Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Help needed on website authentication

Posted on 2016-09-30
7
Medium Priority
?
95 Views
Last Modified: 2016-10-11
When I put this code onto the server I get a message
401 - Unauthorized: Access is denied due to invalid credentials.

The only way I can get it to work is to enable windows and forms authentication in IIS.  I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.



<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <title>:: DS SDI :: - Home</title>
    <asp:ContentPlaceHolder id="head" runat="server">
    </asp:ContentPlaceHolder>
    <style type="text/css">
        .style1
        {
            width: 215px;
        }
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <div style="left:0px; width:1010px; height: 497px;">
        <table style="height: 37px; width: 1010px">
            <tr>
                <td align="left" class="style1">
                <asp:LoginView ID="LoginView3" runat="server">
                    <LoggedInTemplate>
                            <center>
                                <asp:Label ID="m_lb_Hello" runat="server" Text="Hello " Font-Bold="True" 
                                    Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"></asp:Label>
                                <asp:LoginName ID="LoginName1" runat="server" Font-Bold="True" 
                                    Font-Names="Tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"/>
                            </center>
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
                <td align="center" style="width:700px">
                <asp:Label ID="m_lbl_heading" runat="server" 
                        Text="DATASTREAM SDI" Font-Names="tahoma" Font-Size="Large" 
                        ForeColor="#FF9933" Font-Bold="True"></asp:Label>    
                </td>
                <td>
                    <asp:Image ID="m_Img_Logo" runat="server" ImageUrl="~/Images/T1R.jpg" ImageAlign="Right" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LoginView ID="LoginView1" runat="server">
                        <AnonymousTemplate>
                            <asp:Login ID="Login1" runat="server" Height="82px" Width="205px" 
                                BackColor="#FF9900" BorderColor="White" BorderStyle="Ridge" BorderWidth="1px" 
                                Font-Names="tahoma" Font-Size="Small" UserNameLabelText="Username:" 
                                ForeColor="Black" DestinationPageUrl="~/Home.aspx" 
                                RememberMeText="Remember me.">
                                <TextBoxStyle BackColor="#FFFFCC" Width="120px" />
                                <LoginButtonStyle BorderStyle="Ridge" BackColor="White" Font-Names="Tahoma" Font-Size="X-Small" />
                            </asp:Login>
                        </AnonymousTemplate>
                    </asp:LoginView>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIHome" runat="server" Text="Home"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Home.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIMonitor" runat="server" Text="SDI Monitor"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Account/SDIMonitor.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_Lipper" runat="server" Text="Lipper" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/Lipper/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                   <asp:LinkButton ID="m_lbt_Mdm" runat="server" Text="Metadata" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/MDM/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OA" runat="server" Text="OA" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/OA/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_GovCorp" runat="server" Text="GovCorp" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/GovCorp/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
             <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OnlineUsers" runat="server" Text="Online Users" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/OnlineUsers.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ForgotPassword" runat="server" Text="Forgot Password?" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ForgotPassword.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AddNewUser" runat="server" Text="New User? Sign Up!" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/AddNewUser.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AccountSettings" runat="server" Text="Account Settings" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ContactUs" runat="server" Text="Contact Us" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ContactUs.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td>
                <asp:LoginView ID="LoginView2" runat="server">
                    <LoggedInTemplate>
                        <asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="#FF9900" BorderStyle="Ridge" BorderColor="White"
                            Font-Bold="True" Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC" 
                            style="cursor:pointer; text-align:center" Width="203px" Height="20px" BorderWidth="3px" LogoutPageUrl="~/Home.aspx" OnLoggedOut="LoggedOut" />
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
            </tr>
        </table>
        <asp:ToolkitScriptManager ID="ScriptManager1" runat="server">
        </asp:ToolkitScriptManager>
        </div>
        <div style="top:45px; left:230px; position: absolute; width:790px; height:480px;">
            <asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server">
            </asp:ContentPlaceHolder>
        </div>
        <center>
            <asp:Label ID="m_lbl_hitCount" runat="server" Font-Bold="True" 
                Font-Names="Tahoma" Font-Size="Small" ForeColor="Blue"></asp:Label>
                            <p style="font-family:Tahoma; font-size:x-small; color:Blue"></p>

            <%--<p style="font-family:Tahoma; font-size:x-small; color:Blue"> Site best viewed in 1024*768 and above resolution</p>--%>
        </center>
    </form>
</body>
</html>

Open in new window


Here is web.config with names and passwords changed.

