i've just added an A record for a domain to point to an ip address relating to another website which resides under a different domain - i own both domains and website.
the A record works in that if i enter the domain it goes to the correct ip address - however in safari and IE a dialog box pops up asking to enter username/password (specifically in safari it says "To view this page, you must log in to area X for site X:80") and there should be no logon - if you cancel you don't see the website and as i have no logon i can't see the website.
if i enter the websites original domain there is no prompt and works fine - if i enter the ip address directly in the browser it also asks for login.
the website (static pages) is hosted by fasthosts and doesn't appear to have any security settings around it or that can be set.
anyone know why one domain works and the other domain and ip address result in logon dialog ?
thanks
adam
Your problem is not related to DNS, but rather to web server configuration. Specifically to configuration of name-based virtual hosting.
Related
How to display only the login page of the Oracle Apex admin section for management?
If you enter the login address of the Oracle Apex management department, they will encounter an error
Sorry, this page isn't available oracle apex
If I understand your question correctly, then this is what you want:
An application with no authentication for its pages, but when a user clicks on "Administration" a login screen is shown and user needs to authenticate.
Here is how to create such an application from scratch. In my case I'm creating an empty application (only a home page) with no authentication required and a link to "Administration" that does require login. Test is done on apex 22.1 but this should work on all versions.
Create new application using application wizard. Check the "Features" section so the "Administration" pages are created. No need to add any pages since by default a home page is created. Click "Create Application"
Shared Components > Application Definition > Security. Set "Authorization Scheme" to "no application authorisation required".
Page 1 > Page properties > Security > Authentication > "Page is public". Now when a user accesses the application he will not be prompted for login. Note that when you run the application, there will be no menu option for the "Administration" section. That is because the navigation menu entry for "Administration" has an authorization scheme set.
Shared Components > Lists > Navigation Menu. Edit the "Administration" entry. Set "Authorization" to "No Authorization Required".
Now run the page. You'll see you're not prompted for a login on page 1 and the "Administration" link is visible. When clicking on "Administration" a login screen is shown.
You can restrict access to APEX in general by IP address (see documentation: https://docs.oracle.com/en/database/oracle/application-express/21.2/aeadm/configuring-service-level-security-settings.html#GUID-1952AB59-7DC5-48C3-B4A5-31398CEA1485), but not to the Internal/Admin login page specifically.
To restrict access to a specific, otherwise publicly available page within APEX you'd need to place an IP filter on a reverse HTTP proxy or load balancer in front of APEX, then limit APEX to receiving connections only from that proxy. The problem with that arrangement is that most systems can't determine who a user is or what their role is (management vs user) based solely on their network address.
The pretty much universal use of DHCP to provide network addresses for client systems means that addresses aren't constant or associated with a specific person, and most people wouldn't want to limit access to a specific workstation anyway: your requirement was identity-based, not address-based. The best you could do with a reverse-proxy network restriction would likely be to limit connections to the login page to your internal company network, and even that might not be practical depending on your situation.
All of that is a very round-about way of saying no: there is no practical identity-based way for most systems to limit access to a public login page, because the user's identity can't be established until after they login. The best you can do would be to use a reverse proxy or load balancer to place a blanket, network-based restriction on the login page.
I am following these instructions on how to configure a custom domain for a blob storage endpoint
and get to the instruction on configuring the custom domain name
Azure shows
I expect I need to enter the custom domain name but I am not clear on how to do this.
For example which one?
contoso.com
www.contoso.com
http://www.contoso.com
http://contoso.com
I am trying contoso.com
When I do this I see a brief message stating
Failed to update storage account 'mystaticwebsite' Error: The custom domain name could not be verified. CName mapping from contoso.com to mywebsite.blob.core.windows.net does not exist
using my example names
I have only just changed my domain name hosting location so I expect I need to wait.
[Update]
I see that all my storage accounts belong to the same Active Directory.
Could it be that the website needs to have the same domain as the Azure Active Directory?
[Update]
I see the CName record is not propagating.
I have asked about it here
I noticed existing answers are over a year old. Here is my scenario and the simple change I needed:
I already had my domain/website running through Cloudflare for the past 5+ years. My simple static .html website was being hosted on a traditional IIS server, but Azure's Static website offering is much more attractive, so now I was trying to move everything over as an Azure static website.
I created a new Storage Account and set up the "Static website" and copied my files over via Azure Storage Explorer.
My static website was working over Azure's url -- https xxxxxx.z5.web.core.windows.net fine.
I went to the "Custom domain" settings in the Blob service section of my Storage Account and followed the instructions of adding a CNAME for example.com and www in Cloudflare's DNS settings dashboard.
Back in the Azure Portal, I typed www.example.com into the custom domain textbox, but was immediately notified of:
"Failed to update storage account 'xxxxxxx'. Error: The custom domain name could not be verified. CNAME mapping from www.example.com to any
of xxxxx.windows.net, xxxxx.core.windows does not exist."
But I already followed the CNAME instructions and my Cloudflare DNS entries looked exactly like they wanted. I waited hours, thinking it was a DNS replication/refresh issue. I went to bed. Same problem in the morning.
THEN I noticed one thing that was different in Cloudflare... All 3 of the CNAMES i set up (asverify.www, example.com and www) all had Status "DNS and HTTP proxy (CDN)" turned on (the cloud icon with an arrow through it was lit up and orange colored.)
