Folk, finding it hard to find information for this particular scenario.
IIS is on one server and the developers are using Forms authentication in ASP.NET 4.5 with the AD as the membership provider.
Reportserver is SS2016 Standard is running as a domain account and has the following authentication types:
<AuthenticationTypes>
<RSWindowsNTLM/>
<RSWindowsNegotiate/>
</AuthenticationTypes>
If the developer has <identity impersonate="true" /> we get "The request failed with HTTP status 401: Unauthorized" and no account listed. Without the impersonate we get rsAccessDenied with the service account of IIS listed.
Any help would be greatly appreciated.
What do your logs say? Check your report logs (https://technet.microsoft.com/en-us/library/cc512029.aspx) as well as Event logs on the report server.
Does the impersonated user have database/data source permissions?
If, after reviewing your logs you can't figure it out, please post them here.
Related
I have an application that I need to do the authentication to an IDP (Azure) and if the authentication fails I want that the IDP to send back a response to my application that user is not authorise .the issue is that IDPs are not sending any information regarding the authentication failed and is just remaining on login screen.
Any ideas?
Best regards,
Mircea
Regardless of the SSO protocol used, Azure AD will always return an error code, message and debugging information.
If that's not the case, then Collect a network trace with Fiddler and post the results here minus any confidential information for additional debugging.
Optionally, you may try to Test SAML-based single sign-on from the Azure Portal to verify your application correct configuration.
Most likely it is an issue with the Redirect URI being used in the application for the event when user is not found on the IDP (Azure AD). This seems to quite similar to the following issue: Redirect not working for SAML login, php-saml with Azure Active Directory
I am deploying an asp.net core application on IIS. I have followed the guides on Microsoft and the app is running but I have problem accessing the database. Login method is configured to windows authentication with Indentity Pooling. When checking the server log I get the following error-message:
Login failed for user 'STG\SGSTH-SRV-TST99$'. Reason: Could not find a login matching the name provided. [CLIENT: ]
The authentication works in Visual Studios but then my personal account is used for authentication. I have made sure the login exist in Security >> Logins and get an error message saying the user already exist if trying to create the user:
Error message when creating user
Any help with this issue is much appreciated.
Thanks!
IIS 10, ASP.net Core, EF Core.
Haven't done enough web development, and have searched a bit here, and have not found an answer yet.
I wanted to find out how to configure my website/web.config to allow me to use SUSER_NAME() on my audit triggers in Microsoft SQL Server.
Currently we are connecting to our database with a service account, but other users are authenticating and accessing the web site. When a record is changed, we want to capture the user that made the change, and not the service account used to log into the database.
The App Pool is configured to the service account and the web site is configured using Windows authentication and ASP.NET Impersonation (but this keeps getting turned off somehow).
The web.config has
<identity impersonate="true" />
and Windows authentication.
Any help would be greatly appreciated.
I've managed to setup two virtual machines in my local windows 7 laptop. Both of them are Windows server 2008 R2. One acts as Active Directory Domain controller and also as Active Directory Federation Services, and one other as the web app server. This second one is where I've set up my claims aware asp.net mvc web application and I also plan to setup ThinkTecture Identity Server later as my way to authenticate against custom username and password outside AD.
I've successfully implemented the installation and configuration needed for connecting our ASP.NET MVC apps through ADFS. They include :
Configure first server as Domain Controller and add domain account store (add user as testing -> this user belongs to Domain Users Group).
Configure first server also as active directory federation services.
configure relying party trust identifier from federation metadata generated from FedUtil.exe in second server.
Configure group claim mapping and assign Domain Users to this group.
Configure web apps server to be claims aware agent.
The one that's always troubled me is that every time I access my apps, it successfully prompts login dialog box. Once I enter My AD account and password, it always gives me the following error message : "There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: c558ed55-b203-42cc-b6bd-3d66bddb96cd".
Any idea from you guys how to get this to work?? Any suggestion and ideas will be highly appreciated.
Have you looked in the event log?
Open Event Viewer > Go to Applications and Services Logs > AD FS 2.0
You'll see an list of errors which should give you some more guidance.
If you see the ADFS login screen, you can get to ADFS so I suspect it's something to do with your RP configuration.
Just to check - you are using ADFS 2.0 which you downloaded?
I need some help with authentication when using the web reportviewer to view SSRS reports.
In IIS I've set "Windows Authentication" only and unchecked "Anonymous Access" and the other checks in the Directory Security tab. The result in my website is that WindowsIdentity.GetCurrent() returns the ASPNET user and Request.LogonUserIdentity the domain account of the user that logged in. On the page that hosts the ReportViewer control, I programmatically impersonate the Request.LogonUserIdentity, then set all the report/server properties and refresh the ServerReport, however this returns the "The request failed with HTTP status 401: Unauthorized." error and I'm 100% sure the Request.LogonUserIdentity has access to the report. To proof the impersonation worked, WindowsIdentity.GetCurrent() returns the same user as Request.LogonUserIdentity after the impersonation and I'm using the same impersonation when I need to query the database, just with a specific user.
I've noticed that on the ReportViewer1, the ServerReport property has a property for ImpersonationUser, but I'm not able to set this and can't find where to either.
Can anyone shed some light please! I've been working on this for days now....
It's not clear why you need to do impersonation yourself. If you're using Windows Authentication and have disabled anonymous access, then simply let ASP.NET flow the end-user's credentials to Reporting Server. Try adding the <identity> element to your web.config file:
<identity impersonate="true" />
Another issue you might be encountering (if your Reporting Server is on a different machine to your web server) is the NTLM double-hop problem and you may need to configure Kerberos in order to support credential delegation over multiple machines.