I have a Nancy rest api that is bound to http://*:12345 and uses windows auth.
When deployed it's being used by services on other servers fine using the DNS of the server (http://dns:12345/api/blah) but for some reason any service sitting on the same host cannot use this URL to access the API but must instead use http://localhost:12345/api/blah.
When I browse in IE on that server to http://dns:12345/api/blah I'm prompted with a credentials dialog. When I enter my credentials they always get rejected (despite having access, as proved by the fact that the same test from another server is fine).
Related
I have recently switched my website from HTTP to HTTPS. For some external users, they do not have enough permissions to access via HTTPS and they still need to access via HTTP.
I want to keep both HTTP and HTTPS, but HTTP only for a specific group of users.
How to make this change in IIS 8?
Any ideas, please suggest.
You can try the following steps:
Step1: configure https.
Set IIS to work with HTTPS (http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/ )
Test HTTPS locally to make sure that it works.
In your firewall (to Internet), configure it so that it allows port 443 (https) to your IIS server.
This will allow ALL people to access your website using https, since we have not configured any restrictions.
Steps2: configure http.
Install WindowsAuthenticationModule if it is not already installed
In IIS Manager, click the website.
Double click Authentication in the middle pane
Select Windows Authentication and enable it
Select Anonymous Authentication and disable it.
Since the users on your local network is authenticated to AD, and the website is in their local zone, they should automatically authenticate and should not see the login box. People outside your network are not authenticated, hence should need to logon to access the website.
i having a problem when i tried to use a domain user as a specified user name in basic settings-> connect as. I want to access a shared folder that located in another server.
The web server always says if the username or password isn't correct and always throw 500.19 error when I started to browse the application.
Error Capture
However when I explore the app from IIS, it can be opened. I even tried a remote login to the server using the same username and password and it's just fine.
Image 2
The server I am using for running the web server is a Workgroup computer and in a DMZ. Is that a reason why IIS can't authecticate domain user?
Sorry for my terrible english here, because i'm in panic situation right now. I hope you can understand what i'm asking about and hope somebody has an answer. Thanks
You're right, if your computer is not joined to the Active Directory domain, you won't be able to authenticate using a Domain account.
Should the site be publicly accessible? If so, you would want to set your authentication to Anonymous and then configure the authentication settings to authenticate either as a built in user (NETWORK SERVICE, AppPoolIdentity) or a local machine user created specifically for the application.
Dears,
Kindly note that I have a website deployed on IIS 8 in windows server 2012.
When trying to access the website using the host name, the login popup appears and when entering the windows credential, I can enter to the website successfully,
When trying to access the website using the IP address, the login popup appears and when entering the windows credential I cannot log in, and the pop appears again, trying more it returns the same behavior when canceling the popup it gives me the below error:
HTTP Error 401.1 - Unauthorized,
Please note that the "Anonymous Authentication" is enabled using the IUSR identity, and the Windows Authentication enabled with the NTLM and Negotiate providers and the NTLM is first.
I am trying to fix this issue by edit the registry value BackConnectionHostNames and DisableLoopbackCheck following steps in the below article from Microsoft
https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate
and still not working
Thank you in advance
Consider the differences between navigating by hostname and navigating by IP to your server. Use command prompt and do a tracert IP vs tracert hostname. The difference is by hostname, it resolves your request through the domain name services (knows who you are and who the server is on the domain). By IP, it skips the domain name services and goes directly to the target computer. The network doesn't need the DNS if you use the actual IP address, as the DNS is used for resolving names into IP addresses.
I believe you can directly put the domain name in your code so it knows where to look without relying on the DNS to automatically authenticate (although I haven't done this). Otherwise, let the domain name services resolve the user automatically by authenticating the requestee (the user) to the host (by name) when using the hostname.
Let me know if that makes sense.
We have created a dns for external and internal employees to visit an application website. They can both reach the website hosted in iis. they can both download the application that has been deployed using clickonce.
Issue is we want to password protect for external employees.. Internally its ok because we use windows authentication and have a group of users for specific applications.
we created an ad account and password. when i setup windows auth and restrict to this one ad account. i enter in username and password when going to the external dns. thats fine.. i click on the application to install.. and when its trying to install i get + The remote server returned an error: (401) Unauthorized.i'm getting a security error even after i put in the credentials , it somehow still fails when going to install.. what can i do to better password protect applications that will be accessed from the outside using clickonce.. or fix this issue thanks
I am stuck at the moment on trying to configure the Windows authentication on a web site.
The site is configured (in IIS 7.5) as follows:
Windows authentication and ASP.NET Impersonation - Enabled.
The 'Enable Kernel-mode authentication' is checked.
Providers section contain all 3 possible: Negotiate, NTLM, Negotiate:Kerberos.
The site connects to a SQL Server using Windows authentication as well.
The Web server is marked as trusted for delegation for the SQL server.
When I browse the site locally from the web server everything works; when I browse it from a client computer I get the well known error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
I read I should set some SPNs - but in my case - to what\whom ?...
The access to the SQL Server is done individually to users (also, the Web server, SQL server and the users accessing the site are in the same domain; the application pool also uses a domain account)
An advice would be much appreciated ...
I think you're getting "Anonymous Logon" because you have anonymous logon enabled.
Try enabling only Windows authentication and ASP.NET Impersonation and disabling the rest
Also might help to check the internet explorer security settings for the 'zone' you're in from the client computer (i'm guessing internet) at the very end set internet explorer to prompt for user name and password