I've to enable SSO authentication on a Sitefinity application that before was using Form Authentication with a custom provider.
I've enabled it in the web.config
<authentication mode="Windows">
<!--<forms slidingExpiration="true" name="xxx.ASPXAUTH" cookieless="UseCookies" requireSSL="false" ticketCompatibilityMode="Framework20" timeout="180" />-->
</authentication>
<authorization>
<deny users="*" />
</authorization>
And when I try to access to a page I got the domain popup to appear. I insert mine credential but I go again the domain popup
I've cross checked everything but everything seems ok... what can be the reason I can't logon? and it falls me back as I've entered a wrong password?
Related
I have an asp.net web site which uses asp.net membership to authenticate and authorize users. When a user is not authenticated and types url of some page from the web site, then the user is redirected to login.aspx with ReturnUrl initialized as the Page that was requested. Because of a requirement, I got rid of my login page. It still exists on the web site, but users would log on from a different site. As a result, I don't want unauthenticated access to a page to redirect to login.aspx page. I want to redirect users to some custom page I want. How can I achieve this?
The authentication node in the Web.config should be able to specify this. For example, in Forms authentication, one might have something like this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/MyCustomPage.aspx" />
</authentication>
<authorization>
<deny users= "?"/>
</authorization>
<system.web>
I'm upgrading user management pages of my old web forms project to use new Identity 2.0. This means introducing MVC pages within web forms solution but so far it does not seem to be a big issue. Most of the functionality works fine except when I'm trying to add external auth provider (Google, FCBK) to already signed in user. I'm working off Identity 2.0 sample app and my problem happens in equivalent of /manage/linklogin action within Identity 2.0 sample app.
In here, external auth provider (let's say Google) should be challenged by setting HTTP 401 into current response, resulting in a browser redirect:
Location: https://www.google.com/accounts/o8/ud?openid.ns=[edited out...]
However, what happens to me is that I only get redirected to a local login page:
Location: /Account/Login?ReturnUrl=%2fManageAccount%2fLinkLogin
Please note that the very same code is called when I try to register (i.e. user is not logged in, not authenticated) using Google account - so it is not an issue that I'd have app.UseGoogleAuthentication() set wrongly in Startup.Auth.cs.
I suspect "something" in the response pipeline catches StatusCode 401 set by Microsoft.Owin.Security.AuthenticationManager.Challenge() method before Owin.Security.Google auth middleware kicks in and set the proper redirect location, though I cannot find what that "something" is.
Anyone successfully imported Identity 2.0 into web forms project already?
More info on my issue can be found here: Identity2.0 Codeplex discussion
Please refer to this sample for ASP.NET Web Forms which shows the Identity 2.0 features https://aspnet.codeplex.com/SourceControl/latest#Samples/Identity/Webforms.Samples/
You should also make sure the order of registering the middlewares is correct. For eg. Cookies should come before Google
Yeah this was a challenge. You are correct in your observation of it's
behavior. The config info below resolved this issue for me.
The very bottom config tag that excludes the callback path caused
it to start functioning as expected for me.
<system.webServer>
<modules>
<remove name="FormsAuthentication"/>
</modules>
</system.webServer>
<system.web>
<authentication mode="None"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<!-- the callback path has to be open to anonymous so that owin can do it's redirect magic-->
<location path="signin-google">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I have a login page page that should be available to unauthenticated users. On my local ASP.Net dev server it all works well. However, when deployed on IIS 7, all static content such as pictures and scripts are not downloading. Only when the user logs in the first time does it return the pictures and scripts. The server returns HTTP 302 for unauthenticated users. I am using forms authentication & ASP.Net membership provider.
Step 1:
Make sure the appropriate directories ('Content' and 'Scripts' by default for MVC) have been enabled for 'Anonymous Authentication' in web.config (inside ) e.g.:
<location path="Content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Step 2:
Check that the 'IUSR' built-in account has read access to these directories. This user is used by default for all anonymous requests.
Note: You can change which account is used for anonymous access by editing applicationHost.config in C:\Windows\System32\inetsrv\config . On 64-bit machines this file can only be edited by 64-bit applications (i.e. not Visual Studio). Notepad works well. Make sure to take backups before you edit. You are looking for the next line:
<anonymousAuthentication enabled="true" userName="IUSR" />
In my asp.net web application is it possible set up windows authentication on a folder and allow to rest of my site to be access without authentication? Can this be set up via the web.config of the application and if so, how?
Yes it should be possible. You can try the following:
First, enable Anonymous and Windows Authentication in IIS
Then add a windows <authentication> entry to the web.config
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
Finally, add a <location> config entry for the folder you would like to secure, denying anonymous users
<location path="pathToSubFolder">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Since we moved from IIS 7.0 to IIS 7.5 the Windows Authentication doesn't work anymore from remote requests. If I open the website on the webserver everything works fine.
web.config:
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
IIS Settings:
Authentication (enabled): ASP.NET Impersonation, Windows Authentication (all others are disabled)
ApplicationPool: Managed Pipeline Mode -> Classic, Identity -> ApplicationPoolIdentity
Failed Request Trace:
MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName: WindowsAuthenticationModule
Notification: 2
HttpStatus: 401
HttpReason: Unauthorized
HttpSubStatus: 1
ErrorCode: 2148074254
ConfigExceptionInfo:
Notification: AUTHENTICATE_REQUEST
ErrorCode No credentials are available in the security package (0x8009030e)
Any suggestions?
We had a two-hop problem I think. If I move our SQL/Oracle DB to the server which is running IIS it works.
So here is an article to which describes a solution.
How to configure SQL and IIS for two hop kerberos authentication 2
or
SSRS Reportviewer ASP.NET Credentials 401 Exception
Thanks
Which client are you using? you might be running a client that is trying to pre-authenticate, but in IIS 7 we use Kernel Mode authentication by default which requires a challenge. If that is the case you can disable Kernel Mode auth by selecting the Windows Authentication entry and clicking Advanced Settings, you should see a checkbox that allows you to Disable that for the specific application and it should work if this is the problem.