Authentication Redirect to login doesn't work

Discussion in 'ASP .Net Security' started by Eric, Jun 28, 2005.

  1. Eric

    Eric Guest

    I have Windows xp as workstation OS and Windows Server 2003 Standard
    Edition for the server but Windows NT 4 as primary Domain controller. I
    made a login.aspx and a home.aspx page to test windows authentication
    with the lines of code needed in the web config file and code behind.
    The Home.aspx page is set as the default page in IIS 6.0.
    I have configured IIS for Basic authentication in the Directory
    Security panel of IIS manager.
    When I'm calling the site with the default Url home.aspx page is
    displayed with nothing for User.identity.Name.

    Then i tried with windows integreted authentication. I have made the
    appropriate amendements in the web config file but when i test it still
    nothing is displayed for User.identity.Name.

    Could someone tell me what could be wrong.
    Does NT integrated authetication work with a NT4 Primary DC and Server
    2003 domain member server?

    thanks in advance for any help

    Eric
     
    Eric, Jun 28, 2005
    #1
    1. Advertising

  2. Hello Eric,

    i guess IIS is not authenticating - disable anonymous access to the virtual
    directory in IIS

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have Windows xp as workstation OS and Windows Server 2003 Standard
    > Edition for the server but Windows NT 4 as primary Domain controller.
    > I
    > made a login.aspx and a home.aspx page to test windows authentication
    > with the lines of code needed in the web config file and code behind.
    > The Home.aspx page is set as the default page in IIS 6.0.
    > I have configured IIS for Basic authentication in the Directory
    > Security panel of IIS manager.
    > When I'm calling the site with the default Url home.aspx page is
    > displayed with nothing for User.identity.Name.
    > Then i tried with windows integreted authentication. I have made the
    > appropriate amendements in the web config file but when i test it
    > still nothing is displayed for User.identity.Name.
    >
    > Could someone tell me what could be wrong.
    > Does NT integrated authetication work with a NT4 Primary DC and Server
    > 2003 domain member server?
    > thanks in advance for any help
    >
    > Eric
    >
     
    Dominick Baier [DevelopMentor], Jun 28, 2005
    #2
    1. Advertising

  3. Eric

    Eric Guest

    Hi Dominick,

    For both basic and window authentication test i disabled in IIS all
    authentication options except the one concerned by the test. Basic for
    basic auth, windows integrated for windows NT auth.
    I have already test all authentication model on a windows 2000 server
    DC but its the first time that i test it on a Server 2003. As
    everything is denied by default on server 2003 in opposite to Server
    2000 . Do you have any idea of what could be the reason that when
    calling the default web site page Home.aspx IIS doesn't redirect to
    login.aspx for basic auth. while Authentication is set to Forms in the
    web.config file?




    Dominick a écrit :
    > Hello Eric,
    >
    > i guess IIS is not authenticating - disable anonymous access to the virtual
    > directory in IIS
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I have Windows xp as workstation OS and Windows Server 2003 Standard
    > > Edition for the server but Windows NT 4 as primary Domain controller.
    > > I
    > > made a login.aspx and a home.aspx page to test windows authentication
    > > with the lines of code needed in the web config file and code behind.
    > > The Home.aspx page is set as the default page in IIS 6.0.
    > > I have configured IIS for Basic authentication in the Directory
    > > Security panel of IIS manager.
    > > When I'm calling the site with the default Url home.aspx page is
    > > displayed with nothing for User.identity.Name.
    > > Then i tried with windows integreted authentication. I have made the
    > > appropriate amendements in the web config file but when i test it
    > > still nothing is displayed for User.identity.Name.
    > >
    > > Could someone tell me what could be wrong.
    > > Does NT integrated authetication work with a NT4 Primary DC and Server
    > > 2003 domain member server?
    > > thanks in advance for any help
    > >
    > > Eric
    > >
     
    Eric, Jun 28, 2005
    #3
  4. Hello Eric,

    so what do you want to do? basic or forms auth.

    If you are using windows/basic auth in IIS - IIS will do the authentication
    - the client will get a login dialog

    If you are doing forms, you set IIS to do no authentication - and do it yourself
    in ASP.NET by providing a custom login page.

