Re: Configuring Windows-based Authentication and UrlAuthorization

I was in the process of creating a package for you to test when I solved the
problem. In IIS, I had set the bindings for the site to http://SERVER. When I
changed the binding to http://test.domain.local and added that to the IE
Intranet zone, it works.

I still believe this is a pretty annoying bug in IE8 - especially since it
was working fine in FireFox. But in the end, I am able to work around it.

Thank you for your help.

"Thomas Sun [MSFT]" wrote:

Hi MCM,

If we create a simple ASP.NET website with Window Authentication and deploy
it on IIS, does it have the same issue? What URL you were using to request
your website? Please try to add the URL into local Web Site
(IE->Tools->Internet Options->Security tab->Select "Local intranet"-> Click
"Sites"->Click "Advanced" button->Add the URL), and enable "Automatic Logon
with current username and password" (Internet Explorer --> Tools-->Internet
Options --> Security-->Local Intranet Zone-->Custom Level-->User
Authentication-->Logon -->Automatic Logon with current username and
password).

If the issue still exists, could you please post detailed steps here that
can repro the issue? You also can send me a simplified package that can
repro the error on your machine. My email is v-thsun@xxxxxxxxxxxxxx


I look forward to hearing from you.


--
Best Regards,
Thomas Sun

Microsoft Online Partner Support



--------------------

X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

So I have all the security working as planned in FireFox, but still not
functional in IE8. A quick search for "windows authentication ie8" will
show
you there are a lot of people out there with this problem. I assume there
must be a fix for it by now. Probably a security setting within IE? Any
ideas?


"MCM" wrote:

Here's a weird twist... I tried it in FireFox and it works. Still no
change
with IE8 though.


"MCM" wrote:

I'm happy to work with Virtual Directories as needed. But just to get
this
working at all, I tried to switch the whole site to Windows
Authentication. I
used the following in my web.config:

<authentication mode="Windows"/>
<authorization>
<deny users="?" />
</authorization>

It is STILL giving me 401 access denied errors. Not sure what to try
next.


"Thomas Sun [MSFT]" wrote:

Hi MCM,

Could you please tell me how you configure your website on IIS? Do
you
create Virtual Directory for the Admin folder? As I mentioned above,
when
we use Anonymous access, user credentials won't be sent. And one
application just can have one authentication mode.

If you want to enable Anonymous access for public part and use
Integrated
Windows Authentication for Admin part, I suggest you treat them as
separate
website. By doing so, we can configure them separately on IIS.

For example, you can add web.config file with Windows Authentication
and
<authorization> section in Admin folder. On IIS, we can add new
Application
under your Public section and point its Physical path to the Admin
folder.
If we do so, the Admin is the child application of Public
application. And
then you can configure Admin application using Integrated Windows
Authentication and configure Public application using Anonymous
access on
IIS.

I look forward to receiving your test results.


--
Best Regards,
Thomas Sun

Microsoft Online Partner Support



--------------------
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Is it possible to disable anonymous access just for the Admin
folder? I'd
like to allow it for the public section.


"Thomas Sun [MSFT]" wrote:

Hi MCM,

Thanks for your response.

Please make sure we only enable Integrated Windows Authentication
and
disable Anonymous access option on IIS. When anonymous access is
enabled,
no authenticated user credentials are required to access the
site. For
more
information, see http://support.microsoft.com/kb/324274


I look forward to receiving your test results.


--
Best Regards,
Thomas Sun

Microsoft Online Partner Support


Hi Thomas-

Firstly, we need to make sure the identity that requests your
website
is
in
the Administrators role that you specify in <allow> section of
<location>
settings. For test, we can present the identity name in page
by
following
code:
===============================
Response.Write(User.Identity.Name);
===============================

No name is displaying at all. This value is blank. Could this be
a
browser
setting?


Besides, we also can specify a domain user in <location>
settings and
then
request your website with that identity to see whether it
works. For
example:
===============================
<location path="Admin">
<system.web>
<authorization>
<allow users="YourDomain\OneUserName"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
===============================

This also does not let me have access. But I presume that until
we fix
the
blank username problem, we won't get anywhere.

-Max









.

Quantcast