Solved

ASP.Net page popping "Enter Network Password" dialog ...

Posted on 2004-10-05
23
745 Views
Last Modified: 2012-06-27

I am currently working on a ASP.Net app on windows 2003 server.

I am using Forms Authentication...

Some of the ASP.Net pages throw the "Enter Newtwork Password" dialog box.
if i press "Cancel" the dialog goes away and i get the desired ASP.Net page
and i am able to perform the desired functionality on the page...

Say i entered the network credential this goes away altogether and doesn't
happen on any of the pages again until i reboot the server..

In IIS 6.0 , under Authenticated and Access control , i have anonymous access enabled.

I have also checked the "Integrated Windows Authentication" checked...

Any Ideas why this is happening ..

regards,
-Ganesh
0
Comment
Question by:ganeshpai
  • 8
  • 4
  • 4
  • +4
23 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12229600
Make sure your IIS Virtual Directory Is marked as an application, that is it has an application name.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12229655
If you checked use Integrated Windows Authentication is it safe to assume you are  trying to impersonate a windows account?
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12229671
You should only  need both if you plan to authenticate with forms and then use ntfs permissions as well.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12229702
does your web.config have something like so:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
      <appSettings>
<add key="SiteDB" value="Provider=Microsoft.Jet.OleDb.4.0;Data Source=C:\Inetpub\wwwroot\SavoyFurniture\Includes\Site.mdb;"></add>
      </appSettings>
      <system.web>
            <compilation defaultLanguage="vb" debug="true" />
            <customErrors mode="Off" />
            <authentication mode="Forms">
                  <forms loginUrl="~/Admin/Login.aspx" />
            </authentication>
            <identity impersonate="false" />
            <authorization>
                        <allow users="*" />
            </authorization>
            <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
            <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
      </system.web>
</configuration>
0
 

Author Comment

by:ganeshpai
ID: 12229706
everything is setup right.., Web App has a application name under the virtual directory props..
0
 

Author Comment

by:ganeshpai
ID: 12229869
I had tried removing windows authentication and i still get the problem, so the problem is not around this..

Once again , this doesn't happen on all the pages..., here are the most important peices
of web.config...

<customErrors mode="On" defaultRedirect="CustomError.aspx" />

<authentication mode="Forms">
            <forms loginUrl="SelectABC.aspx"/>
</authentication>

<identity impersonate="false" />

            <authorization>
                <deny users="?"/>
                <allow users="*"/>
            </authorization>

ABC_DocRetrieval  is  the directory under my virtual....

  <location path="ABC_DocRetrieval/Admin">
    <system.web>
      <authorization>
         <allow roles="ADMIN" />
         <deny users="*" />
      </authorization>
    </system.web>
  </location>
0
 
LVL 2

Expert Comment

by:platinum505
ID: 12229899
to make sure its not a network issue use a fully qualified name for the website

say instead of using http://server/site/page.aspx

use fully qualified name http://server.domain/site/page.aspx


this actually solved the problem for me


Kamalakar

0
 
LVL 18

Expert Comment

by:tusharashah
ID: 12229901
What is written under your Authorization tag?


If you dont want to promt for username it should be like following:

----------------------------------------------------------------
<authorization>
        <allow users="*" /> <!-- Allow all users -->
</authorization>
----------------------------------------------------------------

Paste your Web.Config if you still have similar results.

-tushar
0
 
LVL 18

Expert Comment

by:tusharashah
ID: 12229910
Remove follwing tag from <authorization>

 <deny users="?"/>  <!-- This actually deny all users who is not authenticated

-tushar
0
 

Author Comment

by:ganeshpai
ID: 12229967
Kamalakar,

I am using a fully qualified name for my application..
0
 

Author Comment

by:ganeshpai
ID: 12229990
Tushar,

What my authorization does is,

diallows all unauthorized people and allows everybody else...

Ganesh
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:ganeshpai
ID: 12230000
Once again , this looks like a combination of things...,This behavior doesn't happen on all the pages...
0
 
LVL 15

Expert Comment

by:praneetha
ID: 12230055
0
 
LVL 33

Expert Comment

by:raterus
ID: 12230448
sounds like one resource (page/image/anything) doesn't have permissions for the anonymous account.  If you check anonymous authentication, IIS will never get to use integrated windows authentication, they can't be combined because using anonymous authentication is the path of least resistance.
0
 

Author Comment

by:ganeshpai
ID: 12230545
Praneetha-

I have already done everything that is being mentioned about setting up anonumous access to the site , i still have the problem..

Any other suggestion guys..?
0
 
LVL 15

Accepted Solution

by:
praneetha earned 150 total points
ID: 12230587
Some part of your application is trying to do something behind the scenes that requires admin privileges(as raterus said), and you are getting this box because the application is using the IUSR_ account.

now for a while make iusr_account administrator and see if that does any good and if that does not happen you know it's something to do with access privileges
0
 
LVL 33

Expert Comment

by:raterus
ID: 12230613
you're going to have to find some common resource that all the pages that cause this box try to access.  The easiest thing I can think of is that it is an image.
0
 

Author Comment

by:ganeshpai
ID: 12230671
the pattern i am observing is , this might happen due to validator controls.

I know this might sound stupid ..., But hey we removed the validator controls from couple
of pages and we don't get this dialog box asking for credential, can it be so that
after the aspx page is rendered its trying to access the standard java script code for
the validation control , which it cannot ??? If so any solutions how to fix it...

0
 
LVL 33

Expert Comment

by:raterus
ID: 12230697
give access to the anonymous user IIS runs under to the aspnet_client in your wwwroot folder.
0
 
LVL 33

Assisted Solution

by:raterus
raterus earned 350 total points
ID: 12230719
that would be the aspnet_client FOLDER!  Also, drill down and make sure the file WebUIValidation.js still has those permissions set.
0
 
LVL 10

Expert Comment

by:jnhorst
ID: 12234068
I think raterus is right in pointing out the permissions issue on the aspnet_client folder that has the script file for validation.  But there's a few things about authentication that need to be looked at.  You have this in your web.config:

<identity impersonate="false" />

Even though you are using anonymous auth, if you are not impersonating, you are trying to access the aspnet_client folder under the security context of the local ASPNET account.  If you set the identity tag to impersonate="true" AND you are using anonymous auth, the access if being attempted under the context of the account specified in IIS to authenticate anonymous requests (usually IUSR_<machine name>).  You can always grant the local ASPNET account the permissions on aspnet_client to solve this, but it will not help when you deploy because the ASPNET account on the target server is local to the server.  You'll have to change it as well.

The most consistent way to handle these issues is to set impersonate="true" and then create a domain or AD account that will be used only for authenticating anonymous reqeusts.  Set the IIS on your server(s) and your dev box(es) to use this account.  If you are accessing a SQL Server database, make sure to create a Windows User Login for this account and give it permissions to any databases the app might use.  Then make sure this account has the necessary permissions to the wwwroot folder on your dev box(es) and server(s) .  The aspnet_client folder is under wwwroot, so the account will have permissions to it as well.

This way you will always know what security context things are happening under whether you use anon auth or require users to authenticate.

John
0
 

Author Comment

by:ganeshpai
ID: 12236618
raterus ,praneetha

I will try this out today,and will let you guys know..
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now