Authentication pb with IIS7, II7.7

Discussion in 'ASP General' started by ADNT, Sep 6, 2009.

  1. ADNT

    ADNT Guest

    Hello,

    I am migrating an asp.net application from IIS6 to IIS7, this application
    uses the 2 authentication modes: Windows and Forms.
    For Windows authentication, my web config contains line
    <authentication mode="Windows"/>
    <authorization>
    <deny users="?"/>
    </authorization>
    <identity impersonate="true"/>
    <membership defaultProvider="MyMembershipProvider"
    userIsOnlineTimeWindow="15">
    <providers>
    <clear/>
    <add name="MyProvider" type="MyMembershipProvider"
    connectionStringName="My_ConnectionString" applicationName="MyApp"
    enablePasswordRetrieval="false" enablePasswordReset="true"
    requiresQuestionAndAnswer="true" requiresUniqueEmail="true"
    passwordFormat="Hashed"/>
    </providers>
    </membership>
    I am very dispointed by the fact that in the PostAuthentication event the
    Request.LogonUserIdentity contains 'NT Authority\NetworkService' and not the
    current logged user ?


    Before this event Current Ueer has been correctly presented in
    WindowsAuthentication_OnAuthenticate(object sender,
    WindowsAuthenticationEventArgs args), inside the arg parameter, my app uses
    it to create an IIdentity and set it as the current session User.

    But why the impersonate statment doesn't works ? Could it be an error in
    web.config ?

    Thanks for help.

    CS
    ADNT, Sep 6, 2009
    #1
    1. Advertising

  2. ADNT

    Bob Barrows Guest

    ADNT wrote:
    > Hello,
    >
    > I am migrating an asp.net application from IIS6 to IIS7, this


    Have you neglected to disable Anonymous in your application's Directory
    Security tab in the IIS Mgr Property dialog?

    ***canned wrong-newsgroup reply************************
    There was no way for you to know it (except maybe by browsing through some
    of the previous questions in this newsgroup before posting yours - always a
    recommended practice) , but this is a classic (COM-based) asp newsgroup.
    ASP.Net bears very little resemblance to classic ASP so, while you may be
    lucky enough to find a dotnet-knowledgeable person here who can answer your
    question, you can eliminate the luck factor by posting your question to a
    group where those dotnet-knowledgeable people hang out. I suggest
    microsoft.public.dotnet.framework.aspnet or the forums at www.asp.net.
    ******************************************************************


    --
    Microsoft MVP - ASP/ASP.NET - 2004-2007
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows, Sep 6, 2009
    #2
    1. Advertising

  3. ADNT

    ADNT Guest

    Thanks for answer,

    Where is this "Security tab in the IIS Mgr Property dialog" ?
    When I open IIS Services Manager, I click on Sites then on My Site, here I
    have on the right ASP.NET and IIS and Management but no one contains
    security ?

    Do you mean the ACLs permission dialog obtain by Edit permission on the app
    folder ? But it is not related to anonymous and impersonation ?

    CS

    "Bob Barrows" <> a écrit dans le message de
    news:...
    > ADNT wrote:
    >> Hello,
    >>
    >> I am migrating an asp.net application from IIS6 to IIS7, this

    >
    > Have you neglected to disable Anonymous in your application's Directory
    > Security tab in the IIS Mgr Property dialog?
    >
    > ***canned wrong-newsgroup reply************************
    > There was no way for you to know it (except maybe by browsing through some
    > of the previous questions in this newsgroup before posting yours - always
    > a
    > recommended practice) , but this is a classic (COM-based) asp newsgroup.
    > ASP.Net bears very little resemblance to classic ASP so, while you may be
    > lucky enough to find a dotnet-knowledgeable person here who can answer
    > your
    > question, you can eliminate the luck factor by posting your question to a
    > group where those dotnet-knowledgeable people hang out. I suggest
    > microsoft.public.dotnet.framework.aspnet or the forums at www.asp.net.
    > ******************************************************************
    >
    >
    > --
    > Microsoft MVP - ASP/ASP.NET - 2004-2007
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"
    >
    ADNT, Sep 7, 2009
    #3
  4. ADNT

    ADNT Guest

    In IIS authentication I get:

    Anonymous authentication: disabled
    ASP.NET Impersonation: Enabled
    Basic Authentication: disabled
    Digest: disabled
    Forms: disabled
    Windows: Enabled HTTP 401 challenge

    ???


