steps. The website is configured to use pass-through authentication in IIS and works fine on my local PC:
Is there something I am missing or not doing right? I've carried this problem into my New Year and I am so tired of it. Please anyone help me or point me in the right direction.
I created a brand new Asp.Net Core 2.0 web mvc application with windows authentication enabled.
If I immediately hit play it prompts me for user credentials which is not what I want. If I hit cancel it then redirects me to a 401.2 unauthorized error screen with the following error:
"You are not authorized to view this page due to invalid
authentication headers."
When I then stop the application and enable anonymous authentication on the project and hit play again, it runs the application successfully but will not display my username. #User.Identity.Name returns empty string.
How do I get around the security prompt while still being able to display my username?
In the .NET Framework, I would use this in the web.config file along with anonymous authentication = true and it would work the way I want:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I am using Visual Studio 15.4.1.
I think that the <authentication> tag is related to ASP.NET, and not IIS. In ASP.NET Core, the System.Web pipeline doesn't run.
I've had success in implementing Windows authentication with ASP.NET Core by using the following configuration in the web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>
The <system.webServer> section is the one getting modified when you change the authentication settings through IIS Manager.
Edit after Ben's first comment
Sorry, I had misread part of your initial message, and thought that you were trying to deploy your application in IIS.
It looks like Windows Authentication is set up correctly since you get prompted for credentials. What I don't understand is why you get prompted. I'm using IE11, Edge and Chrome, and they all know how to send Windows credentials without prompting me.
What browser are you using when doing your test? Could you try with the ones I listed above?
I've developed a web application, I deployed this application on the server.
When I ran the application I am getting There was an unexpected server error, that is only error message it shows, no other details.
When I run this application using visual studio, it works just fine. I've tried with below <customErrors mode="On" />
Application pool has been kept in .net version 4.0
Asp.net has been registered with IIS.
Any ideas would help.
on server web.config try below config. you should see detailed error message.
<system.web>
<customErrors mode="Off" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed"></httpErrors>
</system.webServer>
There was a network issue, which has been fixed, and it worked. Asp.net Impersonation has been "Enabled", Anonymous Authentication has been "Disabled". Enabled delegation [for kerberos] for the machine at the AD level. These made application work. There was no code issue at all as expected.
I've got this error when I run my web app in my visual studio 2012. This happens after I've changed the web config to windows authentication mode.
These are the lines of codes I've changed from the original web config.
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<identity impersonate="true" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
Actually, when I deployed this project to the web server, it works perfectly fine. Now, my problem is that I could not debug this project using the visual studio 2012 cuz I have this error. I've tried opening other project and it works using the visual studio and mine is not but these two have same set-up.
Please try following:
Go to IIS Server, Click on Web site you created and look for Windows
Authentication, It should not be disabled
Check the folder were you kept you code and look try to give the full
permission to the current AD user.
Alternatively, you can try creating the .html page in you home directly and try
browsing the page.
In Visual Studio, in your project properties, you can choose which type of server you want. You must choose "IIS Server" and "Create virtual directory" to be in the same configuration as your deployment server and be able to set all needed parameters.
You'll certainly need to open IIS manually (outside of VS) to configure security settings on your development WebSite.