Same question was asked here but it was not a solution for me, its been more than 16 hours I'm trying to find solution for it.
I setup Windows Authentication for my MVC5 (ASP.Net Fw4.5) application using VS2013 (Windows Server 2012 R2) following are the major steps i did for setting up.
I have two controllers I put Authorize attribute on Home controller, About controller does not have any attribute on it
On project properties Enabled Windows Authentication
Web.Config as below
<authentication mode="Windows" />
<authorization>
<allow users="?" />
</authorization>
<identity impersonate="false" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<validation validateIntegratedModeConfiguration="false" />
IIS Settings
Anonymous Authentication is Enabled
Windows Authentication is Enabled (Provider: NTLM, Negotiate)
With these configurations my application works perfect on IISExpress, but when I access it through IIS it prompts for login/password upon giving correct username/password it keep repeating. (I can access About Controller without Authorize attribute)
I inspected request through Fiddler that bring something interesting. Below is the response when i access through IIS
When i access through IISExpress i can see there are three entries for single request two of them get 401 but third gets 200
Related
I have an asp.net Web API server running under IIS, that until now has used windows authentication as it has only had other services running on the same domain conencting to it.
So, in my web.config I have the following settings...
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<authentication mode="Windows" />
</system.web>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
....
With this I can use a browser (or the services) on the same domain and reach my services.
Now we want to allow Mobile applications to also connect. We will be using a a token based scheme based on this, and so far to use this I need to turn off the Windows authentication in my web.config to use this. If I leave in the windows configuration as above, I don't even get any of the Owin middle where methods (or custom filters) called when I, for example, se Postman to call a route with no windows authentication set.
So my question is
How can I allow either authentication, so that even a Browser (on the same domain) can still call the routes and be authenticated (via the Negotiate), but also allow other clients to use the token based scheme? Also (very important) how do I configure this in web.config to allow both?
Thanks in advance for any help!
I have an asp.net mvc application and I have set up impersonation as follows in the web.config.
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
<authentication mode="Windows">
</authentication>
<identity impersonate="true" userName="BvhHisPharmaUser" password="12345"/>
<httpModules>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
</system.web>
As you can see I have enabled windows authentication mode.
Next you can see impersonate = true. And the userName(BvhHisPharmaUser) is a windows user that I created as follows using compmgmt.msc tool.
Now when I place a break point in Index Home
I dont see the imperonate user in the identity in the immediate window.
What am I missing?
Even after I login using the login screen, I do not see the impersonate user in the immediate window as follows.
I have removed the windows authentication mode in the web.config completely
and still observe exactly the same.
My objective is to run this iis web app under the above shown windows user(BvhHisPharmaUser) because this web app calls a wcf service which is configured to authorize this user.
So my questions are as follows.
Is impersonation is the way for this, so that the web application can run under this user? Is there any other way like app pool configuration?
Why is this impersonation not working? I have enabled it as showin in the web.config and still the identity of the thread principal does not change. What am I missing?
Kindly let me know if additional info is needed.
I've an MVC5 project wherein modules are spread out across multiple web applications, deployed on a single IIS Server, single app pool.
Server: Windows 2008 R2 (SP1)
IIS: 7.5.7600.16385
Forms authentication is used and cross-application authentication is enabled by using common 'machineKey'
Problem
When using Internet Explorer 10/11 and do the steps below, cross-app authentication sharing no longer works.
1. Login and open another module
2. Signout
3. Login and open another module - !!gets redirected back to login page
This issue doesn't happen with Chrome and Firefox.
Config Sample
<system.web>
<httpRuntime targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5" />
<machineKey validationKey="KEYXXX"
decryptionKey="KEYXXX"
validation="SHA1"
decryption="AES" />
<authentication mode="Forms">
<forms loginUrl="/login/login.aspx" timeout="120" cookieless="AutoDetect" name=".ASPXFORMSAUTH" />
</authentication>
</system.web>
Signout Code
FormsAuthentication.SignOut();
HttpContext.Session.Remove(MvcConstants.userContextSessionKey);
Appreciate help on this.
I have a MVC 4 web application which I want to implement SqlRoleProvider and Windows Authentication into it.
After I did search in Google I added SqlRoleProvider tables in my database by running aspnet_regsql command in VS command prompt.
Then I added this to my web.config:
<authentication mode="Windows" />
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="PortalDbContext" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
Now I need to know how can I manage roles? I mean how to create/edit/delete roles and assign/un-assign users from roles?
Should I create these pages by myself or there is something already available may be with NuGet?
I usually just roll my own. And this has been years, not sure if its supported anymore, but you can use the Asp.Net Web Site Administration Tool if your on IIS. It's slow and clunky but if I recall get's the job done.
The default controller in my ASP.NET MVC project is decorated with the [Authorize] attribute. When I deploy the website on my development machine and access the website, I am redirected to the login page (defined in forms loginUrl section of the Web.Config). Result: everything works as expected.
When I publish the website on our production server (Windows Server 2008, IIS 7, DefaultAppPool) and access the website, the expected address shows in the address bar (/Account/LogOn?ReturnUrl=*my_expected_return_url*), but the page displays "You do not have permission to view this directory or page." instead of the login page. If I remove the [Authorize] attribute on the default controller/action, the page displays correctly.
My Web.Config file:
sessionState mode="InProc" timeout="30"
authentication mode="Forms"
forms loginUrl="~/Account/LogOn" timeout="2880"
Do you have a section in your web.config to explicitly allow non-authorised users to access the ~/Account/LogOn page?
<configuration>
<location path="~/Account/LogOn">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
</configuration>