I have IdentityServer (.net core 2.0) on IIS configured to work with Windows Authentication and everything works fine when the hostname on that application is set to the name of the server but when I am trying to change the binding to a different name then I cannot log in with Windows (401 Unauthorized). DNS is configured to work with both names same as the SSL certificate.
Any ideas why different hostname causes problems with IdentityServer while using Windows auth?
Related
I have two servers. First one is a server with ASP app on it and the second one is an LDAP auth server. I need to login on app server over LDAP on the second server and I need to use windows auth (NTLM or Negotiate). As I know based on my research to login on the server using active directory domain from other server they must be in the same local network. This can be established by VPN. But the thing is that I can't use a VPN. Can it be established somehow? I'm currently trying to configure IIS to not identify my user on my current domain and serve the credentials to remote server over LDAP using .Net. Sorry if I have a wrong understanding about something, I'm still newbie in windows auth and AD. Correct me if I wrong in something.
I'm using ASP.NET Core RC2 and IISExpress 10 on my local machine and my target framework is 452 due to using some old modules.
On remote app server I'm using IIS 8.5
I am having an same issue when trying to run SharePoint Foundation 2010, and I am using the NTLM Windows Authentication Provider. We are running IIS 7.5, and we have a dev SharePoint site set up on another server, using the exact same authentication, but for some reason, the site on our prod server throws the error "No credentials are available in the security package." This fails using all browsers, and it fails when I run the site from the server directly as well as from any client machine. We have Windows Server 2008 R2 Standard on both machines.
I've checked that all the security settings for the SharePoint app pool as well as the SharePoint Web Services pool matches our dev server's settings, and they all do.
Any ideas? Thanks.
It looks like Kerberos is failing on the server. I understand you are using NTLM but the message seems to be Kerberos. Could you please check Authentication provider on on the IIS? If Negotiate is at the top of the list move down and make ntlm as top provider
IIS - UnderAuthentication - > Providers
When windows Authentication is used , this error can come if Kerberos is not available or failing, upon checking Providers under Windows Authentication setting in IIS, i changed preference of Negotiate and moved it down , NTLM remained up and it fixed my issue
We are developing an ASP.NET WebAPI that is hosted in IIS and authenticates using client certificates with iisClientCertificateMappingAuthentication.
In our on-premises development environment we have tested IIS 7-8 and Windows 7-8/Server 2012, all of which work fine.
We have set up a demo environment in Azure with a VM running Windows Server 2012 R2 and IIS 8. Using this configuration we have yet to successfully pass through IIS client certificate validation, where we consistently receive an HTTP 403.16 error.
The service is consumed by a custom iOS app that we have verified is sending the client certificate, which was expected since my understanding of the error implies IIS is unable to validate the certificate that it received.
The Client Certificate Authority is installed in the Trusted Root Certification Authorities and the Client Authentication Issuers stores for the Local Computer.
Pretty much all of the resources we can find on this issue propose the solution here: http://social.technet.microsoft.com/Forums/en-US/fae724e8-628e-45a5-bf39-6e812d8a1a70/40316-problem-in-iss8-on-mp-in-dmz?forum=configmanagerdeployment
where it's suggested we add a registry setting for ClientAuthTrustMode. This has not resolved the issue for us; we also did not need to do it for any of our local testing which involved the exact same OS and IIS versions.
We've spent days on this with no progress and were hoping someone may have some insight into this issue. Is there any default configuration that we have yet to come across to enable this form of authentication for VMs in Azure? It seems as though IIS on a VM in Azure is unable to actually validate against the CA in Trusted Root. One idea I had was that perhaps the certificate is being stripped from the request before it's routed to IIS, but again, that seems unlikely given my understanding of the error code.
Has anyone gotten a setup like this to work?
I happened upon this knowledge base article, maybe it can help you
http://support.microsoft.com/kb/2802568
I have a web role which is configured for 2 endpoints, one http, one https 443:
Then I have 3 certs (one is the main and 2 are CA). I have uploaded all of these and also checked thumbprints are correct.
But when I deploy, the http site works fine but the https site does not. Fiddler shows:
Authentication failed because the remote party has closed the
transport stream
Any ideas?
Note: Also worth noting this https works fine when on local machine through Visual Studio and only reports the certificate error, which is expected.
First, open the portal and enable RDP to the instances, then connect to the role instance, open IIS, and verify the HTTPS binding is configured properly. Try accessing the site using https locally from the server and verify it works.
Report with the findings.
I configured the Default website in IIS for SSL by creating a CSR using the IIS itself, submitted it to a CA, and assigned the issued certificate as the server certificate. That's all is required in this world to setup server SSL. But when I open the https url it says "Internet Explorer cannot display the webpage". Which pillar should I bang my head against to get it working? The only help from microsoft I could find is that useless arcicle http://support.microsoft.com/?id=290391 that presupposes you are configuring a non-default website for SSL and goes on and on about port conflict. I'm using default website for https.
I'm using windows xp, IIS 5.1 and Microsoft Management Console 3.0.
Please help or courier me a shotgun for shooting myself.
Edit: After I configured IIS for SSL, the Apache Tomcat server which had been configured on port 8080 has suddenly stopped working. The 8080 urls just timeout. What is the connection?
Edit: Because I can't live without Tomcat on my machine, I used another machine to setup IIS SSL after stopping the tomcat there. I face the same problem there, "Internet Explorer cannot display the webpage". Please help before I shoot myself.
Don't shoot!
XP has given me fits with SSL... have you tried setting the application pool to high/isolated setting up the website with an identity under COM?
That seemed to solve some issues for me.
Also - did you make sure to set it up in the correct stores? Is this an application that is running under your account or a service account? If it is a service account you may need to do a RUN AS on the certificate management console and add under that user's personal store as well as under the appropriate store for the machine/computer.
Good luck.