I'm trying to setup Forms Based Authentication in IIS 7.5 with ColdFusion 10. It's somewhat working but not prompting for ColdFusion pages. Yes, I did enable the Integrated Pipeline to force auth on all files. Then, I disabled auth on the two ColdFusion Virtual Directories. Not doing so caused a redirect to /jakarta/isapi_redirect.dll instead of the real/calling page.
So the interesting thing is that ColdFusion files (.cfm .cfc) seem to get past the authentication because they are processed by the un-authenticated Virtual Directories.?. (even though the requested page is still the called page..)
Any thoughts would be appreciated. Thanks!
Well, I've found a workaround but I'm not sure it is the right/best solution. Basically disable Anonymous Authentication EXCEPT for the ColdFusion Virtual Directories and the folder that contains the login page. Open to any other ideas anyone might have.
Now, to get Forms Based Authentication using ColdFusion with .NET objects... :)
I found that the FormAuthentication iis module was not being called for isapi_redirect.dll(jakarta pages) probably because of the precondition preCondition="managedHandler" that's default on FormAuthentication module.
Adding
<modules runAllManagedModulesForAllRequests="true" >;
in web.config allowed things to work as intended.
Enabling Trace Logging for Failed Requests were indispensable in figuring this out. This was with win2016/cf2016/iis10.
Related
For some reason when I make a change to IIS 7 now it generates a web.config file for things like mime types and directory browsing. I do not remember every seeing this behavior from IIS before so I am wondering how I can turn it off. I do not want the web.config file to be generated much less used in the site I am developing for IIS. Please advise as to disable this and force IIS to make these changes without generating the web.config.
Thanks in advance,
Ed
Since IIS 7.0 the IIS has started to store the settings in web.config. which is very handy if you are going to change the hosting of your domain. All of your application level settings will remain in one place.
If you are a developer, the web.config can perform a lot of things that can ease your life. There is no harm in keeping this file on server.
I inherited a mess of servers which host multiple applications on IIS6, protected by R6 SiteMinder. The environment is soon going to R12, and we have also received some new servers with IIS7.5. (Lots of change, all within the next 60days.)
I am not an expert, and so am having trouble with some of the more detailed steps of configuration. Thus far, on the new server I am able to create and apply SiteMinder to the DefaultWebSite (and everything contained within), and any custom Sites that I create. Unfortunately in our environment, it is already set up with a handful of applications that live underneath DefaultWebSite, only some of which we desire SiteMinder protection.
In IIS6 I was able to simply add a site to SiteMinder authentication by applying the ISAPI6WebAgent.dll in the wildcard mappings. In IIS7.5, this does not seem to work. I follow the specific details in the installation manual and it seems like it is either an all-or-nothing situation: everything under DefaultWebSite is protected, or nothing is.
This will cause a SIGNIFICANT amount of additional work in my environment (and it also means upgrading in place is not possible, so all applications that require SiteMinder authentication will need to be migrated in the next 60 days.) Is there ANY workaround for this? Google has not provided me with any solutions, and my SiteMinder team is claiming "it is no longer possible with IIS7.5" to keep the environment the way it is currently set up.
Any and all help appreciated.
For those that care, if you are running under an Integrated App Pool, you can simply add and remove the SiteMinder modules to control which sites are protected by SiteMinder. This DOES work on apps below a virtual directory - and using the config files you can both inherit protection by default, or have it unprotected and add it later by simply "Configure Native Module" and adding it back.
Good Morning,
I was having serious problems regarding this website.
What happens is everyytime I try to open a .shtml page in the site it always has an error "The Page Cannot Be Found" but this is highly unlikely since I already all have the resources in my local pc and already did a virtual directory for the entire site. Can you please tell me what's the problem? i've checked all the codes and they're constructed just fine.
If you're attempting to view the page in Internet Explorer then I recommend turning off friendly HTTP error messages in the advanced settings. Disabling the setting may result in more verbose error messages, especially if it's an HTTP/500.
This is not actually an ASP problem. .shtml files are handled by the server-side include ISAPI application extension.
In Web service Extensions folder under the server icon in IIS manager, ensure that Server Sice Includes is set to "Allowed".
So I have a site setup on a server. It has been working for ever. All of a sudden it stops working. I tried going to it even by IP. It just says, "Under Construction..
Under Construction
The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured..."
I check to make sure it was pointing at the right virtual dir and that the default page was set in the documents list. The default page does exist in the dir too....
Nothing has been changed via code. Nothing has been altered on the server. I have a bunch of other sites running on the same server and they are all coming up. Just wondering if there was something that may have happened or overlooked. Any thoughts or ideas?
Thanks a million.
Double check your bindings are set correctly. Perhaps a new site was created which conflicts with the bindings of your site?
Edit
Make sure .net is set to the right version. I've seen where pages are not served up when the web is set to 1.1 on a 2.0 site.
Also does the site work locally on the box? Have you ruled out firewall issues / changes or other network related elements.
It sounds like your request is being handled by another IIS site. Make sure that the host header is set correctly.
With your comment, the "Bad Request" error means that the default web site was handling the request. There are a couple of things you can check:
If this is not the site that you expected to serve your app, then you still have a website identity issue.
If your app is hosted on the default web site, then make sure that the default document is set correctly.
Also make sure that you don't have a file named "app_offline.htm" in your app's root.
Well we rebooted the server and now it works again. I guess I should have tried that in the first place. It was just odd that all the otehr sites were working. Anyway thanks for suggestions everyone.
Our web application uses Windows Integrated Authentication (aka NTLM Auth) for security.
It's working fine for both IE and Firefox users, but Safari users are seeing intermittent problems. Browsing the site will work fine, but every once in a while there will be problems loading elements of a page (e.g. CSS or JS files). Reload and the problem will go away.
If we use a debugging proxy (Fiddler) we can see that there is a lot of extra 401 requests happening with Safari. Every once in a while a request for a resource will get stuck in a 401 request loop, and eventually fail.
I can't see anything that we're doing to cause this, and it would appear that it's a bug in Safari. Has anyone ran across this issue before, and have any suggestions for a resolution?
Thanks,
Darren.
Some web sites http://www.musteat.org/nodes/show/151 indicate this is an issue with negotiated authentication.
You can turn off Negotiate in favor of pure NTLM in IIS via the NTAuthenticationProviders Metabase setting, and the following ADSUTIL command.
cscript adsutil.vbs set w3svc/WebSite/<SiteID>/NTAuthenticationProviders "NTLM"
Change < SiteID > to the appropriate ID, typically 1.