IIS7 (Windows) Authentication -- Cannot figure out why new website errors 401 - authentication

I am trying to make a new website on an IIS server, of which has websites that are using Windows Authentication just fine. However, for the life of me, I cannot figure out why my new website refuses access (401.2)
Basically, I create a new website and add a single .html file ("Hello, World"). I can access it just fine. But turn off Anonymous, leaving on Windows Authentication, I get prompted for ID/PWD, ending always a 401.2
So, I decided to make a new website as a copy of the existing working website on the same webserver. I've even gone and made the new website share the same App Pool and the same Physical Path. This way, as far as I can tell, the only possible differences between the two websites is now the IIS configuration of the two sites. Still can't authenticate.
I've switched the bindings, doesn't help.
I've even compared the settings in applicationHost.config, making sure they're equal.
Any ideas? Thanks in advance.

I've used this article several times for problems like these with some success: http://blogs.msdn.com/b/david.wang/archive/2005/07/14/howto-diagnose-iis-401-access-denied.aspx Hope it helps!

I was advised to try running iisreset from the command line. This turns out to be what I needed all along. Seems some configuration changes do not get applied properly, even when restarting the particular website, until IIS itself is restarted.

Related

Inherited a Silverlight/WCF application need to fix WindowsAuthentication

I've inherited a Silverlight/WCF application. (Having worked on .net MVC, and SPA for quite a while)
I tried switching the IIS website folder to see if a tweak to the code and a fresh build would work, it didn't work and I switched back and although the website is functional it has a number of faults.
For some reason the Windows authentication appears to have stopped working, this authorises a number of the admin functions. I think this is broken and so not enabling the functionality in the Silverlight app.
The server I've inherited has the applications as folders in the default website, which is new to me, and quite constraining. I've gone through IISAdmin videos, and learnt a lot, but not enough to fix the issue.
I am unable to get the software to run in VS2013, quite a bump after working on Single Page Applications.
I'm stumped as to how the same code put back no longer works; I've learnt my lesson, but I still need to fix the system. I am not sure whether IISReset would make a difference since the AppPool is recycled every 29 hours. I've found out what the harm in trying is, and so I am proceeding with caution.
So my main goal would be to get the Windows Authentication working again.

IIS Remote Manager is missing icons for a specific site

I have a developer that came to me with and issue. He is remotely managing one of his sites on one of our development servers and all of a sudden he lost all of the icons in IIS for this specific site..
All other sites display his icons correctly and when I have him test on another computer everything displays correctly.. So what could have gone wrong on his machine? It was working but is now not working.. Any help here would be greatly appreciated.. Never seen this before and cant seem to figure out what caused it to just go away.. There should be so many more options for him.. Plus if you can see he lost the ability to see the folders on this site also.. And it is every site on this server.. But like I said it is just on his computer, he goes to a different computer he has access to everything..
Guess I cant post a picture.. But if you need to see it I can send it to you if you need to see what I am talking about..
Come to find out he was ignoring the prompt that he was getting saying that there were new versions of the tools to download on his machine that are on the server.. He just hit Cancel instead of selecting them and hitting ok to install the DLL's and enabling them.

WCF service not reachable (selfhosted)

today i decided to have a look at WCF and the example worked so nicely on my localhost that i tried to run in on my server too, so i compiled it with the correct host(tested both,ip and domain) and uploaded it to my server
you can see the sourcecode here:
http://pastebin.com/YiCR0RCf
the problem is,that i can't add the service to my client application, nor can i open the http site in my browser (localhost it worked just fine)
i'm running this on a windows root server and disabled the firewall for this program.
Would be great if you could give me a hint in getting this to work correctly, as i spent the last 2 hours with randomly changing code and uploading the program hoping that it would work now.
Thanks
Ok it was the windows firewall, i completely disabled it(added an exception before,but that didn't help as i know now) and it works.
thanks anyways

clientaccesspolicy.xml suddenly stopped working (WCF/Silverlight)

Very frustrated with all of this, hoping someone can assist.
I had a Silverlight application and WCF working together without issue for a year. In order to get them working, I had some pain initially but finally worked through it with help. All of the pain came from configuration/security, 401's, cross-domain hell, etc.
The way I have everything setup is that I have a WCF service that resides in it's own application/directory and runs in its own application pool.
On the same web server (IIS7), I have another application/directory with the Silverlight application that points to the aforementioned service.
The server name (for this exercise) is WEBSERVER1. We've created a CNAME for it that is WEB1. In the past, if the user went to http://WEB1/MyApp/ or http://WEBSERVER1/MyApp/ it would work. Suddenly yesterday it started behaving badly. Normal users started getting the Windows challenge/response prompt (and even if they entered the info they would get a 401 error).
My WCF service runs in a site that enables anonymous access (and this has always worked).
My Silverlight application runs in a site that has windows integrated (and this has always worked), since I capture the Windows username when they connect.
For the record, I did create a NEW application pool yesterday with an ASP.NET application that runs in it. This seems to work fine, but there is a chance creating this new application pool and application/directory has caused something to change.
I have a clientaccesspolicy.xml in my wwwroot folder, as well as in the folder for each of the two applications above (just in case). I have tried to promote NTLM over Negotiate as a provider (as that worked for another issue I was having on another server).
After trying some changes, I can't even get the thing to behave the same each time I call it. Sometimes it will prompt me for credentials. Other times it will work, but then say it failed to connect with the WCF service with a "not found". Other times it will actually work fine, but only if I am using the actual server name and not the CNAME. When using the CNAME I always get the crossdomain error, even though I have the cross-domain xml files in every directory root.
This is a nightmare, and makes advanced algorithm analysis seem fun and easy by comparison. Did Microsoft realize how difficult they made this combination of (IIS7/WCF/Silverlight/providers/permissions/cryptic or missing error messages) to get to work??
I found a solution that appears to be working.
In this case, I had to change the authentication mode for the default web site (which hosted the clientaccesspolicy.xml file) from anonymous access to Windows Integrated. I don't understand why this worked for a year or so and then stopped, but it seems to have resolved it.
The new application that I had deployed yesterday was a standard ASP.NET web application, which I put in it's own application directory and it's own application pool, to ensure that it would not cause this sort of issue. I'm still not even sure if it did.
The way I resolved it was by trying to navigate from my PC to the actual http://servername/clientaccesspolicy.xml file, and that was giving me a 401 error. I switched from anonymous to windows integrated on that default website (which has nothing in it except for that xml file) and that resolved the permission issue. I then had to permission the actual AD groups to have read access to that folder (if not they got the user/pw prompt and could not get through).

RIA: "Use local IIS Web server"

I know I've had this problem when I started working with Silverlight, but I can't for the life of me remember how to fix it.
I created a new RIA service application using the standard tutorial, added a table from the database and added a grid to display the results. Works great. Now I pull open the Web properties and change the web project to "use local IIS Web server". Suddenly the application will load up and give me the friendly "NotFound" error.
Please, someone remind me what I'm missing here.
I ran into this problem recently, and resolved it with help from this post on the silverlight.net forums.
Basically, I had Windows authentication and annonymous access enabled at the same time, and I need to disable windows authentication and restart IIS.
John
Not sure what the missing part is but I always start with Fiddler as will show the messages going across the wire. The actual messages can contains far more useful that the browser is hiding from the Silverlight plugin