|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Accessing Site as Anonymouson our development box in a vlan. No matter what I do I can't access the site as an anonymous user - it just prompts me with a challenge response. If I cancel and try to access the site, my menu control does not render properly. I'm using the IE web controls for that. My current set up is Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET account with a custom account that I have set up according to documentation in patterns and practices. In IIS Manager I have set the Identity in DefaultAppPool to this custom account and in the directory security of the web site I have checked the Allow Anonymous and left the IUSR account as the user id. I can see in the task manager that the worker process is running under my custom account. My web.config file contains the statement: <authorization> <allow users="*" /> </authorization> So, what else can I check or do to get this to work? I've thought about running aspnet_regiis to reset everything in hopes of starting over, but I'm not sure if that will work. There is also a new version of aspnet_regiis in the 2.0 framework that accepts a switch "-ga" that assigns the proper permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not sure if I can use that on a 1.1 version of the framework. Thanks for ANY help!!!! -- Mike Gasperino Sr. Software Developer office: 919-807-2310 **************************************************************************** E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third parties **************************************************************************** My suspicion is that the username/password for the anonymous user account is
out of sync with the local machine's account. You want to synchronize it to make anonymous work again. Check the web server log file (%systemroot%\System32\LogFiles\W3SVC#\*.log) for your requests -- if they are failing with 401 1 <win32 error code> then this is probably the problem. See this URL for other reasons for anonymous not working. http://blogs.msdn.com/david.wang/archive/2005/05/27/Access_Denied_to_Administrators_or_Anonymous_User.aspx -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Mike" <ann***@tkd.net> wrote in message I am out of options on trying to get this to work. I have a site that sitsnews:OWK%23uXPbFHA.2696@TK2MSFTNGP09.phx.gbl... on our development box in a vlan. No matter what I do I can't access the site as an anonymous user - it just prompts me with a challenge response. If I cancel and try to access the site, my menu control does not render properly. I'm using the IE web controls for that. My current set up is Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET account with a custom account that I have set up according to documentation in patterns and practices. In IIS Manager I have set the Identity in DefaultAppPool to this custom account and in the directory security of the web site I have checked the Allow Anonymous and left the IUSR account as the user id. I can see in the task manager that the worker process is running under my custom account. My web.config file contains the statement: <authorization> <allow users="*" /> </authorization> So, what else can I check or do to get this to work? I've thought about running aspnet_regiis to reset everything in hopes of starting over, but I'm not sure if that will work. There is also a new version of aspnet_regiis in the 2.0 framework that accepts a switch "-ga" that assigns the proper permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not sure if I can use that on a 1.1 version of the framework. Thanks for ANY help!!!! -- Mike Gasperino Sr. Software Developer office: 919-807-2310 **************************************************************************** E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third parties **************************************************************************** What is the proper way to re-sync the passwords?
Show quoteHide quote "David Wang [Msft]" <some***@online.microsoft.com> wrote in message news:O3SyXycbFHA.3048@TK2MSFTNGP12.phx.gbl... > My suspicion is that the username/password for the anonymous user account > is > out of sync with the local machine's account. You want to synchronize it > to > make anonymous work again. > > Check the web server log file > (%systemroot%\System32\LogFiles\W3SVC#\*.log) > for your requests -- if they are failing with 401 1 <win32 error code> > then > this is probably the problem. > > See this URL for other reasons for anonymous not working. > http://blogs.msdn.com/david.wang/archive/2005/05/27/Access_Denied_to_Administrators_or_Anonymous_User.aspx > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Mike" <ann***@tkd.net> wrote in message > news:OWK%23uXPbFHA.2696@TK2MSFTNGP09.phx.gbl... > I am out of options on trying to get this to work. I have a site that sits > on our development box in a vlan. No matter what I do I can't access the > site as an anonymous user - it just prompts me with a challenge response. > If > I cancel and try to access the site, my menu control does not render > properly. I'm using the IE web controls for that. My current set up is > Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET > account with a custom account that I have set up according to > documentation > in patterns and practices. In IIS Manager I have set the Identity in > DefaultAppPool to this custom account and in the directory security of the > web site I have checked the Allow