 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / June 2005Authentication Redirect to login doesn't work
I have Windows xp as workstation OS and Windows Server 2003 Standard Edition for the server but Windows NT 4 as primary Domain controller. I made a login.aspx and a home.aspx page to test windows authentication with the lines of code needed in the web config file and code behind. The Home.aspx page is set as the default page in IIS 6.0. I have configured IIS for Basic authentication in the Directory Security panel of IIS manager. When I'm calling the site with the default Url home.aspx page is displayed with nothing for User.identity.Name. Then i tried with windows integreted authentication. I have made the appropriate amendements in the web config file but when i test it still nothing is displayed for User.identity.Name. Could someone tell me what could be wrong. Does NT integrated authetication work with a NT4 Primary DC and Server 2003 domain member server? thanks in advance for any help Eric Hello Eric, i guess IIS is not authenticating - disable anonymous access to the virtual directory in IIS --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com > I have Windows xp as workstation OS and Windows Server 2003 Standard > Edition for the server but Windows NT 4 as primary Domain controller. [quoted text clipped - 16 lines] > > Eric Hi Dominick, For both basic and window authentication test i disabled in IIS all authentication options except the one concerned by the test. Basic for basic auth, windows integrated for windows NT auth. I have already test all authentication model on a windows 2000 server DC but its the first time that i test it on a Server 2003. As everything is denied by default on server 2003 in opposite to Server 2000 . Do you have any idea of what could be the reason that when calling the default web site page Home.aspx IIS doesn't redirect to login.aspx for basic auth. while Authentication is set to Forms in the web.config file? Dominick a écrit : > Hello Eric, > [quoted text clipped - 25 lines] > > > > Eric Hello Eric, so what do you want to do? basic or forms auth. If you are using windows/basic auth in IIS - IIS will do the authentication - the client will get a login dialog If you are doing forms, you set IIS to do no authentication - and do it yourself in ASP.NET by providing a custom login page. In the case of forms - you also have to set ACLs in web.config - like <authorization> <deny users="?" /> </authorization> --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com > Hi Dominick, > [quoted text clipped - 44 lines] >>> thanks in advance for any help >>> Eric Hello Dominick, In Fact i have tried several way to authenticate a user. Windows Integrated Authentication is working fine. I tried then the basic authentication . IIS Configured as basic Auth. config file with <authentication mode="windows"/> but when the windows login box appear at client side (xp pro sp2) no accounts that i have defined on server 2003 is valid and i can't authenticate any defined user. Should user require to be member of a particular group other than Domain users? I have tried the same thing on windows 2000 server and i was working fine. _______ in a second test i tried forms authentication with credentials in config file. IIS configured as anonymous authentication. Is it Correct? As you say "set IIS to do no authentication" do you mean uncheck all Authentication mode in IIS or just let anonymous authentication checked with "Ask IIS to authenticate" unchecked and then choose a new account for impersonation . Config file with <authentication mode="Forms"/> <forms loginUrl="Login.aspx"> <credentials passwordFormat="Clear"> <user name="username" password="password"> </credentials> </forms > </authentication> <authorization> <deny users="?" /> </authorization> By doing this way and calling the default website url it goes directly to the default page Home.aspx and display no User.Identity.name. the user has not yet been authenticated and is not redirected to the login page. Except if I have not setup IIS correctly for autentication by choosing the wrong options I don't understand why it behaves this way. Do you have any clue? Eric Hello Dominick, Finally I succeed to do NT integrated, basic and Froms Authentication using IE on workstation but when testing on server it behaves not the same as on workstation for NT Integrated Auth. On Server for NT integrated Auth a Dialog Box is asking for login whereas on workstation it doesn't (it's all right because he should not). Do you know why it asks for login when testing with IE on server side meanwhile it doen't on client side? Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.