Using IIS w/ASP .NET 2.0 Web Application Projects

Discussion in 'ASP .Net' started by Scott M., Jan 25, 2008.

  1. Scott M.

    Scott M. Guest

    In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting
    to use IIS. I then created the virtual directory (from the button in VS)
    and then went and enabled Integrated Windows Authentication. The site
    consists of just a single default.aspx file with nothing in it. When I
    attempt to run the project, I get an http 403 access fobidden error.

    What am I missing?

    Thanks.
    Scott M., Jan 25, 2008
    #1
    1. Advertising

  2. re:
    !> enabled Integrated Windows Authentication
    !> When I attempt to run the project, I get an http 403 access fobidden error

    When you run ASP.NET with Windows Authentication enabled,
    every single account which accesses the application must have
    permission to access the app expressly granted.

    Have you considered using Anonymous Authentication or Forms Authentication ?
    Or, are you set on creating a Windows user account for every single user of your App ?





    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:...
    > In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the virtual
    > directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The site consists of
    > just a single default.aspx file with nothing in it. When I attempt to run the project, I get an http 403 access
    > fobidden error.
    >
    > What am I missing?
    >
    > Thanks.
    >
    Juan T. Llibre, Jan 25, 2008
    #2
    1. Advertising

  3. Scott M.

    Scott M. Guest

    "Juan T. Llibre" <> wrote in message
    news:...
    > re:
    > !> enabled Integrated Windows Authentication
    > !> When I attempt to run the project, I get an http 403 access fobidden
    > error
    >
    > When you run ASP.NET with Windows Authentication enabled,
    > every single account which accesses the application must have
    > permission to access the app expressly granted.
    >
    > Have you considered using Anonymous Authentication or Forms Authentication
    > ?


    Anonymous Access is on by default. I only turned on Integrated Windows
    Authentication (in addition to the automatically enabled Anonymous Access)
    because Visual Studio complained that Integrated Windows Authentication must
    be on in order to debug the application.

    > Or, are you set on creating a Windows user account for every single user
    > of your App ?


    See above.

    >
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Scott M." <> wrote in message
    > news:...
    >> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
    >> setting to use IIS. I then created the virtual directory (from the
    >> button in VS) and then went and enabled Integrated Windows
    >> Authentication. The site consists of just a single default.aspx file
    >> with nothing in it. When I attempt to run the project, I get an http 403
    >> access fobidden error.
    >>
    >> What am I missing?
    >>
    >> Thanks.
    >>

    >
    >
    Scott M., Jan 26, 2008
    #3
  4. re:
    !> Anonymous Access is on by default. I only turned on Integrated Windows
    !> Authentication (in addition to the automatically enabled Anonymous Access)

    Integrated Windows Authentication overrides the Anonymous authentication default.

    When you "only turned on Integrated Windows Authentication", in effect,
    you are requiring *all* clients which access your application to have an
    account on the server which is hosting it.

    re:
    !> Integrated Windows Authentication must be on in order to debug the application

    Which OS are you using ? Which version of IIS are you using ?
    There's different solutions for different OS/IIS versions.

    There's a slew of reports/solutions for the problem you report at :
    http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:utGU6%...
    >
    > "Juan T. Llibre" <> wrote in message news:...
    >> re:
    >> !> enabled Integrated Windows Authentication
    >> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>
    >> When you run ASP.NET with Windows Authentication enabled,
    >> every single account which accesses the application must have
    >> permission to access the app expressly granted.


    >>
    >> Have you considered using Anonymous Authentication or Forms Authentication ?


    > Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    > automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows Authentication must
    > be on in order to debug the application.


    >> Or, are you set on creating a Windows user account for every single user of your App ?

    >
    > See above.



    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message news:...
    >>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the virtual
    >>> directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The site consists of
    >>> just a single default.aspx file with nothing in it. When I attempt to run the project, I get an http 403 access
    >>> fobidden error.
    >>>
    >>> What am I missing?
    >>>
    >>> Thanks.
    >>>

    >>
    >>

    >
    >
    Juan T. Llibre, Jan 26, 2008
    #4
  5. Scott M.

    Scott M. Guest

    "Juan T. Llibre" <> wrote in message
    news:%...
    > re:
    > !> Anonymous Access is on by default. I only turned on Integrated Windows
    > !> Authentication (in addition to the automatically enabled Anonymous
    > Access)
    >
    > Integrated Windows Authentication overrides the Anonymous authentication
    > default.


    I'm not so sure about that since both Anonymous and Integrated Windows are
    checked simultaneously. If selecting one disabled the other, I would expect
    that you would not be able to select them both together. I believe that
    selecting both allows IIS to have the benefits of both. VS needs integrated
    Windows authentication to make debugging work.

    > When you "only turned on Integrated Windows Authentication", in effect,
    > you are requiring *all* clients which access your application to have an
    > account on the server which is hosting it.
    >
    > re:
    > !> Integrated Windows Authentication must be on in order to debug the
    > application
    >
    > Which OS are you using ? Which version of IIS are you using ?


    XP Pro. SP2 / IIS 6.0

    > There's different solutions for different OS/IIS versions.
    >
    > There's a slew of reports/solutions for the problem you report at :
    > http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"


    Yes, I've already seen those but that's not really the point of my post.

    Even with what you are saying, I should be able to see the page I'm trying
    to access since I do, in fact, have a Windows account on the development
    server that I'm testing against and even still, I get a 403 error.



    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Scott M." <> wrote in message
    > news:utGU6%...
    >>
    >> "Juan T. Llibre" <> wrote in message
    >> news:...
    >>> re:
    >>> !> enabled Integrated Windows Authentication
    >>> !> When I attempt to run the project, I get an http 403 access fobidden
    >>> error
    >>>
    >>> When you run ASP.NET with Windows Authentication enabled,
    >>> every single account which accesses the application must have
    >>> permission to access the app expressly granted.

    >
    >>>
    >>> Have you considered using Anonymous Authentication or Forms
    >>> Authentication ?

    >
    >> Anonymous Access is on by default. I only turned on Integrated Windows
    >> Authentication (in addition to the automatically enabled Anonymous
    >> Access) because Visual Studio complained that Integrated Windows
    >> Authentication must be on in order to debug the application.

    >
    >>> Or, are you set on creating a Windows user account for every single user
    >>> of your App ?

    >>
    >> See above.

    >
    >
    >>>
    >>> Juan T. Llibre, asp.net MVP
    >>> asp.net faq : http://asp.net.do/faq/
    >>> foros de asp.net, en español : http://asp.net.do/foros/
    >>> ======================================
    >>> "Scott M." <> wrote in message
    >>> news:...
    >>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
    >>>> setting to use IIS. I then created the virtual directory (from the
    >>>> button in VS) and then went and enabled Integrated Windows
    >>>> Authentication. The site consists of just a single default.aspx file
    >>>> with nothing in it. When I attempt to run the project, I get an http
    >>>> 403 access fobidden error.
    >>>>
    >>>> What am I missing?
    >>>>
    >>>> Thanks.
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Scott M., Jan 26, 2008
    #5
  6. Scott M.

    Scott M. Guest

    Correction: IIS 5.1

    Also, from the IIS documentation:

    Once integrated Windows authentication is enabled, your Web server will only
    use it under the following conditions:

    -Anonymous access is disabled.

    -Anonymous access is denied because Windows file system permissions have
    been set, requiring the users to provide a Windows user name and password
    before establishing a connection with restricted content.

    Contrary to your statement that Windows authentication overrides anonymous
    authentication, this indicates that Windows authentication will only be used
    when anonymous is turned off (which, in my case, it is not) or when
    anonymous access is tried but denied.

    -Scott





    "Scott M." <> wrote in message
    news:...
    >
    > "Juan T. Llibre" <> wrote in message
    > news:%...
    >> re:
    >> !> Anonymous Access is on by default. I only turned on Integrated
    >> Windows
    >> !> Authentication (in addition to the automatically enabled Anonymous
    >> Access)
    >>
    >> Integrated Windows Authentication overrides the Anonymous authentication
    >> default.

    >
    > I'm not so sure about that since both Anonymous and Integrated Windows are
    > checked simultaneously. If selecting one disabled the other, I would
    > expect that you would not be able to select them both together. I believe
    > that selecting both allows IIS to have the benefits of both. VS needs
    > integrated Windows authentication to make debugging work.
    >
    >> When you "only turned on Integrated Windows Authentication", in effect,
    >> you are requiring *all* clients which access your application to have an
    >> account on the server which is hosting it.
    >>
    >> re:
    >> !> Integrated Windows Authentication must be on in order to debug the
    >> application
    >>
    >> Which OS are you using ? Which version of IIS are you using ?

    >
    > XP Pro. SP2 / IIS 6.0
    >
    >> There's different solutions for different OS/IIS versions.
    >>
    >> There's a slew of reports/solutions for the problem you report at :
    >> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"

    >
    > Yes, I've already seen those but that's not really the point of my post.
    >
    > Even with what you are saying, I should be able to see the page I'm trying
    > to access since I do, in fact, have a Windows account on the development
    > server that I'm testing against and even still, I get a 403 error.
    >
    >
    >
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message
    >> news:utGU6%...
    >>>
    >>> "Juan T. Llibre" <> wrote in message
    >>> news:...
    >>>> re:
    >>>> !> enabled Integrated Windows Authentication
    >>>> !> When I attempt to run the project, I get an http 403 access fobidden
    >>>> error
    >>>>
    >>>> When you run ASP.NET with Windows Authentication enabled,
    >>>> every single account which accesses the application must have
    >>>> permission to access the app expressly granted.

    >>
    >>>>
    >>>> Have you considered using Anonymous Authentication or Forms
    >>>> Authentication ?

    >>
    >>> Anonymous Access is on by default. I only turned on Integrated Windows
    >>> Authentication (in addition to the automatically enabled Anonymous
    >>> Access) because Visual Studio complained that Integrated Windows
    >>> Authentication must be on in order to debug the application.

    >>
    >>>> Or, are you set on creating a Windows user account for every single
    >>>> user of your App ?
    >>>
    >>> See above.

