I have an application running on IIS 6.1 with .NET framework 2.
At IIS's Authentication, I had disabled Anonymous Authentication and enabled Windows Authentication (with NTLM on top). Because this application is for internal use only and the authentication will be based on user's NT account from AD.
When I tried to launch the application, everything is ok. But when I wanted to view other pages that are in the different folder with the default page, IIS keep asking the users to login. And when I tried to login with my NT account, it failed.
So I looked for the event log and found out the event ID is 5011, which is 'Web sites and Web applications depend on the availability of Internet Information Services (IIS) application pools. IIS application pools in turn depend on the Windows Process Activation Service (WAS). If WAS is not running or errors occur during the startup or shutdown of an application pool, Web sites and Web applications may not be available.'
I would like to let the user to browse the application without having the login window keep showing.
Please help.
Check that the user's domain accounts have file level permissions (Read only is sufficient) to the website files.
Related
I recently configured a sharepoint 2013 farm to use ADFS and converted the web application successfully, every thing is working fine except one thing, in my portal i have multiple webparts that communicate to webmethods (GET,POST) using Ajax jquery calls, these webmethods are hosted in an application page which resides in the _layouts.
my farm has 2 web front end, now the problem that sometimes these webmethods cannot see the logged in user so spcontext.current.web.currentuser is null.
and i noticed that sometimes i notice multiple logins even though i am already logged in and i have changed the servicetokenexpirationwindow to 4 days!
the session state is configured in the farm and enabled in the web application.
our azure load balancer is configured to keep the client ip to stick with the same machine.
Please help me!
I made up a web application for a customer, and I would need your help as my application has some huge troubles to run correctly on client machines with the Internet explorer 11 browser.
This is how my web application is shown by running it on the web server (it's the identification page) :
And this is how my web application is shown on a client machine :
The IIS server has only 1 web application installed, the application uses the defaultAppPool authentication to tun, a technician of my customer said the windows user defined for the identification has full rights on the folder of the web application.
Do you have any idea of what I have to do to solve my problem? I already added the url of the application into the trusted sites list and nothing changed. One last thing, the client machines are on 2 different domains.
PS: I used Webdev 22 to make my web application.
a technician at my customer finally found the solution.
Open Internet explorer 11, Tools --> Compatibility View settings, in the pop-up, uncheck Display intranet sites in Compatibility View
I'm running IIS 7.0 on a Windows 2008 R1 Server and want to setup IIS Manager Users. Due to some fact, every last try to access the site is rejected (HTTP Unauthorized).
The following additional IIS components are installed:
Security\Basic Authentification
Security\URL Authorisation
Management Tools\IIS Management Console
Management Tools\Management Service
Then I configured the Management Service to use Windows or IIS-Manager-User Credentials.
I also added some IIS-Manager-Users and activated them on my Website.
On the Authentification Settings Pane, I disabled anonymous access and enabled basic authentification.
As a result, when browsing the website, a password is now required. The thing is, I can access the page with Windows Credentials, but not with the IIS Manager User Credentials. In this case the result is always HTTP 401 - Unauthorized.
What am I missing?
IIS Manager Users are meant for administration of IIS (aka management of the sites/apps) and not for access the server at runtime (normal browsing of content).
Having said that, you can make that work if your scenario is to use the same users for potentially administration (like using WMSVC) and runtime and I wrote a blog about it on 2008 on how to set it up:
http://blogs.msdn.com/b/carlosag/archive/2008/09/26/using-iis-manager-users-in-your-application.aspx
I've got a little server plugging along, with IIS and some other stuff. Is it possible to allow a second user access to the IIS Manager, with the ability to create and edit sites, but keep the two accounts' sites separate?
I'm not worried about security between the two accounts, just separating the two account's sites for neatness and so that one user doesn't accidentally change something tied to the other account. At the moment I have two users part of the administrators group, and if I open IIS Manager with either one they both show all the sites.
A similar question has already been asked: how to create hidden web site on IIS
Can you please expand the answer of that thread?
Update 1
Connecting to sites remotely would allow the other sites to appear hidden as you would only see the connecting site. See: How to use Internet Information Services (IIS) 7 Manager to connect remotely to your website.
Update 0
As for hiding sites and other features, check out: What is administration.config for IIS?
One little known feature of IIS7 is that it's UI is entirely extensible! This means that anyone can write a C# assembly and get it displayed through the IIS Manager UI. The possibilities here are endless, anything from someone writing a new certificate management system, a website provisioning system, etc.
I haven't found documentation stating that the actual sites can be hidden but it sounds like it should be possible.
An Overview of Feature Delegation in IIS 7.0 may also provide the ability to hide sites.
Other links:
How do I hide 'non-delegated' features in IIS 7?
Based on your description, Microsoft's documentation on Configuring Permissions for IIS Manager Users and Windows Users (IIS 7) might prove helpful. For instance:
Allow an IIS Manager User Account to Connect to a Site or an Application (IIS 7)
Note: For IIS Manager users to connect to sites and applications for which you grant permission, you must configure the management service to accept connections from users who have IIS Manager credentials. For more information about how to configure the management service, see Configuring the Management Service in IIS 7.
Configuring Permissions for IIS Manager Users and Windows Users (IIS 7) - Emphasis added.
Use the IIS Manager Permissions feature to allow users to connect to sites and applications in IIS Manager. Remove a user account when you no longer want the user to configure delegated features in a site or an application.
Permitted users can configure delegated features in any sites or applications for which you grant them permission. Users can be either IIS Manager users, which are credentials created in IIS Manager by using the IIS Manager Users feature, or Windows users and groups on the local computer or on the domain to which the computer belongs.
I have an asp.net page which changes passwords in the OU. Where do I set the user which actually runs my code?
In the virtual directory security settings, is it the application pool user? Or is it in Web.config? Which one of the configurations actually configures the user that runs the asp.net code?
The identity of the user under which a web application runs is defined by the application pool which the web application uses. All of this can be seen and set in Internet Information Server (IIS) Manager.
As far as I know the Identitiy with which a aps.net application is run is set in the properties for the web application.