tags:

views:

371

answers:

3
Q: 

Why is my ASP.NET MVC Application requesting Windows Authentication?

I've been building a ASP.NET MVC application and using forms authentication. In my controller action I have:

[Authorize(Users = "me,joe")]

that has been working great. Last night when I published the newest changes and attempt to view my website it started popping up a Windows Authentication dialog box. I've looked at all my code and cannot figure out WHY it would change to Windows authentication. My web.config file has not changed in at least 10 days. If I run the code from my dev box it does not do this...only when it is run from my host. And if I remove the Authorize line from my controller action it does not happen.

How can I fix this or how can I debug my solution to see why this is happening?

BTW, my web.config says:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
+2  A: 

This is most likely do to IIS settings for authentication and permissions on the website's folder on the web server. I would check both of those before anything else.

j0tt  2009-05-09 21:32:51
This is a hosted solution, so would that be somewhere in my hosts web based control panel? Why would this change and more importantly why would it stop working if I remove the Authorize line from my code?
Whozumommy  2009-05-09 21:41:05
If you take the Authorize attribute out, then anonymous access is allowed -- so no authorization prompt. I suspect that something happened to reset the authorization settings to allow Windows authentication. If these were set to inherit from the parent and the parent settings changed, that would explain it.
tvanfosson  2009-05-09 21:48:02
But how can I set or test this our on a hosted environment? My hosts control panel (HELM) doesn't seem to include a way to set the properties of a folder.
Whozumommy  2009-05-09 21:52:17
In looking into HELM I don't see any way of setting permissions on website folders only on "secured folders". http://www.scribd.com/doc/45828/Helm-User-GuideWere those settings recently changed?I would contact the host at this point and ask them to make sure the account the site is running under has access to the all the sites public folders and files.
j0tt  2009-05-09 22:03:54
Given the behavior and your update it could be that the Views/Account folder or one of the files therein has the permissions problems.
j0tt  2009-05-09 22:11:43
I really don't think this is a problem with the directories permissions. I'm not an expert (obviously) but I built just a plan HTML file and placed it in the root of my wwwroot folder...and when I surf to that page it comes up fine. To me that says the folder is accessible for anonymous users. I must have changed something in my code somewhere (but not in the web.config) that is causing this to occur, I just cannot find it...at least its not something obvious. I appreciate the help.
Whozumommy  2009-05-09 22:12:30
Just brainstorming with you, but you could prove without a doubt that it wasn't a straight directory/file permissions issue if you gutted the contents of your AccountController and just left Index() method with a Hello world Index page. If you can't get to that you can be sure its permissions. If you can get to that its definitely not a straightforward permissions issue.
j0tt  2009-05-09 22:35:39
A: 

I think you need to set the permissions for IUSER, IWAM

Using the Windows Explorer browse to the folder you are wanting to grant permissions. Right click on the folder and select "properties". In the resulting dialog click on the "Security" tab near the top. You can then add or edit security for these accounts (IUSR_machineName, IWAM_macnineName, and ASPNET).

Issa Qandil  2009-05-09 21:33:46
This is a hosted solution so I cannot browse to the folder. Are you saying I should do it on my local copy?
Whozumommy  2009-05-09 21:44:35
No, your local copy already works but not on the server try browsing the control panel of your host to get this fixed or by setting the folder permission using FTP client application like FileZilla
Issa Qandil  2009-05-09 22:26:27
+1  A: 

I'm just shooting in the dark, but do you have an <identity> setting in your web.config?

 <system.web>
    ...   
    <identity impersonate="true"/>
    ...
 </system.web>

If so, it might help to remove this line. It might also help to ask your hosting provider why Windows Authentication is suddenly being applied to your web site. As others have mentioned there are IIS settings which could be causing this behavior.

Gabe  2009-05-09 22:26:57

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data