I've had a look at this question, but when I've created the website I need to know what user to use for the pass-through authentication:
Looking at wwwroot in File Explorer, I can see it has IIS_IUSERS, which I tried giving full control to. I assume that the solution isn't to give it my admin account as authentication.
Before I deleted it, it was fine, so what have I missed? Maybe the original Default Website didn't use pass-through Authentication or maybe I'm missing something else.
What's the correct solution?
Related
I'm building web app without users and I want to create a back office for admin to edit something on the site. I thought to add a route that isn't accessible from any place in the app and only admin has it and there he can login.
Is there any acceptable practice?
Thanks
I think this is not best practice, as this is just hiding without proper protection (known as Security through obscurity). A lot of things can go wrong with this approche, like the URL get indexed on Google by mistake. For this reason it would be better to use a admin user with a proper password.
I've given IIS_User modify access and confirmed this on the media disk folder, but i'm still getting a 'Insufficient file system permissions to edit this image.'
Could there be a permission level conflict between IIS_USER and the service level account Kentico is using through the app pool?
Mark, if I understood you correct you are not using IIS_USER as Kentico app pool account. If this it correct - you do not have to grant any permission for it, but only for account configured for Kentico app pool instead.
It can depend on how you set up the site, but what i would do is in IIS hit the "Basic Settings" on the right and see what your app pool is.
If it's a named one, try to right click on the website -> Permissions, and add the user "IIS APPPOOL\TheNameOfTheAppPool" and give full permissions there.
If that user doesn't show up, then try giving the IIS_IUSER full permission, test if it works, if it does then you can start scaling back permissions till it 'breaks' and stops working. If it does't work, then you need to try the other users.
I have an asp.net mvc 5 site currently hosted on windows azure.
Occasionally (normally after I have rolled out or deployed to azure) the authentication seems to bug out.
I try to log in with my google account and I get weird redirect loops where I hit login, and it takes me straight back to the login page. This is normally fixed by restarting the site on windows azure again.
Every now and again though, it will redirect back from google and ask me to enter my username to complete the registration process. It does this on my google account that has already been registered. It is registering the same google account twice or sometimes even three times.
Its happened to myself and my users and I only hear about it when someone contacts me and tells me they've lost all their stuff linked to their profile on my site.
Has anyone experienced anything like this? I'm using the bog standard login / auth controller with an mvc5 project.
EDIT ::
my url is www.dev-score.com, but it also responds to just simply dev-score.com
could it be the fact that some people register on www.dev-score.com and then try to log in with simply dev-score.com or something like that?
sorry everyone, i feel kind of stupid now.
the reason this is happening is because of the different domains, not different url's.
by default azure also has a ".azurewebsites.net" domain that a few of my users were using while my .com domain was propagating.
when i switched to my .com domain, and disabled my .azurewebsites.net domain they all had to re-register, as google (rightfully) thinks that this is a new website.
these are the people that were experiencing that bug and i had to manually move their stuff over to their new accounts. every now and again a user from that period comes back to the site and logs in and has to go through this process again, so it seemed like an intermittent bug but its not, its only a bug to those few users that registered during that small window and haven't been back to the site since.
We are running a application which will write files into another machine using Impersonate through WebService .But we are not able to write those files.We dont know how to grant permission to access the folder.
Help me.
I may be wrong but I think you simply need to right-click the directory you wish to grant the webservice rights to and go to the Security tab and then add the account the service will be running under to the allow list.
For example, we would have like asp.net#yourlocationname.local in my workplace.
Hopefully it is as simple as that.
We have a SharePoint application where we want the user to be able to modify the web.config by activating a feature. The application is extended, so we have an AD based web application and another that uses Forms Based authentication (FBA), with the FBA application being the "main" user application.
We use the SPWebConfigModification class (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.spwebconfigmodification.aspx) to write to the web.config for settings we need for the activated feature.
This works great on the AD based side of things. However, when we try and run this on the FBA based web app, we get an error because the site collection administrator for the FBA site, does not have any access to modify the web.config on the server. Given that they are a FBA user, we can not give them rights on the server either.
Has anyone run into this? Does anyone have any work arounds. I assume I could try and have the application to update the web.conifg run via the command line, but I would really like it be done by the user when they activate the feature. I could also try and loosen security rights on the web.config, but that is a bad path to start down.
Thanks!
John
An alternative would be to write a component which does it.
This could be trigged by activating a feature, or updating a webpart.
This would mean you don't need to loosen security, or do it via the command line.