    "Bob Barrows" <> a écrit dans le message de
    news:...
    > ADNT wrote:
    >> Hello,
    >>
    >> I am migrating an asp.net application from IIS6 to IIS7, this

    >
    > Have you neglected to disable Anonymous in your application's Directory
    > Security tab in the IIS Mgr Property dialog?
    >
    > ***canned wrong-newsgroup reply************************
    > There was no way for you to know it (except maybe by browsing through some
    > of the previous questions in this newsgroup before posting yours - always
    > a
    > recommended practice) , but this is a classic (COM-based) asp newsgroup.
    > ASP.Net bears very little resemblance to classic ASP so, while you may be
    > lucky enough to find a dotnet-knowledgeable person here who can answer
    > your
    > question, you can eliminate the luck factor by posting your question to a
    > group where those dotnet-knowledgeable people hang out. I suggest
    > microsoft.public.dotnet.framework.aspnet or the forums at www.asp.net.
    > ******************************************************************
    >
    >
    > --
    > Microsoft MVP - ASP/ASP.NET - 2004-2007
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"
    >
    ADNT, Sep 7, 2009
    #4
  5. ADNT

    Bob Barrows Guest

    That looks right. I suggest you go to one of the dotnet forums or newsgroups
    for assistance.
    ADNT wrote:
    > In IIS authentication I get:
    >
    > Anonymous authentication: disabled
    > ASP.NET Impersonation: Enabled
    > Basic Authentication: disabled
    > Digest: disabled
    > Forms: disabled
    > Windows: Enabled HTTP 401 challenge
    >
    > ???
    >
    >
    > "Bob Barrows" <> a écrit dans le message de
    > news:...
    >> ADNT wrote:
    >>> Hello,
    >>>
    >>> I am migrating an asp.net application from IIS6 to IIS7, this

    >>
    >> Have you neglected to disable Anonymous in your application's
    >> Directory Security tab in the IIS Mgr Property dialog?
    >>
    >> ***canned wrong-newsgroup reply************************
    >> There was no way for you to know it (except maybe by browsing
    >> through some of the previous questions in this newsgroup before
    >> posting yours - always a
    >> recommended practice) , but this is a classic (COM-based) asp
    >> newsgroup. ASP.Net bears very little resemblance to classic ASP so,
    >> while you may be lucky enough to find a dotnet-knowledgeable person
    >> here who can answer your
    >> question, you can eliminate the luck factor by posting your question
    >> to a group where those dotnet-knowledgeable people hang out. I
    >> suggest microsoft.public.dotnet.framework.aspnet or the forums at
    >> www.asp.net.
    >> ****************************************************************** --
    >> Microsoft MVP - ASP/ASP.NET - 2004-2007
    >> Please reply to the newsgroup. This email account is my spam trap so
    >> I don't check it very often. If you must reply off-line, then remove
    >> the "NO SPAM"


    --
    Microsoft MVP - ASP/ASP.NET - 2004-2007
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows, Sep 7, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. shapper
    Replies:
    0
    Views:
    926
    shapper
    Oct 28, 2009
  2. APA
    Replies:
    0
    Views:
    1,248
  3. Peter Larsen [CPH]

    Internet Explorer and Kernel mode authentication on IIS7

    Peter Larsen [CPH], Jul 30, 2010, in forum: ASP .Net Security
    Replies:
    2
    Views:
    1,733
    Peter Larsen [CPH]
    Aug 11, 2010
  4. Neil Gould

    II6 -> II7 with classic ASP

    Neil Gould, May 23, 2009, in forum: ASP General
    Replies:
    3
    Views:
    129
    Steve Schofield
    May 25, 2009
  5. Thomas
    Replies:
    1
    Views:
    1,368
    Thomas
    Aug 3, 2010
Loading...

Share This Page