Solved

Help needed on website authentication

Posted on 2016-09-30
7
72 Views
Last Modified: 2016-10-11
When I put this code onto the server I get a message
401 - Unauthorized: Access is denied due to invalid credentials.

The only way I can get it to work is to enable windows and forms authentication in IIS.  I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.



<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <title>:: DS SDI :: - Home</title>
    <asp:ContentPlaceHolder id="head" runat="server">
    </asp:ContentPlaceHolder>
    <style type="text/css">
        .style1
        {
            width: 215px;
        }
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <div style="left:0px; width:1010px; height: 497px;">
        <table style="height: 37px; width: 1010px">
            <tr>
                <td align="left" class="style1">
                <asp:LoginView ID="LoginView3" runat="server">
                    <LoggedInTemplate>
                            <center>
                                <asp:Label ID="m_lb_Hello" runat="server" Text="Hello " Font-Bold="True" 
                                    Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"></asp:Label>
                                <asp:LoginName ID="LoginName1" runat="server" Font-Bold="True" 
                                    Font-Names="Tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"/>
                            </center>
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
                <td align="center" style="width:700px">
                <asp:Label ID="m_lbl_heading" runat="server" 
                        Text="DATASTREAM SDI" Font-Names="tahoma" Font-Size="Large" 
                        ForeColor="#FF9933" Font-Bold="True"></asp:Label>    
                </td>
                <td>
                    <asp:Image ID="m_Img_Logo" runat="server" ImageUrl="~/Images/T1R.jpg" ImageAlign="Right" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LoginView ID="LoginView1" runat="server">
                        <AnonymousTemplate>
                            <asp:Login ID="Login1" runat="server" Height="82px" Width="205px" 
                                BackColor="#FF9900" BorderColor="White" BorderStyle="Ridge" BorderWidth="1px" 
                                Font-Names="tahoma" Font-Size="Small" UserNameLabelText="Username:" 
                                ForeColor="Black" DestinationPageUrl="~/Home.aspx" 
                                RememberMeText="Remember me.">
                                <TextBoxStyle BackColor="#FFFFCC" Width="120px" />
                                <LoginButtonStyle BorderStyle="Ridge" BackColor="White" Font-Names="Tahoma" Font-Size="X-Small" />
                            </asp:Login>
                        </AnonymousTemplate>
                    </asp:LoginView>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIHome" runat="server" Text="Home"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Home.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIMonitor" runat="server" Text="SDI Monitor"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Account/SDIMonitor.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_Lipper" runat="server" Text="Lipper" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/Lipper/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                   <asp:LinkButton ID="m_lbt_Mdm" runat="server" Text="Metadata" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/MDM/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OA" runat="server" Text="OA" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/OA/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_GovCorp" runat="server" Text="GovCorp" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/GovCorp/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
             <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OnlineUsers" runat="server" Text="Online Users" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/OnlineUsers.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ForgotPassword" runat="server" Text="Forgot Password?" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ForgotPassword.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AddNewUser" runat="server" Text="New User? Sign Up!" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/AddNewUser.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AccountSettings" runat="server" Text="Account Settings" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ContactUs" runat="server" Text="Contact Us" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ContactUs.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td>
                <asp:LoginView ID="LoginView2" runat="server">
                    <LoggedInTemplate>
                        <asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="#FF9900" BorderStyle="Ridge" BorderColor="White"
                            Font-Bold="True" Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC" 
                            style="cursor:pointer; text-align:center" Width="203px" Height="20px" BorderWidth="3px" LogoutPageUrl="~/Home.aspx" OnLoggedOut="LoggedOut" />
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
            </tr>
        </table>
        <asp:ToolkitScriptManager ID="ScriptManager1" runat="server">
        </asp:ToolkitScriptManager>
        </div>
        <div style="top:45px; left:230px; position: absolute; width:790px; height:480px;">
            <asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server">
            </asp:ContentPlaceHolder>
        </div>
        <center>
            <asp:Label ID="m_lbl_hitCount" runat="server" Font-Bold="True" 
                Font-Names="Tahoma" Font-Size="Small" ForeColor="Blue"></asp:Label>
                            <p style="font-family:Tahoma; font-size:x-small; color:Blue"></p>

            <%--<p style="font-family:Tahoma; font-size:x-small; color:Blue"> Site best viewed in 1024*768 and above resolution</p>--%>
        </center>
    </form>
</body>
</html>

Open in new window


Here is web.config with names and passwords changed.

