MVC 5 Prompt for Windows Authentication Only Once - iis

On a MVC 5 application, I have this in the Web.config:
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
<authentication mode="Windows" />
<authorization>
<deny users="?" />
<allow users="<list of authorized users>" />
</authorization>
</system.web>
The application correctly authenticates users from the specified list, but my issue is that it asks every single time that the page is refreshed, or navigated to. I want it to ask once and then remember the user as they navigate between pages on the application. How might I accomplish this?

As far as I know, storing memebr in for windows authentication is not related with the IIS setting. This is related with the Browser setting. I guess you may disable the auto submission of windows credentials by browsers.
For IE or Chrome(Chrome browser uses system settings which are managed using Internet Explorer):
Notice: You should add the url in the intranet as below image shows:
1.Navigate through Menu bar to Tools -> Internet Options -> Security
2.Select Local Intranet and Click on "Custom Level" button
3.Scroll to bottom of the window to User Authentication section, select "automatic logon only in intranet zone"
For firefox:
1.Start Firefox
2.In the address bar, type about:config. At the prompt that warns to proceed with caution, agree to continue.
3.After the config page loads, in the filter box type: network.automatic. You should see a search result of network.automatic-ntlm-auth.trusted-uris
4.Modify network.automatic-ntlm-auth.trusted-uris by double-clicking the row, and then enter https://your_SecureAuth_FQDN.com; Multiple sites can be added by comma delimiting them, as in this example: https://your_SecureAuth_FQDN.com, https://www.replacewithyourintranetsite.com
5.Click "OK" and close Firefox

Related

How to forward to Lightswitch html client from domain root deployed on Azure Websites

I have successfully deployed a Lightswitch HTML application to Azure Websites. I have also forwarded my personal domain to mask the azurewebsite.net address. I am now able to access the site by typing mydomain.com/htmlclient and everything works fine. If I type in just the my domain.com, however, I get the you do not have permission error.
This is close but ultimately I would like to be able to enter just the domain and have it automatically forward to the htmlclient folder. I know it is possible but I'm not sure if I can get there with settings in azure or my domain host or if I have to drop a page in the root (it appears that the default and login.aspx pages for forms authentication are already in the root).
Any help would be appreciated.
In the Visual Studio 2013 version we've found this is simply a case of adding an additional entry to the LightSwitch server project's web.config file.
This additional entry needs to reference the default.aspx file (which should already be part of the server project) and should be introduced into the defaultDocument section of the web.config. In the following example, this new line appears immediately after the standard default.htm line: -
<defaultDocument>
<files>
<clear />
<add value="default.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>

SharePoint PeoplePicker search not finding users

I have a SharePoint site configured with FBA.
If I enter a user into a people picker field and check their name, it shows up fine:
However, if I click the "Browse" button (show above to the right of Check Names) and search for a user, nothing comes up.
I have the people picker wildcards on the web app set to
<PeoplePickerWildcards>
<clear />
<add key="AspNetSqlMembershipProvider" value="%" />
<add key="SQL-MembershipProvider" value="*" />
</PeoplePickerWildcards>
Which are the same as in Central Admin, where search seems to be working fine. Any idea what I'm missing?
It looks that some properties of people picker is not set for searching.
http://blogs.msdn.com/b/rajank/archive/2009/09/01/all-you-want-to-know-about-people-picker-in-sharepoint-functionality-configuration-troubleshooting-part-1.aspx
the above article states "All about People Picker"
Please go below link, it seems you have to set the search criteria and domain.
http://manojvnair.blogspot.ae/2014/04/users-do-not-show-up-in-sharepoint.html
Are you able to get validated all users or specific user in people picker?
I've found the issue.
After opening the tab in another browser window and opening the JavaScript console, I noticed several errors preventing the page JS from running.
I added the following to the handlers section of the web.config:
<add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
This resolved the issues with searching for users.

What are possible reasons ASP.NET MVC may redirect to login page second time?

