Solved

Help needed on website authentication

Posted on 2016-09-30
7
47 Views
Last Modified: 2016-10-11
When I put this code onto the server I get a message
401 - Unauthorized: Access is denied due to invalid credentials.

The only way I can get it to work is to enable windows and forms authentication in IIS.  I just want it to use forms authentication.
I was also wondering why web.config needs LocalSqlServer to work.



<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <title>:: DS SDI :: - Home</title>
    <asp:ContentPlaceHolder id="head" runat="server">
    </asp:ContentPlaceHolder>
    <style type="text/css">
        .style1
        {
            width: 215px;
        }
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <div style="left:0px; width:1010px; height: 497px;">
        <table style="height: 37px; width: 1010px">
            <tr>
                <td align="left" class="style1">
                <asp:LoginView ID="LoginView3" runat="server">
                    <LoggedInTemplate>
                            <center>
                                <asp:Label ID="m_lb_Hello" runat="server" Text="Hello " Font-Bold="True" 
                                    Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"></asp:Label>
                                <asp:LoginName ID="LoginName1" runat="server" Font-Bold="True" 
                                    Font-Names="Tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC"/>
                            </center>
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
                <td align="center" style="width:700px">
                <asp:Label ID="m_lbl_heading" runat="server" 
                        Text="DATASTREAM SDI" Font-Names="tahoma" Font-Size="Large" 
                        ForeColor="#FF9933" Font-Bold="True"></asp:Label>    
                </td>
                <td>
                    <asp:Image ID="m_Img_Logo" runat="server" ImageUrl="~/Images/T1R.jpg" ImageAlign="Right" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LoginView ID="LoginView1" runat="server">
                        <AnonymousTemplate>
                            <asp:Login ID="Login1" runat="server" Height="82px" Width="205px" 
                                BackColor="#FF9900" BorderColor="White" BorderStyle="Ridge" BorderWidth="1px" 
                                Font-Names="tahoma" Font-Size="Small" UserNameLabelText="Username:" 
                                ForeColor="Black" DestinationPageUrl="~/Home.aspx" 
                                RememberMeText="Remember me.">
                                <TextBoxStyle BackColor="#FFFFCC" Width="120px" />
                                <LoginButtonStyle BorderStyle="Ridge" BackColor="White" Font-Names="Tahoma" Font-Size="X-Small" />
                            </asp:Login>
                        </AnonymousTemplate>
                    </asp:LoginView>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIHome" runat="server" Text="Home"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Home.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_SDIMonitor" runat="server" Text="SDI Monitor"  Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        style="text-align:center;" PostBackUrl="~/Account/SDIMonitor.aspx" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_Lipper" runat="server" Text="Lipper" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/Lipper/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                   <asp:LinkButton ID="m_lbt_Mdm" runat="server" Text="Metadata" Width="203px" 
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" Height="20px" 
                        PostBackUrl="~/MDM/Home.aspx" style="text-align:center;" />
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OA" runat="server" Text="OA" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/OA/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_GovCorp" runat="server" Text="GovCorp" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/GovCorp/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
             <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_lbt_OnlineUsers" runat="server" Text="Online Users" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/OnlineUsers.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ForgotPassword" runat="server" Text="Forgot Password?" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ForgotPassword.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AddNewUser" runat="server" Text="New User? Sign Up!" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/AddNewUser.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_AccountSettings" runat="server" Text="Account Settings" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/Account/Home.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td class="style1">
                    <asp:LinkButton ID="m_btn_ContactUs" runat="server" Text="Contact Us" Width="203px" Height="20px"
                        BackColor="#FF9900" BorderStyle="Ridge" Font-Bold="True" 
                        Font-Names="tahoma" Font-Size="Small" BorderColor="White" 
                        PostBackUrl="~/ContactUs.aspx" style="text-align:center;"/>
                </td>
            </tr>
            <tr>
                <td>
                <asp:LoginView ID="LoginView2" runat="server">
                    <LoggedInTemplate>
                        <asp:LoginStatus ID="LoginStatus1" runat="server" BackColor="#FF9900" BorderStyle="Ridge" BorderColor="White"
                            Font-Bold="True" Font-Names="tahoma" Font-Size="Small" Font-Underline="True" ForeColor="#0033CC" 
                            style="cursor:pointer; text-align:center" Width="203px" Height="20px" BorderWidth="3px" LogoutPageUrl="~/Home.aspx" OnLoggedOut="LoggedOut" />
                    </LoggedInTemplate>
                </asp:LoginView>
                </td>
            </tr>
        </table>
        <asp:ToolkitScriptManager ID="ScriptManager1" runat="server">
        </asp:ToolkitScriptManager>
        </div>
        <div style="top:45px; left:230px; position: absolute; width:790px; height:480px;">
            <asp:ContentPlaceHolder id="ContentPlaceHolder1" runat="server">
            </asp:ContentPlaceHolder>
        </div>
        <center>
            <asp:Label ID="m_lbl_hitCount" runat="server" Font-Bold="True" 
                Font-Names="Tahoma" Font-Size="Small" ForeColor="Blue"></asp:Label>
                            <p style="font-family:Tahoma; font-size:x-small; color:Blue"></p>

            <%--<p style="font-family:Tahoma; font-size:x-small; color:Blue"> Site best viewed in 1024*768 and above resolution</p>--%>
        </center>
    </form>
</body>
</html>

Open in new window


Here is web.config with names and passwords changed.

