Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.Net Web Application Security dont work on IIS 7?

i am facing a wierd problem

i use visual studio 2010, SQL express 2008 on win server 2008

after running the wizard of security (created single user, set permissions like deny anonymous and allow the created user) and pressing F5 --> the site works just fine.

when i move the folder to IIS 7 and "convert to application" the login page appears but it wont accept the password i provided.

i was told that only Stackoverflow geniuses will answer this question.

i am using .Net 4, manged pipleine mode --> inegrated

IIS settings:

Anonymous Auth. --> Enabled

Forms Auth. --> Enabled

ASP.Net Impersonation, Basic Auth, Digest Auth, Windows Auth--> Disabled

web.config

<configuration>
  <connectionStrings>
    <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated     Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <authorization>
      <deny users="?"/>
      <allow users="statmaster"/>
    </authorization>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"     enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
      </providers>
    </membership>

    <profile>
      <providers>    
        <clear/>    
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>
    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"     connectionStringName="ApplicationServices" applicationName="/"/>

        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
      </providers>
    </roleManager>
  </system.web>

  <system.webServer>  
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>

the username exists in aspnet_Users table and the username "encrypted" in aspnet_Membership table

like image 866
statmaster Avatar asked Oct 14 '22 17:10

statmaster


1 Answers

Read the article

Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers

try creating a new website and put the application component in the root in case web.config application name = "/"

i hope this will solve it

  <membership>
        <providers>
            <clear/>
            <add name="AspNetSqlMembershipProvider"
                type="System.Web.Security.SqlMembershipProvider, System.Web,      Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                connectionStringName="LocalSqlServer"
                enablePasswordRetrieval="false"
                enablePasswordReset="true"
                requiresQuestionAndAnswer="true"
  requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="7"
                minRequiredNonalphanumericCharacters="1"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression="" 
                applicationName="/" 
            />
        </providers>
  </membership>

http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx

like image 62
Mohamed Kamal Avatar answered Oct 18 '22 01:10

Mohamed Kamal