I have implemented a customer role provider in a C# MVC app.
It doesn't seem to be detecting the Windows user.
This was working fine yesterday.
The config for it looks like this:
<system.web>
<authentication mode="Windows" />
<roleManager defaultProvider="MyRoleProvider" enabled="true">
<providers>
<clear />
<add name="MyRoleProvider" type="CWC_Service_Plan.Security.MyRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
However adding a break-point in the code I can see that the User is not being detected.
I must have changed something without realising. What could be causing this?
[Edit]
Role-providers work by picking up the Windows username and then using it to authenticate.
No authentication happens if it can't pick-up the username.
The question is about why the username is not being picked-up, which I appreciate is a big question, so all suggestions are good suggestions.
[/Edit]
Have you disabled Anonymous access?
See Configuring Windows Authentication:
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab.
Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated 1. Windows authentication is the only selected check box.
This applies to Visual Studio too, it's a property of the web project (select the web project and press F4):
Related
I created a brand new Asp.Net Core 2.0 web mvc application with windows authentication enabled.
If I immediately hit play it prompts me for user credentials which is not what I want. If I hit cancel it then redirects me to a 401.2 unauthorized error screen with the following error:
"You are not authorized to view this page due to invalid
authentication headers."
When I then stop the application and enable anonymous authentication on the project and hit play again, it runs the application successfully but will not display my username. #User.Identity.Name returns empty string.
How do I get around the security prompt while still being able to display my username?
In the .NET Framework, I would use this in the web.config file along with anonymous authentication = true and it would work the way I want:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I am using Visual Studio 15.4.1.
I think that the <authentication> tag is related to ASP.NET, and not IIS. In ASP.NET Core, the System.Web pipeline doesn't run.
I've had success in implementing Windows authentication with ASP.NET Core by using the following configuration in the web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>
The <system.webServer> section is the one getting modified when you change the authentication settings through IIS Manager.
Edit after Ben's first comment
Sorry, I had misread part of your initial message, and thought that you were trying to deploy your application in IIS.
It looks like Windows Authentication is set up correctly since you get prompted for credentials. What I don't understand is why you get prompted. I'm using IE11, Edge and Chrome, and they all know how to send Windows credentials without prompting me.
What browser are you using when doing your test? Could you try with the ones I listed above?
I have an MVC ASP.NET application set with "Individual user accounts". The log in and register features only works when debugging in Chrome. When i run without debugging on any browser including Chrome, i get redirected to the login page when attempting to register or log in.
In my web.config class i have this
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
Any idea as to whats going on?
I had the same problem before, and it's related to cookies and session state, try to run your solution without debugger in google incognito if it ran successfully, then clear your browser cache from settings (cookies).
for OWIN itself, make sure to update all of your nuget packages, this should solve the problem.
I've got this error when I run my web app in my visual studio 2012. This happens after I've changed the web config to windows authentication mode.
These are the lines of codes I've changed from the original web config.
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<identity impersonate="true" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
Actually, when I deployed this project to the web server, it works perfectly fine. Now, my problem is that I could not debug this project using the visual studio 2012 cuz I have this error. I've tried opening other project and it works using the visual studio and mine is not but these two have same set-up.
Please try following:
Go to IIS Server, Click on Web site you created and look for Windows
Authentication, It should not be disabled
Check the folder were you kept you code and look try to give the full
permission to the current AD user.
Alternatively, you can try creating the .html page in you home directly and try
browsing the page.
In Visual Studio, in your project properties, you can choose which type of server you want. You must choose "IIS Server" and "Create virtual directory" to be in the same configuration as your deployment server and be able to set all needed parameters.
You'll certainly need to open IIS manually (outside of VS) to configure security settings on your development WebSite.
Server Error in '/' Application.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I've looked through countless of previous questions and I haven't managed to get it working.
I've edited my web.config file and included a generated key at no success.
Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<machineKey validationKey="E91A16E07A8D628F1F1397962336B0C63B6DC45B8EB3D16BBD5E5761DD8AE462C04C1CC215904FF0353E84EF8194B48682114C72CF8E10F5295E5ADF36DBC520" decryptionKey="EFA118DF00BFB8206F24A1BB4AF7D18FBD6A605B44789E9048D8127FFF950A09" validation="SHA1" decryption="AES" />
<httpRuntime />
<pages enableViewStateMac="true" />
<customErrors mode="Off" />
<compilation targetFramework="4.0" debug="true" />
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
This happens when I postback to another page!
Instead of using <form action="..."> to perform a cross-page post back, try changing your submit button to read <asp:Button runat="server" postbackurl="...">. Using the PostBackUrl property is the officially supported way to perform a cross-page post back, as it sets a flag in the request telling the destination page to ignore the __VIEWSTATE field.
The main problem lies in the Application Pool of your website.Configure your website to use the proper .NET Framework version (i.e. v4.0) under the General section of the Application Pool related to your website.
Under the Process Model, set the Identity value to Network Service.Close the dialog box and right-click your website and select Advanced Settings... from the Manage Website option of the content menu. In the dialog box, under General section, make sure you have selected the proper name of the Application Pool to be used.
Your website should now run without any problem.Hope this helps you overcome this error.
I to do:
Click Start, point to Administrative Tools, and then click Internet
Information Services (IIS) Manager. In the Connections pane, expand
the server name, expand Sites, and then select the site, application
or Web service for which you want to enable Extended Protection for
Windows authentication. Scroll to the Security section in the Home
pane, and then double-click Authentication. In the Authentication
pane, select Windows Authentication. Click Enable in the Actions
pane. Click Advanced Settings in the Actions pane.
after set in web.config <authentication mode="Windows" />
If I start app from VS2010 - All works well.
If else I start app from IIS I have problem.
Requested user data I enter Computer\NameUser.
then an error:
Error HTTP 401.2 - Unauthorized You have no right to view this page
because of the inadmissibility of the authentication header.
update:
update2:
file: C:\Windows\System32\inetsrv\config\applicationhost.config
<location path="windowsAuthTest">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" userName="User" password="[enc:AesProvider:BZ7e2mkTjJL7Wo8xMm2PQKZ2biP1nKB2SjAfw9WmJoBhkMbl4DYqEJU0bzIj3CxF:enc]" />
<windowsAuthentication enabled="true" useKernelMode="false">
<extendedProtection tokenChecking="None" />
<providers>
<clear />
<add value="NTLM" />
<add value="Negotiate" />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
</location>
Take a look at my previous answer.
Basically, that means that the authentication ticket does not match the expectation of the server.
You should force the server to use NTML or Kerberos (depending on your authentication strategy).
[Edit] as appcmd can be a bit obscure, here is the manual stop to force NTLM authentication.
Navigate to C:\Windows\System32\inetsrv\config
Backup, Backup, Backup and rebackup applicationhost.config
To be sure backup again
Open the file applicationhost.config with your favorite xml editor
search for the node <location path="Your web site name/yourapplication">
Setup the correct authentication provider :
The important part is that there is the <clear /> node. This will break inheritance from the global configuration.
This can be applied to the whole IIS server, or a specific web site, or (like here) a specific web application).
I'm not sure, but I wonder if this can be set in the web.config within the app directly instead of the IIS config file. This merits to be tested.
After that you access to security of your site you must to add right for the user windows.