Anyone has a clue how to turn off forms authentication using Microsoft.Web.Administration and C#?
I have to change the web.config of the web site and set
<authentication mode="Forms">
to
<authentication mode="Windows">
Related
On a windows server 2012r2 box with IIS 8.5, I have an plain html site with a web.config in it.
My config:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows"/>
</system.web>
</configuration>
Unfortunately, IIS doesn't seem to be picking up my Authentication Mode setting. I could make this work in IIS by setting the auth type to be windows, but that would involve me updating every server. Isn't there some way for IIS to pull the configuration from the web.config so that the value is set correctly on deployment? This seems to be the case for almost everything else dealing with IIS and the web.config, so I would venture to say that I'm not doing something right.
is your site a sub application?
try adding
<authorization>
<deny users="?" />
</authorization>
or
<identity impersonate="true" />
So apparently IIS doesn't really listen to the web.config unless you unlock the corresponding section in the application host config.
qBernardhttp://forums.iis.net/members/qbernard.aspx posted the answer here: http://forums.iis.net/t/1146296.aspx?How+to+set+authentication+with+appcmd+exe+or+ServerManager
(here's what he said for when the link might break)
For appcmd, you can set it via /section:xxxx. all auth schemes are locked except Form, so you either unlock it first or commit it at apphost level (meaning store the config in applicationHost.config, which is not so good as in xcopy deployment via web.config file.
Example.
appcmd set config "default web site" /section:windowsAuthentication /enabled:true /commit:apphost
or unlock first:
appcmd unlock config /section:windowsAuthentication
appcmd set config "default web site" /section:windowsAuthentication /enabled:true
I have a static site (i.e all html files, no .Net project) that is being hosted in Azure. I'm trying to password protect this site. I've read that I could create a custom authorisation module, which I've done, but I can't install this as I need to run a appcmd.exe command to allow the correct bit of the web.config to be edited.
Either; how can I password protect a static azure site, or how can I take advantage of the features of the ServiceDefinition.csdef without having a visual studio project?
On the management portal, you can configure that your site needs to use credentials. Credentials are managed via the Azure portal if you use this method.
You could use Forms Authentication which should be pretty straightforward to implement and won't require any startup task (necessary to run appcmd.exe).
Set your application to use forms authentication in your web.config.
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="/myadminlogin.aspx" protection="All" path="/" timeout="120" />
</authentication>
Define the protected folders in your web.config.
<location path="secure">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Within your login area check a condition and set the auth cookie:
'SET AUTH COOKIE
FormsAuthentication.SetAuthCookie(sessionID, False)
response.redirect(/secure/securearea.html)
This unfortunately is the one page where you will need some server side code.
I am trying to authenticate with the sharepoint authenticate web service in an account I have.
I get an error saying NotInFormsAuthenticationMode.
How do I change it from forms to none or windows?
I tried with:
myReference.Authentication auth = new myReference.Authentication();
myReference.AuthenticationMode = myReference.AuthenticationMode.None;
but it says myReference.AuthenticationMode is a type. which is not valid in the given context.
Suggestions?
Any help is appreciated.
Your sharepoint server needs to be modified...
See steps 5, 6 and 7 here:
simple-talk.com/dotnet/windows-forms/configuring-forms-authentication-in-sharepoint-2007/
This is all done in central administration.
Normally in other asp.net applications you would do this through the web.config to look something like this:
<!-- Web.config file -->
<system.web>
<authentication mode="Forms">
<forms forms="401kApp" loginUrl="/login.aspx" />
</authentication>
</system.web>
Edit:
Alright, if you cant change windows authentication then you need to change the way you're authenticating. If impersonate is enabled in the authentication of the sharepoint site than you can programatically impersonate a user.
See http://msdn.microsoft.com/en-us/library/ms998351.aspx ("Impersonating by using LogonUser")
In IIS 7.5 under Windows 7 Utilmate, I have an application which is configured for authentication as follows:
Anonymous & Windows
In the ASP.NET Website, I have turned Forms authentication and identity impersonate = true
I also deny any anonymous users.
<authentication mode="Forms">
</authentication>
<identity impersonate="true"/>
<authorization>
<deny user="?">
</authorization>
IIS complains. What am I doing wrong...
What I want to achieve :I want the windows Logged On User so I can build a FormsAuthentication ticket and pass it to a Passive STS.
So in IIS I have anonymous and windows...If have only windows ticked, I cannot go onto the Login.aspx page as I have an extra parameter to be passed from there.
So now in webconfig, I then disable anonymous users by saying deny user="?" , so it leaves me with the authenticated windows user but using Forms Authentication.You know what I mean??
http://msdn.microsoft.com/en-us/library/ff649264.aspx
If you see Table 4 IIS Integrated Windows for IIS then Web.config setting 3rd row, accordingly WindowsIdentity is Domian\Username .It works on IIS 6.0 win2003/IIS 5.1 under XP
If this is an application that leverages claims based identity, then the responsibility of authenticating users is in the STS itself, not in the app.
If you are configuring your (web) application to trust an external STS, then your authentication mode would be "None" and you'd have a whole section in the config file for "Microsoft.identityModel". You would then configure the STS address there (the issuer attribute). Something like this:
<microsoft.identityModel>
<service>
<audienceUris>
<add value="https://aexpense-dev.adatum.com/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://localhost/Adatum.SimulatedIssuer/" realm="https://aexpense-dev.adatum.com/" requireHttps="true" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
<serviceCertificate>
<certificateReference x509FindType="FindBySubjectDistinguishedName" findValue="CN=localhost"/>
</serviceCertificate>
<certificateValidation certificateValidationMode="None"/>
<applicationService>
<claimTypeRequired>
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="f260042d59e14937984c6183fbc6bfc71baf5462" name="https://localhost/Adatum.SimulatedIssuer/" />
</trustedIssuers>
</issuerNameRegistry>
</service>
The STS itself might use Forms authentication or something else, depending on the implementation.
I would like to use integrated authentication to access a SQL database from a web part. It should use the IIS Application pool identity.
By default you will get the error:
System.Data.SqlClient.SqlException: Login failed for user 'SERVER\IUSR_VIRTUALMACHINE'.
Because in web.config impersonation is set to true:
<identity impersonate="true" />
I can set this to false and the database code will work. Anonymously accessed sites will also work. Any SharePoint site that uses authentication will fail however so this is not really a solution..
To solve this would I have to encapsulate all my database access code to run with elevated priviliges, is that how SharePoint does it internally? Somehow that doesn't seem like the most performant solution.
Is that still the way to go, just use SQL security to access databases from SharePoint custom web parts?
The <identity /> and <authentication /> elements in the web.config file will together determine the account that is used in to connect to SQL Server when using integrated authentication.
When <authentication mode="Windows" /> is configured, you're deferring to IIS to authenticate users. I'm guessing that your your web.config contains:
<authentication mode="Windows" />
<identity impersonate="true" />
and that IIS is configured to allow anonymous users. Setting <identity impersonate="true" /> causes IIS to pass the identity of the IIS anonymous access account to SQL Server.
As Lars point out, using SPSecurity.RunWithElevatedPrivileges will achieve what you want. I don't believe you'll see any noticeable impact on performance but that's something you can test :-)
Use SPSecurity.RunWithElevatedPrivileges to run your code in the context of the app pool identity.
This is incorrect. Because <identity impersonate="true" /> is set to true ASP.NET / IIS will run the thread as the user that is currently logged in (so not the app pool account but the actual user logged into the website).
Something else is going on here. Could you post your connection string for the custom database? (minus the private data off course)