I have a web site that is using Windows Integrated Security for authentication. Under the site in the IIS there is a virtual directory that inherits these security definitions. Assuming I have several pages under the virtual directory, is it possible to apply anonymous access on on 1 (one) of them?
View 4 Replies
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesI am using windows authentication in my web application. All we need is when the application will be executed it will launch login.aspx page. If users put correct userid and password(checked from active server directory) it will be redirected to a difference page. But if any unauthenticated user tries to access any other page in the application by typing the Url on the address bar it will be again redirected to the login page. We have to do this by changing our web.config file.I can achieve this using form authentication but not windows. But our requirement is windows. The requirement is very basic but all effort is just not working.
View 2 RepliesI have developed asp.net 2.0 website with crystal report now what my problem is whenever i go to crystal report page its by default going to login.aspx or default.aspx though i didt set any login to my asp.net page..
I talk with my hosting provider they said that the asp.net impersonate is enable..
I think in IIS 7 authentication if i set anonymous access enable, will it work fine?
so i need to know how to enable anonymous access from my webconfig ..
I am working on a site that uses windows authentication, but I have one page for password resets that I want to allow anonymous access to.I have tried doing authorization, allow users="*", but it doesn't appear to work with this.Do I need to have another seperate site for this section?
View 2 RepliesIf you use anonymous access + impersonation of a windows domain account to access a file on a network share, is the password sent in clear text?
View 3 RepliesI have a folder called /Error in the root directory for an ASP.Net site. The site is completely public, so there is no authentication of users. Inside the Error folder, I have a file called errorlog.aspx, where I log unhandled exceptions. I don't want the public to be able to view this file. I created a web.config file inside the Error folder.
[Code]....
However, I'm still able to view errorlog.aspx by typing the URL into the browser. What am I missing?
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesI deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 RepliesI need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 RepliesI been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this.I have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database I try to connect tThis is the connectionstring I use:
Data Source=IPTOSERVER;Initial Catalog=Phaeton;User Id=User;Password=Password;errormessage
So I have an asp.net Web Application (Not Web Site) that I am trying to support profiles for anonymous users. I have a form and I want anonymous users to be able to enter their name and email only once, and have that information automatically accessible on the next load for them.
In my Web.config I have anonymous ID setup like so:
<anonymousIdentification enabled="true" cookieless="AutoDetect" />
I have my profile section setup like this:
<profile defaultProvider="SqlProvider" enabled="true" inherits="QA_Web_Tools.UserProfile">
<providers>
<clear />
<add connectionStringName="QAToolsConnectionString" name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider" />
</providers>
</profile>
Finally, due to my app being a Web App and not a Web Site, I am using the profiles via this custom object:
public class UserProfile : ProfileBase
{
public static UserProfile GetUserProfile(string username)
{
return Create(username) as UserProfile;
}
public static UserProfile GetUserProfile()
{
return Create(Membership.GetUser().UserName) as UserProfile;
}
[SettingsAllowAnonymous(true)]
public string FullName
{
get { return base["FullName"] as string; }
set { base["FullName"] = value; }
}
[SettingsAllowAnonymous(true)]
public string BuildEmail
{
get { return base["BuildEmail"] as string; }
set { base["BuildEvmail"] = value; }
}
}
This code is based off of this reference. The issue is that that code does not support anonymous users, or if it does I don't know how. I can't use the GetUserProfile() method with no parameters because if the user is anonymous, Membership.GetUser() is null. I could pass in the anonymous ID token into the first GetUserProfile(string username) method but I cant' find any way to get the anonymous ID token for the current user. Does anyone know how to get this information? Google doesn't seem to be returning useful results.
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
View 1 Replies1. How do i limit access to admin directory to only admin roles ?I logged in with a user whose role is Customer and went to the url of mysite.com/admin/ and it shows be the directory listing for that directory.
2. Have I implemented the roles/web.config correctly ?
[Code]....
We have a weird issue found during setting up a new Windows 2003 Server with IIS6.0 & ASP.NET 2.0, our site is built using ASP.NET forms authentication with general authorization to deny access to all users & allow explicitly to static, home pages etc, -- web.config setting for forms auth looking as below:
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="~/Pages/Users/Login.aspx" protection="All" timeout="60" defaultUrl="~/Pages/Inner.aspx">
</fo </authentication
I need to have a root web site using Windows Authentication and subweb under it as Forms Authentication. But when I access the subweb it still ask me for the Windows Authentication.
View 3 RepliesI am new to developing asp.net. I have a Microsoft Access database file (.mdb) I am including as a data source on a form. This populates a drop down list on the page. When I run the page in a browser it immediately asks for authentication. If I put in my windows username and password the page pulls up fine, and the drop down is populated with the data. If I don't, it just give me a 403 error and says I'm not authorized. I cannot figure out how to make this page stop requiring authentication. I have only tried one thing. In the web.config file there is an attribute called authentication. It was set to "Windows" I tried setting it to "None" but that did not appear to have any effect. It still asked for my username and password. How can I make an asp web page using a Microsoft Access data source not reqire user authentication to view the web page?
View 1 Repliesif window based using c# .net,how can i create a window authentication when access system.
View 2 RepliesI have a problem with using login controls form authentication ! as my website serves some pages for guest users(Anonymous user) and some pages are for only secure user(they must have to login for those requested pages)...... my problem is this that when i apply form authentication in web.config file to login control then visual studio directly shows only login page where i want that in general case only : guest user pages must be shown and if user clicks on login then after login the requested page he may open !
View 2 RepliesFrom Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
View 3 RepliesI have a web app, which contains a folder Uploads, to which users (authenticated) upload their files (for some reason it has to be a folder in the root of the web app).I want to deny access to this folder and files to all non-authenticated users.
In my web.config I have:
[Code]....
and everything seems to work in development, but on a staging server it redirects non-authenticated users to login page ONLY from aspx pages, but not when entering the url to the file in Uploads folder.
I have a problem in my asp application. In my application I have an own authentication mechanism so in the web.config file I have <authentication mode="None"/>
Inside the application users can upload files to the folder I've created (App_Files). I would like to give access to the folder only once they are logged in (Session["Login"] is no null).
I dont want not logged in users to be able to access the files over a url address in the browser (like http://<server>/App_Files/Filename.pdf)
I am getting following error in the Test which is in the same Box but IIS requires Https to view the Page. I have change Web.Config to accept https. I was able to add the Service References without any problem but while call the method I get The HTTP request was forbidden with client authentication scheme 'Anonymous'. this error message. I am trying to use userNameAuthentication.
<bindings>
<wsHttpBinding>
<binding name="Binding1">
[code]...
I have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
View 5 Replies