    >>
    >>
    >>>>
    >>>> Juan T. Llibre, asp.net MVP
    >>>> asp.net faq : http://asp.net.do/faq/
    >>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>> ======================================
    >>>> "Scott M." <> wrote in message
    >>>> news:...
    >>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
    >>>>> setting to use IIS. I then created the virtual directory (from the
    >>>>> button in VS) and then went and enabled Integrated Windows
    >>>>> Authentication. The site consists of just a single default.aspx file
    >>>>> with nothing in it. When I attempt to run the project, I get an http
    >>>>> 403 access fobidden error.
    >>>>>
    >>>>> What am I missing?
    >>>>>
    >>>>> Thanks.
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    Scott M., Jan 26, 2008
    #6
  7. re:
    !> I believe that selecting both allows IIS to have the benefits of both. VS needs integrated

    If you select Windows Integrated Authentication, anonymous users won't be able to login.

    re:
    !> Even with what you are saying, I should be able to see the page I'm trying
    !> to access since I do, in fact, have a Windows account on the development
    !> server that I'm testing against and even still, I get a 403 error.

    That depends on how you've configured ASP.NET.

    ASP.NET has a *separate* authentication configuration which IIS doesn't interfere with.

    In web.config, you must specify <authentication mode="Windows">
    if you want Windows Integrated Authentication to work in ASP.NET.

    See : http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5

    <quote>
    "Windows authentication, also called Integrated Windows authentication, uses Windows operating
    system accounts to verify a user's credentials. This means that the user must either be logged in
    to the domain on which the server is running (in which case they will not be queried for credentials),
    or must log in to the domain when they try to access a protected page.

    This authentication scheme is part of IIS, and must be configured and executed by IIS;
    it is entirely separate from ASP.NET and is not, as such, an ASP.NET authentication mechanism."
    </quote>

    If you're running an ASP.NET application, you must configure <authentication mode="Windows"> in web.config.





    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:...
    >
    > "Juan T. Llibre" <> wrote in message news:%...
    >> re:
    >> !> Anonymous Access is on by default. I only turned on Integrated Windows
    >> !> Authentication (in addition to the automatically enabled Anonymous Access)
    >>
    >> Integrated Windows Authentication overrides the Anonymous authentication default.

    >
    > I'm not so sure about that since both Anonymous and Integrated Windows are checked simultaneously. If selecting one
    > disabled the other, I would expect that you would not be able to select them both together. I believe that selecting
    > both allows IIS to have the benefits of both. VS needs integrated Windows authentication to make debugging work.
    >
    >> When you "only turned on Integrated Windows Authentication", in effect,
    >> you are requiring *all* clients which access your application to have an
    >> account on the server which is hosting it.
    >>
    >> re:
    >> !> Integrated Windows Authentication must be on in order to debug the application
    >>
    >> Which OS are you using ? Which version of IIS are you using ?

    >
    > XP Pro. SP2 / IIS 6.0
    >
    >> There's different solutions for different OS/IIS versions.
    >>
    >> There's a slew of reports/solutions for the problem you report at :
    >> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"

    >
    > Yes, I've already seen those but that's not really the point of my post.
    >
    > Even with what you are saying, I should be able to see the page I'm trying to access since I do, in fact, have a
    > Windows account on the development server that I'm testing against and even still, I get a 403 error.
    >
    >
    >
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message news:utGU6%...
    >>>
    >>> "Juan T. Llibre" <> wrote in message news:...
    >>>> re:
    >>>> !> enabled Integrated Windows Authentication
    >>>> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>>>
    >>>> When you run ASP.NET with Windows Authentication enabled,
    >>>> every single account which accesses the application must have
    >>>> permission to access the app expressly granted.

    >>
    >>>>
    >>>> Have you considered using Anonymous Authentication or Forms Authentication ?

    >>
    >>> Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    >>> automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows Authentication must
    >>> be on in order to debug the application.

    >>
    >>>> Or, are you set on creating a Windows user account for every single user of your App ?
    >>>
    >>> See above.

    >>
    >>
    >>>>
    >>>> Juan T. Llibre, asp.net MVP
    >>>> asp.net faq : http://asp.net.do/faq/
    >>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>> ======================================
    >>>> "Scott M." <> wrote in message news:...
    >>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the
    >>>>> virtual directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The site
    >>>>> consists of just a single default.aspx file with nothing in it. When I attempt to run the project, I get an http
    >>>>> 403 access fobidden error.
    >>>>>
    >>>>> What am I missing?
    >>>>>
    >>>>> Thanks.
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    Juan T. Llibre, Jan 26, 2008
    #7
  8. No matter how much you nitpick my post,
    if you enable Windows Integrated Authentication, anonymous access is not allowed.

    The info you quoted is quite specific :

    !> Anonymous access is denied because Windows file system permissions have
    !> been set, requiring the users to provide a Windows user name and password
    !> before establishing a connection with restricted content.

    See my previous post for more details regarding use of Windows Authentication with ASP.NET.

    re:
    !> Contrary to your statement that Windows authentication overrides anonymous authentication
    !> this indicates that Windows authentication will only be used when anonymous is turned off

    Not true.

    Once Windows Integrated Authetication is selected, anonymous
    authentication is not possible, at least within non-ASP.NET IIS applications.

    For ASP.NET, certain special rules apply.

    Follow the link I provided in my previous post for details on
    how to require Windows Authentication for an ASP.NET app.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:eM%...
    > Correction: IIS 5.1
    >
    > Also, from the IIS documentation:
    >
    > Once integrated Windows authentication is enabled, your Web server will only use it under the following conditions:
    >
    > -Anonymous access is disabled.
    >
    > -Anonymous access is denied because Windows file system permissions have been set, requiring the users to provide a
    > Windows user name and password before establishing a connection with restricted content.


    > Contrary to your statement that Windows authentication overrides anonymous authentication, this indicates that Windows
    > authentication will only be used when anonymous is turned off (which, in my case, it is not) or when anonymous access
    > is tried but denied.
    >
    > -Scott
    >
    >
    >
    >
    >
    > "Scott M." <> wrote in message news:...
    >>
    >> "Juan T. Llibre" <> wrote in message news:%...
    >>> re:
    >>> !> Anonymous Access is on by default. I only turned on Integrated Windows
    >>> !> Authentication (in addition to the automatically enabled Anonymous Access)
    >>>
    >>> Integrated Windows Authentication overrides the Anonymous authentication default.

    >>
    >> I'm not so sure about that since both Anonymous and Integrated Windows are checked simultaneously. If selecting one
    >> disabled the other, I would expect that you would not be able to select them both together. I believe that selecting
    >> both allows IIS to have the benefits of both. VS needs integrated Windows authentication to make debugging work.
    >>
    >>> When you "only turned on Integrated Windows Authentication", in effect,
    >>> you are requiring *all* clients which access your application to have an
    >>> account on the server which is hosting it.
    >>>
    >>> re:
    >>> !> Integrated Windows Authentication must be on in order to debug the application
    >>>
    >>> Which OS are you using ? Which version of IIS are you using ?

    >>
    >> XP Pro. SP2 / IIS 6.0
    >>
    >>> There's different solutions for different OS/IIS versions.
    >>>
    >>> There's a slew of reports/solutions for the problem you report at :
    >>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"

    >>
    >> Yes, I've already seen those but that's not really the point of my post.
    >>
    >> Even with what you are saying, I should be able to see the page I'm trying to access since I do, in fact, have a
    >> Windows account on the development server that I'm testing against and even still, I get a 403 error.
    >>
    >>
    >>
    >>>
    >>>
    >>>
    >>>
    >>> Juan T. Llibre, asp.net MVP
    >>> asp.net faq : http://asp.net.do/faq/
    >>> foros de asp.net, en español : http://asp.net.do/foros/
    >>> ======================================
    >>> "Scott M." <> wrote in message news:utGU6%...
    >>>>
    >>>> "Juan T. Llibre" <> wrote in message news:...
    >>>>> re:
    >>>>> !> enabled Integrated Windows Authentication
    >>>>> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>>>>
    >>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>> every single account which accesses the application must have
    >>>>> permission to access the app expressly granted.
    >>>
    >>>>>
    >>>>> Have you considered using Anonymous Authentication or Forms Authentication ?
    >>>
    >>>> Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    >>>> automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows Authentication
    >>>> must be on in order to debug the application.
    >>>
    >>>>> Or, are you set on creating a Windows user account for every single user of your App ?
    >>>>
    >>>> See above.
    >>>
    >>>
    >>>>>
    >>>>> Juan T. Llibre, asp.net MVP
    >>>>> asp.net faq : http://asp.net.do/faq/
    >>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>> ======================================
    >>>>> "Scott M." <> wrote in message news:...
    >>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the
    >>>>>> virtual directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The site
    >>>>>> consists of just a single default.aspx file with nothing in it. When I attempt to run the project, I get an http
    >>>>>> 403 access fobidden error.
    >>>>>>
    >>>>>> What am I missing?
    >>>>>>
    >>>>>> Thanks.
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>

    >
    >
    Juan T. Llibre, Jan 26, 2008
    #8
  9. Scott M.

    Scott M. Guest

    See my last post (which I think you missed).

    And, comments here too, inline...


    "Juan T. Llibre" <> wrote in message
    news:Owc0%...
    > re:
    > !> I believe that selecting both allows IIS to have the benefits of both.
    > VS needs integrated
    >
    > If you select Windows Integrated Authentication, anonymous users won't be
    > able to login.


    Not true - see my other post.

    >
    > re:
    > !> Even with what you are saying, I should be able to see the page I'm
    > trying
    > !> to access since I do, in fact, have a Windows account on the
    > development
    > !> server that I'm testing against and even still, I get a 403 error.
    >
    > That depends on how you've configured ASP.NET.
    >
    > ASP.NET has a *separate* authentication configuration which IIS doesn't
    > interfere with.


    I know. If I set it to Form, Windows or None, I get the same results.

    >
    > In web.config, you must specify <authentication mode="Windows">
    > if you want Windows Integrated Authentication to work in ASP.NET.
    >
    > See :
    > http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5


    Not quite. As you point out the ASP .NET setting is separate from the IIS
    setting (although you can set the ASP .NET setting via the ASP .NET tab in
    IIS without having to do it in web config).

