Solved

Help needed on website authentication

Posted on 2016-09-30
7
82 Views
Last Modified: 2016-10-11
When I put this code onto the server I get a message
401 - Unauthorized: Access is denied due to invalid credentials.

The only way I can get it to work is to enable windows and forms authentication in IIS.  I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.



<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <title>:: DS SDI :: - Home</title>
    <asp:ContentPlaceHolder id="head" runat="server">
    </asp:ContentPlaceHolder>
    <style type="text/css">
        .style1
        {
            width: 215px;
        }
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <div style="left:0px; width:1010px; height: 497px;">
        <table style="height: 37px; width: 1010px">
            <tr>
                <td align="left" class="style1">
                <asp:LoginView ID="LoginView3" runat="server">
                    <LoggedInTemplate>
                            <center>
                                <asp:Label ID="m_lb_Hello" runat="server" Text="Hello " Font-Bold="True" 
                                    Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"></asp:Label>
                                <asp:LoginName ID="LoginName1" runat="server" Font-Bold="True" 
                                    Font-Names="Tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"/>
                            </center>
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
                <td align="center" style="width:700px">
                <asp:Label ID="m_lbl_heading" runat="server" 
                        Text="DATASTREAM SDI" Font-Names="tahoma" Font-Size="Large" 
                        ForeColor="#FF9933" Font-Bold="True"></asp:Label>    
                </td>
                <td>
                    <asp:Image ID="m_Img_Logo" runat="server" ImageUrl="~/Images/T1R.jpg" ImageAlign="Right" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LoginView ID="LoginView1" runat="server">
                        <AnonymousTemplate>
                            <asp:Login ID="Login1" runat="server" Height="82px" Width="205px" 
                                BackColor="#FF9900" BorderColor="White" BorderStyle="Ridge" BorderWidth="1px" 
                                Font-Names="tahoma" Font-Size="Small" UserNameLabelText="Username:" 
                                ForeColor="Black" DestinationPageUrl="~/Home.aspx" 
                                RememberMeText="Remember me.">
                                <TextBoxStyle BackColor="#FFFFCC" Width="120px" />
                                <LoginButtonStyle BorderStyle="Ridge" BackColor="White" Font-Names="Tahoma" Font-Size="X-Small" />
                            </asp:Login>
                        </AnonymousTemplate>
                    </asp:LoginView>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIHome" runat="server" Text="Home"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Home.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIMonitor" runat="server" Text="SDI Monitor"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Account/SDIMonitor.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_Lipper" runat="server" Text="Lipper" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/Lipper/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                   <asp:LinkButton ID="m_lbt_Mdm" runat="server" Text="Metadata" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/MDM/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OA" runat="server" Text="OA" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/OA/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_GovCorp" runat="server" Text="GovCorp" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/GovCorp/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
             <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OnlineUsers" runat="server" Text="Online Users" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/OnlineUsers.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ForgotPassword" runat="server" Text="Forgot Password?" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ForgotPassword.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AddNewUser" runat="server" Text="New User? Sign Up!" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/AddNewUser.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AccountSettings" runat="server" Text="Account Settings" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ContactUs" runat="server" Text="Contact Us" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ContactUs.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td>
                <asp:LoginView ID="LoginView2" runat="server">
                    <LoggedInTemplate>
                        <asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="#FF9900" BorderStyle="Ridge" BorderColor="White"
                            Font-Bold="True" Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC" 
                            style="cursor:pointer; text-align:center" Width="203px" Height="20px" BorderWidth="3px" LogoutPageUrl="~/Home.aspx" OnLoggedOut="LoggedOut" />
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
            </tr>
        </table>
        <asp:ToolkitScriptManager ID="ScriptManager1" runat="server">
        </asp:ToolkitScriptManager>
        </div>
        <div style="top:45px; left:230px; position: absolute; width:790px; height:480px;">
            <asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server">
            </asp:ContentPlaceHolder>
        </div>
        <center>
            <asp:Label ID="m_lbl_hitCount" runat="server" Font-Bold="True" 
                Font-Names="Tahoma" Font-Size="Small" ForeColor="Blue"></asp:Label>
                            <p style="font-family:Tahoma; font-size:x-small; color:Blue"></p>

            <%--<p style="font-family:Tahoma; font-size:x-small; color:Blue"> Site best viewed in 1024*768 and above resolution</p>--%>
        </center>
    </form>
</body>
</html>

Open in new window


Here is web.config with names and passwords changed.

