Re: Configuration Differences

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/22/04

• Next message: Matt: "Re: Configuration Differences"
• Previous message: Matt: "Re: Configuration Differences"
• In reply to: Matt: "Re: Configuration Differences"
• Next in thread: Matt: "Re: Configuration Differences"
• Reply: Matt: "Re: Configuration Differences"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 22 Nov 2004 13:16:50 -0600

Are you certain the second site doesn't have Windows Integrated
Authentication enabled? The results you got indicate that someone was
authenticated by IIS (unless some special code ran that changed Context.User
to a Windows account).

When impersonation is enabled, ASP.NET will impersonate the account that was
authenticated by IIS. If anonymous access was enabled, then the anonymous
user account is impersonated. This is assuming that you haven't specified
the user and password attributes in that tag.

Joe K.

"Matt" <Matt@discussions.microsoft.com> wrote in message
news:03FCAD6B-DA13-42AB-962D-2450554CCBBA@microsoft.com...
>I checked both sites. Both have Anon access enabled via IIS Mgr. Both
>sites
> are using a domain-level account and the web.config on both is set to
> impersonate. The behaviors on each are still different. Are there other
> things I can check? Also, when the impersonation is enabled in
> web.config,
> is it the user specified in the "Enable Anon Access" dialog that is
> impersonated? Are there other settings in the machine.config and
> security.config that may impact this?
>
> "Paul Glavich [MVP - ASP.NET]" wrote:
>
>> I think Joe is spot on. The only thing to add is that impersonation is
>> enabled in both web.config files as well.
>>
>> --
>> - Paul Glavich
>> Microsoft MVP - ASP.NET
>>
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote
>> in message news:ur$6x8pzEHA.2568@TK2MSFTNGP10.phx.gbl...
>> > My guess is that anonymous access is enabled in IIS on server 1 and is
>> > not
>> > on server 2.
>> >
>> > Joe K.
>> >
>> > "Matt" <Matt@discussions.microsoft.com> wrote in message
>> > news:69AEF6B7-159E-4739-96E9-7E8A9F24C05A@microsoft.com...
>> > >I have two sites on separate servers configured. When I query a page
>> that
>> > > returns information on security/user context, I get two different
>> replies.
>> > >
>> > > On Server 1:
>> > > HttpContext.Current.User.Identity
>> > > Name
>> > > IsAuthenticated False
>> > > AuthenticationType
>> > >
>> > > WindowsIdentity.GetCurrent()
>> > > Name MACHINENAME\IUSR_MACHINENAME1
>> > > IsAuthenticated True
>> > > AuthenticationType NTLM
>> > >
>> > > Thread.CurrentPrincipal.Identity
>> > > Name
>> > > IsAuthenticated False
>> > > AuthenticationType
>> > >
>> > >
>> > > On Server 2:
>> > > HttpContext.Current.User.Identity
>> > > Name DOMAIN\USER
>> > > IsAuthenticated True
>> > > AuthenticationType Negotiate
>> > >
>> > > WindowsIdentity.GetCurrent()
>> > > Name DOMAIN\USER
>> > > IsAuthenticated True
>> > > AuthenticationType NTLM
>> > >
>> > > Thread.CurrentPrincipal.Identity
>> > > Name DOMAIN\USER
>> > > IsAuthenticated True
>> > > AuthenticationType Negotiate
>> > >
>> > > --
>> > >
>> > > My question is what is the likely configuration that is created these
>> > > differing scenarios. I have not been able to locate the entries in
>> > > machine.config,web.config or system.config that would be causing this
>> > > since
>> > > most of these files have the default configuration. Also, which of
>> > > the
>> > > above
>> > > could I expect to see as a default configuration on a web in IIS?
>> >
>> >
>>
>>
>>

• Next message: Matt: "Re: Configuration Differences"
• Previous message: Matt: "Re: Configuration Differences"
• In reply to: Matt: "Re: Configuration Differences"
• Next in thread: Matt: "Re: Configuration Differences"
• Reply: Matt: "Re: Configuration Differences"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Basic Authentication fails with Error 401.2 where Integrated s ... I didn't realise the Web Sites folder in IIS manager threw up a global ... sure that Basic Authentication is allowed to function on your server. ... ACCOUNTNAME, this is the account that I am trying to grant access to: ... Account: COMPUTERNAME\ACCOUNTNAME Access type: FULL ... (microsoft.public.inetserver.iis.security) Re: Basic Authentication fails with Error 401.2 where Integrated s ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ... (microsoft.public.inetserver.iis.security) Re: VS.NET 2005 and the "allowDefinition=MachineToApplication" error ... Your description of impersonation is great. ... If you want to use the default configured account, eliminate that entry, or configure it as: ... The easiest way to assign correct permissions to all required directories is to run: ... I re-started IIS and tried to access my ASPX page again -- same ... (microsoft.public.dotnet.framework.aspnet) Re: Basic Authentication fails with Error 401.2 where Integrated s ... Just as a check I used NET USER /ADD on my test account and as expected ... The password dialog is supposed to appear for Basic authentication ... Thinking more esoterically now -- what are the login rights assigned ... IIS uses a specific login type, ... (microsoft.public.inetserver.iis.security) Re: IIS 5 Authentication problem- solved ... Tom Kaminski IIS MVP ... Can you log in using an administrator account, ... >> Subject: Re: IIS 5 Integrated Windows Authentication ... >> case there is no group, it is just the one server, ... (microsoft.public.inetserver.iis.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint