I am working on dnn site and facing some issue related with authentication.
When i'm going to browse a url ../admin/ControlPanel/module.css, it's showing 401 - Unauthorized: Access is denied due to invalid credentials.
I have verified all the settings in IIS, still not able to understand why this error is coming.
Thanks,
Is that the only file/path that is having that problem?
I would start by checking to see if you have Basic Authentication enabled in IIS.
Make sure there isn't a virtual directory or application configured on the admin folder for some odd reason.
Related
I have a question regarding SQL Server Reporting Services 2019:
We have received a HTTPS-certificate and added a URL for both Web Service and Web Portal. When we try to access either /Reports or /ReportServer on HTTP we can get through with no problem, but when we try to access on HTTPS then we are met with a logon dialog which will give three attempts at log on before displaying a white page. All attempts at entering a valid combination of user name and password returns a 401 error.
We've tried removing and reinserting all bindings for HTTP, HTTPS, SSL, changing logon mechanism in the config file to use Kerberos, NTLM or a combination of those but nothing works.
Does anyone what the source of this problem might be and how to solve it?
We figured out what the problem was. Authentication issues did not behave the same for HTTP and HTTPS. My test user wasn't a member of the correct user group. Once we gave it "System User" access then we could log in.
I don't know what am I missing about configuring spring-saml-extension and adfs. I did everything as mentioned in this guide, but IIS returns me a 403 forbidden error with this message:
You do not have permission to view this directory or page using the credentials that you supplied.
Is there anything else I need to do on IIS?
Well,
after hours researching about this I found what the problem was.
There is an ISAPI filter on
IIS -> Default Web Site
that was redirecting request to another place.
I got this by enabling httpErrors to DetailedMode:
C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site" /section:httpErrors /errorMode:Detailed
Then, when I entered to /adfs/ls/idpinitiatedsignon.aspx, ISS throwed this screen: Http Error 403.18 - Forbidden
For more information about this, I would recomenend to see throbleshoot ISS errors like a pro
So, what I did was to remove that filter at
IIS -> Default Web Site -> ISAPI Filters
and it finally worked :)
Thanks #admdrew and #Vladimir for your help.
There are quite a lot of threads and questions about this issue. However, non-of them helped me.
I have got an MVC4 app running on IIS8 without any probblem. I need to move this app to Windows 2012 R2 Server which has IIS8.5.
Whichever user I give access to folder, I still get following exception.
HTTP Error 401.0 - Unauthorized
You do not have permission to view this directory or page.
Most likely causes:
The authenticated user does not have access to a resource needed to process the request.
Here is the error trace screenshot
Regarding IIS Site Setup, Anonymous Authentication and Forms Authentication are enabled.
Lastly, I have given Server\IIS_USERS, App Pool Account, IUSR, Server\Users readn and write access to make it work, but still same error.
Could anyone help me with this please?
Thanks.
I'm having problem with ReflectPermission("suppressAccessChecks"). Whenever I login with authenticated user (user name and password) and try to access a .jsp or any other page in my web application I get
java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks").
This happens only when I have "Security Manager" enabled by checking it in GlassFish Security properties. When I uncheck this option the web application works.
I would like to know what causes this reason and how to solve it? I think it is not recommended to uncheck Security Manager in Security properties.
While I have checked Security Manager in GlassFish Security section, I tried to add following code above my .jsp code
ReflectPermission refperm = new ReflectPermission("suppressAccessChecks", "");
AccessController.checkPermission(refperm);
However that didn't helped either.
I am not sure about the glassfish server but, i fixed the same issue in tomcat7 by editing the catalina.policy file and adding the line
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
under grant permissions.
We have a .NET application that was recently converted to .NET 4.0 and then published to IIS 6.0. When we trying going to the url without a page www.blahblahblah.com we get the following error:
Server Error in '/' Application.
Access is denied. Description: An
error occurred while accessing the
resources required to serve this
request. The server may not be
configured for access to the requested
URL.
Error message 401.2.: Unauthorized:
Logon failed due to server
configuration. Verify that you have
permission to view this directory or
page based on the credentials you
supplied and the authentication
methods enabled on the Web server.
Contact the Web server's administrator
for additional assistance.
We have IIS 6.0 site setup with a default content page going to "default.aspx". However, it seems IIS is not getting to the point of forwarding the url to this page. If we navigate directly to www.blahblahblah.com/default.aspx the page comes up with not issue and we all other functionality of the application works. If we roll back to the 3.5 version, the default page forwarding works as it should. Does anyone have any idea what is causing this?
I found the issue. Someone had put this (see below) in the authorization tag which prevented access to the website as a whole preventing IIS from forwarding to the default page, even though the page default.aspx had a location exception that allowed all users.
<authorization>
<deny users="*"/>
</authorization>