I have a network with DMZ, where my application is deployed.
My application is deployed in IIS on a server in the internal network. On this IIS, 'Windows Authentication' is enabled for my application.
I have another IIS in the DMZ where I have used ARR (Application Request Rewrite) to route all requests to the internal server where my application is hosted. On this IIS, 'Anonymous Authentication is enabled'
When I try to access my application from public internet (through DMZ), the browser displays the authentication popup. But for users from public internet does not have windows account in the domain.
Is there any configuration that can authenticate internal users on their windows account and external users without it?
Related
In my ASP.Net Core application, I am using the OpenId Connect authentication scheme with the Azure AD.
The application is hosted on to Azure app service and it is running behind the application gateway of the Azure.
I have configured Application gateway's and app service URL in the Azure AD's reply URL configurations where I registered my application.
When I hit the application gateway's URL it redirects me for the authentication, then I log in using Azure AD Microsft credentials then after successful login it redirects me to Application gateway URL, then I get 500 internal server error, when I check the response header I can see that SetCookie header's domain is the App service URL which is running behind the application gateway and it shows me warning as "This Set-Cookie was blocked because its Domain attribute is invalid with regards to the current host URL"
Any idea how to resolve this issue
Many thanks
I have published a website which uses Windows authentication and it is working for the machine on which the site is deployed. When any other users in the same network try to access the website, it will prompt for credentials again and again and not allowing the user to access the site.
In IIS NTLM is used as the provider for Windows authentication.
What is the root cause behind this issue?
I am using Azure PAAS. All database servers, application servers and proxy servers are with in my virtual network.
How to setup web application proxy for azure web role?
Change webrole endpoint to Localhost and enable Firewall rule Http trafic in. then site can access form proxy server.
Using web application proxy setup https://technet.microsoft.com/en-us/library/dn383650.aspx we can configure proxy for web role.
I have a web app from visual studio that is using local IIS server to run. It is an MVC 3 application. I setup the application pool in my IIS (win 7 pro) to use a service account for the application identity. When I browse the site I am getting permission errors for a function on the site which I would not get if it was using the service account. This has been tested by using same service account on a development server as the application pool identity. Application executes with no errors. Could there be something in my local security policy preventing the service account from being used?
Service account is also a member of IIS_IUSRS group.
This is a network service.
I have a custom desktop application which invokes an ASMX web service. The Service is hosted under a SharePoint Site in a Virtual Directory in IIS. The authentication used is Windows Integrated.
Now, I want to use the same application from a host in our DMZ. I configured ISA Server to allow HTTP access from the DMZ to the Server in our protected network.
Trying to test the application I got some errors like: "Client found response Content type text/html but expected text/xml". I guess that this error comes from the authentication failure since the same app works fine in the protected mode.
What are my options here concerning authentication? Should I allow Anonymous?
Thanks,
Dimitris.
I finally found the solution!
I had to provide to all the DMZ Domain users that would access the Web Service "Allowed to Authenticate" Permission under Active Directory WFE's computer account