Solved

Help needed on website authentication

Posted on 2016-09-30
7
68 Views
Last Modified: 2016-10-11
When I put this code onto the server I get a message
401 - Unauthorized: Access is denied due to invalid credentials.

The only way I can get it to work is to enable windows and forms authentication in IIS.  I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.



<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <title>:: DS SDI :: - Home</title>
    <asp:ContentPlaceHolder id="head" runat="server">
    </asp:ContentPlaceHolder>
    <style type="text/css">
        .style1
        {
            width: 215px;
        }
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <div style="left:0px; width:1010px; height: 497px;">
        <table style="height: 37px; width: 1010px">
            <tr>
                <td align="left" class="style1">
                <asp:LoginView ID="LoginView3" runat="server">
                    <LoggedInTemplate>
                            <center>
                                <asp:Label ID="m_lb_Hello" runat="server" Text="Hello " Font-Bold="True" 
                                    Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"></asp:Label>
                                <asp:LoginName ID="LoginName1" runat="server" Font-Bold="True" 
                                    Font-Names="Tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"/>
                            </center>
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
                <td align="center" style="width:700px">
                <asp:Label ID="m_lbl_heading" runat="server" 
                        Text="DATASTREAM SDI" Font-Names="tahoma" Font-Size="Large" 
                        ForeColor="#FF9933" Font-Bold="True"></asp:Label>    
                </td>
                <td>
                    <asp:Image ID="m_Img_Logo" runat="server" ImageUrl="~/Images/T1R.jpg" ImageAlign="Right" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LoginView ID="LoginView1" runat="server">
                        <AnonymousTemplate>
                            <asp:Login ID="Login1" runat="server" Height="82px" Width="205px" 
                                BackColor="#FF9900" BorderColor="White" BorderStyle="Ridge" BorderWidth="1px" 
                                Font-Names="tahoma" Font-Size="Small" UserNameLabelText="Username:" 
                                ForeColor="Black" DestinationPageUrl="~/Home.aspx" 
                                RememberMeText="Remember me.">
                                <TextBoxStyle BackColor="#FFFFCC" Width="120px" />
                                <LoginButtonStyle BorderStyle="Ridge" BackColor="White" Font-Names="Tahoma" Font-Size="X-Small" />
                            </asp:Login>
                        </AnonymousTemplate>
                    </asp:LoginView>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIHome" runat="server" Text="Home"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Home.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIMonitor" runat="server" Text="SDI Monitor"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Account/SDIMonitor.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_Lipper" runat="server" Text="Lipper" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/Lipper/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                   <asp:LinkButton ID="m_lbt_Mdm" runat="server" Text="Metadata" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/MDM/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OA" runat="server" Text="OA" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/OA/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_GovCorp" runat="server" Text="GovCorp" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/GovCorp/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
             <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OnlineUsers" runat="server" Text="Online Users" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/OnlineUsers.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ForgotPassword" runat="server" Text="Forgot Password?" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ForgotPassword.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AddNewUser" runat="server" Text="New User? Sign Up!" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/AddNewUser.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AccountSettings" runat="server" Text="Account Settings" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ContactUs" runat="server" Text="Contact Us" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ContactUs.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td>
                <asp:LoginView ID="LoginView2" runat="server">
                    <LoggedInTemplate>
                        <asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="#FF9900" BorderStyle="Ridge" BorderColor="White"
                            Font-Bold="True" Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC" 
                            style="cursor:pointer; text-align:center" Width="203px" Height="20px" BorderWidth="3px" LogoutPageUrl="~/Home.aspx" OnLoggedOut="LoggedOut" />
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
            </tr>
        </table>
        <asp:ToolkitScriptManager ID="ScriptManager1" runat="server">
        </asp:ToolkitScriptManager>
        </div>
        <div style="top:45px; left:230px; position: absolute; width:790px; height:480px;">
            <asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server">
            </asp:ContentPlaceHolder>
        </div>
        <center>
            <asp:Label ID="m_lbl_hitCount" runat="server" Font-Bold="True" 
                Font-Names="Tahoma" Font-Size="Small" ForeColor="Blue"></asp:Label>
                            <p style="font-family:Tahoma; font-size:x-small; color:Blue"></p>

            <%--<p style="font-family:Tahoma; font-size:x-small; color:Blue"> Site best viewed in 1024*768 and above resolution</p>--%>
        </center>
    </form>
</body>
</html>

Open in new window


Here is web.config with names and passwords changed.

