I've run into an issue and I can't identify what the difference is between App 1 and App 2. Both Apps execute the exact same line of code below from the Session_Start() in the Global.asax. One app identifies the user correctly DOMAIN\USER, the other app simply returns ''...
UserService.GetUserInfo(Context.User.Identity.Name.ToString());
Both apps have this in the Web.config for using Windows Authentication.
<authentication mode="Windows"></authentication>
You can test it with IIS Express locally which supports Windows authentication. So in your web.config you must have the following:
<authentication mode="Windows" />
and in the properties of the project configure IIS Express to enable Windows Authentication:
Anonymous Authentication must be set to Disabled and Windows Authentication must be set to Enabled.
Related
We want to host ASP.NET MVC 5 project (.NET 4.8 Framework) where users will be automatically authenticated via their Windows login. When the users call the hosted project via the browser, then the browser should not prompt the user to login. The browser should pass the login-data to the server-side controller automatically.
Regarding this article, the Integrated Windows Authentication uses the security features of Windows clients and servers. Unlike Basic or Digest authentication, initially, it does not prompt users for a user name and password.
So the Integrated Windows Authentication seem to be the correct solution for our problem.
The MVC 5 Project has the following entry in the web.config file:
<configuration>
[...]
<system.web>
[...]
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
Here are the authenciation settings in IIS:
The authenticated user data is accessible in the controller by the following code:
public class HomeController : Controller
{
public ActionResult Index()
{
var lWindowsIdentity = Request.LogonUserIdentity;
[...]
}
}
The Problem: When we access the site in the browser via the binding http://192.168.178.41 then we expect, that the user is logged in automatically, but an prompt appears:
How to login in asp.net MVC using windows authentication without prompt?
Have you try the answer from this ticket ASP.NET MVC intranet app with windows authentication, how to get the current domain user automatically? ?
The fix for that guy was to go to authentication menu in iis -> select windows authentication -> click providers in the right pane -> adjust so that only NTLM is in the list of available providers. Negotiate seems to be the culprit for forcing the log-in prompt.
Check if the page is in the intranet zone... if not you might need to add it specifically to the intranet zone using the servername and/or ip address via configuration / internet options / security / local intranet / websites
Disable "Anonymous authentication" and make sure that "NTLM" is above "Negotiate" as a windows authentication provider (right-click in IIS on "Windows Authentication")
And since you disabled the "anonymous authentication" provider, there is no need for the <authorization> section in your web.config. remove it.
Finally test if it works.
I think on development web server that is with in the localhost environment it will skip the prompt but when the application runs through IIS(production) server, it prompts the user with the dialog that is pretty normal behavior. When you initiate a local url(your local ip) it kicks in IIS web server(not local) which checks for windows authentication and issues a prompt.
Please see this
I'm trying to enable Windows Authentication to develop locally, as per the title:
Windows 8 (pro)
VS2012
IISExpress
ASP.Net MVC4 project
Orchard CMS is the project (but I don't think this is relevant)
Via the project properties, I've set Windows Authentication to enabled and Anonymous Authentication to disabled.
In the web.config I've set:
<authentication mode="Windows" />
However, when running the site I'm continually prompted for credentials. Entering Windows 8 or local account credentials don't seem to make any difference and I've set those accounts to have full permissions on the folder.
Any suggestions gratefully received!
UPDATE 1:
As suggested by Darin Dimitrov I created a blank MVC project and selected the Intranet template. After setting Anonymous Authorisation to disabled and Windows Authentication enabled this test project worked exactly as expected (prompts for credentials when entered provides access to site). I applied the same authorisation config to my Orchard projects web.config:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
But still no joy, I'm prompted for credentials as expected but nothing I enter seems to authorise the user. I've Pastie'd the two web.configs below in case anyone else can point out what I'm missing?
Orchard Web.Config: http://pastie.org/private/8oe5jesvt0vmqgyn3w
Sample Web.Config: http://pastie.org/private/zgxyue03crzd6fb8umlidq
Make sure you have enabled Windows Authentication in the properties of the Web Server and disabled Anonymous authentication:
Also make sure you have read the Text file that was generated for you when you created your new MVC application using the Intranet Template:
In order to use the Intranet template, you'll need to enable Windows
authentication and disable Anonymous authentication.
IIS 7 & IIS 8
Open IIS Manager and navigate to your website.
In Features View, double-click Authentication.
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure
Windows authentication is installed on the server.
To enable Windows authentication on Windows:
a) In Control Panel open "Programs and Features".
b) Select "Turn Windows features on or off".
c) Navigate to Internet Information Services > World Wide Web Services > Security
and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server:
a) In Server Manager, select Web Server (IIS) and click Add Role Services
b) Navigate to Web Server > Security
and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
On the Authentication page, select Anonymous authentication.
In the Actions pane, click Disable to disable anonymous authentication.
IIS Express
Click on your project in the Solution Explorer to select the project.
If the Properties pane is not open, open it (F4).
In the Properties pane for your project:
a) Set "Anonymous Authentication" to "Disabled".
b) Set "Windows Authentication" to "Enabled".
I'm having difficulty deploying a web app that has forms authentication to IIS 7.5.
I have the following:
Forms Authentication
Asp.net mvc 2
Net Framework 4.0
Application Pool is setup for .Net Framework 4.0 and is in Integrated pipeline mode.
IIS 7.5 on Windows Server 2008
Authentication setup is IIS (ASP.NET Impersonation and Forms Authentication set to ENABLED. The rest set to DISABLED). Inside the settings for Forms authentication the login URL is correct. The cookie settings is (Mode: Use device profile, Name: .ASPXAUTH, Protection Mode: Encryption and validation, Requires SSL: not checked)
Web.Config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I get the following error when running "Manage Application-->Browse" inside IIS Manager.
