tags:

views:

370

answers:

1
Q: 

why does windows authentication / impersonation fail on asp.net application with iis 7.5 / windows 7 /

hi there; i'm troubleshooting why i cannot get past the login dialog on an asp.net site configured for windows authentication and impersonation. help me before i switch to os x development and objective-c

i have an asp.net 2.0 application and i'm trying to deploy it on windows 7 with iis 7.5. i've created a new site, and bound it to localhost and a fully qualified domain name. the fqdn is in my hosts file, and is redirected to 127.0.0.1

the site is also running with an appdomain i created, with integrated pipeline mode, and the process model identity is set to ApplicationPoolIdentity.

web.config includes the following: <trust level="High" /> <authentication mode="Windows" /> <authorization> <deny users="?"/> </authorization> <identity impersonate="true"/>

acl on the directory for the site is desperation set to everyone full control, the application pool virtual account (windows 7 thing) is set to full control on the physical directory for the site also.

iis authentication has asp.net impersonation enabled, and windows authentication enabled.

when i connect to the site as localhost, it permits me to get past the login prompt and the application loads without incident.

when i connect to the site as the fqdn set in the host headers bindings for this site/ip/port, i cannot get past the login prompt. clicking cancel throws to a http 401.1 error page.

why? thanks very much in advance.

+1  A: 

and the answer for this one is going to be a security feature known as the authentication loopback check, introduced way back in Windows 2003 SP1, as per: http://support.microsoft.com/kb/926642

i was trying to connect to my iis host headers instance using a host header defined in my /etc/hosts file as pointing to 127.0.0.1, while logged in at the machine running iis - this is the loopback scenario.

it bites you in various contexts, such as this (http://blogs.bluethreadinc.com/thellebuyck/archive/2008/10/30/401.1-error-when-accessing-sharepoint-from-server.aspx) or this world of hurt in google (http://www.google.ca/search?q=authentication+loopback+check&amp;ie=utf-8&amp;oe=utf-8&amp;aq=t&amp;rls=org.mozilla:en-US:official&amp;client=firefox-a)

THE FIX involves some simple regedit work: http://blogs.bluethreadinc.com/thellebuyck/archive/2008/10/30/401.1-error-when-accessing-sharepoint-from-server.aspx

i also did not need to enable impersonation for my situation, and so i disabled that, and now i can connect using my faked fqdn both locally and remotely

velvet sheen  2010-06-11 14:21:20

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps