I have just deployed an MVC 3 site to my Windows 2008 Web Edition (IIS 7) server, and am trying to set up Basic Authentication so that it will not allow unauthorized access. This seemed to work at first, but once I was troubleshooting a problem and making changes, now that this issue is fixed, my basic authentication for some reason no longer works -- it's letting anybody on.
Under my Authentication settings in IIS7, I have Basic Authentication enabled, and all other forms of authentication disabled. I've also tried other various combinations, and so far, everything I've tried is leaving the site wide open.
I wondered if it was caching my credentials, so I tried from a different browser from which the site has not been accessed, and it's still leaving it open.
Am I overlooking something obvious here? I thought all I had to do was leave all forms of authentication disabled, except for Basic? Any ideas what could be going on?
If not, any ideas on what I could do to troubleshoot? Is there anything I could see in Firebug to see what may be going on?
Thanks in advance.
Ultimately, this was what I was trying to accomplish, I just wasn't sure how to articulate it. After reading the article linked in that answer, I'm going to try to figure out a different way to limit access to this site (either by IP or using my single-level authentication).
Related
First off: I'm sorry that this is a repeat of probably a million posts of the same problem, but none of the answers there helped me and I am feeling very frustrated, stressed, and stupid that I can't figure this out.
Here are the facts:
I have a web application built with .NET Framework 4.72.
I have enabled all the right stuff in the code.
I am using the the most up to date packages for Google and OWIN.
I have created the Client IDs in the Google Cloud Platform and have added the authorized URIs and Origins
I have added test users and am using ONLY those emails
I works in Firefox AND Safari, but NOT in Chrome
If you really need the code, I can show you the code, but I have added nothing custom. It's the same code that works in Firefox. It even fricking works when running locally in Chrome, but it just does not work when on the server. This happens for me and another test user.
Please, can someone help? I am banging my head against my desk and close to tears because I am trying everything I can find on the Internet and nothing is working (or I am doing it wrong).
I have a Azure website consisting of a WCF endpoint and a MVC website running on Azure. It runs on a basic medium/large tier - so no cap in CPU as Free or Basic has. This has been running perfectly for 6 months probably, with regular deployments and updates. And performance has as expected kept consistent. But now suddenly it takes forever to load the MVC website.
The flow is as follows; we receive a call via the WCF endpoint and then we direct people to a URL that is the MVC web site. All resides on same "web site" inside Azure.
The strange thing is that I can see no difference in my log files. The WCF endpoint responds as quickly as always and from what I can see the heavy lifting inside the MVC also responds as expected, but still the user is left waiting forever on the specified URL?
As said I can't see anything in the performance logs for the MVC controllers, so somehow it seems to be the https request itself that takes ages, but how do I debug or measure this?
I am in the process of getting Visual Studio 2015 to see the remote profiling that can be generated through KUDO - but somehow I don't think that the problems resides here. I am kind of blanking so any thoughts on what could be wrong and how to debug would be appreciated. Also if anyone knows that Azure has released something within the last couple of weeks that might have slowed the application down.
Any chance that you have Application Insights turned on for the MVC site? It has a feature that will track dependency calls and should be able to give you a good idea of what is taking a long time.
https://azure.microsoft.com/en-us/documentation/articles/app-insights-asp-net-dependencies/
Im wanting to build an intranet that will use Domain (AD) authentication and let the user not have to login. So Ive been looking at the AD package here and digging into the details a bit, it seems you have to configure a user & password in the web.config. Then I seen this example, which is seems to simply be using the AD membership provider and isnt putting any hard-coded username and password in the config file. Are those two approaches even talking about the same thing?
I just need simple pass-through authentication based on the identity of the user passed in from the browser. The question also comes up as to under which context will requests be made when the user uploads a file, edits content etc. Will it be Network Service or the passed in identity?
Since you have specified umbraco 7 in your question, I think you are much better of pursuing the option in your second link.
The first link was written for Umbraco 4.11, and an awful lot has changed since then. Can't tell you if the second link will simply work out-of-the-box, but imo, you have a better chance of being successful.
