Every time I deploy a basic ASP.NET MVC site to one of our intranet servers, the authentication mode for the site and any sub sites turns off. We have it set to Windows. This does not happen to a second server that we use.
This is what we have in our root web.config file. We can go in to IIS Manager and turn Windows authentication back on, but why does it get turned off each time even though the config file is set to use Windows authentication?
<system.web>
<customErrors mode="Off" />
<compilation targetFramework="4.6.1" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<httpModules />
</system.web>
You could try to add the below section in your web.config file.
<system.webServer>
<security >
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
Or you could directly modify the applicationhost.config file which is located at C:\Windows\System32\inetsrv\config
<location path="TestSite">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
Note: path="TestSite" use your site name in this section and add this code before the </configuration> tag.
Related
I uploaded my website to godaddy windows hosting with plesk.
All files are uploaded but I get an error:
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
From researching the problem online I figured the prob;em must be in my web.config file
I am showing here what I have in my web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false" allowOverride="false">
<system.webServer>
<httpErrors errorMode="Detailed"/>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\myApp.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
</system.webServer>
<system.web>
<trust level="Full" />
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
</system.web>
</configuration>
Your host (GoDaddy) will need to setup their servers to support asp.net core
web.config in asp.net MVC core Project
I tried on myproject also, but it didn't work
So after trying everything including calling godaddy and searching all over, I found out that GoDaddy doesn't support asp.net core 2.0 applications
I hosted with 1and1 windows hosting and it runs!
I have a site runing inside our domain servers witha firewall for external access. It popups up a login box for you to put your AD credentials. This is all how it is supposed to work. But since this week it no longer considers it valid. Users that were able to connetc last week no longer can connect. we all get 401 errors in the IIS 7 log. Is there a way to trace where this is broken?
the server Windows Server 2016 DataCenter.
This is our Web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime />
<authorization>
<allow roles="SEC_DB_EMAILMANAGER_ADMIN" />
<allow users=".\egadmin" />
<deny users="*" />
</authorization>
<pages controlRenderingCompatibilityVersion="4.0">
<controls>
<add tagPrefix="asp" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" />
</controls>
</pages>
<authentication mode="Windows" />
<identity impersonate="false" />
</system.web>
In the Authorization section of IIS WE have these settings:
Anonymous Access: Enabled - with specific user:IUSR
Basic Authentication: Enabled - no settings set
The others are all disabled. I tried changing different settings and it doesn't seem to work. we have an automated deployment process that deployed something last week it is possibles some settings were changed we didn't realize
After a day & a half we figured out the problem. When IT Support was adding the last batch of users to the SECURITY GROUP The SAML ( PRE 2000 name) name was renamed to something else, which is used for iis lookup
I am new to trying to use AD FS and I have been running in circles.
Trying to make a claims aware application
The organization handles its own authentication
I have gotten my test application to verify authentication but it seems wrong.
Create new application in Visual Studio
Choose Web -> Visual Studio
Choose .Net Framework 4.5
Select ASP.Net MVC 4 Web Application
Add Reference to System.Identity
Add Reference to System.Identity.Services
Edit my web.Config file
in the configsection -- add the following
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
then add
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="https://fedtest.xxxxxxxx.com/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://myappNameHere.xxxxxx.com" />
<add key="ida:AudienceUri" value="http://myappNameHere.xxxxxxx.com" />
<add key="loginUrl" value="~/Home" />
</appSettings>
Then add
<location path="Home">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Logout.html">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Then add
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
</system.web>
Then add
<identityConfiguration>
<audienceUris>
<add value="http://myappName.xxxxxx.com/" />
</audienceUris>`
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://fedtest.xxxxxxx.com/adfs/services/trust">
<keys>
<add thumbprint="12345567890asdasfsdgdfhdfgjdf123124" />
</keys>
<validIssuers>
<add name="http://fedtest.xxxxxxxx.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://fedtest.xxxxxxxxx.com/adfs/ls/"
realm="https://myappName.xxxxxxxx.com/"
reply="https://myappName.xxxxxxxxx.com/"
requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
Why do I think all this is wrong?? Well I got all those lines of web.config from the following steps...
go back to step 5 and do the following
Under Tempalte click web
chose the only option --- ASP.NET Web Application
Wizard comes up and click the 'change Authentication'
Choose Organizational accounts
change drop down to 'On Premises'
fill out 'On-Premises Authority'
Fill out 'App ID URI'
Look at web.config
But using the application that those steps produce will create a redirect loop that I have never been able to trouble shoot.
So -- suggestions on what I am doing wrong. It can't be considered right to generate the web.config in a standard way and paste it into a previous version to get it to work.