    In the case of forms - you also have to set ACLs in web.config - like

    <authorization>
    <deny users="?" />
    </authorization>

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick,
    >
    > For both basic and window authentication test i disabled in IIS all
    > authentication options except the one concerned by the test. Basic for
    > basic auth, windows integrated for windows NT auth.
    > I have already test all authentication model on a windows 2000 server
    > DC but its the first time that i test it on a Server 2003. As
    > everything is denied by default on server 2003 in opposite to Server
    > 2000 . Do you have any idea of what could be the reason that when
    > calling the default web site page Home.aspx IIS doesn't redirect to
    > login.aspx for basic auth. while Authentication is set to Forms in the
    > web.config file?
    > Dominick a écrit :
    >
    >> Hello Eric,
    >>
    >> i guess IIS is not authenticating - disable anonymous access to the
    >> virtu
    >>

    > al
    >
    >> directory in IIS
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I have Windows xp as workstation OS and Windows Server 2003 Standard
    >>> Edition for the server but Windows NT 4 as primary Domain
    >>> controller.
    >>> I
    >>> made a login.aspx and a home.aspx page to test windows
    >>> authentication
    >>> with the lines of code needed in the web config file and code
    >>> behind.
    >>> The Home.aspx page is set as the default page in IIS 6.0.
    >>> I have configured IIS for Basic authentication in the Directory
    >>> Security panel of IIS manager.
    >>> When I'm calling the site with the default Url home.aspx page is
    >>> displayed with nothing for User.identity.Name.
    >>> Then i tried with windows integreted authentication. I have made the
    >>> appropriate amendements in the web config file but when i test it
    >>> still nothing is displayed for User.identity.Name.
    >>> Could someone tell me what could be wrong.
    >>> Does NT integrated authetication work with a NT4 Primary DC and
    >>> Server
    >>> 2003 domain member server?
    >>> thanks in advance for any help
    >>> Eric
    >>>
     
    Dominick Baier [DevelopMentor], Jun 28, 2005
    #4
  5. Eric

    Eric Guest

    Hello Dominick,

    In Fact i have tried several way to authenticate a user.

    Windows Integrated Authentication is working fine.

    I tried then the basic authentication . IIS Configured as basic Auth.
    config file with <authentication mode="windows"/> but when the windows
    login box appear at client side (xp pro sp2) no accounts that i have
    defined on server 2003 is valid and i can't authenticate any defined
    user. Should user require to be member of a particular group other than
    Domain users?

    I have tried the same thing on windows 2000 server and i was working
    fine.

    _______


    in a second test i tried forms authentication with credentials in
    config file. IIS configured as anonymous authentication. Is it Correct?
    As you say "set IIS to do no authentication" do you mean uncheck all
    Authentication mode in IIS or just let anonymous authentication checked
    with "Ask IIS to authenticate" unchecked and then choose a new account
    for impersonation .

    Config file with

    <authentication mode="Forms"/>
    <forms loginUrl="Login.aspx">
    <credentials passwordFormat="Clear">
    <user name="username" password="password">
    </credentials>
    </forms >
    </authentication>

    <authorization>
    <deny users="?" />
    </authorization>

    By doing this way and calling the default website url it goes directly
    to the default page Home.aspx and display no User.Identity.name. the
    user has not yet been authenticated and is not redirected to the login
    page.

    Except if I have not setup IIS correctly for autentication by choosing
    the wrong options I don't understand why it behaves this way. Do you
    have any clue?

    Eric
     
    Eric, Jun 29, 2005
    #5
  6. Eric

    Eric Guest

    Hello Dominick,

    Finally I succeed to do NT integrated, basic and Froms Authentication
    using IE on workstation but when testing on server it behaves not the
    same as on workstation for NT Integrated Auth.
    On Server for NT integrated Auth a Dialog Box is asking for login
    whereas on workstation it doesn't (it's all right because he should
    not).
    Do you know why it asks for login when testing with IE on server side
    meanwhile it doen't on client side?
     
    Eric, Jun 30, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Max
    Replies:
    0
    Views:
    491
  2. Grey
    Replies:
    0
    Views:
    349
  3. Alfredo Barrientos
    Replies:
    0
    Views:
    521
    Alfredo Barrientos
    Aug 31, 2005
  4. gorden blom

    login redirect doesn't work

    gorden blom, Oct 7, 2003, in forum: ASP .Net Security
    Replies:
    12
    Views:
    235
    gorden blom
    Oct 10, 2003
  5. Sal
    Replies:
    1
    Views:
    538
Loading...

Share This Page