Anonymous and left the IUSR account as > the > user id. I can see in the task manager that the worker process is running > under my custom account. My web.config file contains the statement: > > <authorization> > <allow users="*" /> > </authorization> > > So, what else can I check or do to get this to work? I've thought about > running aspnet_regiis to reset everything in hopes of starting over, but > I'm > not sure if that will work. There is also a new version of aspnet_regiis > in > the 2.0 framework that accepts a switch "-ga" that assigns the proper > permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not > sure if I can use that on a 1.1 version of the framework. > > Thanks for ANY help!!!! > > > -- > Mike Gasperino > Sr. Software Developer > office: 919-807-2310 > > **************************************************************************** > E-mail correspondence to and from this address may be subject to the North > Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third > parties > **************************************************************************** > > > Mike,
Your web.config file states that all authenticated users are authorized for browsing the web site. In order to alow anonymous browsing you must add another element. Here´s a sample: <authorization> <allow users="*" /> <!-- Grant access to known users --> <allow users="?" /> <!-- Grant access to unknown users --> </authorization> Mike wrote: Show quoteHide quote > I am out of options on trying to get this to work. I have a site that sits > on our development box in a vlan. No matter what I do I can't access the > site as an anonymous user - it just prompts me with a challenge response. If > I cancel and try to access the site, my menu control does not render > properly. I'm using the IE web controls for that. My current set up is > Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET > account with a custom account that I have set up according to documentation > in patterns and practices. In IIS Manager I have set the Identity in > DefaultAppPool to this custom account and in the directory security of the > web site I have checked the Allow Anonymous and left the IUSR account as the > user id. I can see in the task manager that the worker process is running > under my custom account. My web.config file contains the statement: > > <authorization> > <allow users="*" /> > </authorization> > > So, what else can I check or do to get this to work? I've thought about > running aspnet_regiis to reset everything in hopes of starting over, but I'm > not sure if that will work. There is also a new version of aspnet_regiis in > the 2.0 framework that accepts a switch "-ga" that assigns the proper > permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not > sure if I can use that on a 1.1 version of the framework. > > Thanks for ANY help!!!! > > > -- > Mike Gasperino > Sr. Software Developer > office: 919-807-2310 > > **************************************************************************** > E-mail correspondence to and from this address may be subject to the North > Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third > parties > **************************************************************************** I made the changes to the web.config file and re-synced the IUSR password
and it made no difference whatsoever. Don't know where to turn next... "Vitor" <vitor.***@gmail.com> wrote in message Your web.config file states that all authenticated users are authorizednews:1118695321.217121.306350@g14g2000cwa.googlegroups.com... Mike, for browsing the web site. In order to alow anonymous browsing you must add another element. Here´s a sample: <authorization> <allow users="*" /> <!-- Grant access to known users --> <allow users="?" /> <!-- Grant access to unknown users --> </authorization> Mike wrote: Show quoteHide quote > I am out of options on trying to get this to work. I have a site that sits > on our development box in a vlan. No matter what I do I can't access the > site as an anonymous user - it just prompts me with a challenge response. > If > I cancel and try to access the site, my menu control does not render > properly. I'm using the IE web controls for that. My current set up is > Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET > account with a custom account that I have set up according to > documentation > in patterns and practices. In IIS Manager I have set the Identity in > DefaultAppPool to this custom account and in the directory security of the > web site I have checked the Allow Anonymous and left the IUSR account as > the > user id. I can see in the task manager that the worker process is running > under my custom account. My web.config file contains the statement: > > <authorization> > <allow users="*" /> > </authorization> > > So, what else can I check or do to get this to work? I've thought about > running aspnet_regiis to reset everything in hopes of starting over, but > I'm > not sure if that will work. There is also a new version of aspnet_regiis > in > the 2.0 framework that accepts a switch "-ga" that assigns the proper > permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not > sure if I can use that on a 1.1 version of the framework. > > Thanks for ANY help!!!! > > > -- > Mike Gasperino > Sr. Software Developer > office: 919-807-2310 > > **************************************************************************** > E-mail correspondence to and from this address may be subject to the North > Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third > parties > **************************************************************************** Please give the actual web log entries corresponding to your failure to