I clicked each one to turn off HTTP proxy. So now my DNS entries at Cloudflare are "DNS only" <-- this is the tl;dr, thanks for reading all this way.
tl;dr: If your DNS Records are set up in Cloudflare, you must make each of those entries "DNS only" and not "DNS and HTTP proxy (CDN)"
Edit: After your custom domain name is verified, you can go back into Cloudflare and turn the HTTP proxy (CDN) back on. You will need to add a Page Rule of example.com/* to Forwarding URL 301 to https://www.example.com/$1 if you want SSL to work for a root site.
As your first link mentioned, you need to get a custom domain name which binds your blob storage endpoint url before you enter the domain name in textbox.( step 3, 4, 5 ).
If you enter the domain name casually, you would get the above error. And you needn’t to enter ‘http://’ in textbox. The ‘contoso.com’ and ‘www.contoso,com’ are OK.
If you have a custom domain name, you just need to create a CNAME record with your DNS provider that points from your domain (like www.contoso.com) to blob endpoint url. Different domain registrar's websites have different methods.
For Azure,you could follow my steps to bind a domain name to blob endpoint url:
Before you do this, please make sure you have purchased a valid domain name. If not, please refer to this step to buy: (App Service>Create App service>click Custom domains> Buy domain).
Or you could read this article to buy a domain name.
Buy domain
If you have already purchased it, you could see the custom domain name like this:
the domain name you have purchased
Open your App Service>Custom domains>App Service Domains(domain name list)> click your domain name>Click DNS Zone>click ‘+Record set’ button.
Record set
In Name property, you could enter a custom domain name( such as aa.contoso.com). In Type, you could choose CNAME. In Alias, you could enter your blob storage endpoint url which you want to bind( such as myname.blob.core.windows.net). After you saved the record, you’d better to click ‘Refresh’ button to refresh the domain record list.
The bind screenshot like this:
Bind blob endpoint url to custom domain name
Return storage account> Blob Service>Custom domain>In textbox, you could enter the custom domain name which you have created. (such as aa.contoso.com).
Finally, you could save the domain name successfully. (If you saved successfully, the ‘Save’ button would be disabled.)
save custom domain name successfully
I made a CNAME record with name=docs Alias to myblob.website.blob.core.windows.net ( i.e mapping to the storage account in Azure)
Then in the text box in the Azure Custom domain screen I entered docs.contoso.com
then I made a redirect for www to http://docs.contoso.com/index.html
So now
www.contoso.com opens the index.html to say "hello world"
Note I do have the $root container set up with index.html inside it.
I've got a web app that runs on a machine and should only be used if a particular user is logged on to that machine. so in page_load I have the following code:
dim sName as string = System.Windows.Forms.SystemInformation.UserName
if sName <> 'sstation' then
Response.Direct("NoAccess.aspx")
end if
this works perfectly when I am in Visual Studio debugging, if I am logged on to the computer as sstation, the page loads up, if not it loads the NoAccess page. However, if I open the page in a web browser, it always takes me to the NoAccess page and I can't figure out why! Any ideas
I've added a text box to the page and added this code:
lblErrorMessage.Text = "You are logged in as " + sADname
and the name comes up as Administrator even though I am logged on to the machine as sstation, so where does System.Windows.Forms.SystemInformation.UserName come from when the page is on a server?
This code is running on the web server, NOT the machine that the user is logged in to. It will return the user account that IIS is running as. The reason it works on your local machine when debugging is that the web server is running on your local machine in that case. This account can be configured in the App Pool that the IIS site is set to use. See this link for more information on configuring it.
In order to get the user account of the client machine in IIS, IIS will have to be configured for Windows authentication, and both the client and server will most likely need to be part of a Domain. If that isn't possible you will need to use some other kind of authentication, the easiest being Forms authentication, or ASP.NET Identity.
Here are some links to get you started.
ASP.NET Identity
Forms Authentication
Windows Authentication
I have installed IIS on Windows XP SP3. When I want to access localhost from my browser the authentication window appears and asks for user name and password. Anonymous access is enabled for IUSR_ user and this user has full control permission on wwwroot folder. Any help is appreciated in advance.
You've set your web site up to use Integrated Windows (NTLM) Authentication, which is supported by default in IE but not in Firefox. Firefox requires you to permit NTLM on a site-by-site basis.
This page explains how to enable NTLM and remove the login boxes in Firefox.
Basically, you need to type about:config in the address bar and add the hostname to the list of comma-separated values on the network.automatic-ntlm-auth.trusted-uris setting.
Let's say you have two sites that you want to enable NTLM authentication on: http://www.foo.com/ and http://www.bar.com/. You would need to set network.automatic-ntlm-auth.trusted-uris to www.foo.com, www.bar.com.
If you want your site to be accessible to anonymous users, you need to make sure that your IUSR_xxx account has at least read permission to the files that your web site is serving at the file system level. You can do this via Windows Explorer. I think you also need to grant list permission on the parent directories.
When I try to login to our WSS demo site the authentication popup forces me to use the domain I'm currently using on my local computer. The WSS site does not have the same domain.
I'm running IE8 on Windows 7. How do I change the domain!?
One of my collegues helped me and now I feel like an idiot!
In IE8 the authentication popup first wants you to login as your domain user but you also have the choice to "Use another account". When clicking that choice your local domain is displayed below the texbox like "Domain: LOCALDOMAIN". And when you start typing "MYDOMAIN\xyz" in the username box it changes to "Domain: MYDOMAIN"!
Simple as that!
You will have to type the domain name in ALL CAPITALS, otherwise it does not take it
Posting this answer in case others stumble upon the same search with the same problem.
If you have an Azure VM and you did not establish a domain for the VM but the Windows Security popup is defaulting to your Windows Authentication credentials. You can omit the domain by using
"...\[yourLoginName]"
where [yourLoginName] is the VM username that you initially setup in Azure.