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
I get the following error when trying to run the deployed app on my local machine:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
Any ideas on what is going wrong? It works find when run from VS.
If you have a path leading to an eventual [Authorize] attribute, that will cause this - removing the RenderAction or allowing that action to render without [Authorize] fixes it.
In my case, I call Html.RenderAction("Heading") in _Layout.cshtml (renders a "Please log in" or "Welcome back, Ryan"). My Heading actionresult had an AuthorizeAttribute set on it. I removed the AuthorizeAttribute on Heading, and it was resolved.
I'm running the same setup as what you've shown and it works for me. Check to make sure your logon action does not require authorization.
I got this to work by setting the "Anonymous Authentication" to enabled.
Update: Setting it to Anonymous Authetication has causes other problems. I need to keep this disabled.
Any ideas?
I have an intranet application using windows authentication that works great. Now I have a requirement to expose an Api area. This area should use basic authentication but to keep things easy I am first just trying to make this area allowed to anonymous.
I am using IIS 7.5 and it is configured like this:
IIS > My Intranet Site > Authentication > Windows Authentication Enabled,
everything else Disabled
in the application root web.config I have
<authentication mode="Windows"></authentication>
All the intranet controllers (except for Api Area) inherit from a BaseController that have an AuthorizeAttribute
I tried adding
<location path="~/Api">
<system.web>
<authentication mode="None" />
</system.web>
</location>
In the web.config for the API area, but no go, still get prompted for credentials.
My application structure looks like this
-IntranetApp
--Controllers
--Areas
----Area1
----Area2
----Api
All should be using Windows Authentication except for Api area.
Thanks for any help/pointers.
I don't know details, but the way I've seen "mixed" authentication done is two web applications. The one with windows authentication enabled will then use the ASP membership API to authenticate the user(and automatically create a username if necessary using information from domain account) and then redirect to the other site. Both site's membership config share the same application ID, keys, etc.
You are probably running into this:
"you cannot achieve this within a single application because in IIS once you set up Windows authentication for a virtual directory it will no longer accept users from different domains."
See this for more information on setting up one version of this:
ASP.NET MVC and mixed mode authentication
Exactly as per the title.
Simply in my HomeController I have:
string Username = User.Identity.Name;
Why is this value always blank?
Is there something special I have to place in the web.config to get this value to come through. I've tried on both the VS dev web server as well as on a windows server 2003 IIS server.
It's got to be something simple, a server setting in IIS or something as the code is so simple and seems to be the correct way to reference this value.
Thx a lot
If you are wanting to use windows authentication it's not enough to just add
...
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
...
You also want to check the readme file instructions for the MVC project, especially if your running in IIS Express and using Visual Studio 2012.
See below:
Hosting on IIS Express:
Click on your project in the Solution Explorer to select the project.
If the Properties pane is not open, open it (F4).
In the Properties pane for your project:
a) Set "Anonymous Authentication" to "Disabled".
b) Set "Windows Authentication" to
"Enabled".
Hosting on IIS 7 or later:
Open IIS Manager and navigate to your website.
In Features View, double-click Authentication.
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure
Windows authentication is installed on the server.
To enable Windows authentication on Windows:
a) In Control Panel open "Programs and Features".
b) Select "Turn Windows features on or off".
c) Navigate to Internet Information Services > World Wide Web Services > Security
and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server:
a) In Server Manager, select Web Server (IIS) and click Add Role Services.
b) Navigate to Web Server > Security
and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
On the Authentication page, select Anonymous authentication.
In the Actions pane, click Disable to disable anonymous authentication.
Sure is mate. You need to authenticate with the website. That's the name used for authentication.
You are authenticating, right?
It's not a setting, etc.
Click the LOG IN link, if you're using the stock standard ASP.NET MVC template (if my memory serves me right).
UPDATE (as the posted has added more info/comments)
So what you're after is Windows Authentication. A quick google search came up with this post. It's pretty helpful (though a bit old, but still relevant) .. check that out.
Found a better post with MVC code for Windows Authentication. Check that out instead.
Config setting that is important, is...
...
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
...
If you do not wish to Authorize on every controller or action, you can do a blanket authorization in the web.config file. This should work as long as you are using Windows authentication. If you allow ASP.NET to control the authentication, then you would not need to configure any IIS setting. It should then work well with whatever web server that you are running on. I do not know or assume what u have tried so far I'll try to be complete in my answer. First remark off the forms authentication tag in web.config. All following settings are placed in the system.web configuration section.
<!--
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
-->
Replace with the Windows authentication tag.
<authentication mode="Windows" />
Then add the authorization tag to deny access to anonymous users. If the users are using Internet Explorer and are connecting from an Intranet zone, IE automatically will login the user. But if the user is connecting from the Internet zone, IE will still display a login box though for safety. But these are options that can be set from IE.
<authorization>
<deny users="?" />
</authorization>
Setting authentication mode alone without authorization does not force the user to be authenticated in ASP.NET. If you want to control the security from IIS, I cannot help much with IIS settings but I know basically you can disable Basic Authentication , then enable Integrated Windows Authentication and then disable the Anonymous Login Account which will achieve the same or better results.
I am also working on an MVC project at the moment and I tested the above settings with my project and it works. You would not need the Authorize attribute since we have the authorization tag in the configuration. I hope this can be of help to you and not get another -1.
Have you attached Authorize attribute to ur action or controller?
public class HomeController : Controller {
[Authorize]
public ActionResult Index() {
string userName = User.Identity.Name;
return View();
}
}