Using forms authentication and MVC 5, I see redirect to login page occurring twice. Confirmed this with Fiddler. The sequence is this:
GET testhost/myapp/ - response redirects to URL in step 2.
GET testhost/myapp/login.aspx?ReturnURL=%2fmyapp%2f - redirects to step 3.
GET testhost/myapp/login.aspx - response status is 200 and I get the login page.
If I debug, my breakpoints are hit in global application events, such as Application_EndRequest, for every request. But the login page breakpoints are hit only on the second call that has empty query string.
I see a redirect even when I go to the login page directly (testhost/myapp/login.aspx).
And even though login page works after that I'm concerned that the query string is lost due to the second redirect.
I've disabled authorization for the login page, which made no difference:
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Checked HTTP vs. HTTPS.
Any other settings to check?
Updates:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" requireSSL="false" timeout="60" protection="All" name="SqlAuthCookie" path="/" />
</authentication>
Redirecting code (although it only executes after the user logs in; in this case it takes two redirects just to get to login page):
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(sUserName, false);
One more thing I noticed in Fiddler is that the response for step 2 above contains ASP.NET_SessionId cookie with no value, and the response for step 3 contains that cookie with a value.

ASP pages in IIS using Localhost 401.3 Error do not have permission

I have just installed the IIS so I can view asp files in a browser but when I put the address in a browser as : http://localhost/index.asp I get an error.
The error shows this:
HTTP Error 401.3 - Unauthorized
You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.
I really need to get this sorted out, I would highly appreciate any advice on this.
My issue was around the identity used in the app pool. I changed the site's Authentication to "Application pool identity" as well as giving the directory the appropriate permissions.
OK, working from memory here as I am not in front of a Windows machine.
If you right click on your webroot folder /inetpub/wwwroot/ or the website directory you are working on open properties and select security, I think it is, you will see the list of users with their permissions for that folder. There is a section to add new users where you can add the IIS_IUSRS account (search from the list of users if you need to) which will be the default user used when anonymous authentication is enabled. Give this account the relevant permissions (read, write, execute) ensuring you apply to file and subfolders. Refresh the website in IIS and you should hopefully be good to go.
I had one folder not working (extracted from a zip file which came from an email from some kind of MS Sharepointy thing. Or something). The files were all marked with Windows Explorer -> Right Click -> Properties -> Advanced -> Encrypt contents to secure data. Unticking cured it.
In my case I had created an application in IIS 7 on Windows 7 using "Add Application" on the Default Web Site. I had to add the "users" account from the local machine and that got rid of the permissions error.
I had this happen to me and what I needed to do was apparently add a web.config file. Doesn't matter that it was just a PHP site, and that "Everyone" had full control. Until there was a basic Web.config - NO DICE!
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Execute, Script" />
<defaultDocument>
<files>
<clear />
<add value="index.php" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>
Here, the set up process is explained in detail. You can follow the steps.
http://coldfusion-tip.blogspot.com/2013/10/you-do-not-have-permission-to-view-this.html

File Security (IP address access restrictions) in IIS7

I have a web service that contains 2 asmx files (public.asmx and private.asmx). On IIS6 I could go to the properties of private.asmx then, from the 'File Security' tab, deny all computers access except the IP address for localhost.
In IIS7 I only seem to be able to do this for an entire folder. What am I missing?
Funny - I found this question because I have the same problem, but I think the solution is as follows:
In IIS7, browse to the directory containing your public.asmx and private.asmx files.
The title at the top will reflect the current directory, like "WebService Home". Click the "Content View" button at the bottom.
Right-click on your public.asmx file and choose "Switch to Features View".
The title should be "public.asmx Home" to confirm that you're managing the one file.
Add your IP restrictions. In this case, I think you want an Allow entry for 127.0.0.1 and choose "Edit Feature Settings" from the Action menu to Deny access to unspecified clients.
Click your containing folder again (e.g. WebService) and switch to Content View again to repeat these steps on private.asmx.
I am learning the ropes of IIS7 myself, but I hope this answers your question.
Found this question via Google and was looking for how to do it via the .config file but could not find that answer here. I've since tracked down the info:
The ipSecurity element is used by the web.config in IIS7 to restrict access by IP Address. You can use it like this:
<configuration>
<location path="private.asmx">
<system.webServer>
<security>
<ipSecurity>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
</configuration>
Update: Note that the role has to be added for this security to be enabled. See the ipSecurity article linked above.

Resources