    Let's be clear here. The only reason I have Windows authentication turned
    on in IIS is because VS will not enter debug mode without it. I am not
    trying to create a Windows authenticated ASP .NET web site and so I would
    not set the ASP .NET setting to Windows authentication.

    As I point out in my other post you can have both Anonymous and Windows
    authentication turned on at the same time and this solves the VS debugging
    error.

    >
    > <quote>
    > "Windows authentication, also called Integrated Windows authentication,
    > uses Windows operating
    > system accounts to verify a user's credentials. This means that the user
    > must either be logged in
    > to the domain on which the server is running (in which case they will not
    > be queried for credentials),
    > or must log in to the domain when they try to access a protected page.
    >
    > This authentication scheme is part of IIS, and must be configured and
    > executed by IIS;
    > it is entirely separate from ASP.NET and is not, as such, an ASP.NET
    > authentication mechanism."
    > </quote>
    >
    > If you're running an ASP.NET application, you must configure
    > <authentication mode="Windows"> in web.config.>


    Uh, no that's not true.



    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Scott M." <> wrote in message
    > news:...
    >>
    >> "Juan T. Llibre" <> wrote in message
    >> news:%...
    >>> re:
    >>> !> Anonymous Access is on by default. I only turned on Integrated
    >>> Windows
    >>> !> Authentication (in addition to the automatically enabled Anonymous
    >>> Access)
    >>>
    >>> Integrated Windows Authentication overrides the Anonymous authentication
    >>> default.

    >>
    >> I'm not so sure about that since both Anonymous and Integrated Windows
    >> are checked simultaneously. If selecting one
    >> disabled the other, I would expect that you would not be able to select
    >> them both together. I believe that selecting
    >> both allows IIS to have the benefits of both. VS needs integrated

    Windows authentication to make debugging work.
    >>
    >>> When you "only turned on Integrated Windows Authentication", in effect,
    >>> you are requiring *all* clients which access your application to have an
    >>> account on the server which is hosting it.
    >>>
    >>> re:
    >>> !> Integrated Windows Authentication must be on in order to debug the
    >>> application
    >>>
    >>> Which OS are you using ? Which version of IIS are you using ?

    >>
    >> XP Pro. SP2 / IIS 6.0
    >>
    >>> There's different solutions for different OS/IIS versions.
    >>>
    >>> There's a slew of reports/solutions for the problem you report at :
    >>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"

    >>
    >> Yes, I've already seen those but that's not really the point of my post.
    >>
    >> Even with what you are saying, I should be able to see the page I'm
    >> trying to access since I do, in fact, have a
    >> Windows account on the development server that I'm testing against and
    >> even still, I get a 403 error.
    >>
    >>
    >>
    >>>
    >>>
    >>>
    >>>
    >>> Juan T. Llibre, asp.net MVP
    >>> asp.net faq : http://asp.net.do/faq/
    >>> foros de asp.net, en español : http://asp.net.do/foros/
    >>> ======================================
    >>> "Scott M." <> wrote in message
    >>> news:utGU6%...
    >>>>
    >>>> "Juan T. Llibre" <> wrote in message
    >>>> news:...
    >>>>> re:
    >>>>> !> enabled Integrated Windows Authentication
    >>>>> !> When I attempt to run the project, I get an http 403 access
    >>>>> fobidden error
    >>>>>
    >>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>> every single account which accesses the application must have
    >>>>> permission to access the app expressly granted.
    >>>
    >>>>>
    >>>>> Have you considered using Anonymous Authentication or Forms
    >>>>> Authentication ?
    >>>
    >>>> Anonymous Access is on by default. I only turned on Integrated Windows
    >>>> Authentication (in addition to the
    >>>> automatically enabled Anonymous Access) because Visual Studio
    >>>> complained that Integrated Windows Authentication must
    >>>> be on in order to debug the application.
    >>>
    >>>>> Or, are you set on creating a Windows user account for every single
    >>>>> user of your App ?
    >>>>
    >>>> See above.
    >>>
    >>>
    >>>>>
    >>>>> Juan T. Llibre, asp.net MVP
    >>>>> asp.net faq : http://asp.net.do/faq/
    >>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>> ======================================
    >>>>> "Scott M." <> wrote in message
    >>>>> news:...
    >>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
    >>>>>> setting to use IIS. I then created the
    >>>>>> virtual directory (from the button in VS) and then went and enabled
    >>>>>> Integrated Windows Authentication. The site
    >>>>>> consists of just a single default.aspx file with nothing in it. When
    >>>>>> I attempt to run the project, I get an http
    >>>>>> 403 access fobidden error.
    >>>>>>
    >>>>>> What am I missing?
    >>>>>>
    >>>>>> Thanks.
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>

    >
    >
    >
    Scott M., Jan 26, 2008
    #9
  10. Scott M.

    Scott M. Guest

    Your trying to solve the wrong problem here Juan.

    I'm not "trying" to make a Windows Authenticated ASP .NET web site. I'm
    simply trying to make a brand new, one blank page site/project come up using
    IIS, rather than the ASP .NET development server.

    I'm not looking for documentation on how to use Windows Authentication. I
    only turned it on because VS say's it needs it for debugging purposes. I
    know that you don't have to convert your site to a Windows Authenticated
    site just to test a single, blank page.

    I also know that the IIS documentation directly contradicts what you are
    saying.

    Thanks anyway, but the path you are going down is not the path that relates
    to my question.

    "Juan T. Llibre" <> wrote in message
    news:...
    > No matter how much you nitpick my post,
    > if you enable Windows Integrated Authentication, anonymous access is not
    > allowed.
    >
    > The info you quoted is quite specific :
    >
    > !> Anonymous access is denied because Windows file system permissions have
    > !> been set, requiring the users to provide a Windows user name and
    > password
    > !> before establishing a connection with restricted content.
    >
    > See my previous post for more details regarding use of Windows
    > Authentication with ASP.NET.
    >
    > re:
    > !> Contrary to your statement that Windows authentication overrides
    > anonymous authentication
    > !> this indicates that Windows authentication will only be used when
    > anonymous is turned off
    >
    > Not true.
    >
    > Once Windows Integrated Authetication is selected, anonymous
    > authentication is not possible, at least within non-ASP.NET IIS
    > applications.
    >
    > For ASP.NET, certain special rules apply.
    >
    > Follow the link I provided in my previous post for details on
    > how to require Windows Authentication for an ASP.NET app.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Scott M." <> wrote in message
    > news:eM%...
    >> Correction: IIS 5.1
    >>
    >> Also, from the IIS documentation:
    >>
    >> Once integrated Windows authentication is enabled, your Web server will
    >> only use it under the following conditions:
    >>
    >> -Anonymous access is disabled.
    >>
    >> -Anonymous access is denied because Windows file system permissions have
    >> been set, requiring the users to provide a Windows user name and password
    >> before establishing a connection with restricted content.

    >
    >> Contrary to your statement that Windows authentication overrides
    >> anonymous authentication, this indicates that Windows authentication will
    >> only be used when anonymous is turned off (which, in my case, it is not)
    >> or when anonymous access is tried but denied.
    >>
    >> -Scott
    >>
    >>
    >>
    >>
    >>
    >> "Scott M." <> wrote in message
    >> news:...
    >>>
    >>> "Juan T. Llibre" <> wrote in message
    >>> news:%...
    >>>> re:
    >>>> !> Anonymous Access is on by default. I only turned on Integrated
    >>>> Windows
    >>>> !> Authentication (in addition to the automatically enabled Anonymous
    >>>> Access)
    >>>>
    >>>> Integrated Windows Authentication overrides the Anonymous
    >>>> authentication default.
    >>>
    >>> I'm not so sure about that since both Anonymous and Integrated Windows
    >>> are checked simultaneously. If selecting one disabled the other, I
    >>> would expect that you would not be able to select them both together. I
    >>> believe that selecting both allows IIS to have the benefits of both. VS
    >>> needs integrated Windows authentication to make debugging work.
    >>>
    >>>> When you "only turned on Integrated Windows Authentication", in effect,
    >>>> you are requiring *all* clients which access your application to have
    >>>> an
    >>>> account on the server which is hosting it.
    >>>>
    >>>> re:
    >>>> !> Integrated Windows Authentication must be on in order to debug the
    >>>> application
    >>>>
    >>>> Which OS are you using ? Which version of IIS are you using ?
    >>>
    >>> XP Pro. SP2 / IIS 6.0
    >>>
    >>>> There's different solutions for different OS/IIS versions.
    >>>>
    >>>> There's a slew of reports/solutions for the problem you report at :
    >>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>
    >>> Yes, I've already seen those but that's not really the point of my post.
    >>>
    >>> Even with what you are saying, I should be able to see the page I'm
    >>> trying to access since I do, in fact, have a Windows account on the
    >>> development server that I'm testing against and even still, I get a 403
    >>> error.
    >>>
    >>>
    >>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> Juan T. Llibre, asp.net MVP
    >>>> asp.net faq : http://asp.net.do/faq/
    >>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>> ======================================
    >>>> "Scott M." <> wrote in message
    >>>> news:utGU6%...
    >>>>>
    >>>>> "Juan T. Llibre" <> wrote in message
    >>>>> news:...
    >>>>>> re:
    >>>>>> !> enabled Integrated Windows Authentication
    >>>>>> !> When I attempt to run the project, I get an http 403 access
    >>>>>> fobidden error
    >>>>>>
    >>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>> every single account which accesses the application must have
    >>>>>> permission to access the app expressly granted.
    >>>>
    >>>>>>
    >>>>>> Have you considered using Anonymous Authentication or Forms
    >>>>>> Authentication ?
    >>>>
    >>>>> Anonymous Access is on by default. I only turned on Integrated
    >>>>> Windows Authentication (in addition to the automatically enabled
    >>>>> Anonymous Access) because Visual Studio complained that Integrated
    >>>>> Windows Authentication must be on in order to debug the application.
    >>>>
    >>>>>> Or, are you set on creating a Windows user account for every single
    >>>>>> user of your App ?
    >>>>>
    >>>>> See above.
    >>>>
    >>>>
    >>>>>>
    >>>>>> Juan T. Llibre, asp.net MVP
    >>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>> ======================================
    >>>>>> "Scott M." <> wrote in message
    >>>>>> news:...
    >>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
    >>>>>>> setting to use IIS. I then created the virtual directory (from the
    >>>>>>> button in VS) and then went and enabled Integrated Windows
    >>>>>>> Authentication. The site consists of just a single default.aspx
    >>>>>>> file with nothing in it. When I attempt to run the project, I get
    >>>>>>> an http 403 access fobidden error.
    >>>>>>>
    >>>>>>> What am I missing?
    >>>>>>>
    >>>>>>> Thanks.
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>

    >>
    >>

    >
    >
    Scott M., Jan 26, 2008
    #10
  11. I've tried to explain to you the authentication mechanism as well as I can.
    If you know so much about this, why are you the one with the problem ?