authenticate. All of them. Should be in the form of 401.x -- I want to know the specific "x" as well as the accompanying Win32 error code. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Mike" <ann***@tkd.net> wrote in message I made the changes to the web.config file and re-synced the IUSR passwordnews:e90LVXacFHA.1456@TK2MSFTNGP15.phx.gbl... and it made no difference whatsoever. Don't know where to turn next... "Vitor" <vitor.***@gmail.com> wrote in message Your web.config file states that all authenticated users are authorizednews:1118695321.217121.306350@g14g2000cwa.googlegroups.com... Mike, for browsing the web site. In order to alow anonymous browsing you must add another element. Here´s a sample: <authorization> <allow users="*" /> <!-- Grant access to known users --> <allow users="?" /> <!-- Grant access to unknown users --> </authorization> Mike wrote: Show quoteHide quote > I am out of options on trying to get this to work. I have a site that sits > on our development box in a vlan. No matter what I do I can't access the > site as an anonymous user - it just prompts me with a challenge response. > If > I cancel and try to access the site, my menu control does not render > properly. I'm using the IE web controls for that. My current set up is > Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET > account with a custom account that I have set up according to > documentation > in patterns and practices. In IIS Manager I have set the Identity in > DefaultAppPool to this custom account and in the directory security of the > web site I have checked the Allow Anonymous and left the IUSR account as > the > user id. I can see in the task manager that the worker process is running > under my custom account. My web.config file contains the statement: > > <authorization> > <allow users="*" /> > </authorization> > > So, what else can I check or do to get this to work? I've thought about > running aspnet_regiis to reset everything in hopes of starting over, but > I'm > not sure if that will work. There is also a new version of aspnet_regiis > in > the 2.0 framework that accepts a switch "-ga" that assigns the proper > permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not > sure if I can use that on a 1.1 version of the framework. > > Thanks for ANY help!!!! > > > -- > Mike Gasperino > Sr. Software Developer > office: 919-807-2310 > > **************************************************************************** > E-mail correspondence to and from this address may be subject to the North > Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third > parties > **************************************************************************** Thanks David,
Here is the log file from the web server.... Thanks for your help Mike Show quoteHide quote "David Wang [Msft]" <some***@online.microsoft.com> wrote in message [attached file: ex050615.log]news:OYmUrUhcFHA.220@TK2MSFTNGP12.phx.gbl... > Please give the actual web log entries corresponding to your failure to > authenticate. All of them. > > Should be in the form of 401.x -- I want to know the specific "x" as well > as > the accompanying Win32 error code. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Mike" <ann***@tkd.net> wrote in message > news:e90LVXacFHA.1456@TK2MSFTNGP15.phx.gbl... > I made the changes to the web.config file and re-synced the IUSR password > and it made no difference whatsoever. > > Don't know where to turn next... > > > "Vitor" <vitor.***@gmail.com> wrote in message > news:1118695321.217121.306350@g14g2000cwa.googlegroups.com... > Mike, > > > Your web.config file states that all authenticated users are authorized > for browsing the web site. In order to alow anonymous browsing you must > add another element. > > Here´s a sample: > > <authorization> > <allow users="*" /> <!-- Grant access to known users --> > <allow users="?" /> <!-- Grant access to unknown users --> > </authorization> > > > > Mike wrote: >> I am out of options on trying to get this to work. I have a site that >> sits >> on our development box in a vlan. No matter what I do I can't access the >> site as an anonymous user - it just prompts me with a challenge response. >> If >> I cancel and try to access the site, my menu control does not render >> properly. I'm using the IE web controls for that. My current set up is >> Windows 2003 running and asp.net app in IIS. I am impersonating the >> ASPNET >> account with a custom account that I have set up according to >> documentation >> in patterns and practices. In IIS Manager I have set the Identity in >> DefaultAppPool to this custom account and in the directory security of >> the >> web site I have checked the Allow Anonymous and left the IUSR account as >> the >> user id. I can see in the task manager that the worker process is running >> under my custom account. My web.config file contains the statement: >> >> <authorization> >> <allow users="*" /> >> </authorization> >> >> So, what else can I check or do to get this to work? I've thought about >> running aspnet_regiis to reset everything in hopes of starting over, but >> I'm >> not sure if that will work. There is also a new version of aspnet_regiis >> in >> the 2.0 framework that accepts a switch "-ga" that assigns the proper >> permissions to a passed account. It works nicely on ASP.NET 2.0 apps - >> not >> sure if I can use that on a 1.1 version of the framework. >> >> Thanks for ANY help!!!! >> >> >> -- >> Mike Gasperino >> Sr. Software Developer >> office: 919-807-2310 >> >> > **************************************************************************** >> E-mail correspondence to and from this address may be subject to the >> North >> Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third >> parties >> > **************************************************************************** > > > The error code 2148074252 translated into hexadecimal is 0x8009030C , which
if you look up with any Win32 error lookup tool (Visual Studio comes with such a viewer) means "The logon attempt failed". Basically, it means that the username/password used for authentication did not match. The failure occurred on access for this URL: /aspnet_client/system_web/1_1_4322/WebUIValidation.js Thus, you need to look in IIS configuration for this website to verify: 1. What authentication is applicable for the URL: /aspnet_client/system_web/1_1_4322/WebUIValidation.js 2. If it is anonymous, then make sure that the configured Anonymous username/password is in sync with the local SAM (or AD if you are using a domain account for the anonymous user). The application pool identity should not affect this situation unless the following conditions apply (all documented in the same section that introduces how to configure IIS6 application pool identity -- you do read documentation, yes?): 1. Server is in a domain 2. Integrated Authentication is enabled and used by the client to authenticate 3. The user identity has been customized from the default value of Network Service 4. SETSPN (mentioned in documentation) has not be configured correctly -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Mike" <ann***@tkd.net> wrote in message Here is the log file from the web server....news:e9t5iPmcFHA.1404@TK2MSFTNGP09.phx.gbl... Thanks David, Thanks for your help Mike Show quoteHide quote "David Wang [Msft]" <some***@online.microsoft.com> wrote in message news:OYmUrUhcFHA.220@TK2MSFTNGP12.phx.gbl... > Please give the actual web log entries corresponding to your failure to > authenticate. All of them. > > Should be in the form of 401.x -- I want to know the specific "x" as well > as > the accompanying Win32 error code. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Mike" <ann***@tkd.net> wrote in message > news:e90LVXacFHA.1456@TK2MSFTNGP15.phx.gbl... > I made the changes to the web.config file and re-synced the IUSR password > and it made no difference whatsoever. > > Don't know where to turn next... > > > "Vitor" <vitor.***@gmail.com> wrote in message > news:1118695321.217121.306350@g14g2000cwa.googlegroups.com... > Mike, > > > Your web.config file states that all authenticated users are authorized > for browsing the web site. In order to alow anonymous browsing you must > add another element. > > Here´s a sample: > > <authorization> > <allow users="*" /> <!-- Grant access to known users --> > <allow users="?" /> <!-- Grant access to unknown users --> > </authorization> > > > > Mike wrote: >> I am out of options on trying to get this to work. I have a site that >> sits >> on our development box in a vlan. No matter what I do I can't access the >> site as an anonymous user - it just prompts me with a challenge response. >> If >> I cancel and try to access the site, my menu control does not render >> properly. I'm using the IE web controls for that. My current set up is >> Windows 2003 running and asp.net app in IIS. I am impersonating the >> ASPNET >> account with a custom account that I have set up according to >> documentation >> in patterns and practices. In IIS Manager I have set the Identity in >> DefaultAppPool to this custom account and in the directory security of >> the >> web site I have checked the Allow Anonymous and left the IUSR account as >> the >> user id. I can see in the task manager that the worker process is running >> under my custom account. My web.config file contains the statement: >> >> <authorization> >> <allow users="*" /> >> </authorization> >> >> So, what else can I check or do to get this to work? I've thought about >> running aspnet_regiis to reset everything in hopes of starting over, but >> I'm >> not sure if that will work. There is also a new version of aspnet_regiis >> in >> the 2.0 framework that accepts a switch "-ga" that assigns the proper >> permissions to a passed account. It works nicely on ASP.NET 2.0 apps - >> not >> sure if I can use that on a 1.1 version of the framework. >> >> Thanks for ANY help!!!! >> >> >> -- >> Mike Gasperino >> Sr. Software Developer >> office: 919-807-2310 >> >> > **************************************************************************** >> E-mail correspondence to and from this address may be subject to the >> North >> Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third >> parties >> > **************************************************************************** > > >  
Thread options
Other interesting topics
Problem w/ Integrated Auth -- Receiving User/Pass dialog box against IIS6
integrated vs basic ASP.NET app permissions Passing User Credentials to site running under Integrated Security Logging into website - remove log in box secure site - multiple users w/ 1 user account? Making unique URL - internal and external Anonymous access not working IIS 6 and % characters in a URL Server attack - info please? |
|||||||||||||||||||||||
