I am getting window authentication window popup on some of my views in mvc4. It works fine when I host it on local server. But when I upload my code to my hosting server, all the views works fine except some views.
I am using form authentication in my application. And the views which given me such popups their controller class define with [Authorize] attribute. Is it an issue with IIS on hosted server or something else?
This is the popup message:
I suspect that you have Integrated Windows Authentication or Basic Authentication configured in IIS for your website or application (depending on how you are hosting it). Make sure you disable it and enable anonymous access to the website if you want to use Forms Authentication.
Open IIS Manager and navigate to your website or application.
In Features View, double-click Authentication.
On the Authentication page, disable Windows authentication and enable Anonymous authentication.
Related
I've inherited an old asp.net application which runs on IIS v10, but I've run into a problem trying to remove the authentication. The application runs under the Default Web Site. It was originally set to Windows Authentication and worked, but now I need to remove the login that occurs on load of the website.
The Default Web Site (app parent) authentication is set to Anonymous. When I disable all authentication at the application level, I get a 401 - Unauthorized User error in the browser. When I enable Anonymous authentication, the site loads very slow, but only the HTML with none of the CSS styling. I'm not sure why this is.
How should the authentication be configured to remove a login?
You need to choose the application which under the Default Web Site and click the Authentication module.
In addition to disabling windows authentication, also enable anonymous authentication.
If you want to disable windows authentication for a file in the application, first select the content view to view the files inside the application, then select the file and right-click the switch to features view.
IIS on Windows Server 2012 setup with 2 projects:
example.com: ASP.NET Core MVC project with VueJS as javascript framework.
api.example.com: ASP.NET Core Web API project whichs feeds the UI project.
The example.com is setup using Windows Authentication, the api.example.com is setup with both Anonymous and Windows Authentication.
Both projects have a seperated Application Pool.
Everything is working fine except when I go to the example.com website, I get a prompt to input my AD credentials for example.com, after that I get another one for api.example.com.
So the user needs to enter his credentials twice. Is there a way to reduce this to one and send the credentials to both websites?
I am using Google Chrome as browser to use the website.
Ok reduced the login to zero. Disabled the Windows authentication on the example.com because all authentication is done on the API project so no need to apply it here. Then added the api.example.com under Internet Explorer > Settings > Security > Intranet sites and kow the client can work directly without applying credentials when working inside the domain.
I would like to make an mvc4 application in asp.net that uses single sign on with ldap.
So a user logs in to AD and then goes to the webapplication. This application should be able to know which user is visitting without asking for any authentication anymore. The application should be able to know the username from the AD.
Anyone who can land me a hand with this or can give me a good explanation? I don't really understand how to fix this.
thanks in advance!
You could use Windows Authentication. Steps:
Create a new ASP.NET MVC application using the Intranet Application template
Read the text file that is opened for you which explains in details the things you need to do in order to configure your web server to enable windows authentication
Deploy your application and enjoy
For completeness sake here's the text file that is generated for you:
To use this template with Windows Azure authentication, refer to
http://go.microsoft.com/fwlink/?LinkID=267940.
Otherwise, to use this template with Windows authentication, refer to
the instructions below:
Hosting on IIS Express:
Click on your project in the Solution Explorer to select the project.
If the Properties pane is not open, open it (F4).
In the Properties pane for your project:
a) Set "Anonymous Authentication" to "Disabled".
b) Set "Windows Authentication" to "Enabled".
Hosting on IIS 7 or later:
Open IIS Manager and navigate to your website.
In Features View, double-click Authentication.
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure Windows authentication is installed on the server.
To enable Windows authentication on Windows:
a) In Control Panel open "Programs and Features".
b) Select "Turn Windows features on or off".
c) Navigate to Internet Information Services > World Wide Web Services > Security
and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server:
a) In Server Manager, select Web Server (IIS) and click Add Role Services.
b) Navigate to Web Server > Security
and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
On the Authentication page, select Anonymous authentication.
In the Actions pane, click Disable to disable anonymous authentication.
I have a SharePoint 2010 web site configured for Claims only as the Replying Party to ADFS. I also have an ASP.NET application configured for Claims using WIF + Extension for SAML 2.0 CTP as the Replying Party to the same ADFS server.
If I navigate to SharePoint, I get redirected to the ADFS server (https://.../adfs/ls?...) and presented with a Windows Login prompt. If I then navigate in the same browser instance to my ASP.NET application, the redirect occurs quickly to the same ADFS server, automatically authenticates, and redirects back to the ASP.NET application without a security prompt. As in How to share authentication context between a SharePoint 2010 Site and ASP.NET applications.
The issue occurs when I embed the ASP.NET application within an IFrame in a SharePoint web part. When starting a new browser instance and navigating to SharePoint, I get prompted the windows login prompt. As the page loads up to the IFrame I then get a second Windows Prompt for the same server for the embed ASP.NET application. If I cancel the prompt I get a 401 Unauthorized in the IFrame. If I navigate to the ASP.NET application, I am not prompted and it logs in automatically. Navigating back to the SharePoint application, the page will load including the IFrame content without prompts.
The SharePoint Endpoint is using the WS-Federation Passive Endpoint to https://sharepoint:port/_trust/ with binding POST.
The ASP.NET application Endpoint is using SAML Assertion Consumer Endpoints https://aspnetapp/ with binding POST and Artifact.
The Claims passed from both contain all required for each application.
Does anyone know how to prevent the second login prompt when using an IFrame in SharePoint?
It now works as expected with single sign-on after updating to System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0 from the now built in WIF classes. I'm assuming there was a compatibility issue with the Microsoft.IdentityModel.Web.Saml2AuthenticationModule SAML 2.0 CTP extension that was never finished.
Just a shot in the dark but assuming the custom ASP .NET application and SharePoint are on two separate machines, then there may be some subtleties regarding kerberos given that the ASP .NET page is in an IFRAME - it could be that a kerberos ticket needs to be passed between SharePoint to ASP .NET.
HTH.
This is only a guess but I believe that this is because both sites, the Sharepoint site and the embedded asp.net site from the iframe, start to load in the same time.
As both are not authenticated, they both go to the Adfs. But because you are not authenticated, the Adfs starts the 401 challenge, asking for the authentication. However your web browser does not present both login prompts in the same time. Rather, you get the first login prompt and when you sucesfully login, from the very moment the Adfs will retain the authentication so that any other site coming for claims will get them for free. But the inner site, the asp.net one, has already started the login process! Your browser does not know this and forces you to continue login.
As a conclusion, my idea would be to have a sharepoint page which requires authentication and which then redirects to ANOTHER page which has the asp.net site in an iframe so that your browser will not try to start the login sequence for both sites at the same time.
I have an asp.net web site, earlier version of the application need to run in classic mode, the latest version can run in integrated mode. Generally the application is configured to use Forms Authentication but it can be configured to used Windows Authentication.
There is a business requirement that even when running IIS in Windows Authentication the application should still support forms authentication this is so administrators are forced to login with a username/password. This is handled internally with code that determines whether to log the user in or redirect to login
ISS6 allowed this configuration with no problems and in fact IIS 7 can be configured in this way, except for the fact that it shows an "Alert" message "iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously". This message doesn't appear to be strictly true as the application seems to work as intended, happily supporting IIS as windows auth but the asp.net app thinking its forms auth.
The problem I have is with the "Alert" message, as this will no doubt cause confusion and support calls.
Is there way to provide both windows auth and forms auth and keeps IIS7 UI happy?
There's a well detailed proposal that basically does the following:
Applies Forms authentication everywhere as this is not applicable piecemeal on a site. Then to have a gateway page (login) where the windows authentication takes place. It's not flicking a switch but I'm going to be trying it myself.
I'll report back on how it goes if there's interest.