Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

web site configuration

Tags:

One web site is required to be accessed by me (developer) and one user (DOMAIN_NAME\USER_NAME).

When I developed web site in visual studio using "automatic host" created by VS, the following settings in web.config were enough:

<authentication mode="Windows"/> <authorization>   <allow users="DOMAIN_NAME\my_name,DOMAIN_NAME\USER_NAME" />   <deny users="*" /> </authorization> 

But when I created web site in IIS I'm receiving error:

Access is denied.

Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

What setting for ApplicationPoolIdentity and web site itself are required to be specified?

Thanks a lot!

EDIT:

I've configured Application Pool of local IIS to use 'LocalSystem' identity, web site - to use "pass-through" authentication, and as suggested disabled "Anonymous Authentication", enabled "Windows Authentication" - and web site locally became workable.

But locally I have windows 7 (IIS7), but on "TEST" environment (where I need to deploy web site) I have windows 2008 server and it doesn't have option to enable "Windows Authentication"... don't know why... probably that is for higher level of administrator, but I'm a member of Administrators group...

Guess, I'm doing something wrong...

Please advise.

like image 749
Budda Avatar asked May 17 '11 16:05

Budda


People also ask

What is a Web site configuration?

A configuration file (web. config) is used to manage various settings that define a website. The settings are stored in XML files that are separate from your application code. In this way you can configure settings independently from your code. Generally a website contains a single Web.

What is Web config file used for?

A web. config file is a Windows file that lets you customize the way your site or a specific directory on your site behaves. For example, if you place a web. config file in your root directory, it will affect your entire site (www.coolexample.com).

What is Web config file in IIS?

The web. config is a file that is read by IIS and the ASP.NET Core Module to configure an app hosted with IIS.


1 Answers

Your web.config is set up properly. Further, ensure the IIS site/app is configured as:

  • to NOT allow anonymous access
  • forcing Integrated Windows authentication
  • leave the app pool as Network Service

IIS7

  • ensure you have the Windows Authentication security feature installed in Roles & Features.
  • In IIS7, go to the IIS or Features View, double-click Authentication.
  • On the Authentication page, select Windows Authentication
  • On the Authentication page, disable Anonymous Authentication
  • MSDN article

IIS6

Find the dialog below at

  • Control Panel / Administrative Tools -> IIS Manager -> Right click Web site -> Properties -> Directory Security

IIS 6 non anonymous with Windows Authentication

like image 97
p.campbell Avatar answered Oct 01 '22 23:10

p.campbell