<?xml version="1.0" encoding="UTF-8"?>
<!-- Written by Alistair Halpern -->
<configuration>
	<!--<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
	</configSections>-->
  <appSettings>

    <add key="autoRefreshTime" value="1" />
    <add key="DirectoryPath" value="E:\DS_SDI\" />
    <add key="DirectoryPathHigher" value="E:\SDI" />
    <add key="DriveLetter" value="E:\" />
    <add key="LipperDownloadPath" value="E:\DS_SDI\Lip\Downloads\" />
    <add key="DEVWebDirectoryPath" value="http://uk1d.int.T1R.com/" />
    <add key="QAWebDirectoryPath" value="http://dtcq.int.T1R.com/" />
    <add key="PRODWebDirectoryPath" value="http://content.int.T1R.com/" />
    <add key="WebPath" value="http://dr-content.int.T1R.com/" />
  </appSettings>
	<connectionStrings>
		<remove name="LocalSqlServer"></remove>
     <add name="LocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

    <add name="DEVLocalSqlServer" connectionString="Data Source=DEV;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="QALocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="PRODLocalSqlServer" connectionString="Data Source=PROD;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="LocalSqlServer" connectionString="Data Source=DR;;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

  </connectionStrings>
  <system.net>
      <mailSettings>
        <smtp deliveryMethod="Network">
          <network host="mailhub.tfn.com" port="25" />
        </smtp>
      </mailSettings>
    </system.net>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<roleManager enabled="true" />
		<compilation debug="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies>
		</compilation>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Forms" />
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        -->
        
		<!--<customErrors mode="On" defaultRedirect="~/Error.aspx"/>-->
        <customErrors mode="Off" />
		<pages>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			</controls>
		</pages>
		<httpHandlers>
			<remove verb="*" path="*.asmx" />
			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</httpModules>
	</system.web>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="OptionInfer" value="true" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
		</compilers>
	</system.codedom>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false" />
		<modules>
			<remove name="ScriptModule" />
			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated" />
			<remove name="ScriptHandlerFactory" />
			<remove name="ScriptHandlerFactoryAppServices" />
			<remove name="ScriptResource" />
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</handlers>
        <defaultDocument>
            <files>
                <add value="Home.aspx" />
            </files>
        </defaultDocument>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
</configuration>

Open in new window

0
Comment
Question by:AlHal2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 41

Expert Comment

by:Kyle Abrahams
ID: 41823751
Make sure that the paths referenced in your web.config have permissions with the account that is running the application.  (EG:  Go to your app pool, and make sure that account has permissions to access the directories such as E:\SDI)

Also ensure it has permissions to read the actual web pages where your application is stored.  (It should if it's in inetpub, but never hurts to double check).

As far as LocalSQLServer . . . your web.config can hold various settings in it.  Whether it will work or not depends if it is referenced by the code.
0
 

Author Comment

by:AlHal2
ID: 41832134
How can I make sure that account has permissions to access the directories such as E:\SDI?
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored?  The source code is on the E drive.
0
 

Author Comment

by:AlHal2
ID: 41832182
Looking at this page, I clicked on Advanced settings for the application pool and selected Identity.  
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 41

Expert Comment

by:Kyle Abrahams
ID: 41832242
0
 

Author Comment

by:AlHal2
ID: 41833388
It worked once I allowed anonymous authentication in IIS.
If I give people a form for authentication then why is it necessary to allow anonymous authentication.  Isn't this a security risk?
0
 
LVL 41

Accepted Solution

by:
Kyle Abrahams earned 2000 total points
ID: 41833716
Actually, thinking about this again you do need some sort of anonymous authentication.

Think about it for a second.

You go into the application for the first time, you're an anonymous user.  

It's only after you successfully log into the form that you become a known user.

You can keep it as forms based authentication, and then add this to your web.config:

<location path="Path/To/PublicFolder">
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

Open in new window

Note that you also may need to change:
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />

Open in new window


By using the location you can set different options for different parts of the site.  So from an IIS perspective you can keep it forms but also allow public access to the one folder (and images / js) that has anything you want anyone to see.  (Login page, custom error pages, etc).
0
 

Author Closing Comment

by:AlHal2
ID: 41837983
Thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question