Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

why does windows authentication / impersonation fail on asp.net application with iis 7.5 / windows 7 /

Tags:

asp.net

windows-7

iis-7.5

windows-authentication

impersonation

I'm troubleshooting why I can't get past the login dialog on an ASP.Net site configured for Windows Authentication and Impersonation.

I have an ASP.Net 2.0 application and I'm trying to deploy it on Windows 7 with IIS 7.5. I've created a new site, and bound it to localhost and a fully qualified domain name. the FQDN is in my hosts file, and is redirected to 127.0.0.1

The site is also running with an AppDomain I created, with integrated pipeline mode, and the process model identity is set to ApplicationPoolIdentity.

Web.config includes the following:

<trust level="High" />
<authentication mode="Windows" />
<authorization>
  <deny users="?"/>
</authorization>
<identity impersonate="true"/>`

ACL on the directory for the site is set to Everyone (Full Control - For testing). The Application Pool virtual account (Windows 7 thing) is set to full control on the physical directory for the site also.

IIS authentication has ASP.Net impersonation enabled and Windows Authentication enabled.

When I connect to the site as localhost, it permits me to get past the login prompt and the application loads without incident.

When I connect to the site as the FQDN set in the host headers bindings for this site/ip/port, I cannot get past the login prompt. Clicking cancel generates a http 401.1 error page.

Why?

like image 851
unknown Avatar asked Jun 10 '10 14:06

unknown

People also ask

How does Windows authentication work in IIS?

Authentication: The client generates and hashes a response and sends it to the IIS server. The server receives the challenge-hashed response and compares it to what it knows to be the appropriate response. If the received response matches the expected response, the user is successfully authenticated to the server.

What is IIS impersonation?

Impersonation is independent of the authentication mode configured using the authentication configuration element. The authentication element is used to determine the User property of the current HttpContext. Impersonation is used to determine the WindowsIdentity of the ASP.NET application.

1 Answers

and the answer for this one is going to be a security feature known as the authentication loopback check, introduced way back in Windows 2003 SP1, as per: http://support.microsoft.com/kb/926642

i was trying to connect to my iis host headers instance using a host header defined in my /etc/hosts file as pointing to 127.0.0.1, while logged in at the machine running iis - this is the loopback scenario.

it bites you in various contexts, such as this (http://blogs.bluethreadinc.com/thellebuyck/archive/2008/10/30/401.1-error-when-accessing-sharepoint-from-server.aspx) or this world of hurt in google (http://www.google.ca/search?q=authentication+loopback+check&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a)

THE FIX involves some simple regedit work: http://blogs.bluethreadinc.com/thellebuyck/archive/2008/10/30/401.1-error-when-accessing-sharepoint-from-server.aspx

i also did not need to enable impersonation for my situation, and so i disabled that, and now i can connect using my faked fqdn both locally and remotely

like image 196
unknown Avatar answered Nov 04 '22 15:11

unknown
Sign in to Comment

Related questions

Are threads reused between requests in ASP.Net?
What is the performance cost of autoeventwireup?
Does anybody create installers to deploy internal asp.net web applications?
Session containing items implementing IDisposable
Set properties on dynamically added UserControl
CSRF Validation Token: session id safe?
Problem Using the System.Web.Caching.Cache Class in ASP.NET
Delete Directory from ASP.NET application returns to new session
Advantage of switching from ASP.NET to bread & butter HTML/jQuery
User authentication without Session state in ASP.NET
Unit of work/repository managers for NHibernate?
Can I access virtual directory name in global.asax.cs?
How to implement ASP.NET Shopping Cart? [closed]
Asp.Net GridView Remove Html Styling
How to automate functional/integration tests and database rollbacks
How to hide property of ASP.NET custom control in aspx page?
Reading settings from separate config file
HttpHandler fire only if file doesn't exist
.NET - How to debug a DLL?
Calling a function of en external javascript file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!