Authentication pb with IIS7, II7.7

[ADNT]

Hello,

I am migrating an asp.net application from IIS6 to IIS7, this application
uses the 2 authentication modes: Windows and Forms.
For Windows authentication, my web config contains line
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>
<identity impersonate="true"/>
<membership defaultProvider="MyMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="MyProvider" type="MyMembershipProvider"
connectionStringName="My_ConnectionString" applicationName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true" requiresUniqueEmail="true"
passwordFormat="Hashed"/>
</providers>
</membership>
I am very dispointed by the fact that in the PostAuthentication event the
Request.LogonUserIdentity contains 'NT Authority\NetworkService' and not the
current logged user ?


Before this event Current Ueer has been correctly presented in
WindowsAuthentication_OnAuthenticate(object sender,
WindowsAuthenticationEventArgs args), inside the arg parameter, my app uses
it to create an IIdentity and set it as the current session User.

But why the impersonate statment doesn't works ? Could it be an error in
web.config ?

Thanks for help.

CS

 

[Bob Barrows]

Hello,

I am migrating an asp.net application from IIS6 to IIS7, this

Have you neglected to disable Anonymous in your application's Directory
Security tab in the IIS Mgr Property dialog?

***canned wrong-newsgroup reply************************
There was no way for you to know it (except maybe by browsing through some
of the previous questions in this newsgroup before posting yours - always a
recommended practice) , but this is a classic (COM-based) asp newsgroup.
ASP.Net bears very little resemblance to classic ASP so, while you may be
lucky enough to find a dotnet-knowledgeable person here who can answer your
question, you can eliminate the luck factor by posting your question to a
group where those dotnet-knowledgeable people hang out. I suggest
microsoft.public.dotnet.framework.aspnet or the forums at www.asp.net.
******************************************************************

 

[ADNT]

Thanks for answer,

Where is this "Security tab in the IIS Mgr Property dialog" ?
When I open IIS Services Manager, I click on Sites then on My Site, here I
have on the right ASP.NET and IIS and Management but no one contains
security ?

Do you mean the ACLs permission dialog obtain by Edit permission on the app
folder ? But it is not related to anonymous and impersonation ?

CS

 

[ADNT]

In IIS authentication I get:

Anonymous authentication: disabled
ASP.NET Impersonation: Enabled
Basic Authentication: disabled
Digest: disabled
Forms: disabled
Windows: Enabled HTTP 401 challenge

???

 

[Bob Barrows]

That looks right. I suggest you go to one of the dotnet forums or newsgroups
for assistance.