    Go ahead and butt your head against the explanation.

    When you're done, you'll see that, if you turn on Windows Authentication.
    allegedly in order to debug the app, you're turning Windows Authentication
    on for the whole app, and not just for debugging purposes.

    That's why you're having problems.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:...
    > See my last post (which I think you missed).
    >
    > And, comments here too, inline...
    >
    >
    > "Juan T. Llibre" <> wrote in message news:Owc0%...
    >> re:
    >> !> I believe that selecting both allows IIS to have the benefits of both. VS needs integrated
    >>
    >> If you select Windows Integrated Authentication, anonymous users won't be able to login.

    >
    > Not true - see my other post.
    >
    >>
    >> re:
    >> !> Even with what you are saying, I should be able to see the page I'm trying
    >> !> to access since I do, in fact, have a Windows account on the development
    >> !> server that I'm testing against and even still, I get a 403 error.
    >>
    >> That depends on how you've configured ASP.NET.
    >>
    >> ASP.NET has a *separate* authentication configuration which IIS doesn't interfere with.

    >
    > I know. If I set it to Form, Windows or None, I get the same results.
    >
    >>
    >> In web.config, you must specify <authentication mode="Windows">
    >> if you want Windows Integrated Authentication to work in ASP.NET.
    >>
    >> See : http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5

    >
    > Not quite. As you point out the ASP .NET setting is separate from the IIS setting (although you can set the ASP .NET
    > setting via the ASP .NET tab in IIS without having to do it in web config).
    >
    > Let's be clear here. The only reason I have Windows authentication turned on in IIS is because VS will not enter
    > debug mode without it. I am not trying to create a Windows authenticated ASP .NET web site and so I would not set the
    > ASP .NET setting to Windows authentication.
    >
    > As I point out in my other post you can have both Anonymous and Windows authentication turned on at the same time and
    > this solves the VS debugging error.
    >
    >>
    >> <quote>
    >> "Windows authentication, also called Integrated Windows authentication, uses Windows operating
    >> system accounts to verify a user's credentials. This means that the user must either be logged in
    >> to the domain on which the server is running (in which case they will not be queried for credentials),
    >> or must log in to the domain when they try to access a protected page.
    >>
    >> This authentication scheme is part of IIS, and must be configured and executed by IIS;
    >> it is entirely separate from ASP.NET and is not, as such, an ASP.NET authentication mechanism."
    >> </quote>
    >>
    >> If you're running an ASP.NET application, you must configure <authentication mode="Windows"> in web.config.>

    >
    > Uh, no that's not true.
    >
    >
    >
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message news:...
    >>>
    >>> "Juan T. Llibre" <> wrote in message news:%...
    >>>> re:
    >>>> !> Anonymous Access is on by default. I only turned on Integrated Windows
    >>>> !> Authentication (in addition to the automatically enabled Anonymous Access)
    >>>>
    >>>> Integrated Windows Authentication overrides the Anonymous authentication default.
    >>>
    >>> I'm not so sure about that since both Anonymous and Integrated Windows are checked simultaneously. If selecting one
    >>> disabled the other, I would expect that you would not be able to select them both together. I believe that
    >>> selecting
    >>> both allows IIS to have the benefits of both. VS needs integrated

    > Windows authentication to make debugging work.
    >>>
    >>>> When you "only turned on Integrated Windows Authentication", in effect,
    >>>> you are requiring *all* clients which access your application to have an
    >>>> account on the server which is hosting it.
    >>>>
    >>>> re:
    >>>> !> Integrated Windows Authentication must be on in order to debug the application
    >>>>
    >>>> Which OS are you using ? Which version of IIS are you using ?
    >>>
    >>> XP Pro. SP2 / IIS 6.0
    >>>
    >>>> There's different solutions for different OS/IIS versions.
    >>>>
    >>>> There's a slew of reports/solutions for the problem you report at :
    >>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>
    >>> Yes, I've already seen those but that's not really the point of my post.
    >>>
    >>> Even with what you are saying, I should be able to see the page I'm trying to access since I do, in fact, have a
    >>> Windows account on the development server that I'm testing against and even still, I get a 403 error.
    >>>
    >>>
    >>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> Juan T. Llibre, asp.net MVP
    >>>> asp.net faq : http://asp.net.do/faq/
    >>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>> ======================================
    >>>> "Scott M." <> wrote in message news:utGU6%...
    >>>>>
    >>>>> "Juan T. Llibre" <> wrote in message news:...
    >>>>>> re:
    >>>>>> !> enabled Integrated Windows Authentication
    >>>>>> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>>>>>
    >>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>> every single account which accesses the application must have
    >>>>>> permission to access the app expressly granted.
    >>>>
    >>>>>>
    >>>>>> Have you considered using Anonymous Authentication or Forms Authentication ?
    >>>>
    >>>>> Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    >>>>> automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows Authentication
    >>>>> must
    >>>>> be on in order to debug the application.
    >>>>
    >>>>>> Or, are you set on creating a Windows user account for every single user of your App ?
    >>>>>
    >>>>> See above.
    >>>>
    >>>>
    >>>>>>
    >>>>>> Juan T. Llibre, asp.net MVP
    >>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>> ======================================
    >>>>>> "Scott M." <> wrote in message news:...
    >>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the
    >>>>>>> virtual directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The site
    >>>>>>> consists of just a single default.aspx file with nothing in it. When I attempt to run the project, I get an
    >>>>>>> http
    >>>>>>> 403 access fobidden error.
    >>>>>>>
    >>>>>>> What am I missing?
    >>>>>>>
    >>>>>>> Thanks.
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>

    >>
    >>
    >>

    >
    >
    Juan T. Llibre, Jan 26, 2008
    #11
  12. I've tried to explain to you the authentication mechanism as well as I can.
    If you know so much about this, why are you the one with the problem ?

    Go ahead and butt your head against the explanation.

    When you're done, you'll see that, if you turn on Windows Authentication.
    allegedly in order to debug the app, you're turning Windows Authentication
    on for the whole app, and not just for debugging purposes.

    That's why you're having problems.



    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:...
    > Your trying to solve the wrong problem here Juan.
    >
    > I'm not "trying" to make a Windows Authenticated ASP .NET web site. I'm simply trying to make a brand new, one blank
    > page site/project come up using IIS, rather than the ASP .NET development server.
    >
    > I'm not looking for documentation on how to use Windows Authentication. I only turned it on because VS say's it needs
    > it for debugging purposes. I know that you don't have to convert your site to a Windows Authenticated site just to
    > test a single, blank page.
    >
    > I also know that the IIS documentation directly contradicts what you are saying.
    >
    > Thanks anyway, but the path you are going down is not the path that relates to my question.



    > "Juan T. Llibre" <> wrote in message news:...
    >> No matter how much you nitpick my post,
    >> if you enable Windows Integrated Authentication, anonymous access is not allowed.
    >>
    >> The info you quoted is quite specific :
    >>
    >> !> Anonymous access is denied because Windows file system permissions have
    >> !> been set, requiring the users to provide a Windows user name and password
    >> !> before establishing a connection with restricted content.
    >>
    >> See my previous post for more details regarding use of Windows Authentication with ASP.NET.
    >>
    >> re:
    >> !> Contrary to your statement that Windows authentication overrides anonymous authentication
    >> !> this indicates that Windows authentication will only be used when anonymous is turned off
    >>
    >> Not true.
    >>
    >> Once Windows Integrated Authetication is selected, anonymous
    >> authentication is not possible, at least within non-ASP.NET IIS applications.
    >>
    >> For ASP.NET, certain special rules apply.
    >>
    >> Follow the link I provided in my previous post for details on
    >> how to require Windows Authentication for an ASP.NET app.
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message news:eM%...
    >>> Correction: IIS 5.1
    >>>
    >>> Also, from the IIS documentation:
    >>>
    >>> Once integrated Windows authentication is enabled, your Web server will only use it under the following conditions:
    >>>
    >>> -Anonymous access is disabled.
    >>>
    >>> -Anonymous access is denied because Windows file system permissions have been set, requiring the users to provide a
    >>> Windows user name and password before establishing a connection with restricted content.