<?xml version="1.0" encoding="UTF-8"?>
<!-- Written by Alistair Halpern -->
<configuration>
	<!--<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
	</configSections>-->
  <appSettings>

    <add key="autoRefreshTime" value="1" />
    <add key="DirectoryPath" value="E:\DS_SDI\" />
    <add key="DirectoryPathHigher" value="E:\SDI" />
    <add key="DriveLetter" value="E:\" />
    <add key="LipperDownloadPath" value="E:\DS_SDI\Lip\Downloads\" />
    <add key="DEVWebDirectoryPath" value="http://uk1d.int.T1R.com/" />
    <add key="QAWebDirectoryPath" value="http://dtcq.int.T1R.com/" />
    <add key="PRODWebDirectoryPath" value="http://content.int.T1R.com/" />
    <add key="WebPath" value="http://dr-content.int.T1R.com/" />
  </appSettings>
	<connectionStrings>
		<remove name="LocalSqlServer"></remove>
     <add name="LocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

    <add name="DEVLocalSqlServer" connectionString="Data Source=DEV;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="QALocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="PRODLocalSqlServer" connectionString="Data Source=PROD;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="LocalSqlServer" connectionString="Data Source=DR;;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

  </connectionStrings>
  <system.net>
      <mailSettings>
        <smtp deliveryMethod="Network">
          <network host="mailhub.tfn.com" port="25" />
        </smtp>
      </mailSettings>
    </system.net>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<roleManager enabled="true" />
		<compilation debug="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies>
		</compilation>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Forms" />
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        -->
        
		<!--<customErrors mode="On" defaultRedirect="~/Error.aspx"/>-->
        <customErrors mode="Off" />
		<pages>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			</controls>
		</pages>
		<httpHandlers>
			<remove verb="*" path="*.asmx" />
			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</httpModules>
	</system.web>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="OptionInfer" value="true" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
		</compilers>
	</system.codedom>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false" />
		<modules>
			<remove name="ScriptModule" />
			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated" />
			<remove name="ScriptHandlerFactory" />
			<remove name="ScriptHandlerFactoryAppServices" />
			<remove name="ScriptResource" />
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</handlers>
        <defaultDocument>
            <files>
                <add value="Home.aspx" />
            </files>
        </defaultDocument>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
</configuration>

Open in new window

0
Comment
Question by:AlHal2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 41823751
Make sure that the paths referenced in your web.config have permissions with the account that is running the application.  (EG:  Go to your app pool, and make sure that account has permissions to access the directories such as E:\SDI)

Also ensure it has permissions to read the actual web pages where your application is stored.  (It should if it's in inetpub, but never hurts to double check).

As far as LocalSQLServer . . . your web.config can hold various settings in it.  Whether it will work or not depends if it is referenced by the code.
0
 

Author Comment

by:AlHal2
ID: 41832134
How can I make sure that account has permissions to access the directories such as E:\SDI?
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored?  The source code is on the E drive.
0
 

Author Comment

by:AlHal2
ID: 41832182
Looking at this page, I clicked on Advanced settings for the application pool and selected Identity.  
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 41832242
0
 

Author Comment

by:AlHal2
ID: 41833388
It worked once I allowed anonymous authentication in IIS.
If I give people a form for authentication then why is it necessary to allow anonymous authentication.  Isn't this a security risk?
0
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 41833716
Actually, thinking about this again you do need some sort of anonymous authentication.

Think about it for a second.

You go into the application for the first time, you're an anonymous user.  

It's only after you successfully log into the form that you become a known user.

You can keep it as forms based authentication, and then add this to your web.config:

<location path="Path/To/PublicFolder">
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

Open in new window

Note that you also may need to change:
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />

Open in new window


By using the location you can set different options for different parts of the site.  So from an IIS perspective you can keep it forms but also allow public access to the one folder (and images / js) that has anything you want anyone to see.  (Login page, custom error pages, etc).
0
 

Author Closing Comment

by:AlHal2
ID: 41837983
Thanks.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question