<?xml version="1.0" encoding="UTF-8"?>
<!-- Written by Alistair Halpern -->
<configuration>
	<!--<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
	</configSections>-->
  <appSettings>

    <add key="autoRefreshTime" value="1" />
    <add key="DirectoryPath" value="E:\DS_SDI\" />
    <add key="DirectoryPathHigher" value="E:\SDI" />
    <add key="DriveLetter" value="E:\" />
    <add key="LipperDownloadPath" value="E:\DS_SDI\Lip\Downloads\" />
    <add key="DEVWebDirectoryPath" value="http://uk1d.int.T1R.com/" />
    <add key="QAWebDirectoryPath" value="http://dtcq.int.T1R.com/" />
    <add key="PRODWebDirectoryPath" value="http://content.int.T1R.com/" />
    <add key="WebPath" value="http://dr-content.int.T1R.com/" />
  </appSettings>
	<connectionStrings>
		<remove name="LocalSqlServer"></remove>
     <add name="LocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

    <add name="DEVLocalSqlServer" connectionString="Data Source=DEV;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="QALocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="PRODLocalSqlServer" connectionString="Data Source=PROD;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="LocalSqlServer" connectionString="Data Source=DR;;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

  </connectionStrings>
  <system.net>
      <mailSettings>
        <smtp deliveryMethod="Network">
          <network host="mailhub.tfn.com" port="25" />
        </smtp>
      </mailSettings>
    </system.net>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<roleManager enabled="true" />
		<compilation debug="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies>
		</compilation>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Forms" />
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        -->
        
		<!--<customErrors mode="On" defaultRedirect="~/Error.aspx"/>-->
        <customErrors mode="Off" />
		<pages>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			</controls>
		</pages>
		<httpHandlers>
			<remove verb="*" path="*.asmx" />
			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</httpModules>
	</system.web>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="OptionInfer" value="true" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
		</compilers>
	</system.codedom>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false" />
		<modules>
			<remove name="ScriptModule" />
			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated" />
			<remove name="ScriptHandlerFactory" />
			<remove name="ScriptHandlerFactoryAppServices" />
			<remove name="ScriptResource" />
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</handlers>
        <defaultDocument>
            <files>
                <add value="Home.aspx" />
            </files>
        </defaultDocument>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
</configuration>

Open in new window

0
Comment
Question by:AlHal2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 41823751
Make sure that the paths referenced in your web.config have permissions with the account that is running the application.  (EG:  Go to your app pool, and make sure that account has permissions to access the directories such as E:\SDI)

Also ensure it has permissions to read the actual web pages where your application is stored.  (It should if it's in inetpub, but never hurts to double check).

As far as LocalSQLServer . . . your web.config can hold various settings in it.  Whether it will work or not depends if it is referenced by the code.
0
 

Author Comment

by:AlHal2
ID: 41832134
How can I make sure that account has permissions to access the directories such as E:\SDI?
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored?  The source code is on the E drive.
0
 

Author Comment

by:AlHal2
ID: 41832182
Looking at this page, I clicked on Advanced settings for the application pool and selected Identity.  
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 41832242
0
 

Author Comment

by:AlHal2
ID: 41833388
It worked once I allowed anonymous authentication in IIS.
If I give people a form for authentication then why is it necessary to allow anonymous authentication.  Isn't this a security risk?
0
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 41833716
Actually, thinking about this again you do need some sort of anonymous authentication.

Think about it for a second.

You go into the application for the first time, you're an anonymous user.  

It's only after you successfully log into the form that you become a known user.

You can keep it as forms based authentication, and then add this to your web.config:

<location path="Path/To/PublicFolder">
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

Open in new window

Note that you also may need to change:
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />

Open in new window


By using the location you can set different options for different parts of the site.  So from an IIS perspective you can keep it forms but also allow public access to the one folder (and images / js) that has anything you want anyone to see.  (Login page, custom error pages, etc).
0
 

Author Closing Comment

by:AlHal2
ID: 41837983
Thanks.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question