    >>
    >>> Contrary to your statement that Windows authentication overrides anonymous authentication, this indicates that
    >>> Windows authentication will only be used when anonymous is turned off (which, in my case, it is not) or when
    >>> anonymous access is tried but denied.
    >>>
    >>> -Scott
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> "Scott M." <> wrote in message news:...
    >>>>
    >>>> "Juan T. Llibre" <> wrote in message news:%...
    >>>>> re:
    >>>>> !> Anonymous Access is on by default. I only turned on Integrated Windows
    >>>>> !> Authentication (in addition to the automatically enabled Anonymous Access)
    >>>>>
    >>>>> Integrated Windows Authentication overrides the Anonymous authentication default.
    >>>>
    >>>> I'm not so sure about that since both Anonymous and Integrated Windows are checked simultaneously. If selecting
    >>>> one disabled the other, I would expect that you would not be able to select them both together. I believe that
    >>>> selecting both allows IIS to have the benefits of both. VS needs integrated Windows authentication to make
    >>>> debugging work.
    >>>>
    >>>>> When you "only turned on Integrated Windows Authentication", in effect,
    >>>>> you are requiring *all* clients which access your application to have an
    >>>>> account on the server which is hosting it.
    >>>>>
    >>>>> re:
    >>>>> !> Integrated Windows Authentication must be on in order to debug the application
    >>>>>
    >>>>> Which OS are you using ? Which version of IIS are you using ?
    >>>>
    >>>> XP Pro. SP2 / IIS 6.0
    >>>>
    >>>>> There's different solutions for different OS/IIS versions.
    >>>>>
    >>>>> There's a slew of reports/solutions for the problem you report at :
    >>>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>>
    >>>> Yes, I've already seen those but that's not really the point of my post.
    >>>>
    >>>> Even with what you are saying, I should be able to see the page I'm trying to access since I do, in fact, have a
    >>>> Windows account on the development server that I'm testing against and even still, I get a 403 error.
    >>>>
    >>>>
    >>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> Juan T. Llibre, asp.net MVP
    >>>>> asp.net faq : http://asp.net.do/faq/
    >>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>> ======================================
    >>>>> "Scott M." <> wrote in message news:utGU6%...
    >>>>>>
    >>>>>> "Juan T. Llibre" <> wrote in message news:...
    >>>>>>> re:
    >>>>>>> !> enabled Integrated Windows Authentication
    >>>>>>> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>>>>>>
    >>>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>>> every single account which accesses the application must have
    >>>>>>> permission to access the app expressly granted.
    >>>>>
    >>>>>>>
    >>>>>>> Have you considered using Anonymous Authentication or Forms Authentication ?
    >>>>>
    >>>>>> Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    >>>>>> automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows Authentication
    >>>>>> must be on in order to debug the application.
    >>>>>
    >>>>>>> Or, are you set on creating a Windows user account for every single user of your App ?
    >>>>>>
    >>>>>> See above.
    >>>>>
    >>>>>
    >>>>>>>
    >>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>> ======================================
    >>>>>>> "Scott M." <> wrote in message news:...
    >>>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the
    >>>>>>>> virtual directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The
    >>>>>>>> site consists of just a single default.aspx file with nothing in it. When I attempt to run the project, I get
    >>>>>>>> an http 403 access fobidden error.
    >>>>>>>>
    >>>>>>>> What am I missing?
    >>>>>>>>
    >>>>>>>> Thanks.
    >>>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Juan T. Llibre, Jan 26, 2008
    #12
  13. Scott M.

    Scott M. Guest

    No, you aren't understanding the point of the message.

    If I don't turn this on, then VS won't even try to show the page. It must
    be turned on in order for VS to debug because VS uses a Windows account to
    authenticate the debugger.

    As I pointed out earlier turning this on only works when anonymous is either
    off or fails.

    At any rate, the problem is now solved as the issue was that IIS does not
    create a default document of "default.aspx". As soon as I add this, all is
    well.

    I am able to do this with Windows Authentication AND Anonymous
    Authentication both on but with the ASP.NET authentication set to NONE.

    -Scott


    "Juan T. Llibre" <> wrote in message
    news:%...
    > I've tried to explain to you the authentication mechanism as well as I
    > can.
    > If you know so much about this, why are you the one with the problem ?
    >
    > Go ahead and butt your head against the explanation.
    >
    > When you're done, you'll see that, if you turn on Windows Authentication.
    > allegedly in order to debug the app, you're turning Windows Authentication
    > on for the whole app, and not just for debugging purposes.
    >
    > That's why you're having problems.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Scott M." <> wrote in message
    > news:...
    >> See my last post (which I think you missed).
    >>
    >> And, comments here too, inline...
    >>
    >>
    >> "Juan T. Llibre" <> wrote in message
    >> news:Owc0%...
    >>> re:
    >>> !> I believe that selecting both allows IIS to have the benefits of
    >>> both. VS needs integrated
    >>>
    >>> If you select Windows Integrated Authentication, anonymous users won't
    >>> be able to login.

    >>
    >> Not true - see my other post.
    >>
    >>>
    >>> re:
    >>> !> Even with what you are saying, I should be able to see the page I'm
    >>> trying
    >>> !> to access since I do, in fact, have a Windows account on the
    >>> development
    >>> !> server that I'm testing against and even still, I get a 403 error.
    >>>
    >>> That depends on how you've configured ASP.NET.
    >>>
    >>> ASP.NET has a *separate* authentication configuration which IIS doesn't
    >>> interfere with.

    >>
    >> I know. If I set it to Form, Windows or None, I get the same results.
    >>
    >>>
    >>> In web.config, you must specify <authentication mode="Windows">
    >>> if you want Windows Integrated Authentication to work in ASP.NET.
    >>>
    >>> See :
    >>> http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5

    >>
    >> Not quite. As you point out the ASP .NET setting is separate from the
    >> IIS setting (although you can set the ASP .NET setting via the ASP .NET
    >> tab in IIS without having to do it in web config).
    >>
    >> Let's be clear here. The only reason I have Windows authentication
    >> turned on in IIS is because VS will not enter debug mode without it. I am
    >> not trying to create a Windows authenticated ASP .NET web site and so I
    >> would not set the ASP .NET setting to Windows authentication.
    >>
    >> As I point out in my other post you can have both Anonymous and Windows
    >> authentication turned on at the same time and this solves the VS
    >> debugging error.
    >>
    >>>
    >>> <quote>
    >>> "Windows authentication, also called Integrated Windows authentication,
    >>> uses Windows operating
    >>> system accounts to verify a user's credentials. This means that the user
    >>> must either be logged in
    >>> to the domain on which the server is running (in which case they will
    >>> not be queried for credentials),
    >>> or must log in to the domain when they try to access a protected page.
    >>>
    >>> This authentication scheme is part of IIS, and must be configured and
    >>> executed by IIS;
    >>> it is entirely separate from ASP.NET and is not, as such, an ASP.NET
    >>> authentication mechanism."
    >>> </quote>
    >>>
    >>> If you're running an ASP.NET application, you must configure
    >>> <authentication mode="Windows"> in web.config.>

    >>
    >> Uh, no that's not true.
    >>
    >>
    >>
    >>>
    >>>
    >>>
    >>>
    >>> Juan T. Llibre, asp.net MVP
    >>> asp.net faq : http://asp.net.do/faq/
    >>> foros de asp.net, en español : http://asp.net.do/foros/
    >>> ======================================
    >>> "Scott M." <> wrote in message
    >>> news:...
    >>>>
    >>>> "Juan T. Llibre" <> wrote in message
    >>>> news:%...
    >>>>> re:
    >>>>> !> Anonymous Access is on by default. I only turned on Integrated
    >>>>> Windows
    >>>>> !> Authentication (in addition to the automatically enabled Anonymous
    >>>>> Access)
    >>>>>
    >>>>> Integrated Windows Authentication overrides the Anonymous
    >>>>> authentication default.
    >>>>
    >>>> I'm not so sure about that since both Anonymous and Integrated Windows
    >>>> are checked simultaneously. If selecting one
    >>>> disabled the other, I would expect that you would not be able to select
    >>>> them both together. I believe that selecting
    >>>> both allows IIS to have the benefits of both. VS needs integrated

    >> Windows authentication to make debugging work.
    >>>>
    >>>>> When you "only turned on Integrated Windows Authentication", in
    >>>>> effect,
    >>>>> you are requiring *all* clients which access your application to have
    >>>>> an
    >>>>> account on the server which is hosting it.
    >>>>>
    >>>>> re:
    >>>>> !> Integrated Windows Authentication must be on in order to debug the
    >>>>> application
    >>>>>
    >>>>> Which OS are you using ? Which version of IIS are you using ?
    >>>>
    >>>> XP Pro. SP2 / IIS 6.0
    >>>>
    >>>>> There's different solutions for different OS/IIS versions.
    >>>>>
    >>>>> There's a slew of reports/solutions for the problem you report at :
    >>>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>>
    >>>> Yes, I've already seen those but that's not really the point of my
    >>>> post.
    >>>>
    >>>> Even with what you are saying, I should be able to see the page I'm
    >>>> trying to access since I do, in fact, have a
    >>>> Windows account on the development server that I'm testing against and
    >>>> even still, I get a 403 error.
    >>>>
    >>>>
    >>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> Juan T. Llibre, asp.net MVP
    >>>>> asp.net faq : http://asp.net.do/faq/
    >>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>> ======================================
    >>>>> "Scott M." <> wrote in message
    >>>>> news:utGU6%...
    >>>>>>
    >>>>>> "Juan T. Llibre" <> wrote in message
    >>>>>> news:...
    >>>>>>> re:
    >>>>>>> !> enabled Integrated Windows Authentication
    >>>>>>> !> When I attempt to run the project, I get an http 403 access
    >>>>>>> fobidden error
    >>>>>>>
    >>>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>>> every single account which accesses the application must have
    >>>>>>> permission to access the app expressly granted.
    >>>>>
    >>>>>>>
    >>>>>>> Have you considered using Anonymous Authentication or Forms
    >>>>>>> Authentication ?
    >>>>>
    >>>>>> Anonymous Access is on by default. I only turned on Integrated
    >>>>>> Windows Authentication (in addition to the
    >>>>>> automatically enabled Anonymous Access) because Visual Studio
    >>>>>> complained that Integrated Windows Authentication must
    >>>>>> be on in order to debug the application.
    >>>>>
    >>>>>>> Or, are you set on creating a Windows user account for every single
    >>>>>>> user of your App ?
    >>>>>>
    >>>>>> See above.
    >>>>>
    >>>>>
    >>>>>>>
    >>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>> ======================================
    >>>>>>> "Scott M." <> wrote in message
    >>>>>>> news:...
    >>>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
    >>>>>>>> setting to use IIS. I then created the
    >>>>>>>> virtual directory (from the button in VS) and then went and enabled
    >>>>>>>> Integrated Windows Authentication. The site
    >>>>>>>> consists of just a single default.aspx file with nothing in it.
    >>>>>>>> When I attempt to run the project, I get an http
    >>>>>>>> 403 access fobidden error.
    >>>>>>>>
    >>>>>>>> What am I missing?
    >>>>>>>>
    >>>>>>>> Thanks.
    >>>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>
    >>>
    >>>

    >>
    >>

    >
    >
    Scott M., Jan 26, 2008
    #13
  14. re:
    !> I am able to do this with Windows Authentication AND Anonymous
    !> Authentication both on but with the ASP.NET authentication set to NONE.

