I have the following structure in IIS.
Internet Information Services
(local computer)
Web Sites
Default Web Site
MyApplication
MyApplication is a Application in IIS.
Integrated Windows authentication is NOT set on the Default Web Site.
However I want to set Integrated Windows authentication on MyApplication. (Its an intranet app).
This can be done via the GUI: Right click on the Default Web Site and choose Properties. Select the Directory Security tab, and click Edit on the Anonymous access and authentication control.
I want to include this in a setup script. I have other setup commands, using adsutil.vbs but I'm struggling to set up the Integrated windows authentication.
Running:
cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET /W3SVC/1/NTAuthenticationProviders
Returns
NTAuthenticationProviders : (STRING) "NTLM"
However, i exepcted to be able to run
cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET /W3SVC/1/ROOT/MyApplication/NTAuthenticationProviders
But this returns
Error Trying To GET the property: (Get Method Failed)
NTAuthenticationProviders (This property is probably not allowed at this node)
Is it not possible to set NTAuthenticationProviders Metabase property on an appliction level?
The metabase property that controls the Authenticated Access property values on the IIS Directory Security -> Authentication Methods dialogue is actually called AuthFlags.
The value is a flag and is documented here:
AuthFlags Metabase Property (IIS 6.0) (TechNet)
To set this value to Integrated Windows Authentication (AuthNTLM) use the following command (take care because this command operates on the Default Website, IISNumber:1) -
adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 4
If you want to set, say, both NTLM and Basic authentication then you would boolean OR the values together, e.g. MD_AUTH_BASIC | AuthNTLM. This would product an integer result of 6:
:: Set both NTLM and Basic authentication
adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 6
If you inspect the metabase file (C:\WINDOWS\system32\inetsrv\MetaBase.xml) and search for:
Location="/LM/W3SVC/1/ROOT/MyApplication"
...you will see the attribute that controls this setting (after setting to 6 as above):
AuthFlags="AuthBasic | AuthNTLM"
It may take some time before this value updates in the metabase because changes such as this aren't immediately flushed to the file (although IISRESET will cause it to update immediately).
Related
I've set some application settings in the azure function app but I'm getting null when I try to read them
System.ConfigurationManager.AppSettings[name]
System.Environment.GetEnvironmentVariable(variableKey, System.EnvironmentVariableTarget.Process)
Both of them gave me null. I can get the value fine running on local where my settings are in local.settings.json
(pulling the answers from the comments to aid in future searches)
When dealing with Appsettings, try restarting the app. (although normally the site would restart automatically when you change an appsetting)
You can use Kudu to verify the appsettings are indeed properly set on the site. (https://{app}.scm.azurewebsites.net) and click on Environment tab). They'll also show up as environment variables.
We've got a new server, and I am trying to set it up for our website.
I got a new application for the engineers set up in the Application Pools called eng_app, then added our applications to it.
Now, we have been given an external drive that these applications need to be on, but I can't seem to edit or delete the existing applications.
I tried following the Microsoft Technet Article • Remove an Application (IIS 7) but, as you can see in the screenshot, those are incorrect.
C:\Windows\System32\inetsrv>appcmd delete app "eng_app/drawing"
ERROR ( message:Cannot find APP object with identifier "eng_app/drawing". )
C:\Windows\System32\inetsrv>appcmd delete app "/eng_app/drawing"
ERROR ( message:Must specify the APP object with identifier or "APP.NAME" parameter. )
Could someone tell me what I missed here?
Using Powershell
Go to folder
cd C:\Windows\system32\inetsrv
List all applications to get the correct APP.NAME
.\appcmd list app
Delete the application using fullname for <APP.NAME>.Ex.: "Default Web Site/The.Application".I mean, you must put it with web site name including the double-quotes.
.\appcmd delete app <APP.NAME>
OK, it looks like you can't do it either through the command line or using the Application Pool interface.
After stopping the webservice, what I did was:
go down to the list of Sites and select my application from the list,
click Basic Settings...
change the Application pool with the Select... button and edit the Physical path
Afterwards, you can restart the webservice.
There might be a better way, but this is how I did it.
appcmd delete app eng_app/drawing
I have a ASP.NET MVC web application project that I want to deploy to my IIS webserver. The site tree is set up thusly:
SERVERNAME(myDomain\Username)
Application Pools
Sites
Default Web Site
MyProjectSite
bin
Content
...
Views
I am trying to deploy to the MyProject site. See below settings that I am using versus the errors I am returning. I am apparently not specifying my site path correctly, but for the life of me, I can't figure out what it should be.
The following settings stay the same between iterations:
/p:DeployOnBuild=True /p:DeployTarget=MsDeployPublish /p:CreatePackageOnPublish=False /p:MSDeployPublishMethod=WMSvc /p:AuthType=Basic /p:Username="myUserName" /p:Password="MyPassword" /p:AllowUntrustedCertificate=True
Specify SiteName/ as IISAppPath:
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd?Site=MyProjectSite" /p:DeployIisAppPath="MyProjectSite/"
Error:
Could not complete an operation with the specified provider ("createApp") when connecting using the Web Management Service - I don't want to create a new site. I want to sync the content that is already there.
