tags:

views:

320

answers:

1
Q: 

IIS 7.5 What am I doing wrong?

In IIS 7.5 under Windows 7 Utilmate, I have an application which is configured for authentication as follows: Anonymous & Windows

In the ASP.NET Website, I have turned Forms authentication and identity impersonate = true I also deny any anonymous users.

<authentication mode="Forms">
</authentication>
<identity impersonate="true"/>
<authorization>
<deny user="?">
</authorization>

IIS complains. What am I doing wrong... What I want to achieve :I want the windows Logged On User so I can build a FormsAuthentication ticket and pass it to a Passive STS. So in IIS I have anonymous and windows...If have only windows ticked, I cannot go onto the Login.aspx page as I have an extra parameter to be passed from there. So now in webconfig, I then disable anonymous users by saying deny user="?" , so it leaves me with the authenticated windows user but using Forms Authentication.You know what I mean??

http://msdn.microsoft.com/en-us/library/ff649264.aspx

If you see Table 4 IIS Integrated Windows for IIS then Web.config setting 3rd row, accordingly WindowsIdentity is Domian\Username .It works on IIS 6.0 win2003/IIS 5.1 under XP

A: 

If this is an application that leverages claims based identity, then the responsibility of authenticating users is in the STS itself, not in the app.

If you are configuring your (web) application to trust an external STS, then your authentication mode would be "None" and you'd have a whole section in the config file for "Microsoft.identityModel". You would then configure the STS address there (the issuer attribute). Something like this:

<microsoft.identityModel>
<service>
  <audienceUris>
    <add value="https://aexpense-dev.adatum.com/" />
  </audienceUris>
  <federatedAuthentication>
    <wsFederation passiveRedirectEnabled="true" issuer="https://localhost/Adatum.SimulatedIssuer/" realm="https://aexpense-dev.adatum.com/" requireHttps="true" />
    <cookieHandler requireSsl="false" />
  </federatedAuthentication>
  <serviceCertificate>
    <certificateReference x509FindType="FindBySubjectDistinguishedName" findValue="CN=localhost"/>
  </serviceCertificate>
  <certificateValidation certificateValidationMode="None"/>
  <applicationService>
    <claimTypeRequired>
      <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
    </claimTypeRequired>
  </applicationService>
  <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    <trustedIssuers>
      <add thumbprint="f260042d59e14937984c6183fbc6bfc71baf5462" name="https://localhost/Adatum.SimulatedIssuer/" />
    </trustedIssuers>
  </issuerNameRegistry>
</service>

The STS itself might use Forms authentication or something else, depending on the implementation.

Eugenio Pace  2010-05-31 03:10:16

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?