    Yup.

    That one of the things I was trying to explain:
    there are separate authentication mechanisms for IIS and ASP.NET.

    In any case, glad you're up and running again.





    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:%...
    > No, you aren't understanding the point of the message.
    >
    > If I don't turn this on, then VS won't even try to show the page. It must be turned on in order for VS to debug
    > because VS uses a Windows account to authenticate the debugger.
    >
    > As I pointed out earlier turning this on only works when anonymous is either off or fails.
    >
    > At any rate, the problem is now solved as the issue was that IIS does not create a default document of "default.aspx".
    > As soon as I add this, all is well.
    >
    > I am able to do this with Windows Authentication AND Anonymous Authentication both on but with the ASP.NET
    > authentication set to NONE.
    >
    > -Scott
    >
    >
    > "Juan T. Llibre" <> wrote in message news:%...
    >> I've tried to explain to you the authentication mechanism as well as I can.
    >> If you know so much about this, why are you the one with the problem ?
    >>
    >> Go ahead and butt your head against the explanation.
    >>
    >> When you're done, you'll see that, if you turn on Windows Authentication.
    >> allegedly in order to debug the app, you're turning Windows Authentication
    >> on for the whole app, and not just for debugging purposes.
    >>
    >> That's why you're having problems.
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message news:...
    >>> See my last post (which I think you missed).
    >>>
    >>> And, comments here too, inline...
    >>>
    >>>
    >>> "Juan T. Llibre" <> wrote in message news:Owc0%...
    >>>> re:
    >>>> !> I believe that selecting both allows IIS to have the benefits of both. VS needs integrated
    >>>>
    >>>> If you select Windows Integrated Authentication, anonymous users won't be able to login.
    >>>
    >>> Not true - see my other post.
    >>>
    >>>>
    >>>> re:
    >>>> !> Even with what you are saying, I should be able to see the page I'm trying
    >>>> !> to access since I do, in fact, have a Windows account on the development
    >>>> !> server that I'm testing against and even still, I get a 403 error.
    >>>>
    >>>> That depends on how you've configured ASP.NET.
    >>>>
    >>>> ASP.NET has a *separate* authentication configuration which IIS doesn't interfere with.
    >>>
    >>> I know. If I set it to Form, Windows or None, I get the same results.
    >>>
    >>>>
    >>>> In web.config, you must specify <authentication mode="Windows">
    >>>> if you want Windows Integrated Authentication to work in ASP.NET.
    >>>>
    >>>> See : http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5
    >>>
    >>> Not quite. As you point out the ASP .NET setting is separate from the IIS setting (although you can set the ASP
    >>> .NET setting via the ASP .NET tab in IIS without having to do it in web config).
    >>>
    >>> Let's be clear here. The only reason I have Windows authentication turned on in IIS is because VS will not enter
    >>> debug mode without it. I am not trying to create a Windows authenticated ASP .NET web site and so I would not set
    >>> the ASP .NET setting to Windows authentication.
    >>>
    >>> As I point out in my other post you can have both Anonymous and Windows authentication turned on at the same time
    >>> and this solves the VS debugging error.
    >>>
    >>>>
    >>>> <quote>
    >>>> "Windows authentication, also called Integrated Windows authentication, uses Windows operating
    >>>> system accounts to verify a user's credentials. This means that the user must either be logged in
    >>>> to the domain on which the server is running (in which case they will not be queried for credentials),
    >>>> or must log in to the domain when they try to access a protected page.
    >>>>
    >>>> This authentication scheme is part of IIS, and must be configured and executed by IIS;
    >>>> it is entirely separate from ASP.NET and is not, as such, an ASP.NET authentication mechanism."
    >>>> </quote>
    >>>>
    >>>> If you're running an ASP.NET application, you must configure <authentication mode="Windows"> in web.config.>
    >>>
    >>> Uh, no that's not true.
    >>>
    >>>
    >>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> Juan T. Llibre, asp.net MVP
    >>>> asp.net faq : http://asp.net.do/faq/
    >>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>> ======================================
    >>>> "Scott M." <> wrote in message news:...
    >>>>>
    >>>>> "Juan T. Llibre" <> wrote in message news:%...
    >>>>>> re:
    >>>>>> !> Anonymous Access is on by default. I only turned on Integrated Windows
    >>>>>> !> Authentication (in addition to the automatically enabled Anonymous Access)
    >>>>>>
    >>>>>> Integrated Windows Authentication overrides the Anonymous authentication default.
    >>>>>
    >>>>> I'm not so sure about that since both Anonymous and Integrated Windows are checked simultaneously. If selecting
    >>>>> one
    >>>>> disabled the other, I would expect that you would not be able to select them both together. I believe that
    >>>>> selecting
    >>>>> both allows IIS to have the benefits of both. VS needs integrated
    >>> Windows authentication to make debugging work.
    >>>>>
    >>>>>> When you "only turned on Integrated Windows Authentication", in effect,
    >>>>>> you are requiring *all* clients which access your application to have an
    >>>>>> account on the server which is hosting it.
    >>>>>>
    >>>>>> re:
    >>>>>> !> Integrated Windows Authentication must be on in order to debug the application
    >>>>>>
    >>>>>> Which OS are you using ? Which version of IIS are you using ?
    >>>>>
    >>>>> XP Pro. SP2 / IIS 6.0
    >>>>>
    >>>>>> There's different solutions for different OS/IIS versions.
    >>>>>>
    >>>>>> There's a slew of reports/solutions for the problem you report at :
    >>>>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>>>
    >>>>> Yes, I've already seen those but that's not really the point of my post.
    >>>>>
    >>>>> Even with what you are saying, I should be able to see the page I'm trying to access since I do, in fact, have a
    >>>>> Windows account on the development server that I'm testing against and even still, I get a 403 error.
    >>>>>
    >>>>>
    >>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> Juan T. Llibre, asp.net MVP
    >>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>> ======================================
    >>>>>> "Scott M." <> wrote in message news:utGU6%...
    >>>>>>>
    >>>>>>> "Juan T. Llibre" <> wrote in message news:...
    >>>>>>>> re:
    >>>>>>>> !> enabled Integrated Windows Authentication
    >>>>>>>> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>>>>>>>
    >>>>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>>>> every single account which accesses the application must have
    >>>>>>>> permission to access the app expressly granted.
    >>>>>>
    >>>>>>>>
    >>>>>>>> Have you considered using Anonymous Authentication or Forms Authentication ?
    >>>>>>
    >>>>>>> Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    >>>>>>> automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows Authentication
    >>>>>>> must
    >>>>>>> be on in order to debug the application.
    >>>>>>
    >>>>>>>> Or, are you set on creating a Windows user account for every single user of your App ?
    >>>>>>>
    >>>>>>> See above.
    >>>>>>
    >>>>>>
    >>>>>>>>
    >>>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>>> ======================================
    >>>>>>>> "Scott M." <> wrote in message news:...
    >>>>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the
    >>>>>>>>> virtual directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The
    >>>>>>>>> site
    >>>>>>>>> consists of just a single default.aspx file with nothing in it. When I attempt to run the project, I get an
    >>>>>>>>> http
    >>>>>>>>> 403 access fobidden error.
    >>>>>>>>>
    >>>>>>>>> What am I missing?
    >>>>>>>>>
    >>>>>>>>> Thanks.
    >>>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Juan T. Llibre, Jan 26, 2008
    #14
  15. Scott M.

    Scott M. Guest

    Actually, you said that I must set ASP .NET authentication to Windows - I
    said that you didn't have to.