<?xml version="1.0" encoding="UTF-8"?>
<!-- Written by Alistair Halpern -->
<configuration>
	<!--<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
	</configSections>-->
  <appSettings>

    <add key="autoRefreshTime" value="1" />
    <add key="DirectoryPath" value="E:\DS_SDI\" />
    <add key="DirectoryPathHigher" value="E:\SDI" />
    <add key="DriveLetter" value="E:\" />
    <add key="LipperDownloadPath" value="E:\DS_SDI\Lip\Downloads\" />
    <add key="DEVWebDirectoryPath" value="http://uk1d.int.T1R.com/" />
    <add key="QAWebDirectoryPath" value="http://dtcq.int.T1R.com/" />
    <add key="PRODWebDirectoryPath" value="http://content.int.T1R.com/" />
    <add key="WebPath" value="http://dr-content.int.T1R.com/" />
  </appSettings>
	<connectionStrings>
		<remove name="LocalSqlServer"></remove>
     <add name="LocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

    <add name="DEVLocalSqlServer" connectionString="Data Source=DEV;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="QALocalSqlServer" connectionString="Data Source=QA;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="PRODLocalSqlServer" connectionString="Data Source=PROD;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />
    <add name="LocalSqlServer" connectionString="Data Source=DR;;Initial Catalog=XX;UID=WW;pwd=QQ;" providerName="System.Data.SqlClient" />

  </connectionStrings>
  <system.net>
      <mailSettings>
        <smtp deliveryMethod="Network">
          <network host="mailhub.tfn.com" port="25" />
        </smtp>
      </mailSettings>
    </system.net>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<roleManager enabled="true" />
		<compilation debug="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
				<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies>
		</compilation>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Forms" />
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        -->
        
		<!--<customErrors mode="On" defaultRedirect="~/Error.aspx"/>-->
        <customErrors mode="Off" />
		<pages>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			</controls>
		</pages>
		<httpHandlers>
			<remove verb="*" path="*.asmx" />
			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</httpModules>
	</system.web>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5" />
				<providerOption name="OptionInfer" value="true" />
				<providerOption name="WarnAsError" value="false" />
			</compiler>
		</compilers>
	</system.codedom>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false" />
		<modules>
			<remove name="ScriptModule" />
			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated" />
			<remove name="ScriptHandlerFactory" />
			<remove name="ScriptHandlerFactoryAppServices" />
			<remove name="ScriptResource" />
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
		</handlers>
        <defaultDocument>
            <files>
                <add value="Home.aspx" />
            </files>
        </defaultDocument>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
</configuration>

Open in new window

0
Comment
Question by:AlHal2
  • 4
  • 3
7 Comments
 
LVL 39

Expert Comment

by:Kyle Abrahams
ID: 41823751
Make sure that the paths referenced in your web.config have permissions with the account that is running the application.  (EG:  Go to your app pool, and make sure that account has permissions to access the directories such as E:\SDI)

Also ensure it has permissions to read the actual web pages where your application is stored.  (It should if it's in inetpub, but never hurts to double check).

As far as LocalSQLServer . . . your web.config can hold various settings in it.  Whether it will work or not depends if it is referenced by the code.
0
 

Author Comment

by:AlHal2
ID: 41832134
How can I make sure that account has permissions to access the directories such as E:\SDI?
Similarly, how do I ensure it has permissions to read the actual web pages where your application is stored?  The source code is on the E drive.
0
 

Author Comment

by:AlHal2
ID: 41832182
Looking at this page, I clicked on Advanced settings for the application pool and selected Identity.  
https://technet.microsoft.com/library/hh831797.aspx
I chose the LocalSystem account and still got the error message.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 39

Expert Comment

by:Kyle Abrahams
ID: 41832242
0
 

Author Comment

by:AlHal2
ID: 41833388
It worked once I allowed anonymous authentication in IIS.
If I give people a form for authentication then why is it necessary to allow anonymous authentication.  Isn't this a security risk?
0
 
LVL 39

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 41833716
Actually, thinking about this again you do need some sort of anonymous authentication.

Think about it for a second.

You go into the application for the first time, you're an anonymous user.  

It's only after you successfully log into the form that you become a known user.

You can keep it as forms based authentication, and then add this to your web.config:

<location path="Path/To/PublicFolder">
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

Open in new window

Note that you also may need to change:
C:\Windows\System32\inetsrv\config\applicationHost.config
<section name="anonymousAuthentication" overrideModeDefault="Allow" />

Open in new window


By using the location you can set different options for different parts of the site.  So from an IIS perspective you can keep it forms but also allow public access to the one folder (and images / js) that has anything you want anyone to see.  (Login page, custom error pages, etc).
0
 

Author Closing Comment

by:AlHal2
ID: 41837983
Thanks.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now