|
Home > Archive > IIS Server Security > March 2004 > net logon
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| John Burns 2004-03-30, 10:37 pm |
| Before installing Active Directory anonymous web users can access my IIS5.0 sites without any authentication.
If I install Active Directory and setup the machine as a domain name controller, when web users attempt to go to my websites they are presented with a net logon dialog box to gain access to the domain controller. Can this be eliminated?
I have a registered a domain ibidem.us with SBC Yahoo. I currently use a forwarding record to point at my IP address. When my website appears it shows the IP address instead of the domain name in the address box.
I would like to know if it is possible to join a domain without setting up Active Directory and DNS?
Instead of seeing http://66.120.7.237/ShopIbidemUs/default.aspx
I would like to see http://www.ibidem.us/ShopIbidemUs/default.aspx
How do I do this?
| |
| Ken Schaefer 2004-03-30, 11:34 pm |
| When you ran DCPromo, and created a DC, local accounts are converted to
Domain Accounts (there are no accounts on the DC). The user account that IIS
was using for impersonation before the upgrade no longer exists. You will
need to go into IIS, and tell it the username/password that should now be
used for anonymous access.
Use the IIS Manager, right-click on your website, Properties -> Directory
Security -> Edit Authentication mechanisms. The first one is anonymous
access. Click the browse button, and find the IUSR account in the Domain
(since it no longer exists in the local security accounts database).
Cheers
Ken
"John Burns" <MarinMountainMan@sbcGlobal.Net> wrote in message
news:9C3D95D9-F05B-4F06-984D-5ADB8926B20B@microsoft.com...
: Before installing Active Directory anonymous web users can access my
IIS5.0 sites without any authentication.
: If I install Active Directory and setup the machine as a domain name
controller, when web users attempt to go to my websites they are presented
with a net logon dialog box to gain access to the domain controller. Can
this be eliminated?
:
: I have a registered a domain ibidem.us with SBC Yahoo. I currently use a
forwarding record to point at my IP address. When my website appears it
shows the IP address instead of the domain name in the address box.
:
: I would like to know if it is possible to join a domain without setting up
Active Directory and DNS?
: Instead of seeing http://66.120.7.237/ShopIbidemUs/default.aspx
: I would like to see http://www.ibidem.us/ShopIbidemUs/default.aspx
:
: How do I do this?
| |
| John Burns 2004-03-31, 1:38 am |
|
That did not help me. I am still stuck.
Server Error in '/ShopIbidemUs' Application.
------------------------------------------------------------------------
--------
Access to the path "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary
ASP.NET Files\shopibidemus\ec3af43c\1e7fe687\glo
bal.asax.xml" is denied.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the
path "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET
Files\shopibidemus\ec3af43c\1e7fe687\glo
bal.asax.xml" is denied.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
or Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in
Explorer, choose "Properties" and select the Security tab. Click "Add"
to add the appropriate user or group. Highlight the ASP.NET account, and
check the boxes for the desired access.
Source Error:
An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:
[UnauthorizedAccessException: Access to the path
"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET
Files\shopibidemus\ec3af43c\1e7fe687\glo
bal.asax.xml" is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String str) +393
System.IO.File.Delete(String path) +165
System.Web.Compilation.PreservedAssemblyEntry.LoadDataFromFileInternal(B
oolean fApplicationFile) +898
System.Web.Compilation.PreservedAssemblyEntry.LoadDataFromFile(Boolean
fApplicationFile) +57
System.Web.Compilation.PreservedAssemblyEntry.GetPreservedAssemblyEntry(
HttpContext context, String virtualPath, Boolean fApplicationFile) +111
System.Web.UI.TemplateParser. GetParserCacheItemFromPreservedCompilati
on(
) +91
System.Web.UI.TemplateParser.GetParserCacheItemInternal(Boolean
fCreateIfNotFound) +148
System.Web.UI.TemplateParser.GetParserCacheItemWithNewConfigPath()
+125
System.Web.UI.TemplateParser.GetParserCacheItem() +88
System.Web.UI.ApplicationFileParser.GetCompiledApplicationType(String
inputFile, HttpContext context, ApplicationFileParser& parser) +171
System.Web.HttpApplicationFactory.CompileApplication(HttpContext
context) +43
System.Web.HttpApplicationFactory.Init(HttpContext context) +485
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext
context) +170
System.Web.HttpRuntime. ProcessRequestInternal(HttpWorkerRequest
wr)
+414
------------------------------------------------------------------------
--------
Version Information: Microsoft .NET Framework Version:1.1.4322.573;
ASP.NET Version:1.1.4322.573
I am confused whether I should be using ASPNET or IUSR for anonymous
access. Neither seems to work. I still get a net logon dialog box from
the main site. I used the administrator user and password. I went the
the TEMP asp net folder and permitted both aspnet and iusr full access.
Same result.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
| |
| Ken Schaefer 2004-03-31, 1:38 am |
| OK, this is a problem with running ASPNet on a DC:
http://support.microsoft.com/defaul...kb;EN-US;315158
Cheers
Ken
"John Burns" <marinmountainman@sbcglobal.net> wrote in message
news:%23eO3kVuFEHA.700@TK2MSFTNGP09.phx.gbl...
