tags:

views:

5290

answers:

3
+2  Q: 

IIS7 and Authentication problems

Hi Folks,

i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room).

Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a popup model box for username and password. I think they had to type some username or password that was defined in a web.config file? (not their website account username/password)/

Now, with IIS7, when i turn Anon Auth off, and turn on Basic or Windows Auth, i get access to the site BUT it's trying to log me in with those credentials .. and not the account the user signed up with (using some stock standard asp.net webform page).

So ... is it possible to 'lock' the entire site and get the testers to get general access to the site .. which is different to their website username and password. Those usernames and passwords are for use in the site instead.

does that make sense?

cheers!

A: 

The thing is called 'Digest Authentication'

There are a few ways to set that up (fuzzy details): - Userfrom a file - User from local system - User from domain (active directory, ldap, etc).

You prob want from a file. This answer is not complete, but I hope this gets you started in the right direction.

Klathzazt  2008-11-14 05:37:45
Any chance you could link me to something that tells me how to create a digest auth with the details in a file?
Pure.Krome  2008-11-17 02:17:03
Wrong/vague crappy answer
Aaron  2010-10-20 02:52:37
A:  
<authentication mode="Forms">
    <forms loginUrl="~/Pages/Login.aspx" protection="Validation" timeout="1000000000" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx">
    </forms>
</authentication>

there is no authorization section.

also, when i add 'Digest Auth' to iis7 and enable that (and disable everythign else), i get the pop up window (kewl!) but i'm not sure what credentials i need to pass in. Where can i define those credentials manually (so they are seperate from the website's users) ??

Pure.Krome  2008-11-14 07:44:42
Generally they need to be actual Windows users from the server.. So create a new user on the server and make sure it has physical read/execute permissions on the web site's entire folder etc.
Aaron  2010-10-20 02:54:05
+3  A: 

IIS7 integrated mode does not support the two phase authentication that IIS6 does. Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods.

You can either convert the app domain to use classic mode or follow this workaround to get it working with Integrated mode.

Jim Geurts  2009-01-13 02:32:59
looks like a winnah!
Pure.Krome  2009-01-13 03:53:04
But there has to be a cleaner simpler way than this. This is such overkill writing custom wrapper modules to achieve such a simple fricking task. Total case of over-engineering.
Aaron  2010-10-20 02:54:48
@Aaron - agreed mate, fully agree! (unfortunately)
Pure.Krome  2010-10-20 23:21:21

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication