I would like to be able to run/debug locally. The machine is a laptop that is on a domain, however at times I do take it home. I have IIS installed as well as SQL Server. Everything is running correctly. I just have one issue, I must be on the domain so that the MVC site that configured to use Windows Authentication will run. I would like to figure out how I can remove this dependency on the domain controller. Specifically I would use local users when I am not connected to the domain, or only use local users in development testing.
Add this to your web.config file for your website:
<add key="AuthorizedADGroup" value="Administrators"/>
Anyone in your local Administrators group will then be able to access the site through Windows Authentication. Alternatively, you can also create a local group called say "Developers" or "Testers" or "Engineering", add local users to those groups, and sub one of those groups in for Administrators instead.
Related
I've created literally dozens and dozens of web servers in my day, but this is my first attempt with Windows Azure and I'm running into some problems. I just started migrating from AWS recently.
First of all, I'm running Ubuntu 13.04. Firewall disabled (for debugging), Apache2 installed correctly (using apt). SSH works fine as do many other services with both the DNS hostname and public IP. Virtual host is set up correctly and validated. However, I cannot access the HTTP website either through the Azure provided subdomain or the virtual IP. It just times out.
This is also my first time using Ubuntu 13.04 as well. So, through the powers of deduction, I'm assuming there is something I'm missing either with this new version of Ubuntu or some quirk in Azure. Does anyone have any suggestions?
SOLUTION
These steps to create "endpoint" works fine for all VPS:
open "virtual machine > endpoint > add endpoint"
choose "next"
set "name:http, protocol:tcp, public port:80, private port:80"
choose "complete"
and then must wait for activation and then for some time.
If you are using Azure Resource Groups along with your VMs (which is available on the new portal) you cannot use endpoints because it's not available there, so you should follow the following to open up the HTTP port or ANY other port:
1- Select the VM that you want to manage ports on.
2- In settings, click on Network Interfaces and select your network.
3- Go to Network Security Group and select your group.
4- Add Inbound or Outbound security rules depending on what you need.
The basic issue is in IE on my machine, a particular web site in our intranet doesn't work when using the server name alias. It does, however work when using the IP address of the server.
This doesn’t work
http://MyWeb/TheSite
It's a 401 error in the IIS Logs on the server
and IE shows "Internet Explorer cannot display the webpage. Diagnose Connection Problems".
But this does work:
http://100.100.100.100/TheSite
(100.100.100.100 being a made up IP)
On other machines on our intranet, this does work for me:
http://MyWeb/TheSite
I think we've narrowed it down the Integrated Auth on IIS. When I change the AppPool for MyWebb/TheSite to Anonymous on the server, TheSite works on my machine as well as other machines. When I change back to Integrated Auth it works for me on other machines machines but not my machine. Any ideas? Something with my desktop profile?
And another bit of data, TheSite used to work on my machine with Integrated Auth. It just stopped a couple weeks ago.
Also, we've looked at all the relevent DNS properties, etc, and that all looks good
using IIS 6
I have the default web site that works and can authenticate users to the domain when they connect.
I have created a second website, siteb, put a host (a) record into DNS, I can browse to it as long as I have use anonymous access, when I select windows authentication, it fails...
not sure what i'm missing here...
Thanks.
This goes beyond just IIS if you're using Integrated Windows Authentication. You've created "siteb" in DNS which allows your users to connect to it so this is good. However, when their browser requests a Kerberos ticket for "siteb" from Active Directory, AD is probably responding that it cannot find "siteb". You can verify this with Wireshark.
The fix is to add "siteb" (and any other permutations with which you expect users to access the site) as an additional servicePrincipalName for the server's machine account in AD. You can accomplish this with the "setspn.exe" utility. It should be available on your domain controller. If not, you can install it from the Windows 2003 Support Tools.
Some examples of adding a UPN alias with setspn on the DC are:
setspn.exe –A HTTP/siteb <server hostname>
setspn.exe –A HTTP/siteb.acme.com <server hostname>
This should take effect immediately. The final step is ensuring that the browser "trusts" the new website name. In Internet Explorer, for IWA to occur automatically, the server name should be listed in either the Trusted Sites or Intranet zone.
Of course, you could avoid all this hoopla by having the 2nd website just run on a different port under the same name, e.g.: http://sitea:81
I have this wierd problem on our Windows Server 2003, XP box running IIS 6.0. I have a WCF service deployed using an application pool identity. I am able to browse the svc file like this on that box,
http://localhost/servicename.svc
But when I do http://machinename/servicename.svc, it asks for credentials.
The website is configured for Anonymous access and Integrated Windows authentication.
I am really not sure what is wrong here, I have another machine that is a failover location for this box, where the same thing works fine with exactly same settings in IIS.
Make sure that the Application Pool identity has Read & Execute access on the files hosted by IIS (in other words, check the files at D:\path\to\site). Whether it's Network Service, a domain account, whatever.. it's going to need R&X permission.
What I'm guessing that's happening is that you're a local Admin on the server, so when you do it locally you're able to use your own local credentials to pull the site. But when you do it remotely, IIS must have access to these files - even if Anonymous access is enabled (otherwise, how can it load the files to serve the page to you?).
If you're still stumped, try using a program like filemon or procmon local on the server while making the request, and see what's getting Access Denied when you get a 401.
I´ve setup a Test Controller and several Test Agents on VMs. I was able to connect to the Test Controller with every Test Agent except the one installed on a Windows 7 Starter edition. Problem is obvious. Win 7 Starter can not join the domain where the PC hosting the Test Controller is located. How can i get around this problem? Thanks for your help!
What have you tried so far? There's a number of resources that talk about cross domain issues.
Try 2.2. Controller/Agent in untrusted Windows domains or one is in a workgroup and another one is in domain.
From: http://social.msdn.microsoft.com/Forums/en-AU/vststest/thread/df043823-ffcf-46a4-9e47-1c4b8854ca13
Mirror user account on Controller and Agent: create a user account with same user name and password on both Controller and Agent machine.
Use mirrored user account to run Controller and Agent services under this account.
If you are using VS2010 RC+ version (i.e. RC or RTM but not Beta2), add the following line to the qtcontroller.exe.config file under the appSettings node:
<add key="AgentImpersonationEnabled" value="no"/>
Restart Controller/Agent services (see Tools section in the Appendix).
Make sure there is no IP Security Policy that prevents the connection (see IP Security Policy under Tools section in the Appendix).
By default for domain machines Windows uses domain (Kerberos) authentication, but if it fails it will fall back to workgroup (NTLM) authentication. This behavior can be and often is altered by IP Security policies, for instance, there could be a policy to block connections from machines which do not belong to the domain.
Restart or re-configure Controller and Agent.
Or Running Tests cross domain with TFS and Visual Studio 2010
http://blogs.msdn.com/b/dustin_andrews/archive/2010/08/12/running-tests-cross-domain-with-tfs-and-visual-studio-2010.aspx
There is one problem with Mirroring Accounts for both Test Controller and Test Agent, it will not work if you register your controller to TFS team collection.
Why? Cause if you run your Test Controller and Test Agent under workgroup account,TFS server will disconnect the Test Controller cause authentication issue. If you ran Test Controller under domain account and Agent under workgroup then Test Agent will not be authenticated by Test controller.
Unless I am missing something it will not work if you need your Test Controller to be register to TFS team collection.