trying to post to aspx anonyomously is blocked?
From: Larry (Larry_at_froghaven.com)
Date: Mon, 19 Apr 2004 09:16:43 -0700
I have written a webform page to respond to a users post on the web site.
This worked on the test site which had anonymous turned off. I then moved it
to the regular web site (copied the files, reinstalled the FP extension) and
chaged the setting for anonymous use. but when I try to post the form
results to the aspx page I keep getting the windows authentication dialog.
If I go ahead and give the credentials the page goes ahead and works but I
want this page to work without having need a log in.
I've tried everything I can think of concerning the permissions (which to my
way of thinking must be the problem) on the files and directories that the
aspx page resides in, and the various dotnet directories (per the setting up
an ASPUSER account KB). I've tried adding IUSR_machine to all of them, and I
still get the log-on challenge.
Someone (from the usoft support center) told me once that the NETWORK,
SYSTEM and INTERACTIVE accounts have to have full control on all the
directories, so I check and in some cases modified those to have full
access, still the same behavior. (BTW is there a white paper or something
that explains the purpose of these accounts, when they need to be present
and what permissions they need have when present? The security articles keep
saying remove any unnessecary accounts from various directories but never a
word of if these are needed or are they like the "everyone" account;
automatically added giving unwarrented access to things.)
My server is a win2K server and needs to run IIS (with FPextensions and
dotnet), exchange, SQL, and activedirectory. I know this is not the
recommended configuration but I don't have the billions of dollars usoft has
to run a seperate server for each function. Obviously system admin is not my
forte so I would appreciate as much detailed help as you can give me in
getting the premissions and other security setting set up correctly.
oh yes one other note of interest; I do have the aspx's web.config set to
windows authentication with impersonate set to true.