Specify IISAppPath as Root (supposing that the sitename in the URL is used)
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd?Site=MyProjectSite" /p:DeployIisAppPath="/"
Error:
Could not complete an operation with the specified provider ("iisApp") when connecting using the Web Management Service - Looks like it is trying to access the Default WebSite or something (to which I have purposefully NOT given myself rights).
Specify IISAppPath as empty string(supposing that the sitename in the URL is used)
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd?Site=MyProjectSite" /p:DeployIisAppPath=""
Error:
The "ConcatFullServiceUrlWithSiteName" task was not given a value for the required parameter "SiteAppName" - So it interprets "" as actually a null value thus breaking an attempt to concatenate it.
Specify no site attribute in the URL but SiteName/ as IISAppPath
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd" /p:DeployIisAppPath="MyProjectSite/"
Error:
Could not complete an operation with the specified provider ("createApp") when connecting using the Web Management Service
Specify no site attribute in URL but SiteName as IISAppPath
Parameters:
/p:MsDeployServiceUrl="https://serverName:8172/MsDeploy.axd" /p:DeployIisAppPath="MyProjectSite"
Error:
Could not complete an operation with the specified provider ("createApp") when connecting using the Web Management Service
Now given that it is running a concatenate on the SiteAppName, it must be combining it with the Site name, yes? What are you supposed to put there to get the site to sync to the root of a site?
Update
In an attempt to figure out the proper path scheme, I have tried to publish using the Visual Studio 2012 Publish dialog. In this case, I am returned an error saying that The request timed out (testing the connection works almost instantly and previewing the changes works but takes a few seconds). I checked the event log, and the tracelog for wmsvc to no avail. Even with trace set to verbose, nothing shows up in the tracelog. I have tried disabling the firewalls on both computers, and nothing seems to work on that front either.
Figured this one out.
The problem stemmed from two settings in the Web Deploy page of the project properties. I had previously set this project up (in the Debug configuration) to copy only the files necessary to run the application, and NOT build a zip package. I neglected however to do anything to those settings for the release configuration.
The reason (confidence level 75%) it was trying to use createApp was because it was deploying from the Zip package it had created. So my IISAppPath settings in those cases were fine, I was just deploying the wrong thing.
I set the Create deployment package as a zip file setting to false, and the Items to deploy dropdown to Only files needed to run this application and everything went off without a hitch.
Incidentally I found out (as referred above) that you can use the Publish Profiles outputted by the Web Publish dialog in Visual Studio (2012 only unfortunately; 2010 you have to do some massaging that I am unsure of). I named mine with no spaces, and supplied the password as an argument as well as the Untrusted Certificate setting. Now MSBuild Arguments in the build definition for TFS look like this:
/p:DeployOnBuild=True;PublishProfile=NameOfPublishProfile /p:AllowUntrustedCertificate=True /p:Password=PleaseVerifyMe
Using IIS 8 on Windows 8, I've set up an application pool which runs with an identity of Network Service.
In the code for a page, I make calls to:
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
Both calls return null.
I've tried combinations <identity impersonate="true|false"/> as well as setting the Load User Profile setting to true|false in the application pool setting, but I always get a null result.
I would expect to get one of:
C:\Windows\ServiceProfiles\NetworkService\AppData\Local
C:\Windows\System32\config\systemprofile\AppData\Local
On another user's machine, they get the second folder as the path (IIS 7.5) even though the application pool runs as Network Service.
What could be happening with these profile folders?
In your %WINDIR%\System32\inetsrv\config\applicationHost.config look for <applicationPoolDefaults>. Under <processModel>, make sure you don't have setProfileEnvironment="false". If you do, set it to true.
I think you need the LoadUserProfile setting as well as one additional call from a console:
cd "%~dp0"
md appdata
This would create the required folder for the app pool user. I'm not sure if this will result in Environment.SpecialFolder.ApplicationData returning a correct path though.
I'd like to use my IIS logs to track sessions in my app, but don't have a session key being pushed along the querystring in my pages.
What's the easiest way to start tracking that in the log - put a querystring value in the iis logs, or is there a way to append session to the logs as a custom field?
Using 32-bit classic asp against windows server 2003 64-bit.
IIS (since version 5, at least) lets you log cookies in the "W3C Extended" log file format. Add the "cs-cookie" field to your logs and restart your website, they'll appear there.
You will need log analysis software that supports tracing sessions via the cs-cookie field, however - but it largely isn't necessary as most log analysis follows paths-through-site and sessions by tracing the cs-referer header instead.
If you have large cookie strings then expect your site log files to balloon in size.