    "Juan T. Llibre" <> wrote in message
    news:...
    > re:
    > !> I am able to do this with Windows Authentication AND Anonymous
    > !> Authentication both on but with the ASP.NET authentication set to NONE.
    >
    > Yup.
    >
    > That one of the things I was trying to explain:
    > there are separate authentication mechanisms for IIS and ASP.NET.
    >
    > In any case, glad you're up and running again.
    >
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "Scott M." <> wrote in message
    > news:%...
    >> No, you aren't understanding the point of the message.
    >>
    >> If I don't turn this on, then VS won't even try to show the page. It
    >> must be turned on in order for VS to debug because VS uses a Windows
    >> account to authenticate the debugger.
    >>
    >> As I pointed out earlier turning this on only works when anonymous is
    >> either off or fails.
    >>
    >> At any rate, the problem is now solved as the issue was that IIS does not
    >> create a default document of "default.aspx". As soon as I add this, all
    >> is well.
    >>
    >> I am able to do this with Windows Authentication AND Anonymous
    >> Authentication both on but with the ASP.NET authentication set to NONE.
    >>
    >> -Scott
    >>
    >>
    >> "Juan T. Llibre" <> wrote in message
    >> news:%...
    >>> I've tried to explain to you the authentication mechanism as well as I
    >>> can.
    >>> If you know so much about this, why are you the one with the problem ?
    >>>
    >>> Go ahead and butt your head against the explanation.
    >>>
    >>> When you're done, you'll see that, if you turn on Windows
    >>> Authentication.
    >>> allegedly in order to debug the app, you're turning Windows
    >>> Authentication
    >>> on for the whole app, and not just for debugging purposes.
    >>>
    >>> That's why you're having problems.
    >>>
    >>>
    >>>
    >>>
    >>> Juan T. Llibre, asp.net MVP
    >>> asp.net faq : http://asp.net.do/faq/
    >>> foros de asp.net, en español : http://asp.net.do/foros/
    >>> ======================================
    >>> "Scott M." <> wrote in message
    >>> news:...
    >>>> See my last post (which I think you missed).
    >>>>
    >>>> And, comments here too, inline...
    >>>>
    >>>>
    >>>> "Juan T. Llibre" <> wrote in message
    >>>> news:Owc0%...
    >>>>> re:
    >>>>> !> I believe that selecting both allows IIS to have the benefits of
    >>>>> both. VS needs integrated
    >>>>>
    >>>>> If you select Windows Integrated Authentication, anonymous users won't
    >>>>> be able to login.
    >>>>
    >>>> Not true - see my other post.
    >>>>
    >>>>>
    >>>>> re:
    >>>>> !> Even with what you are saying, I should be able to see the page I'm
    >>>>> trying
    >>>>> !> to access since I do, in fact, have a Windows account on the
    >>>>> development
    >>>>> !> server that I'm testing against and even still, I get a 403 error.
    >>>>>
    >>>>> That depends on how you've configured ASP.NET.
    >>>>>
    >>>>> ASP.NET has a *separate* authentication configuration which IIS
    >>>>> doesn't interfere with.
    >>>>
    >>>> I know. If I set it to Form, Windows or None, I get the same results.
    >>>>
    >>>>>
    >>>>> In web.config, you must specify <authentication mode="Windows">
    >>>>> if you want Windows Integrated Authentication to work in ASP.NET.
    >>>>>
    >>>>> See :
    >>>>> http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5
    >>>>
    >>>> Not quite. As you point out the ASP .NET setting is separate from the
    >>>> IIS setting (although you can set the ASP .NET setting via the ASP .NET
    >>>> tab in IIS without having to do it in web config).
    >>>>
    >>>> Let's be clear here. The only reason I have Windows authentication
    >>>> turned on in IIS is because VS will not enter debug mode without it. I
    >>>> am not trying to create a Windows authenticated ASP .NET web site and
    >>>> so I would not set the ASP .NET setting to Windows authentication.
    >>>>
    >>>> As I point out in my other post you can have both Anonymous and Windows
    >>>> authentication turned on at the same time and this solves the VS
    >>>> debugging error.
    >>>>
    >>>>>
    >>>>> <quote>
    >>>>> "Windows authentication, also called Integrated Windows
    >>>>> authentication, uses Windows operating
    >>>>> system accounts to verify a user's credentials. This means that the
    >>>>> user must either be logged in
    >>>>> to the domain on which the server is running (in which case they will
    >>>>> not be queried for credentials),
    >>>>> or must log in to the domain when they try to access a protected page.
    >>>>>
    >>>>> This authentication scheme is part of IIS, and must be configured and
    >>>>> executed by IIS;
    >>>>> it is entirely separate from ASP.NET and is not, as such, an ASP.NET
    >>>>> authentication mechanism."
    >>>>> </quote>
    >>>>>
    >>>>> If you're running an ASP.NET application, you must configure
    >>>>> <authentication mode="Windows"> in web.config.>
    >>>>
    >>>> Uh, no that's not true.
    >>>>
    >>>>
    >>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> Juan T. Llibre, asp.net MVP
    >>>>> asp.net faq : http://asp.net.do/faq/
    >>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>> ======================================
    >>>>> "Scott M." <> wrote in message
    >>>>> news:...
    >>>>>>
    >>>>>> "Juan T. Llibre" <> wrote in message
    >>>>>> news:%...
    >>>>>>> re:
    >>>>>>> !> Anonymous Access is on by default. I only turned on Integrated
    >>>>>>> Windows
    >>>>>>> !> Authentication (in addition to the automatically enabled
    >>>>>>> Anonymous Access)
    >>>>>>>
    >>>>>>> Integrated Windows Authentication overrides the Anonymous
    >>>>>>> authentication default.
    >>>>>>
    >>>>>> I'm not so sure about that since both Anonymous and Integrated
    >>>>>> Windows are checked simultaneously. If selecting one
    >>>>>> disabled the other, I would expect that you would not be able to
    >>>>>> select them both together. I believe that selecting
    >>>>>> both allows IIS to have the benefits of both. VS needs integrated
    >>>> Windows authentication to make debugging work.
    >>>>>>
    >>>>>>> When you "only turned on Integrated Windows Authentication", in
    >>>>>>> effect,
    >>>>>>> you are requiring *all* clients which access your application to
    >>>>>>> have an
    >>>>>>> account on the server which is hosting it.
    >>>>>>>
    >>>>>>> re:
    >>>>>>> !> Integrated Windows Authentication must be on in order to debug
    >>>>>>> the application
    >>>>>>>
    >>>>>>> Which OS are you using ? Which version of IIS are you using ?
    >>>>>>
    >>>>>> XP Pro. SP2 / IIS 6.0
    >>>>>>
    >>>>>>> There's different solutions for different OS/IIS versions.
    >>>>>>>
    >>>>>>> There's a slew of reports/solutions for the problem you report at :
    >>>>>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>>>>
    >>>>>> Yes, I've already seen those but that's not really the point of my
    >>>>>> post.
    >>>>>>
    >>>>>> Even with what you are saying, I should be able to see the page I'm
    >>>>>> trying to access since I do, in fact, have a
    >>>>>> Windows account on the development server that I'm testing against
    >>>>>> and even still, I get a 403 error.
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>> ======================================
    >>>>>>> "Scott M." <> wrote in message
    >>>>>>> news:utGU6%...
    >>>>>>>>
    >>>>>>>> "Juan T. Llibre" <> wrote in message
    >>>>>>>> news:...
    >>>>>>>>> re:
    >>>>>>>>> !> enabled Integrated Windows Authentication
    >>>>>>>>> !> When I attempt to run the project, I get an http 403 access
    >>>>>>>>> fobidden error
    >>>>>>>>>
    >>>>>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>>>>> every single account which accesses the application must have
    >>>>>>>>> permission to access the app expressly granted.
    >>>>>>>
    >>>>>>>>>
    >>>>>>>>> Have you considered using Anonymous Authentication or Forms
    >>>>>>>>> Authentication ?
    >>>>>>>
    >>>>>>>> Anonymous Access is on by default. I only turned on Integrated
    >>>>>>>> Windows Authentication (in addition to the
    >>>>>>>> automatically enabled Anonymous Access) because Visual Studio
    >>>>>>>> complained that Integrated Windows Authentication must
    >>>>>>>> be on in order to debug the application.
    >>>>>>>
    >>>>>>>>> Or, are you set on creating a Windows user account for every
    >>>>>>>>> single user of your App ?
    >>>>>>>>
    >>>>>>>> See above.
    >>>>>>>
    >>>>>>>
    >>>>>>>>>
    >>>>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>>>> ======================================
    >>>>>>>>> "Scott M." <> wrote in message
    >>>>>>>>> news:...
    >>>>>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the
    >>>>>>>>>> server setting to use IIS. I then created the
    >>>>>>>>>> virtual directory (from the button in VS) and then went and
    >>>>>>>>>> enabled Integrated Windows Authentication. The site
    >>>>>>>>>> consists of just a single default.aspx file with nothing in it.
    >>>>>>>>>> When I attempt to run the project, I get an http
    >>>>>>>>>> 403 access fobidden error.
    >>>>>>>>>>
    >>>>>>>>>> What am I missing?
    >>>>>>>>>>
    >>>>>>>>>> Thanks.
    >>>>>>>>>>
    >>>>>>>>>
    >>>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Scott M., Jan 26, 2008
    #15
  16. re:
    !> Actually, you said that I must set ASP .NET authentication to Windows
    !> - I said that you didn't have to.

    Still nitpicking, huh ?

    It was you who said : "I get an http 403 access forbidden error".

    To solve that, if that's an authentication error message,
    and you have a default document configured, you *must* set Windows Authentication.

    Of course, that creates other problems which must be solved
    if you want to run IIS with Windows Authentication successfully.

    ASP.NET has a *different* authentication method, as I tried to explain to you,
    and not having a default document creates a different problem.

    When the error message is : "I get an http 403 access forbidden error"
    *and you don't have directory browsing turned on*, the most likely culprit
    is that you don't have a default document, but you didn't give enough info
    to determine whether that was your issue.

    If you had had directory browsing turned on, your problem would have never surfaced.

