Windows Authentication - specific folder permissions in IIS 8.5 - iis

We have intranet website that is deployed on IIS 6 with windows authentication and ASP.Net Impersonation enabled. It works perfectly, but when we moved to IIS 8.5, logging (to a log file) seems to stopped working. When we ran Process Monitor, it shows access denied to the folder where logs are written. And it also shows that, it is impersonating logged in user to write the logs. Where we want the system to use app pool user to log. I tried everything available on internet, changing entries in applicationhost.config to adding location paths and adding web.config to that particular location, nothing seems to work.
Update:
Just executed Process Monitor on old server and below is the comparison. it is exactly same, except new server denies the access. In both the cases, impersonating user (logged in user) tries the access to folder. I think something to with OS. Old server us Windows Server Standard and new one is Windows Server 2012 R2 Standard.
Old Server
Operation:CreateFile
Result:SUCCESS
Path:XXXXX\log.txt
Desired Access:Generic Write, Read Attributes
Disposition:OpenIf
Options:Synchronous IO Non-Alert, Non-Directory File, Open No Recall
Attributes:n/a
ShareMode:Read, Delete
Impersonating:domain\username
OpenResult:Opened
New Server
Operation:CreateFile
Result:ACCESS DENIED
Path:XXXXX\log.txt
Desired Access:Generic Write, Read Attributes
Disposition:OpenIf
Options:Synchronous IO Non-Alert, Non-Directory File, Open No Recall
Attributes:n/a
ShareMode:Read, Delete
Impersonating:domain\username

Related

Authentication Required Popup box for vTiger CMS

I'm using vTiger CRM 5.4.0
It was working fine but i have changed and updated my server and simply copy paste and upload previous back from old server along with DB...
but it always shows me Popup box for "Authentication Required" on each page.
this message is most probably due to the use of HTTP Basic Authentication on the server side.
This has nothing to do with Vtiger and it's something you (or the person in charge of managing your server) needs to set on the web server side (may be Apache, IIS, or others).
If your interest is to disable the request of username and password, you should edit the server configuration. In case of IIS, this is a good starting point. In case of Apache web server, see this link.
Otherwise, you should check with the manager of your server for your username and password. The popup should not come up once the right combination has been entered.
I think the problem is Plesk. Plesk automaticaly creates a virtual directory named "test". This directory holds the Vtiger logo. Loading the logo causes the permission issue.
Solution: rename or delete the virual directy "test" in Plesk.

Error in non existent global.asa

I have a user's website giving an error in a global.asa file but it does not exist in their web root. It looks like the account has been hacked as it's giving an error about not connecting to a server, and at the same time I see the firewall block outbound connection requests.
msxml3.dll error '80072efd'
A connection with the server could not be established
/LM/W3SVC/6510/ROOT/global.asa, line 66
I've deleted the IIS instance and had the control panel recreate it, but the issue still exists. I've even created a dummy asp file which only displays some text and it happens.
I'm at a loss where this could be being picked up and looking for suggestions. Where might this be set?
I've had the same problem on a w2k3 server (iis6) with many sites, where just one had the fake global.asa;
I've not still found cause but a workaround solution, for me, has been:
open MMC Console (IIS manager)
stop IIS
double click on Web Sites (confirm reload offline configuration)
under every site delete "ghost" global.asa (that you don't find under phisical websites folder)
start IIS

Does apache for linux process http requests as a different user?

I've been doing web development for about 6 months now for fun and so I never really had a reason to be secure. Now I want to change that but I'm having a hard time understanding apache file permissions. I created the server and usually just ran var/www with 777 permissions because I needed to get by and didn't have information worth stealing. I researched user permissions and now I have run into a problem after configuring some things. I added the apache user "nobody" to a group I created called webserver, I also have an ftp user in this group. I set var/www permissions so that "me" and the group webserver have full permissions on for the folder and enclosed files and other users have no rights (can't read). When I attempt to view my sample website on 'localhost' I get a permission denied message from apache, but apache has full ownership of the file so why can't it process the file, send the appropriate response the the computer which requested it, and complete the transaction? Does Apache process http requests as a different user? I'm confused.
Usually on Ubuntu, apache run with the user www-data.
You can also pimp it by editing APACHE_RUN_USER and APACHE_RUN_GROUP in the envvars file.

Umbraco 4.7.2 Installation Won't Load Images, CSS, Javascript, Etc

I've been trying in vain to get Umbraco installed on my Windows 7 box under IIS 7. I was able to use the Web Platform Installer to get it up and running via WebMatrix, but I want this running in IIS.
Whether I perform the install manually by setting up a new web site copying binaries, or whether I let the Web Platform Installer do it, I'm always presented with an installation page that's missing all CSS, images, js, etc.
When I attempt to hit those resources directly, I'm always redirected back to the install page.
I'm telling the platform installer to create a brand new web site. No virtual directory/application name is being specified. And I've followed all the online directions I can find.
Logs show 401 unauthorized errors:
2012-05-11 02:42:22 127.0.0.1 GET /umbraco_client/installer/css/all.css - 80 - 127.0.0.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 3 5 10
2012-05-11 02:42:22 127.0.0.1 GET /umbraco_client/installer/css/reset.css - 80 - 127.0.0.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 3 5 10
2012-05-11 02:42:22 127.0.0.1 GET /umbraco_client/installer/css/form.css - 80 - 127.0.0.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 3 5 10
I tried changing the app pool identity to Network Service and granting full permissions to the web site root path, and while it didn't fix the problem, it turned all the above 401 errors into 302 redirects.
Thougts?
In my case I found that although I had created a custom App Pool running under an identity with permissions for this folder, in the IIS authentication page ( IIS Manager -> Authentication -> Anonymous Authentication ) it was using IUSR as the default user for anonymous authentication. By checking the "Use Application Pool Identity" box instead, it worked correctly.
It appears as though the root cause was that I had my umbraco files under c:\Projects\MySite\Umbraco\WWW. Despite the fact that the WWW folder had the correct permissions, IIS would not grant access to the resources in question.
Once I moved the contents to c:\inetpub\wwwroot\, it started working. I'm still not entirely sure why, as the permissions match exactly, but it is what it is.

IIS 7.5 Virtual Directory to Mapped Drive

I have an S: which is connected via a username that exists both on server1 & server2.
The mapped drive works fine.
I connect this as a virtual directory called config in IIS it connects and works fine. I can see in content view the files in the mapped drive.
When I attempt to browse to one of these files it gets an error 500
http://www.mydomain.com/config/file.html
file.html is there
I've done this before, Im sure its a permission or security issue somehow, but I cant work it out
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Give up mapped drives please,
http://support.microsoft.com/kb/207671
http://support.microsoft.com/kb/257174
The answer was two part.
Part one I was simply browsing the website, I wasn't using https and thus I was getting a different IIS site that didn't have the virtual directory.
Part two was I was using ColdFusion attempting to run a .cfm from the virtual directory, even with the correct website, it still got an error 404.
The resolution for this was to ensure the ColdFusion service was run as Administrator rather than LocalSystem and all was good.
Just for everyones reference, if you create the same username / password on both servers, share using that username, connect using UNC path and that username and it will work, no special permissions or anything.
Thanks to Karl & Lex for the help.

Resources