AD wont let me in!

G

Guest

Hi guys

I've got a web application on a Win2k IIS5 server. I've been coding it using
anonymous access, and have just come to test the AD stuff - trouble is - all
i get is a 402.1 error ("not authorised to view this page").

I've set <deny users="?"> in my <authorisation> bit of web.config, and ive
got <authentication mode="Windows"> in there too.

I've got anonymous access disabled and "Integrated Windows Authentication"
checked in the Directory Security tab of the Application in IIS.

Still, it wont let me in as a normal user or as an administrator! What have
I missed?

Cheers


Dan
 
P

Patrick.O.Ige

Are u usiing Windows Authentication?
when do u get 402.1 error? do wan to do?
:patrick


Wha
 
G

Guest

Hiya

Yeah... well, trying to. I want my site to recognise who is the logged in
Windows user. As I said I've got <deny users="?"> and
<authentication="Windows> in web.config, and IWA set on the Application in
IIS. Is there something else I've missed?

The error comes when i try and view any page on the site, it just wont let
me in!

Cheers


Dan
 
P

Patrick.O.Ige

Do u use a domain Acct Since you said you are testing against Active
Directory??
Becos it seems you don't have permission!!!
Check in ur IIS by going to your APPLICATION right click and see what is
configured!
Make sure u have right securities both on at ur application and your
directory level!
GDLUCK..
**And by the way do you have any security specification in you web.confg**
If you have pls paste ur web.config!!
 
G

Guest

Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers


Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Connection=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>
 
G

Guest

Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers


Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Connection=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>
 
G

Guest

Hi

Just some more info on the problem.

I've now got the <authorisation> section of my web config like so...

<authorisation>
<deny users="?">
</authorisation>

I've tested this on the server by doing both "http://localhost/app" and
"http://10.0.0.254/app"

When I try the first option, using localhost, I don't get a popup box and I
get straight in to the site, and my site works with User.Identity etc.

However, i try with the IP (still on the server), I get a popup box, which i
put the credentials in and it works. Whys that then?

Finally, if I try and access http://10.0.0.254/app from any of the other
machines on the network (Win98, WinXP, both IE 6.0.2800), I dont get into the
site, I dont get a popup login box, I just get sent straight to the 401.2
error page.

What's going on!?!?

Any help appreciated!

Cheers


Dan
 
S

Scott Allen

Possibly because IE thinks the server is in a different security zone.
You can see the indicator in the lower right. With localhost IE sends
credentials automaically - that is the default setting for the
Intranet zone. By IP IE possibly thinks it is in the Internet security
zone. This is configurable under Tools -> Options -> Security
settings.

--
Scott
http://www.OdeToCode.com/blogs/scott/

Hi

Just some more info on the problem.

I've now got the <authorisation> section of my web config like so...

<authorisation>
<deny users="?">
</authorisation>

I've tested this on the server by doing both "http://localhost/app" and
"http://10.0.0.254/app"

When I try the first option, using localhost, I don't get a popup box and I
get straight in to the site, and my site works with User.Identity etc.

However, i try with the IP (still on the server), I get a popup box, which i
put the credentials in and it works. Whys that then?

Finally, if I try and access http://10.0.0.254/app from any of the other
machines on the network (Win98, WinXP, both IE 6.0.2800), I dont get into the
site, I dont get a popup login box, I just get sent straight to the 401.2
error page.

What's going on!?!?

Any help appreciated!

Cheers


Dan

dhnriverside said:
Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers


Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Connection=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD authorisation and roles 0
Getting a AD user name ... 2
ASP.NET 1.1 Application Pool Identity and user authentication problem with AD (Active Directory) 4
Sending mail using Framework 2.0 Beta 2, AD & Exchange2000 1
problems understanding Authentication / Authorisation in ASP.NET 2.0. 0
How do I Authencate and Authorize Users Using AD and SQL App Role 1
how to let the web.config in the sub-directory to NOT to inherited from Root's web.config. 9
unauthorised to view page with IWA 0

Members online

Total: 27 (members: 1, guests: 26)
Robots: 359

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top