Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows Authentication asks to authenticate!

Posted on 2006-11-06
15
Medium Priority
?
1,692 Views
Last Modified: 2007-12-19
I've been at this for a month now. ASP.Net 2.0, WAP model. IIS 6.0, Windows Server 2003.

1. My app has only 2 pages so far. Default.aspx calls Login.aspx.
2. I have windows authentication code in global.asax like this:
  Sub WindowsAuthentication_OnAuthenticate(ByVal Source As Object, _
                         ByVal e As WindowsAuthenticationEventArgs)

        'dont authenticate when on AccessDenied page
        Dim fileName As String = LCase(HttpContext.Current.Request.Url.LocalPath)
        If InStr(fileName, "accessdenied") > 0 Then Exit Sub

        Try
            If e.Identity.IsAuthenticated And Not (e.Identity.IsAnonymous) And _
              e.Identity.AuthenticationType.Length <> 0 Then

                userIdentity = e.Identity.Name()
            Else
                HttpContext.Current.Response.Redirect("AccessDenied.aspx?Authenticated=" + e.Identity.IsAuthenticated.ToString + "&Anonymous=" + e.Identity.IsAnonymous.ToString + "&Type=" + e.Identity.AuthenticationType.ToString)

            End If
        Catch ex As Exception
            HttpContext.Current.Response.Redirect("AccessDenied.aspx?Error=" + ex.Message.ToString)
        End Try

    End Sub

3. I moved the app to our main server. Set up a virtual directory but when I login, I get a pop-up to login with useid/pwd. I tried the app both from my laptop and by sitting at the server and logging in with "admin/pwd".

4. We have Active Directory, so I created a new group. I added this group to the security tab of the folder holding the app. Gave it "full control" . BUT still got the userid/pwd pop-up.

5. I added ASPNET user to the folder holding the app with "full control" but stilll got the userid/pwd pop-up

6. I have both .net 1.1 and 2.0. So for this app, i created a new App Pool and made sure it has the 2.0 framework

7. in IIS, I have Anonymous unchecked and Windows Authenicated checked.

8. in web.config , i have:
 <authentication mode="Windows"  />
        <authorization >
         
            <deny users="?" />
        </authorization>

9. in IIS, I right clicked on "default.aspx" , I  got the userid/pwd pop-up.

What am I missing??
0
Comment
Question by:Camillia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 11

Accepted Solution

by:
ethoths earned 2000 total points
ID: 17881348
In my experience there is no need to uncheck the Anonymous access box. Simply making your secured area an IIS application and using the correct web.config in that directory has always worked for me.

Since your who app is secured you don't need a sub folder so...
Make sure your folder is an IIS application.
Put your authentication and authorisation code in the web.config. as you've specified.

Get rid of all that stuff in your global.asax file.

And get rid of your logon page (Windows Authentication will throw up a box for you).






0
 
LVL 7

Author Comment

by:Camillia
ID: 17881421

 I need to use the code in global.asx because for my app, i need to get the username  who's been authenticated. Authenticated username is used thru out the system... anonymous users cant use the system...

 If I check "anonymous"...wouldnt that defeat purpose of windows authentication?? then anyone could use the system..right?

 I have a "default.aspx" and a "login.aspx". The default.aspx has javascript code to open "login.aspx" in a specified size. The "login.aspx" will be displayed AFTER the user is authenticated. I use "login.aspx" to display database options to the user. This is needed for the app. Users have to choose their database up-front before they can access the system...

 
0
 
LVL 7

Author Comment

by:Camillia
ID: 17881505
The "login.aspx" pages doesnt actually ask for userlog/pwd...it only presents to the user a dropdown box to choose which database they want to connect to, what language to use. But they have to be authenticated by then before they get this page.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 11

Expert Comment

by:ethoths
ID: 17881541
para 1
You can get the user name at any time from the Page.User object.


para2
No the ASP.Net security sits on top of the IIS and overrides it.


para3
The functionallity in the login.aspx file is fine - just dont call it login.aspx - how about options.aspx?
0
 
LVL 7

Author Comment

by:Camillia
ID: 17881585

So, you're saying to do this (before I break what i already have :-) )...

1. remove stuff from global.asax
2. have whatever i have in web.config
3. have windows authentican and anonymous both checked in IIS?

All the examples I've seen in Windows Authentication, they've had that code in global.asax.

yes, good idea not to call it "login.aspx".
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17881613
Yes. That is what I'm suggesting. In case your not sure just comment out yout global.asax code and it will be a doddle to put it all back again.

0
 
LVL 7

Author Comment

by:Camillia
ID: 17882125
Didnt work....  

I removed the code from global.asax.
Changed IIS to have BOTH anonymous and windows authentication.
I kept web.config as is :
<authentication mode="Windows"  />
        <authorization >
         
            <deny users="?" />
        </authorization>

BUT still got the pop-up box to login with useid/pwd. When I checked "anonymous access", i got this pop-up: The following child nodes also define the value of the 'UNCPassword' property, which overrides the value you have just set. Please select from the list below those nodes which should use new value"....

It had "default.aspx" listed and I high-lighted it. But keep getting the pop-up box....

???? mind boggling...
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17882333
Last shot, try adding the allow option...

<authentication mode="Windows"  />
<authorization >
    <deny users="?" />
    <allow users="*" />
</authorization>
0
 
LVL 7

Author Comment

by:Camillia
ID: 17882602
If  I have :
<authorization >
    <deny users="?" />
    <allow users="*" />
</authorization>

Still pops the pop-up asking for username/pwd.

If I have :
<authorization >
    <allow users="*" />
    <deny users="?" />
   
</authorization>

That does NOT pop-up the box but then it's authenticating anonymous access because I have "Label1.Text = Page.User.Identity.Name.ToString" in my second page but it comes out as blank...

so search for my answer contiues :(
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17882661
This should work and if it allows anonymous  when you reverse the allow/deny then you're very close.

Try this again
<authorization >
    <deny users="?" />
    <allow users="*" />
</authorization>

but do an IIS reset, clear your temporary asp.net files and make sure all your aspnet_wp.exe processes are dead. (Probably best to restart your machine). If that doest work I'll give up but I've done this countless times without a problem.
0
 
LVL 7

Author Comment

by:Camillia
ID: 17882695
let me try it but i know i cant restart the server, that's our main server...

but i can restart IIS and make sure the wp is dead.

Let me try and post again.
0
 
LVL 7

Author Comment

by:Camillia
ID: 17883195
rebooted the server, cleated temp aspnet files, restarted IIS, cleared internet files, made sure web.config and global have the correct code but nope, still got the pop-up box to enter userid/pwd...

do i need to do anything with the machine.config? anything with the App Pool? i have the app on the H drive of the server, does it need to be in c drive (not that this should matter..just running out of ideas)...

0
 
LVL 7

Author Comment

by:Camillia
ID: 17883373

 Could it be a firewall issue (but I go to the server itself and open the site)
0
 
LVL 7

Author Comment

by:Camillia
ID: 17883665

 **************This worked on a new server we have!!!  same code, same setup... *************

so how can I tell what's causing the other main server pop-ing up username/pwd??
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17883759
Hey unfortunately that WinDoze. I can never figure out that security stuff. It seems that you get on crack at it then it gets cached or something and it won't work. Then, for no reason at all it'll just start working. The morale here is to tey t get it right first time I suppose. Anyway, thanks for sticking with me - I though I was going mad for a minute.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question