Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

URL authorization failed for the request

Tags:

asp.net

iis-6

I am in the process of moving some sites over to a new windows 2003 installation running IIS6. However I am running into problems with forms authentication. The sites in question run fine on the old box which is the same OS and IIS version.

When I try to login to the website I get a event log "URL authorization failed for the request" and the page redirects back to:-

http://www.demo.socialclause.net/logout.aspx?ReturnUrl=/Secure/Procurement/Default.aspx

Both the old and new servers contain the same set-up and the same permissions. Obviously I am missing a setting somewhere but cant fathom it out. Can anyone help?

My web.config contains this:-

<authentication mode="Forms">
  <forms slidingExpiration="true" name=".ASPXAUTH" protection="All" loginUrl="~/logout.aspx" timeout="60" ></forms>
</authentication>

and inside the /secure dir (this is not a virtual directory) my web.config contains:-

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <allow roles="ClauseAdmin"/>
      <allow roles="ProcurementAdmin"/>
      <allow roles="ReportAdmin"/>
      <allow roles="SystemAdmin"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

The event log shows:

Event Type: Information
Event Source:   ASP.NET 2.0.50727.0
Event Category: Web Event 
Event ID:   1314
Date:       26/05/2009
Time:       21:01:05
User:       N/A
Computer:   WILDEAA1
Description:
Event code: 4007 
Event message: URL authorization failed for the request. 
Event time: 26/05/2009 21:01:05 
Event time (UTC): 26/05/2009 20:01:05 
Event ID: af3bac34e6d74630b937a5a05d0f25f2 
Event sequence: 4 
Event occurrence: 1 
Event detail code: 0 

Application information: 
    Application domain: /LM/W3SVC/2067908276/Root-1-128878416581538912 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\Inetpub\websites\www.demo.socialclause.net\htdocs\ 
    Machine name: WILDEAA1 

Process information: 
    Process ID: 1076 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\NETWORK SERVICE 

Request information: 
    Request URL: http://demo.socialclause.net/Secure/Procurement/Default.aspx 
    Request path: /Secure/Procurement/Default.aspx 
    User host address: 91.84.25.241 
    User: [email protected] 
    Is authenticated: True 
    Authentication Type: Forms 
    Thread account name: NT AUTHORITY\NETWORK SERVICE
like image 836
Rippo Avatar asked Nov 25 '22 22:11

Rippo

1 Answers

Try deny users ? (anonymous) instead of * (all)

<authentication mode="Forms">
    <forms name=".ASPXFORMSAUTH" loginUrl="~/Common/Login.aspx" timeout="450" />
  </authentication>
  <authorization>
    <deny users="?" />
    <allow roles="Admin" />
  </authorization>
like image 151
CRice Avatar answered Dec 06 '22 04:12

CRice
Sign in to Comment

Related questions

Deserialize from json where can be single T object or array of T into List<T> [duplicate]
ASP.NET Identity cannot login sometimes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!