Link to home
Start Free TrialLog in
Avatar of BrianFord
BrianFordFlag for United States of America

asked on

IIS Authentication Issue

I have an IIS7 Web site that uses a couple of 3rd party DLL's to genereate barcode images and then renders the page into a PDF, everything works perfectly when I set the site authentication to 'Annonymous'

However, When I set it to 'Windows Authentication' none of the styles/fonts etc.. render properly in the PDF, although the CSS is rendering correctly on other pages in the same site.

I have tried changing the security on the physical directory to full control for everyone (I know, not desired but this is an internal dev server) just to see if that fixes the issue but it does not

Any ideas?
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Add the app-pool user to the allowed list
The issue is likely the locations.
i.e. are all the relevant data within the same location or do you have
non-anonymous access site.com/thisdirectory
while the data rendering is in site.com/someotherdirectory
Avatar of BrianFord

ASKER

All the data is on the same site, the app pool user is an admin with full access to the server

I'm not sure which allow list you mean?
I just checked the .NET Authorization Rules and access is allowed for ALL users
Does access to the entire site require authentication? which options do you have enabled: NTLM/integrated, plain text, digest?

Or do you have auth requirement at a specific point i.e. access to a specific section requires authentication.

One intriguing situation, you're using a .NET application but the authentication you are relegating to the IIS.  Since you are creating a custom web app, why not build into it user authentication as well such that you can then have a more granular control over what resources/functions a user or groups of users can access, etc.

Does your .NET application ever use a HTTP.request object?  Do you have within it a check whether it is "prompted" for authorization by IIS and that is where your issue lies?

i.e. you are using AJAX, JTOn, similar query back to IIS?
I have to admit at this point to being totally lost:

I have a Sandbox web site and the Production Web site, both are running on the same server, and both are using the same Application Pool, just different ports and home directories

When I publish to the Sandbox which has both Annon and Windows Auth enabled (the rest are disabled) it works perfectly.

When I publish to production it doesn't work, I have checked all settings for both sites and directory security and unless I'm missing something (which I must be) they both look to be configured exactly the same.

I was considering doing what you suggest and building the security into the pages, which I may end up doing but that would be more work than I really have time for at the moment, although you could argue it would be quicker than trying to resolve this problem but I don't like to beaten :)

I'm using a basic "Request.QueryString" to grab a couple of values from the URL, and I have an HttpHandler defined in the web.config for the 3rd party DLL:

<!-- For Barcode rendering-->
          <handlers>
              <add verb="*" path="BarcodeHandler.aspx" type="Bytescout.BarCode.BarcodeHandler" name="BarcodeHandler"/>
          </handlers>
          
      </system.webServer>
    <system.web>
      
      <!-- For Barcode Rendering -->
      <httpHandlers>
          <add verb="*" path="BarcodeHandler.aspx" type="Bytescout.BarCode.BarcodeHandler, Bytescout.BarCode"/> 
      </httpHandlers>

Open in new window


Other than it's a pretty small basic ASPX site.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you for all your input, I eventually created a whole new site (same server) deployed my app to it and everyting is wotking fine, never really got to teh root issue but at least it's working...... for now :)