Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IIS7 and Authentication problems

i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room).

Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a popup model box for username and password. I think they had to type some username or password that was defined in a web.config file? (not their website account username/password)/

Now, with IIS7, when i turn Anon Auth off, and turn on Basic or Windows Auth, i get access to the site BUT it's trying to log me in with those credentials .. and not the account the user signed up with (using some stock standard asp.net webform page).

So ... is it possible to 'lock' the entire site and get the testers to get general access to the site .. which is different to their website username and password. Those usernames and passwords are for use in the site instead.

does that make sense?

cheers!


<authentication mode="Forms">
    <forms loginUrl="~/Pages/Login.aspx" protection="Validation" timeout="1000000000" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx">
    </forms>
</authentication>

there is no authorization section.

also, when i add 'Digest Auth' to iis7 and enable that (and disable everythign else), i get the pop up window (kewl!) but i'm not sure what credentials i need to pass in. Where can i define those credentials manually (so they are seperate from the website's users) ??

like image 406
Pure.Krome Avatar asked Nov 14 '08 05:11

Pure.Krome


People also ask

How IIS will use authentication?

The most common form of authentication in IIS is Anonymous authentication. Under this method, although a user can access a Web site without providing a username and password, that user is still logged on to the server. This authentication method works through use of the Anonymous account.

What is iis7 used for?

IIS 7.0 is the Web Server (IIS) role in Windows Server 2008, and the Web server in Windows Vista. IIS 7.5 is the Web Server (IIS) role in Windows Server 2008 R2, and the Web server in Windows 7.


1 Answers

IIS7 integrated mode does not support the two phase authentication that IIS6 does. Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods.

You can either convert the app pool to use classic mode or follow this workaround to get it working with Integrated mode.

like image 198
Jim Geurts Avatar answered Oct 18 '22 03:10

Jim Geurts