I've got this error when I run my web app in my visual studio 2012. This happens after I've changed the web config to windows authentication mode.
These are the lines of codes I've changed from the original web config.
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<identity impersonate="true" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
Actually, when I deployed this project to the web server, it works perfectly fine. Now, my problem is that I could not debug this project using the visual studio 2012 cuz I have this error. I've tried opening other project and it works using the visual studio and mine is not but these two have same set-up.
Please try following:
Go to IIS Server, Click on Web site you created and look for Windows
Authentication, It should not be disabled
Check the folder were you kept you code and look try to give the full
permission to the current AD user.
Alternatively, you can try creating the .html page in you home directly and try
browsing the page.
In Visual Studio, in your project properties, you can choose which type of server you want. You must choose "IIS Server" and "Create virtual directory" to be in the same configuration as your deployment server and be able to set all needed parameters.
You'll certainly need to open IIS manually (outside of VS) to configure security settings on your development WebSite.
Related
I created a brand new Asp.Net Core 2.0 web mvc application with windows authentication enabled.
If I immediately hit play it prompts me for user credentials which is not what I want. If I hit cancel it then redirects me to a 401.2 unauthorized error screen with the following error:
"You are not authorized to view this page due to invalid
authentication headers."
When I then stop the application and enable anonymous authentication on the project and hit play again, it runs the application successfully but will not display my username. #User.Identity.Name returns empty string.
How do I get around the security prompt while still being able to display my username?
In the .NET Framework, I would use this in the web.config file along with anonymous authentication = true and it would work the way I want:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I am using Visual Studio 15.4.1.
I think that the <authentication> tag is related to ASP.NET, and not IIS. In ASP.NET Core, the System.Web pipeline doesn't run.
I've had success in implementing Windows authentication with ASP.NET Core by using the following configuration in the web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>
The <system.webServer> section is the one getting modified when you change the authentication settings through IIS Manager.
Edit after Ben's first comment
Sorry, I had misread part of your initial message, and thought that you were trying to deploy your application in IIS.
It looks like Windows Authentication is set up correctly since you get prompted for credentials. What I don't understand is why you get prompted. I'm using IE11, Edge and Chrome, and they all know how to send Windows credentials without prompting me.
What browser are you using when doing your test? Could you try with the ones I listed above?
I cannot manage to get the Customer security sample provided from Microsoft to work. I have followed the README for CustomerSecuritySample here:
https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample
Expected result
I expected that after a restart of the services a logon screen should be provided when entering http://computername/Reports in the browser. But instead I still get an Windows authentication prompt. I think that I miss some final steps in the guide that needs to be done to make it work but cannot figure out what
Setup
Instance name: SQL2016
URL set in Reporting Services Configuration Manager: http://computername/Reports
Configuration steps taken
The following changes have been made where I followed the README:
RSReportServer.config:
Set AuthenticationTypes to Custom:
<AuthenticationTypes>
<Custom/>
</AuthenticationTypes>
Replaced UI with new data:
<UI>
<CustomAuthenticationUI>
<loginUrl>/Pages/UILogon.aspx</loginUrl>
<UseSSL>False</UseSSL>
<PassThroughCookies>
<PassThroughCookie>sqlAuthCookie</PassThroughCookie>
</PassThroughCookies>
</CustomAuthenticationUI>
<ReportServerUrl>http://computername/Reports</ReportServerUrl>
<PageCountMode>Estimate</PageCountMode>
</UI>
Replaced Security extension information with:
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization, Microsoft.Samples.ReportingServices.CustomSecurity" >
<Configuration>
<AdminConfiguration>
<UserName>username</UserName>
</AdminConfiguration>
</Configuration>
</Extension>
Replaced Authentication extension with:
<Extension Name="Forms" Type="Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension,Microsoft.Samples.ReportingServices.CustomSecurity" />
RSSrvPolicy.config:
Added a new code group:
<CodeGroup
class="UnionCodeGroup"
version="1"
Name="SecurityExtensionCodeGroup"
Description="Code group for the sample security extension"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSRS13.SQL2016\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll"/>
</CodeGroup>
Web.config:
Added under system.web:
<machineKey validationKey="GENERATED_VALIDATION_KEY" decryptionKey="GENERATED_DECRYPTION_KEY" validation="AES" decryption="AES" />
Changed authentication mode from Windows to Forms and added authorization and identity impersonation:
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60" path="/"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="false" />
RSWebApp/Microsoft.ReportingServices.Portal.WebHost.exe.config:
Added the same validation and decryption key as in Web.config for Reporting services
<system.web>
<machineKey validationKey="GENERATED_VALIDATION_KEY" decryptionKey="GENERATED_DECRYPTION_KEY" validation="AES" decryption="AES" />
</system.web>
Copy files to right places
C:\Program Files\Microsoft SQL Server\MSRS13.SQL2016\Reporting Services\RSWebApp:
Copy Microsoft.ReportingServices.Portal.WebHost.exe.config
C:\Program Files\Microsoft SQL Server\MSRS13.SQL2016\Reporting Services\ReportServer:
1. Copy the other three config files mentioned above
2. Copy Login.aspx and .cs
3. Copy Microsoft.Samples.ReportingServices.CustomSecurity.dll into /bin
I'm running the preview version of SSRS with Power BI and the preview does not have support for multiple instances.