<?xml version="1.0" encoding="UTF-8"?>
<!-- Written by Alistair Halpern -->
<configuration>
	<!--<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
	</configSections>-->
  <appSettings>

    <add key="autoRefreshTime" value="1" />
    <add key="DirectoryPath" value="E:\DS_SDI\" />
    <add key="DirectoryPathHigher" value="E:\SDI" />
    <add key="DriveLetter" value="E:\" />
    <add key="LipperDownloadPath" value="E:\DS_SDI\Lip\Downloads\" />
    <add key="DEVWebDirectoryPath" value="http://uk1d.int.T1R.com/" />
    <add key="QAWebDirectoryPath" value="http://dtcq.int.T1R.com/" />
    <add key="PRODWebDirectoryPath" value="http://content.int.T1R.com/" />
    <add key="WebPath" value="http://dr-content.int.T1R.com/" />
  </appSettings>
	<connectionStrings>
		<remove name="LocalSqlServer"></remove>
     <add name="LocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

    <add name="DEVLocalSqlServer" connectionString="Data Source=DEV;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="QALocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="PRODLocalSqlServer" connectionString="Data Source=PROD;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="LocalSqlServer" connectionString="Data Source=DR;;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

  </connectionStrings>
  <system.net>
      <mailSettings>
        <smtp deliveryMethod="Network">
          <network host="mailhub.tfn.com" port="25" />
        </smtp>
      </mailSettings>
    </system.net>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<roleManager enabled="true" />
		<compilation debug="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies>
		</compilation>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Forms" />
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        -->
        
		<!--<customErrors mode="On" defaultRedirect="~/Error.aspx"/>-->
        <customErrors mode="Off" />
		<pages>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			</controls>
		</pages>
		<httpHandlers>
			<remove verb="*" path="*.asmx" />
			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</httpModules>
	</system.web>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="OptionInfer" value="true" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
		</compilers>
	</system.codedom>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false" />
		<modules>
			<remove name="ScriptModule" />
			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated" />
			<remove name="ScriptHandlerFactory" />
			<remove name="ScriptHandlerFactoryAppServices" />
			<remove name="ScriptResource" />
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</handlers>
        <defaultDocument>
            <files>
                <add value="Home.aspx" />
            </files>
        </defaultDocument>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
</configuration>

Open in new window

0
Comment
Question by:AlHal2
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 41823751
Make sure that the paths referenced in your web.config have permissions with the account that is running the application.  (EG:  Go to your app pool, and make sure that account has permissions to access the directories such as E:\SDI)

Also ensure it has permissions to read the actual web pages where your application is stored.  (It should if it's in inetpub, but never hurts to double check).

As far as LocalSQLServer . . . your web.config can hold various settings in it.  Whether it will work or not depends if it is referenced by the code.
0
 

Author Comment

by:AlHal2
ID: 41832134
How can I make sure that account has permissions to access the directories such as E:\SDI?
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored?  The source code is on the E drive.
0
 

Author Comment

by:AlHal2
ID: 41832182
Looking at this page, I clicked on Advanced settings for the application pool and selected Identity.  
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 41832242
0
 

Author Comment

by:AlHal2
ID: 41833388
It worked once I allowed anonymous authentication in IIS.
If I give people a form for authentication then why is it necessary to allow anonymous authentication.  Isn't this a security risk?
0
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 41833716
Actually, thinking about this again you do need some sort of anonymous authentication.

Think about it for a second.

You go into the application for the first time, you're an anonymous user.  

It's only after you successfully log into the form that you become a known user.

You can keep it as forms based authentication, and then add this to your web.config:

<location path="Path/To/PublicFolder">
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

Open in new window

Note that you also may need to change:
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />

Open in new window


By using the location you can set different options for different parts of the site.  So from an IIS perspective you can keep it forms but also allow public access to the one folder (and images / js) that has anything you want anyone to see.  (Login page, custom error pages, etc).
0
 

Author Closing Comment

by:AlHal2
ID: 41837983
Thanks.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question