views:

5290

answers:

3

Hi Folks,

i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room).

Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a popup model box for username and password. I think they had to type some username or password that was defined in a web.config file? (not their website account username/password)/

Now, with IIS7, when i turn Anon Auth off, and turn on Basic or Windows Auth, i get access to the site BUT it's trying to log me in with those credentials .. and not the account the user signed up with (using some stock standard asp.net webform page).

So ... is it possible to 'lock' the entire site and get the testers to get general access to the site .. which is different to their website username and password. Those usernames and passwords are for use in the site instead.

does that make sense?

cheers!

A: 

The thing is called 'Digest Authentication'

There are a few ways to set that up (fuzzy details): - Userfrom a file - User from local system - User from domain (active directory, ldap, etc).

You prob want from a file. This answer is not complete, but I hope this gets you started in the right direction.

Klathzazt
Any chance you could link me to something that tells me how to create a digest auth with the details in a file?
Pure.Krome
Wrong/vague crappy answer
Aaron
A: 
<authentication mode="Forms">
    <forms loginUrl="~/Pages/Login.aspx" protection="Validation" timeout="1000000000" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx">
    </forms>
</authentication>

there is no authorization section.

also, when i add 'Digest Auth' to iis7 and enable that (and disable everythign else), i get the pop up window (kewl!) but i'm not sure what credentials i need to pass in. Where can i define those credentials manually (so they are seperate from the website's users) ??

Pure.Krome
Generally they need to be actual Windows users from the server.. So create a new user on the server and make sure it has physical read/execute permissions on the web site's entire folder etc.
Aaron
+3  A: 

IIS7 integrated mode does not support the two phase authentication that IIS6 does. Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods.

You can either convert the app domain to use classic mode or follow this workaround to get it working with Integrated mode.

Jim Geurts
looks like a winnah!
Pure.Krome
But there has to be a cleaner simpler way than this. This is such overkill writing custom wrapper modules to achieve such a simple fricking task. Total case of over-engineering.
Aaron
@Aaron - agreed mate, fully agree! (unfortunately)
Pure.Krome