Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Asp.Net web site configuration

Thread Rating:
  • 225 Vote(s) - 3.54 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
web site configuration

Offline tuddor390


Member
*
Member
Posts: 0
Threads: 0
Joined: Apr 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-23-2023, 07:28 AM
One web site is required to be accessed by me (developer) and one user (DOMAIN_NAME\USER_NAME).

When I developed web site in visual studio using "automatic host" created by VS, the following settings in web.config were enough:


<authentication mode="Windows"/>
<authorization>
<allow users="DOMAIN_NAME\my_name,DOMAIN_NAME\USER_NAME" />
<deny users="*" />
</authorization>

But when I created web site in IIS I'm receiving error:

> Access is denied.
>
> Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
>
> Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

What setting for ApplicationPoolIdentity and web site itself are required to be specified?

Thanks a lot!

**EDIT:**

I've configured Application Pool of local IIS to use 'LocalSystem' identity, web site - to use "pass-through" authentication, and as suggested disabled "Anonymous Authentication", enabled "Windows Authentication" - and web site locally became workable.

But locally I have windows 7 (IIS7), but on "TEST" environment (where I need to deploy web site) I have windows 2008 server and it doesn't have option to enable "Windows Authentication"... don't know why... probably that is for higher level of administrator, but I'm a member of Administrators group...

Guess, I'm doing something wrong...

Please advise.
Reply

Offline evesham375


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jan 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-23-2023, 07:43 AM
Your web.config is set up properly. Further, ensure the IIS site/app is configured as:

* to NOT allow anonymous access
* forcing Integrated Windows authentication
* leave the app pool as Network Service


**IIS7**

* [ensure you have the Windows Authentication security feature installed in Roles & Features][1].
* In IIS7, go to the IIS or Features View, double-click Authentication.
* On the Authentication page, select Windows Authentication
* On the Authentication page, disable Anonymous Authentication
* [MSDN article][2]


**IIS6**

Find the dialog below at

* Control Panel / Administrative Tools -> IIS Manager -> Right click Web site -> Properties -> Directory Security



![IIS 6 non anonymous with Windows Authentication][3]


[1]:

[2]:

[To see links please register here]

[3]:
Reply

Offline beateavnvaqlj


Boundless
******
Boundless
Posts: 0
Threads: 0
Joined: Jun 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-23-2023, 08:05 AM
Maybe it can be useful: I started to receive 401.2. error in .ASPX application (no changes in the app made), in protected path amd Forms auth.:

<authentication mode="Forms">
...
</authentication>
...
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin,Client" />
<deny users="*" />
</authorization>
</system.web>
</location>

AFTER launching of other MVC applications on same computer/IIS. It seems MVC changed something in server's config (routes, I believe). Any playing with Authentication in IIS (computer/server/site) did not help. But Next helped: I have changed Application pool from .Net 4.5 to .Net 4.5 Classic for the web application. The difference in pool Managed pipeline mode, Integrated/Classic.
Reply

Offline pejorativesfmtu


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Jun 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-23-2023, 08:06 AM
If you're using your Local IIS instead of IIS Express with Windows Authentication, make sure you have IIS ASP.NET features turned on and configured properly. (See

[To see links please register here]

)

Also, when Visual Studio builds and publishes your website to an IIS Virtual Directory, you may need to Enable Windows Authentication and Disable Anonymous Authentication at the Parent Site Virtual Directory node level:

[![IIS-Windows-Authentication][1]][1]


[1]:
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through