Refer: Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.
In terms of the redirect loop. the usual reason is that for your ADFS RP, you configured the endpoint without a trailing slash.
Add the missing "/" and ensure it matches the string in your web.config.
Enable SSL in your application and set the SSL URL as the default in your web properties.
Okay -- what the answer ended up being...
1) I started down this route because i kept getting a redirect loop that I thought was caused by the web.config.
It wasn't the web.config.
2) So create the the application as you are supposed to in VS 13 -- namely go to c# -> web -> and then click the ASP.NET Web Application and set up the on premise authentication
3) My redirect loop was caused by multiple LDAP claims bundled together coming from AD FS
4) Sent my claims one rule at a time and worked like magic.
If anyone can shed light as to why this should be true I am curious.
I am using VS2012 and having some troubles publishing an mvc4 website.
None of my release settings are applied.
Within my configs I have this
Web.Config
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" name="***" enableCrossAppRedirects="true" />
Release
<?xml version="1.0"?>
<!-- For more information on using Web.config transformation visit http://go.microsoft.com/fwlink/?LinkId=125889 -->
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="ApiBaseUrl" value="https://api.mydomain.com/api/" xdt:Transform="Replace" xdt:Locator="Match(key)" />
</appSettings>
<!--
In the example below, the "SetAttributes" transform will change the value of
"connectionString" to use "ReleaseSQLServer" only when the "Match" locator
finds an atrribute "name" that has a value of "MyDB".
<connectionStrings>
<add name="MyDB"
connectionString="Data Source=ReleaseSQLServer;Initial Catalog=MyReleaseDB;Integrated Security=True"
xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
</connectionStrings>
-->
<system.web>
<compilation xdt:Transform="RemoveAttributes(debug)" />
<authentication mode="Forms" xdt:Transform="Replace">
<forms loginUrl="~/Account/Login" timeout="2880" name="***" enableCrossAppRedirects="true" domain="www.mydomain.com"/>
</authentication>
<!--
In the example below, the "Replace" transform will replace the entire
<customErrors> section of your Web.config file.
Note that because there is only one customErrors section under the
<system.web> node, there is no need to use the "xdt:Locator" attribute.
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly" xdt:Transform="Replace">
<error statusCode="500" redirect="InternalError.htm"/>
</customErrors>
-->
</system.web>
<system.net>
<mailSettings>
<smtp xdt:Transform="Replace">
<network host="localhost"/>
</smtp>
</mailSettings>
</system.net>
<dotless xdt:Transform="Replace" minifyCss="true" cache="true" web="false" />
</configuration>
I am publishing when set to Release.
Can anyone see anything wrong I am doing?
If your web.config includes location tags, you need to make sure those are accounted for in the Release config as well.
Check your Publish Profiles in the Web Publishing Wizard. In VS2010, the web.config transforms were applied according to the build configuration selected at the time of publish, but with the new Web Publishing Wizard I believe it's stored right inside of the Publish Profile. Which I believe is the one they included with VS2012
We have a web application that does not display images, css unless users are logged in.
We are using forms authentication
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" />
</authentication>
Now we have specifically using this under configuration section in web.config file to give access to anonymous user to the "content" folder.
<location path="Content">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
But still no images, no css showing up unless logged in. And if we try to access an image directly it takes us to login page.
Does anybody have any idea what is happening?
if you are trying to show images in IIS 7.5, did you notice that there are two ways (the first is here) to use <location> tag that it is even confusing for me.
Anyway this might be helpful if you are using IIS 7.5.
The sample below is working for a MVC application targeting NET 4.5, which will display a folder for a group and hide it for another group.
<configuration>
<system.web>
<!-- allow only windows users to use app (no anonymous will access it)-->
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<system.web>
<!-- main security, allowing only groups: Clowns and Nerds -->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Domain\Clowns" />
<add accessType="Allow" roles="Domain\Nerds" />
</authorization>
</security>
<defaultDocument enabled="false" />
</system.webServer>
<!-- Here we show /images_for_clowns folder ONLY to Clowns group -->
<location path="images_for_clowns" inheritInChildApplications="false">
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<clear />
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Domain\Clowns" />
</authorization>
</security>
<defaultDocument enabled="false" />
</system.webServer>
</location>
<!-- Here we show /images_for_nerds folder ONLY to Nerds group -->
<location path="images_for_nerds" inheritInChildApplications="false">
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<clear />
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Domain\Nerds" />
</authorization>
</security>
<defaultDocument enabled="false" />
</system.webServer>
</location>
Maybe another trick would be using
<location path=".">
<system.webServer>...
in order to set the root folder permissions! Hopefully this can help more people.