Help needed on website authentication
When I put this code onto the server I get a message
401 - Unauthorized: Access is denied due to invalid credentials.
The only way I can get it to work is to enable windows and forms authentication in IIS. I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.
Here is web.config with names and passwords changed.
401 - Unauthorized: Access is denied due to invalid credentials.
The only way I can get it to work is to enable windows and forms authentication in IIS. I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.
<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>:: DS SDI :: - Home</title>
<asp:ContentPlaceHolder id="head" runat="server">
</asp:ContentPlaceHolder>
<style type="text/css">
.style1
{
width: 215px;
}
</style>
</head>
<body>
<form id="form1" runat="server">
<div style="left:0px; width:1010px; height: 497px;">
<table style="height: 37px; width: 1010px">
<tr>
<td align="left" class="style1">
<asp:LoginView ID="LoginView3" runat="server">
<LoggedInTemplate>
<center>
<asp:Label ID="m_lb_Hello" runat="server" Text="Hello " Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"></asp:Label>
<asp:LoginName ID="LoginName1" runat="server" Font-Bold="True"
Font-Names="Tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"/>
</center>
</LoggedInTemplate>
</asp:LoginView>
</td>
<td align="center" style="width:700px">
<asp:Label ID="m_lbl_heading" runat="server"
Text="DATASTREAM SDI" Font-Names="tahoma" Font-Size="Large"
ForeColor="#FF9933" Font-Bold="True"></asp:Label>
</td>
<td>
<asp:Image ID="m_Img_Logo" runat="server" ImageUrl="~/Images/T1R.jpg" ImageAlign="Right" />
</td>
</tr>
<tr>
<td class="style1">
<asp:LoginView ID="LoginView1" runat="server">
<AnonymousTemplate>
<asp:Login ID="Login1" runat="server" Height="82px" Width="205px"
BackColor="#FF9900" BorderColor="White" BorderStyle="Ridge" BorderWidth="1px"
Font-Names="tahoma" Font-Size="Small" UserNameLabelText="Username:"
ForeColor="Black" DestinationPageUrl="~/Home.aspx"
RememberMeText="Remember me.">
<TextBoxStyle BackColor="#FFFFCC" Width="120px" />
<LoginButtonStyle BorderStyle="Ridge" BackColor="White" Font-Names="Tahoma" Font-Size="X-Small" />
</asp:Login>
</AnonymousTemplate>
</asp:LoginView>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_SDIHome" runat="server" Text="Home" Width="203px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px"
style="text-align:center;" PostBackUrl="~/Home.aspx" />
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_SDIMonitor" runat="server" Text="SDI Monitor" Width="203px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px"
style="text-align:center;" PostBackUrl="~/Account/SDIMonitor.aspx" />
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_Lipper" runat="server" Text="Lipper" Width="203px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px"
PostBackUrl="~/Lipper/Home.aspx" style="text-align:center;" />
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_Mdm" runat="server" Text="Metadata" Width="203px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px"
PostBackUrl="~/MDM/Home.aspx" style="text-align:center;" />
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_OA" runat="server" Text="OA" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/OA/Home.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_GovCorp" runat="server" Text="GovCorp" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/GovCorp/Home.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_lbt_OnlineUsers" runat="server" Text="Online Users" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/Account/OnlineUsers.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_btn_ForgotPassword" runat="server" Text="Forgot Password?" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/ForgotPassword.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_btn_AddNewUser" runat="server" Text="New User? Sign Up!" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/AddNewUser.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_btn_AccountSettings" runat="server" Text="Account Settings" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/Account/Home.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td class="style1">
<asp:LinkButton ID="m_btn_ContactUs" runat="server" Text="Contact Us" Width="203px" Height="20px"
BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True"
Font-Names="tahoma" Font-Size="Small" BorderColor="White"
PostBackUrl="~/ContactUs.aspx" style="text-align:center;"/>
</td>
</tr>
<tr>
<td>
<asp:LoginView ID="LoginView2" runat="server">
<LoggedInTemplate>
<asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="#FF9900" BorderStyle="Ridge" BorderColor="White"
Font-Bold="True" Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"
style="cursor:pointer; text-align:center" Width="203px" Height="20px" BorderWidth="3px" LogoutPageUrl="~/Home.aspx" OnLoggedOut="LoggedOut" />
</LoggedInTemplate>
</asp:LoginView>
</td>
</tr>
</table>
<asp:ToolkitScriptManager ID="ScriptManager1" runat="server">
</asp:ToolkitScriptManager>
</div>
<div style="top:45px; left:230px; position: absolute; width:790px; height:480px;">
<asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server">
</asp:ContentPlaceHolder>
</div>
<center>
<asp:Label ID="m_lbl_hitCount" runat="server" Font-Bold="True"
Font-Names="Tahoma" Font-Size="Small" ForeColor="Blue"></asp:Label>
<p style="font-family:Tahoma; font-size:x-small; color:Blue"></p>
<%--<p style="font-family:Tahoma; font-size:x-small; color:Blue"> Site best viewed in 1024*768 and above resolution</p>--%>
</center>
</form>
</body>
</html>Here is web.config with names and passwords changed.
