I'm in the process of developing some load tests for an internal web application.
The problem appears to be related to our use of Windows authentication. I can access the web application if I launch the browser and nevigate to our app. I can't, however, access the application via webrequest in my load test. It throws a 401 exception, Unauthorized.
I'm using Visual Studio 2010 Ultimate.
How do I use my Windows credentials in my load test? Any other ideas?
Select The Test Main node, and click the red marked button to set credentials
If your load testing tool doesn't have a way to specify the credentials to run under, you will have to use Windows Impersonation (just to perform your tests).
You could potentially do this in code (see here: http://www.codeproject.com/KB/cs/cpimpersonation1.aspx), but if you don't need to get fancy, it will be easier to update your web.config with the credentials to run under:
<identity impersonate="true" userName="accountname" password="password" />
This should work for any pages under the web site for which the web.config is configured.
I found this works...
request.Credentials = System.Net.CredentialCache.DefaultCredentials;
Related
I have web api that uses windows authentication. I've created my own Active Directory Server and a separate IIS Server. I have registered the IIS server to the domain but for some reason I'm getting a 401 issue when I use the API URL in my Javascript.
But works when using it directly from web browser
Please note that this is the same code (javascript, SQL Server, and ASP.NET Web Api) I'm developing at work. The only difference are the url for LDAP and domain. I have tried everything from changing Windows Authentication Providers. I'm just curious if I need to add my machine as a trusted to the Active Directory which I'm not sure how. I have added the Active Directory User to the IIS with Full Control but still no luck.
I am trying to perform HTTP get & put operations on a intranet URL which is authenticated using Microsoft active directory domain accounts. This is working fine with IE but not using chrome. My chrome version is 49.0.2623.108.
Accessing the URL throws up a dialog for username and password and upon filling details, it fails with ERR_INVALID_HANDLE. Following are the things that I tried and failed(Please excuse for the lack of brevity):
I tried adding the URL and the Active directory server to Local intranet zones but still chrome returns the same error.
This link https://serverfault.com/questions/19914/google-chrome-passthrough-windows-authentication says we need to use authserverwhitelist for chrome. It is not working. Apparently, this feature of setting parameters has been moved from commandline to policy settings as per https://bugs.chromium.org/p/chromium/issues/detail?id=472145
I tried using policy settings like using chrome policy template. I imported the policy template on local computer policies\Administrative templates in gpedit.msc and set the parameters AuthServerWhitelist and AuthNegotiateDelegateWhitelist. I restarted the machine as well. It didnt help. Chrome still throws the same error.
I tried setting AuthserverWhitelist and AuthNegotiateDelegateWhitelist parameters on registry as well under path: HKLM\Software\Policies\Google\Chrome.
Is there a way to get this working on google chrome(version 49.0.2623.108)?
PS: Also after development, I am looking to package these web pages into a chrome app. Would chrome allow usage of windows active directory authentication in its app environment? Is there any way to fix it?
I have a self hosted web api running as a windows service using TopShelf. I have an app.config for TopShelf but no web.config for my web api. If I add a web.config or add settings (web settings) to the app.config both are ignored by my web api.
I need to set the following:
<system.web><identity impersonate="true" /></system.web>
but I have no idea where to set it.
You're not hosting your web api in IIS so you don't need a web.config.
You cannot use:
<system.web><identity impersonate="true" /></system.web>
as it is specific to ASP.NET (more details here).
Why don't you set your credentials in the windows service => "Log On" configuration ?
Or, using TopShelf, by code:
HostFactory.New(x =>
{
x.RunAs("username", "password");
});
Of course you could read username and password from your app.config and, maybe, encrypt these values.
If you want to impersonate another user there's not much you can do but use some low-level api.
Here you can find a good explanation/solution.
I have a c#.net MVC3 application running on Windows Server 2008 R2 Datacenter.
If I deploy the application as an application under the main site (i.e. www.mysite.com/crm) it works perfectly.
If I deploy the application as a sub-domain to the main site (i.e. crm.mysite.com) it appears to work as expected, with the exception of one endpoint (crm.mysite.com/reports/view). That path returns the following authentication notice:
Authentication Required
The server http://crm.mysite.com:80 requires a username and password.
I am not aware of anything special for that endpoint and, as I mentioned, it works without issues when deployed under the main site.
What would cause this? How do I remove/prevent it?
I don't even know what code to provide to help diagnose the problem. Please let me know if you want to see parts of the code for any section related to this issue.
UPDATE:
I don't move the path to the application files for either situation and they both use the same application pool. The only difference is how a user access the files via IIS.
UPDATE2:
If I authenticate a user, I get this error:
Server Error in '/Reports' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Why would it think the resource doesn't exist when clearly it does?
If you have authentication on the main site, it won't automatically carry authentication across to the sub-domain. You would have to develop a mechanism to handle that such as SSO (single sign on).
Another potential issue is permissions for the directory/application (eg. c:\inetpub\wwwroot\crm.mysite.com)
I am working on ASP.NET 4.0 MVC3 web application that works in intranet environment. The application makes use of Windows authentication. Its application pool is run by domain user that has spn set on a domain controller. Authentication works using Kerberos (on IE and Firefox after some additional configuration).
Now I want to upload files to sharepoint, but it's important for me to upload the file as the user currently logged in into the application (so the file is created on Sharepoint with his/her credentials).
I have the following code in ResourceExists(Uri uri) function:
'...
Dim identity As System.Security.Principal.WindowsIdentity = HttpContext.User.Identity
Dim impersonationContext = identity.Impersonate()
response = request.GetResponse()
impersonationContext.Undo()
'...
This works when running locally, but when I deploy to the server I get the exception:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.\r\n at WebDav.WebDavClient.ResourceExists(Uri uri)\r\n at Website.Website.WebdavController.Upload(HttpPostedFileBase file, UploadViewModel vm)
I read something about passing on the credentials, that is not possible with NTLM, but I am sure I am using Kerberos (I checked the headers with wireshark and fiddler) and I see the following:
Authorization: Negotiate YIIFpQYGKwYBBQUCoIIFmTCCBZWgJDAiBgkqhkiC9x...
Any ideas why the impersonation does not work when running on the IIS server?
I found the answer here:
http://support.microsoft.com/kb/810572
"Kerberos does not work in a load-balanced architecture and IIS drops back to NTLM authentication. Because you cannot use NTLM for delegation, any applications or services that require delegation do not work. For more information, click the following article number to view the article in the Microsoft"
And that was exactly the case. I tried now with another machine that is not load-balanced and it works.
The only thing that still surprises me is that ImpersonationLevel of the identity is still Impersonate not Delegate...
After setting <identity impersonate="true"/> in your web.config try the following:
using (((WindowsIdentity)User.Identity).Impersonate())
using (var client = new WebClient { Credentials = CredentialCache.DefaultNetworkCredentials })
{
string result = client.DownloadString("http://sharepoint");
}
you need to configure your site correctly in IIS for impersonation to work.
see Configure ASP.NET Impersonation Authentication (IIS 7)