When I changed the files in C:\Program Files\Microsoft SQL Server Reporting Services\RSServer\ReportServer instead and then restarted "SQL Server Reporting Services - Standalone" I got the logon prompt
Reference: https://github.com/Microsoft/Reporting-Services/issues/21
I had to copy the MachineKey from Microsoft.ReportingServices.Portal.WebHost.exe.config file (RSWebApp directory) to the web.config file (ReportServer directory).
I have implemented a customer role provider in a C# MVC app.
It doesn't seem to be detecting the Windows user.
This was working fine yesterday.
The config for it looks like this:
<system.web>
<authentication mode="Windows" />
<roleManager defaultProvider="MyRoleProvider" enabled="true">
<providers>
<clear />
<add name="MyRoleProvider" type="CWC_Service_Plan.Security.MyRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
However adding a break-point in the code I can see that the User is not being detected.
I must have changed something without realising. What could be causing this?
[Edit]
Role-providers work by picking up the Windows username and then using it to authenticate.
No authentication happens if it can't pick-up the username.
The question is about why the username is not being picked-up, which I appreciate is a big question, so all suggestions are good suggestions.
[/Edit]
Have you disabled Anonymous access?
See Configuring Windows Authentication:
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab.
Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated 1. Windows authentication is the only selected check box.
This applies to Visual Studio too, it's a property of the web project (select the web project and press F4):
I have built an ASP.NET Web Service in C# and and I need to run this on Linux. After googling, I found out that it's possible to execute ASP.NET web service on Linux using Mono Develop. But when I try to open my Solution File in Mono (Xamarin Studio) it gives me an error:
Error while trying to load the project.
What am I doing wrong? Or maybe what is the best solution to run ASP.NET Web Service on Linux?
EDIT:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation defaultLanguage="C#" debug="true">
<assemblies>
</assemblies>
</compilation>
<customErrors mode="RemoteOnly">
</customErrors>
<authentication mode="None">
</authentication>
<authorization>
<allow users="*" />
</authorization>
<httpHandlers>
</httpHandlers>
<trace enabled="false" localOnly="true" pageOutput="false" requestLimit="10" traceMode="SortByTime" />
<sessionState mode="InProc" cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<pages>
</pages>
</system.web>
</configuration>
First of all, it can fail for a lot of reasons, so add a bug report into Xamarin's Bugzilla. But try initially to start Xamarin Studio, choose create new Asp.Net solution and then replace with your files in the .vcproj file (you can use a simple xml editor like gedit or Notepad++).
Depends on your application kind, I found that simple web pages/web services work but is not using IIS, but is using XSP4 (their custom C# written IIS-like web server) which sometimes is slow.
If you need simply to make some business logic to run fast on Mono and to not have configuration hassles, I would recommend to you .Net remoting. This is a low-overhead solution and I found it working even in combination with binary serialization.
I to do:
Click Start, point to Administrative Tools, and then click Internet
Information Services (IIS) Manager. In the Connections pane, expand
the server name, expand Sites, and then select the site, application
or Web service for which you want to enable Extended Protection for
Windows authentication. Scroll to the Security section in the Home
pane, and then double-click Authentication. In the Authentication
pane, select Windows Authentication. Click Enable in the Actions
pane. Click Advanced Settings in the Actions pane.
after set in web.config <authentication mode="Windows" />
If I start app from VS2010 - All works well.
If else I start app from IIS I have problem.
Requested user data I enter Computer\NameUser.
then an error:
Error HTTP 401.2 - Unauthorized You have no right to view this page
because of the inadmissibility of the authentication header.
update:
update2:
file: C:\Windows\System32\inetsrv\config\applicationhost.config
<location path="windowsAuthTest">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" userName="User" password="[enc:AesProvider:BZ7e2mkTjJL7Wo8xMm2PQKZ2biP1nKB2SjAfw9WmJoBhkMbl4DYqEJU0bzIj3CxF:enc]" />
<windowsAuthentication enabled="true" useKernelMode="false">
<extendedProtection tokenChecking="None" />
<providers>
<clear />
<add value="NTLM" />
<add value="Negotiate" />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
</location>
Take a look at my previous answer.
Basically, that means that the authentication ticket does not match the expectation of the server.
You should force the server to use NTML or Kerberos (depending on your authentication strategy).
[Edit] as appcmd can be a bit obscure, here is the manual stop to force NTLM authentication.
Navigate to C:\Windows\System32\inetsrv\config
Backup, Backup, Backup and rebackup applicationhost.config
To be sure backup again
Open the file applicationhost.config with your favorite xml editor
search for the node <location path="Your web site name/yourapplication">
Setup the correct authentication provider :
The important part is that there is the <clear /> node. This will break inheritance from the global configuration.
This can be applied to the whole IIS server, or a specific web site, or (like here) a specific web application).
I'm not sure, but I wonder if this can be set in the web.config within the app directly instead of the IIS config file. This merits to be tested.
After that you access to security of your site you must to add right for the user windows.