<?xml version="1.0" encoding="UTF-8"?>
<!-- Written by Alistair Halpern -->
<configuration>
<!--<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>-->
<appSettings>
<add key="autoRefreshTime" value="1" />
<add key="DirectoryPath" value="E:\DS_SDI\" />
<add key="DirectoryPathHigher" value="E:\SDI" />
<add key="DriveLetter" value="E:\" />
<add key="LipperDownloadPath" value="E:\DS_SDI\Lip\Downloads\" />
<add key="DEVWebDirectoryPath" value="http://uk1d.int.T1R.com/" />
<add key="QAWebDirectoryPath" value="http://dtcq.int.T1R.com/" />
<add key="PRODWebDirectoryPath" value="http://content.int.T1R.com/" />
<add key="WebPath" value="http://dr-content.int.T1R.com/" />
</appSettings>
<connectionStrings>
<remove name="LocalSqlServer"></remove>
<add name="LocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
<add name="DEVLocalSqlServer" connectionString="Data Source=DEV;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
<add name="QALocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
<add name="PRODLocalSqlServer" connectionString="Data Source=PROD;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
<add name="LocalSqlServer" connectionString="Data Source=DR;;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<network host="mailhub.tfn.com" port="25" />
</smtp>
</mailSettings>
</system.net>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<roleManager enabled="true" />
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms" />
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<!--<customErrors mode="On" defaultRedirect="~/Error.aspx"/>-->
<customErrors mode="Off" />
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpModules>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
<providerOption name="WarnAsError" value="false" />
</compiler>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
<providerOption name="OptionInfer" value="true" />
<providerOption name="WarnAsError" value="false" />
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="ScriptModule" />
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<remove name="ScriptHandlerFactory" />
<remove name="ScriptHandlerFactoryAppServices" />
<remove name="ScriptResource" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>
<defaultDocument>
<files>
<add value="Home.aspx" />
</files>
</defaultDocument>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>ASKER
How can I make sure that account has permissions to access the directories such as E:\SDI?
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored? The source code is on the E drive.
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored? The source code is on the E drive.
ASKER
Looking at this page, I clicked on Advanced settings for the application pool and selected Identity.
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
https://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis
Ensure that IUSR has the proper permissions on the folder.
Ensure that IUSR has the proper permissions on the folder.
ASKER
It worked once I allowed anonymous authentication in IIS.
If I give people a form for authentication then why is it necessary to allow anonymous authentication. Isn't this a security risk?
If I give people a form for authentication then why is it necessary to allow anonymous authentication. Isn't this a security risk?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
Also ensure it has permissions to read the actual web pages where your application is stored. (It should if it's in inetpub, but never hurts to double check).
As far as LocalSQLServer . . . your web.config can hold various settings in it. Whether it will work or not depends if it is referenced by the code.