    <sigh>

    Carry on...but don't expect me to try to help you any more.
    A good deed never goes unpunished.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Scott M." <> wrote in message news:...
    > Actually, you said that I must set ASP .NET authentication to Windows - I said that you didn't have to.
    >
    >
    >
    > "Juan T. Llibre" <> wrote in message news:...
    >> re:
    >> !> I am able to do this with Windows Authentication AND Anonymous
    >> !> Authentication both on but with the ASP.NET authentication set to NONE.
    >>
    >> Yup.
    >>
    >> That one of the things I was trying to explain:
    >> there are separate authentication mechanisms for IIS and ASP.NET.
    >>
    >> In any case, glad you're up and running again.
    >>
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ======================================
    >> "Scott M." <> wrote in message news:%...
    >>> No, you aren't understanding the point of the message.
    >>>
    >>> If I don't turn this on, then VS won't even try to show the page. It must be turned on in order for VS to debug
    >>> because VS uses a Windows account to authenticate the debugger.
    >>>
    >>> As I pointed out earlier turning this on only works when anonymous is either off or fails.
    >>>
    >>> At any rate, the problem is now solved as the issue was that IIS does not create a default document of
    >>> "default.aspx". As soon as I add this, all is well.
    >>>
    >>> I am able to do this with Windows Authentication AND Anonymous Authentication both on but with the ASP.NET
    >>> authentication set to NONE.
    >>>
    >>> -Scott
    >>>
    >>>
    >>> "Juan T. Llibre" <> wrote in message news:%...
    >>>> I've tried to explain to you the authentication mechanism as well as I can.
    >>>> If you know so much about this, why are you the one with the problem ?
    >>>>
    >>>> Go ahead and butt your head against the explanation.
    >>>>
    >>>> When you're done, you'll see that, if you turn on Windows Authentication.
    >>>> allegedly in order to debug the app, you're turning Windows Authentication
    >>>> on for the whole app, and not just for debugging purposes.
    >>>>
    >>>> That's why you're having problems.
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> Juan T. Llibre, asp.net MVP
    >>>> asp.net faq : http://asp.net.do/faq/
    >>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>> ======================================
    >>>> "Scott M." <> wrote in message news:...
    >>>>> See my last post (which I think you missed).
    >>>>>
    >>>>> And, comments here too, inline...
    >>>>>
    >>>>>
    >>>>> "Juan T. Llibre" <> wrote in message news:Owc0%...
    >>>>>> re:
    >>>>>> !> I believe that selecting both allows IIS to have the benefits of both. VS needs integrated
    >>>>>>
    >>>>>> If you select Windows Integrated Authentication, anonymous users won't be able to login.
    >>>>>
    >>>>> Not true - see my other post.
    >>>>>
    >>>>>>
    >>>>>> re:
    >>>>>> !> Even with what you are saying, I should be able to see the page I'm trying
    >>>>>> !> to access since I do, in fact, have a Windows account on the development
    >>>>>> !> server that I'm testing against and even still, I get a 403 error.
    >>>>>>
    >>>>>> That depends on how you've configured ASP.NET.
    >>>>>>
    >>>>>> ASP.NET has a *separate* authentication configuration which IIS doesn't interfere with.
    >>>>>
    >>>>> I know. If I set it to Form, Windows or None, I get the same results.
    >>>>>
    >>>>>>
    >>>>>> In web.config, you must specify <authentication mode="Windows">
    >>>>>> if you want Windows Integrated Authentication to work in ASP.NET.
    >>>>>>
    >>>>>> See : http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5
    >>>>>
    >>>>> Not quite. As you point out the ASP .NET setting is separate from the IIS setting (although you can set the ASP
    >>>>> .NET setting via the ASP .NET tab in IIS without having to do it in web config).
    >>>>>
    >>>>> Let's be clear here. The only reason I have Windows authentication turned on in IIS is because VS will not enter
    >>>>> debug mode without it. I am not trying to create a Windows authenticated ASP .NET web site and so I would not set
    >>>>> the ASP .NET setting to Windows authentication.
    >>>>>
    >>>>> As I point out in my other post you can have both Anonymous and Windows authentication turned on at the same time
    >>>>> and this solves the VS debugging error.
    >>>>>
    >>>>>>
    >>>>>> <quote>
    >>>>>> "Windows authentication, also called Integrated Windows authentication, uses Windows operating
    >>>>>> system accounts to verify a user's credentials. This means that the user must either be logged in
    >>>>>> to the domain on which the server is running (in which case they will not be queried for credentials),
    >>>>>> or must log in to the domain when they try to access a protected page.
    >>>>>>
    >>>>>> This authentication scheme is part of IIS, and must be configured and executed by IIS;
    >>>>>> it is entirely separate from ASP.NET and is not, as such, an ASP.NET authentication mechanism."
    >>>>>> </quote>
    >>>>>>
    >>>>>> If you're running an ASP.NET application, you must configure <authentication mode="Windows"> in web.config.>
    >>>>>
    >>>>> Uh, no that's not true.
    >>>>>
    >>>>>
    >>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> Juan T. Llibre, asp.net MVP
    >>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>> ======================================
    >>>>>> "Scott M." <> wrote in message news:...
    >>>>>>>
    >>>>>>> "Juan T. Llibre" <> wrote in message news:%...
    >>>>>>>> re:
    >>>>>>>> !> Anonymous Access is on by default. I only turned on Integrated Windows
    >>>>>>>> !> Authentication (in addition to the automatically enabled Anonymous Access)
    >>>>>>>>
    >>>>>>>> Integrated Windows Authentication overrides the Anonymous authentication default.
    >>>>>>>
    >>>>>>> I'm not so sure about that since both Anonymous and Integrated Windows are checked simultaneously. If selecting
    >>>>>>> one
    >>>>>>> disabled the other, I would expect that you would not be able to select them both together. I believe that
    >>>>>>> selecting
    >>>>>>> both allows IIS to have the benefits of both. VS needs integrated
    >>>>> Windows authentication to make debugging work.
    >>>>>>>
    >>>>>>>> When you "only turned on Integrated Windows Authentication", in effect,
    >>>>>>>> you are requiring *all* clients which access your application to have an
    >>>>>>>> account on the server which is hosting it.
    >>>>>>>>
    >>>>>>>> re:
    >>>>>>>> !> Integrated Windows Authentication must be on in order to debug the application
    >>>>>>>>
    >>>>>>>> Which OS are you using ? Which version of IIS are you using ?
    >>>>>>>
    >>>>>>> XP Pro. SP2 / IIS 6.0
    >>>>>>>
    >>>>>>>> There's different solutions for different OS/IIS versions.
    >>>>>>>>
    >>>>>>>> There's a slew of reports/solutions for the problem you report at :
    >>>>>>>> http://www.google.com/search?hl=en&q=debug "Visual Studio" "Windows Authentication"
    >>>>>>>
    >>>>>>> Yes, I've already seen those but that's not really the point of my post.
    >>>>>>>
    >>>>>>> Even with what you are saying, I should be able to see the page I'm trying to access since I do, in fact, have a
    >>>>>>> Windows account on the development server that I'm testing against and even still, I get a 403 error.
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>>> ======================================
    >>>>>>>> "Scott M." <> wrote in message news:utGU6%...
    >>>>>>>>>
    >>>>>>>>> "Juan T. Llibre" <> wrote in message news:...
    >>>>>>>>>> re:
    >>>>>>>>>> !> enabled Integrated Windows Authentication
    >>>>>>>>>> !> When I attempt to run the project, I get an http 403 access fobidden error
    >>>>>>>>>>
    >>>>>>>>>> When you run ASP.NET with Windows Authentication enabled,
    >>>>>>>>>> every single account which accesses the application must have
    >>>>>>>>>> permission to access the app expressly granted.
    >>>>>>>>
    >>>>>>>>>>
    >>>>>>>>>> Have you considered using Anonymous Authentication or Forms Authentication ?
    >>>>>>>>
    >>>>>>>>> Anonymous Access is on by default. I only turned on Integrated Windows Authentication (in addition to the
    >>>>>>>>> automatically enabled Anonymous Access) because Visual Studio complained that Integrated Windows
    >>>>>>>>> Authentication must
    >>>>>>>>> be on in order to debug the application.
    >>>>>>>>
    >>>>>>>>>> Or, are you set on creating a Windows user account for every single user of your App ?
    >>>>>>>>>
    >>>>>>>>> See above.
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>>>
    >>>>>>>>>> Juan T. Llibre, asp.net MVP
    >>>>>>>>>> asp.net faq : http://asp.net.do/faq/
    >>>>>>>>>> foros de asp.net, en español : http://asp.net.do/foros/
    >>>>>>>>>> ======================================
    >>>>>>>>>> "Scott M." <> wrote in message news:...
    >>>>>>>>>>> In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server setting to use IIS. I then created the
    >>>>>>>>>>> virtual directory (from the button in VS) and then went and enabled Integrated Windows Authentication. The
    >>>>>>>>>>> site
    >>>>>>>>>>> consists of just a single default.aspx file with nothing in it. When I attempt to run the project, I get an
    >>>>>>>>>>> http
    >>>>>>>>>>> 403 access fobidden error.
    >>>>>>>>>>>
    >>>>>>>>>>> What am I missing?
    >>>>>>>>>>>
    >>>>>>>>>>> Thanks.
    >>>>>>>>>>>
    >>>>>>>>>>
    >>>>>>>>>>
    >>>>>>>>>
    >>>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Juan T. Llibre, Jan 26, 2008
    #16
  17. Scott M.

    Scott M. Guest


    > Carry on...but don't expect me to try to help you any more.
    > A good deed never goes unpunished.


    I think that would be best. Since every interaction I've ever had with you
    results in you becomming insulting and combative when I point something out
    that you said that was incorrect. I think you call that "nit-picking", but
    I hardly see how proving a definitive statement wrong is nit-picking.

    Yes, you did say that there are two kinds of authentication: one for IIS and
    one for ASP .NET.
    - I already knew that and was not asking about that.
    - You said flat out that if IIS is set to Windows authentication, then
    so must ASP .NET, which is wrong.

    The bulk of our discussion was about this, although I continued to try to
    tell you that this was not where my issue lies. You continued to go on
    about it, so I continued to point out that you are incorrect.

    You said flat out that when Anonymous Authentication and Windows
    Authentication are both turned on in IIS, that Anonymous Authentication is
    ignored. I provided you with Microsoft documentation that directly
    contradicts that and your response was that when ASP .NET is involved, it is
    a "special" situation. My results, in the end, support Microsoft's
    documentation and explanation, not yours.

    It was from this incorrect statement on your part that you then proceeded to
    lecture me with your next incorrect statement (that I "*must* turn ASP .NET
    Windows authentication on in ASP .NET" [your exact words]) - which is also
    incorrect and proved by the fact that my, now working, project has the
    settings in just the confiugration you said it couldn't have.

    Now, you are tryinig to cover your tracks by saying that if I had just told
    you in the beginning about my default document, your explanations would
    apply and make it sound like it's my fault that your explanations missed the
    mark. How could I know to tell you about my default document when it turns
    out that this was the answer I was looking for in the first place? And,
    quite frankly, none of your explanations left any room open for any other
    possible causes. You never said anything like "unless you have not chosen a
    default document, you'll have to set your prermissions this way..". You
    simply said "you must set your permissions up this way". Wrong.

    So, if your idea of providing good deeds is to tell me one incorrect thing
    after another and then call me names when I simply point out that your
    wrong, then thank you very much.

    This is not the first time your "help" has resulted in you acting this way,
    which I don't understand. I appreciate your trying to help, but please
    don't act like your doing me any great favors by supplying me with incorrect
    information and then becomming combative when I point out your wrong.

    -Scott
    Scott M., Jan 26, 2008
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matthew Louden
    Replies:
    3
    Views:
    5,872
    Sherif ElMetainy
    Nov 7, 2003
  2. Replies:
    4
    Views:
    943
    Timo Stamm
    Feb 24, 2006
  3. =?Utf-8?B?RGF2aWQgV2lsbGlhbXM=?=

    Web.Config parsing errors with Web App projects using IIS

    =?Utf-8?B?RGF2aWQgV2lsbGlhbXM=?=, May 17, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    18,345
    =?Utf-8?B?RGF2aWQgV2lsbGlhbXM=?=
    May 19, 2006
  4. Replies:
    0
    Views:
    409
  5. Jon Davis
    Replies:
    3
    Views:
    563
    Jon Davis
    Jun 21, 2007
Loading...

Share This Page