开发者

Strange IIS Windows Authentication behavior

I have an ASP.NET 3.5 web service (old school SOAP, not WCF) running on two servers set up identically in IIS 6.0. The Authentication/Access control is set up as follows:

  • Enable Anonymous Access = False
  • Integrated Windows authentication = True
  • Digest authentication for Windows domain servers = False
  • Basic authentication = False
  • .NET Passport authentication = False

In one of the web methods, I need to get the Identity of the requesting user and validate that it's in a certain Active Directory group. So, the first line of code in the web method is this:

var requestUser = HttpContext.Current.Request.LogonUserIdentity.Name;

For some reason the results are different between the two servers. Server1 works as expected, producing domain\UserId. However, Server2 produces Server2\IUSR_SERVER2. Has anyone experienced this before? I did find this question, but I'm pretty sure it doesn't apply here as client and both servers are all in the same domain.

Additional Info

Based on Heinzi's response, I added the following to the <system.web> section in both web.config files:

<authorization>
    <deny users="?" />
    <allow users="*" />
</authorization>

Now, Server1 behaves the same, as in, it behaves as I want it to. However, Server2 throws a 401.2: Unauthorized error:

Server Error in '/' Application.

Access is denied. D开发者_运维问答escription: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3053


I was creating a new MVC 4 ASP.NET web application and ran into the exact same error as you (Error 401.2) when I tried to build my project for the first time.

I changed the options in IIS Manager on my development machine to disable anonymous authentication and enable windows authentication, but I was still getting the 401.2 error.

I did a little research and found out that I could change the properties of my project and resolve this error.

Solution Explorer:

  • Select your Project
  • Press F4 to show the Properties Window

Properties Window:

  • Change 'Anonymous Authentication' to 'Disabled'
  • Change 'Windows Authentication' to 'Enabled'

I hope this helps other people if it doesn't solve your specific problem. As long as you have the same settings on your Web Server, it should work as intended.


In the web.config on Server2, do you have: authentication mode="Windows"?


Since IUSR_* is the default anonymous user and anonymous access is disabled in IIS, it sounds like anonymous access is enabled in your web.config. Please make sure the authorization section in your web.config looks similar to this:

<authorization>
    <deny users="?" /> <!-- Reject anonymous users -->
    <allow users="*" /> <!-- Accept all other users (or replace * with a list of users) -->
</authorization>


I had the same issue with IIS7 on a virtual server, my login was directing to a folder called "content". In my web config there was a section "location" containing Forms authenthication settings. However I was setting it up for Windows authentication, so when IIS hit my content folder it didn't know which authentication to use, so returned the error. After removing this from the config it worked fine:

<location path="content">
    <system.web>
        <authorization>
            <deny users="?" />
            <allow users="*" />
        </authorization>
    </system.web>
</location>

Thanks


Unfortunately, I never got to the root of this problem. We ended up moving to new servers and with a fresh IIS configuration on both, this problem went away. I suspect that it may have had something to do with the manner in which the NICs were set up on the server, as it was a virtual server with multiple NICs. But I still don't know for sure. Thanks again to Heinzi and consultutah for their help.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