I am running this MVC 4 site on iis express initiated through visual studio 2012. If I change the impersonate to false it works fine. Any ideas what I could be doing wrong?
Use ASP.NET impersonation when you want to run your ASP.NET application under a security context different from the default security context for ASP.NET application.
If you enable impersonation for an ASP.NET application, that application can run in one of two different contexts: either as the user authenticated by IIS 7 or as an arbitrary account that you set up. For example, if you were using Anonymous authentication and chose to run the ASP.NET application as the authenticated user, the application would run under an account set up for anonymous users (typically, IUSR). Likewise, if you chose to run the application under an arbitrary account, it would run under whatever security context was set up for that account.
By default, ASP.NET impersonation is disabled. If you enable impersonation, your ASP.NET application runs under the security context of the user authenticated by IIS 7.
I don't know how to answer why the message is so useless but I can say that it seems to be a product of the development web host (iis express) not being in the domain of the user you are trying to authenticate.
In my example I was on my home machine (not registered to the domain) connected in via vpn. With impersonate set to false and windows authentication enable in the web.config it will work fine. When you turn on impersonate it gives the invalid message.
If you have impersonate turned on when running from a machine (my workstation in the office) registered to the domain it works with no error message.
Hope this helps someone else.
Related
I have a website that is hosted on an IIS web server. Within this site, I would like to access the username of the person logged on to the computer that is being used to access the site. However, I don't want them to have to log in. I have enabled windows authentication and identity impersonate in the web.config file. I have also enabled windows authentication and disabled anonymous login within IIS manager. I am receiving a login prompt from the browser and when i enter my credentials, they do not work.
I would like to know how to get rid of the login prompt and allow anyone to access the site while still being able to retrieve their windows username
According to your descritpion, the only way to achieve your requirement is modify IE setting to access your web application.
The IE has the security setting which will send the current login in windows user name and password automatically.
More details about how to modify the IE setting, you could refer to below article.
1.Open the IE and find the internet options.
2.Modify the user authentication
I am writing an iOS application that I would like to send a login and password through a WCF service residing on an IIS server developed in C#. I would like to verify that the USERNAME and PASSWORD is a valid Active Directory account. If so, then I will log them into the application on the iOS device and continue on. Is this possible? My ASP.NET application that will be hosting this WCF service could be either in Windows or Forms authentication mode depending on the client. Any code example that would allow me to use the passed credentials to verify that they are valid AD user credentials would be great.
Thanks
I'm working on a web application that works with the TFS API and I would like to make sure that any users that use it have the proper authentication to use TFS.
To do so I use the following code:
TfsTeamProjectCollection teamProjectCollection = configServer.GetTeamProjectCollection(collectionId);
teamProjectCollection.EnsureAuthenticated;
I'm going to host the website on IIS.
When a user uses the web app, will EnsureAuthenticated use their credentials, or will it use the credentials of the remote desktop I'm hosting the application on?
It depends.
If you have configured ASP.NEt to use impersonation, it will use the account of the logged user.
If ASP.NET is configured with default settings there are a number of things that can happen
If there is a credential stored in the Credentials Manager it will use that
If the application pool is running under a real account it will try to do that
If the application pool is running an application pool account, it will probably try to authenticate with the System's account (COMPUTER$)
I'd say, try it and look at the IIS logs of your TFS server or use something like fiddler to capture the traffic.
I have developed an MVC intranet application which I have successfully deployed to IIS.
I have enabled Windows Authentication and denied access to anonymous users, however, only some accounts on the domain are able to gain access to the application.
I have checked these accounts and there is nothing special about them that I can see.
The first check for security is Domain Users which everyone is a member of.
All other users are prompted to login but it does not recognize their credentials.
I get a 401.1 - Unauthorized Error
Not sure what else to try. Any suggestions would be appreciated.
Solution : Folder permission on my wwwroot - Domain Users did not have read access.
=================================================================================
Check that kernel mode authentication is on:
Site>Authentication>Windows Authentication>Advanced Settings
Check authorization rules are not blocking users:
Site>Authorization Rules
I would test (allow all users) first, does that allow users through?
I'm working with an MVC application on a test server that used to work perfectly. It creates accounts on a server that a 2nd application uses for logging in. It uses a credential store and PrincipalContext and UserPrincipal objects to create these accounts.
I haven't used the test version of this app for months or possibly almost a year. Now when I go to create an account with the application, I get the following error:
Access is denied.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.
To grant ASP.NET access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add
the appropriate user or group. Highlight the ASP.NET account, and
check the boxes for the desired access.
I looked at anonymous access, but the production version of this app also has a rule to deny anonymous access and it's working fine. This application never used impersonation even when it was working and I've heard that granting explicit access to ASP.NET is not generally recommended. I can make the application work locally through Visual Studio, but the version deployed to test continues to give this error. I would rater not republish the site to test, but perhaps that's the only option left? Is there anything obvious (but not to me) that could have changed in the security settings to cause this? I'm still researching with no luck.
Thank you!
You need to provide a service account to your ApplicationPool Identity that has the appropriate level of access. When you're using the Studio, it uses your user account for access so it's almost a given. When the application is installed onto IIS it uses the lowest possible level of access available, and that simply isn't enough. It isn't recommended that you open it wide up, but establishing a limited access service account for this specific purpose will allow the application to function without having to compromise system or personal accounts.