I have an ASP.NET (.NET 4) website that uses http PUT for an .ashx generic handler. The PUT call originates from a Silverlight front end. All works in VS 2010 on my local machine (Cassini web server).
Then I deployed to an IIS7.5 Win Server 2008 R2 box.
The silverlight/website is fine, but PUT calls to the .ashx handler are met with a Windows Login Prompt.
This is a local intranet so Windows Authentication (with NTLM & Negotiate providers) is the only enabled authentication.
Then I read this: http://blogs.msdn.com/b/joseph_fultz/archive/2009/07/23/enabling-the-put-verb-with-handlers-and-iis-7-0.aspx
I've followed his suggestion and I can now make PUT calls via my .ashx handler. Problem is only folks in the Administrators Group of the web server can do this. No one else can. They are met with the windows login prompt.
Any idea what this could be?
I can't give Everyone in the company Admin privileges on the webserver. They would no doubt cut off one of my hands, eat said hand in front of me, and then show me the door.
Authentication: The client generates and hashes a response and sends it to the IIS server. The server receives the challenge-hashed response and compares it to what it knows to be the appropriate response. If the received response matches the expected response, the user is successfully authenticated to the server.
On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.
Ok I figured it out.
Here are the key configuration elements in IIS 7.5:
URL Authorization was not enabled as a role on the web server. I added it and then stuck this in the web.config under system.webServer:
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
</authorization>
</security>
(I'll trim that down a bit, but for now it works)
My entire system.webServer element is as follows:
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<defaultDocument>
<files>
<clear />
<add value="default.aspx" />
</files>
</defaultDocument>
<handlers accessPolicy="Read, Write, Execute, Script">
<remove name="WebDAV" />
<remove name="SimpleHandlerFactory-Integrated-4.0" />
<remove name="SimpleHandlerFactory-Integrated" />
<add name="SimpleHandlerFactory-Integrated" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode" />
<add name="SimpleHandlerFactory-Integrated-4.0" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
</authorization>
</security>
</system.webServer>
That did it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With