I am attempting to do some domain redirects on one of the sites on my server (Server 2003, IIS6), but the Extensionless URLs feature of .Net 4 keeps tacking on that eurl.axd/GUID before the redirect. I found some info on that here.
I would just disable this feature, as described here, but I am pretty sure this will impact an MVC .Net site I also have set up in IIS (because MVC uses extensionless URLs).
Can someone please assist me in finding other options? Is there a way to just remove the eurl.axd/GUID from the URL, via an IHttpModule? I haven't been able to find an example of anyone doing this or something similar.
Ok, I seem to have fixed things on my own. Originally I had both my websites set up in IIS under the same App Pool. I separated them into different app pools, made sure they were both set to .Net 4, and everything started working. Now when users are redirected from one domain to another, the eurl.axd/GUID does not get tacked on to the end of the URL.
I believe that we can allow Firefox to sent NTLM data to SharePoint sites to do automatic authentication, and I think that this is doable with IIS.
I'd like to do the same thing with an internal Rails site.
Does anyone know of way that I could authenticate NTLM type user information through a Apache/mongrel setup (provided of course that it's already running on a Windows box inside of an Active Directory domain)?
I created tutorial on how to install patched mod_ntlm module for Apache on Linux and how to pass NTLM authenticated username to Rails and how create Rails session from that. So as a result you do not need Windows server for running Rails application.
There you can find also how to enable automatic NTLM authentication in Firefox — enter "about:config" in location field and then search for "network.automatic-ntlm-auth.trusted-uris". There you can enter servers for which you would like to use automatic NTLM authentication.
Bit of extra info in case anyone stumbles across this.
I wanted to do something which I thought should be pretty simple - extract the users windows username using NTLM from a Rails app running on Mongrel/Windows (InstantRails actually). Having written the basic code manage the various handshaking operations (using the great NTLMRuby library at http://rubyforge.org/projects/rubyntlm/) and having got it to work wonderfully in Firefox I was somewhat frustrated to find IE not working.
Mongrel doesn't support keep-alives during the type1/2/3 message exchange (at least natively, I believe there's a hack/fix for it), which IE demands and Firefox gets by without.
So authenticating a Rails server running on Windows against a remote NTLM service (e.g. Sharepoint or another web site) is reasonably straight forward, but authenticating an IE browser against a Rails server running on Windows not so much with Mongrel. IIS would be an option, as might be basic Apache with FastCGI. The former feels a bit clunky and the latter won't be as fast as Mongrel.
I'm assuming you've already worked out which HTTP headers you need to send in order to get firefox and IE to send back the NTLM authentication stuff, and are just needing to handle that on the server side?
You could use some of ruby's win32 libraries to access the underlying windows authentication functions which handle the NTLM.
I'd suggest the path of least resistance might be to see if there is a COM component which can do the authentication for you, and if so, to use it using the Win32OLE ruby library.
If there's no COM component, you might be able to find something in one of those other libraries which can invoke the native win32 methods for you.
If you can't find that, you'd have to write a ruby C extension. I've done this on linux, and extending ruby is pretty easy, but you may find the microsoft authentication API's a bit painful.
Hope that gets you started on the right track :-)
You could also use the Apache ntlm module, which should pass a header onwards to your application with the username of the authenticated user. That module looks a bit old, but suggests some other modules that may suit your needs.
Old question I know but I came across this looking for a similar answer.
you could use the methods described here (http://blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication-for-rails-application/). However mod_ntlm is for windows authentication on a UNIX/linux machine. mod_auth_sspi is what you'll need for winNT authentication from apache under windows.
This particular project looks promising and is looking for contributors:
Rack middleware for transparent authentication with NTLM.
I haven't yet tried this out. For the moment I plan on implementing Raimonds' solution as it appears to have a lot of success.
Check out Waffle. It provides SSO on Windows to Java servers using Win32 API. There're a number of implemented filters (servlet, tomcat valve, spring-security).