trying to post to aspx anonyomously is blocked?

Discussion in 'ASP .Net Security' started by Larry, Apr 19, 2004.

  1. Larry

    Larry Guest

    I have written a webform page to respond to a users post on the web site.
    This worked on the test site which had anonymous turned off. I then moved it
    to the regular web site (copied the files, reinstalled the FP extension) and
    chaged the setting for anonymous use. but when I try to post the form
    results to the aspx page I keep getting the windows authentication dialog.
    If I go ahead and give the credentials the page goes ahead and works but I
    want this page to work without having need a log in.

    I've tried everything I can think of concerning the permissions (which to my
    way of thinking must be the problem) on the files and directories that the
    aspx page resides in, and the various dotnet directories (per the setting up
    an ASPUSER account KB). I've tried adding IUSR_machine to all of them, and I
    still get the log-on challenge.

    Someone (from the usoft support center) told me once that the NETWORK,
    SYSTEM and INTERACTIVE accounts have to have full control on all the
    directories, so I check and in some cases modified those to have full
    access, still the same behavior. (BTW is there a white paper or something
    that explains the purpose of these accounts, when they need to be present
    and what permissions they need have when present? The security articles keep
    saying remove any unnessecary accounts from various directories but never a
    word of if these are needed or are they like the "everyone" account;
    automatically added giving unwarrented access to things.)

    My server is a win2K server and needs to run IIS (with FPextensions and
    dotnet), exchange, SQL, and activedirectory. I know this is not the
    recommended configuration but I don't have the billions of dollars usoft has
    to run a seperate server for each function. Obviously system admin is not my
    forte so I would appreciate as much detailed help as you can give me in
    getting the premissions and other security setting set up correctly.

    oh yes one other note of interest; I do have the aspx's web.config set to
    windows authentication with impersonate set to true.

    -Larry
    Larry, Apr 19, 2004
    #1
    1. Advertising

  2. Larry

    [MSFT] Guest

    Hi Larry,

    In Machine.config <ProcessModal> section, did you used the "machine" or
    "system" account? If you use "machine" so far, you may try "System"
    account", it is desired to have more permission than "machine" (ASPNET).

    Additionally, you may take following test to see what is the result:

    1. On the web server, create a new virtual folder and add a simple (Blank)
    ASPX page, and same web.config. Will the problem also occur with the ASPX
    page?
    2. In web.config, remove impersonate=true. Does this help?


    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    [MSFT], Apr 20, 2004
    #2
    1. Advertising

  3. Larry

    Larry Guest

    I had already tried the items you suggested with no luck. After a few more
    hours with filemon and the support staff at MS we found the offending items.

    For those that might be following the solution was having to change the
    permissions for the system32 directory, and the assembly directory. I had
    thought about the assembly directory but I didn't know how to access the
    permission settings or about having to unregister/register that directory.
    These accesses were caused by my use of CDONTS object. Something that the
    examples and documentation I referenced never mentioned were these resources
    reside and that I would need to grant additional access channels to the
    afore named directories.

    It's becoming one of my beef's with MS documentation that very little if any
    mentioned is made of what resources (ie files) using these objects in dotnet
    programs are used and which child services and objects they depend on, so
    one can know were to grant permissions or safely remove or disable unused
    items. A good tool is needed that would map out all the modules and services
    any given application uses, and what permissions are required. So those of
    use that don't live (or want to have to live) administrating servers can
    focus on writing applications.

    thanks for responding though.

    -Larry
    "[MSFT]" <> wrote in message
    news:...
    > Hi Larry,
    >
    > In Machine.config <ProcessModal> section, did you used the "machine" or
    > "system" account? If you use "machine" so far, you may try "System"
    > account", it is desired to have more permission than "machine" (ASPNET).
    >
    > Additionally, you may take following test to see what is the result:
    >
    > 1. On the web server, create a new virtual folder and add a simple (Blank)
    > ASPX page, and same web.config. Will the problem also occur with the ASPX
    > page?
    > 2. In web.config, remove impersonate=true. Does this help?
    >
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    Larry, Apr 20, 2004
    #3
  4. Larry

    [MSFT] Guest

    Hi Larry,

    CDONTS will require addtional permission. You may refer to following
    articles to see if they will help:

    PRB: Permission Denied While Using CDONTS to Send Mail with Exchange
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q228465


    XIMS: Minimum NTFS Permissions Required to Use CDONTS
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q260985

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    [MSFT], Apr 20, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alejandra Parra

    is a file blocked?

    Alejandra Parra, Jul 9, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    459
    R.Balaji
    Jul 16, 2004
  2. Sriram Mallajyosula

    How do I post data from aspx page to another aspx page.

    Sriram Mallajyosula, Nov 5, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    969
    Steve C. Orr [MVP, MCSD]
    Nov 5, 2003
  3. Richard K Bethell

    Re: How to detect blocked cookies

    Richard K Bethell, Nov 24, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,969
    Guest
    Nov 25, 2003
  4. Richard
    Replies:
    3
    Views:
    3,579
    Craig Deelsnyder
    Jan 2, 2004
  5. John M
    Replies:
    1
    Views:
    1,126
    Kumar Reddi
    May 29, 2005
Loading...

Share This Page