:
: That did not help me. I am still stuck.
:
: Server Error in '/ShopIbidemUs' Application.
: ------------------------------------------------------------------------
: --------
:
: Access to the path "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary
: ASP.NET Files\shopibidemus\ec3af43c\1e7fe687\glo
bal.asax.xml" is denied.
: Description: An unhandled exception occurred during the execution of the
: current web request. Please review the stack trace for more information
: about the error and where it originated in the code.
:
: Exception Details: System.UnauthorizedAccessException: Access to the
: path "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET
: Files\shopibidemus\ec3af43c\1e7fe687\glo
bal.asax.xml" is denied.
:
: ASP.NET is not authorized to access the requested resource. Consider
: granting access rights to the resource to the ASP.NET request identity.
: ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
: or Network Service on IIS 6) that is used if the application is not
: impersonating. If the application is impersonating via <identity
: impersonate="true"/>, the identity will be the anonymous user (typically
: IUSR_MACHINENAME) or the authenticated request user.
:
: To grant ASP.NET write access to a file, right-click the file in
: Explorer, choose "Properties" and select the Security tab. Click "Add"
: to add the appropriate user or group. Highlight the ASP.NET account, and
: check the boxes for the desired access.
:
: Source Error:
:
: An unhandled exception was generated during the execution of the current
: web request. Information regarding the origin and location of the
: exception can be identified using the exception stack trace below.
:
: Stack Trace:
:
:
: [UnauthorizedAccessException: Access to the path
: "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET
: Files\shopibidemus\ec3af43c\1e7fe687\glo
bal.asax.xml" is denied.]
: System.IO.__Error.WinIOError(Int32 errorCode, String str) +393
: System.IO.File.Delete(String path) +165
:
: System.Web.Compilation.PreservedAssemblyEntry.LoadDataFromFileInternal(B
: oolean fApplicationFile) +898
:
: System.Web.Compilation.PreservedAssemblyEntry.LoadDataFromFile(Boolean
: fApplicationFile) +57
:
: System.Web.Compilation.PreservedAssemblyEntry.GetPreservedAssemblyEntry(
: HttpContext context, String virtualPath, Boolean fApplicationFile) +111
:
: System.Web.UI.TemplateParser. GetParserCacheItemFromPreservedCompilati
on(
: ) +91
: System.Web.UI.TemplateParser.GetParserCacheItemInternal(Boolean
: fCreateIfNotFound) +148
: System.Web.UI.TemplateParser.GetParserCacheItemWithNewConfigPath()
: +125
: System.Web.UI.TemplateParser.GetParserCacheItem() +88
: System.Web.UI.ApplicationFileParser.GetCompiledApplicationType(String
: inputFile, HttpContext context, ApplicationFileParser& parser) +171
: System.Web.HttpApplicationFactory.CompileApplication(HttpContext
: context) +43
: System.Web.HttpApplicationFactory.Init(HttpContext context) +485
: System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext
: context) +170
: System.Web.HttpRuntime. ProcessRequestInternal(HttpWorkerRequest
wr)
: +414
:
:
:
:
: ------------------------------------------------------------------------
: --------
: Version Information: Microsoft .NET Framework Version:1.1.4322.573;
: ASP.NET Version:1.1.4322.573
:
:
: I am confused whether I should be using ASPNET or IUSR for anonymous
: access. Neither seems to work. I still get a net logon dialog box from
: the main site. I used the administrator user and password. I went the
: the TEMP asp net folder and permitted both aspnet and iusr full access.
: Same result.
:
:
: *** Sent via Developersdex http://www.developersdex.com ***
: Don't just participate in USENET...get rewarded for it!
| |
| John Burns 2004-03-31, 2:36 am |
|
Well I overcame the previous file access errors. When I go to the
website, I am still presented with a popup net logon dialog box. I can
leave all the fields blank and just click OK or close the dialog box
and it goes away. The website has already been displayed behind the net
logon dialog box so it seems unneeded anyway. I wish I could stop the
net logon dialog box from popping up. Anyone know how to do this?
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
| |
| John Burns 2004-03-31, 3:35 am |
| I figured out how to get rid of the net logon dialog on the client
machine. So now I have DNS installed and remote clients can view my
website the same as before active directory was installed.
One remaining problem is how do I get my domain name to replace the ip
address when someone visits my site.
Type in ibidem.us in your browser address window and it will bring up
this site:
http://66.120.7.237/ShopIbidemUs/default.aspx
I would like it to say either:
http://ibidem.us/ShopIbidemUs/default.aspx
or
http://www.ibidem.us/ShopIbidemUs/default.aspx
Is this because I am using a forwarding record instead of a cname record
at Yahoo domains?
Anyone know how to do this?
John Burns
MarinMountainMan@sbcGlobal.Net
Shop with US at www.ibidem.us
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
| |
| Ken Schaefer 2004-03-31, 4:34 am |
| If you want to use the name, rather than the IP address, then there must be
an A, or CNAME record in the DNS that resolves the name to the IP address.
At the moment www.ibidem.us points to 66.218.85.169
Whatever webserver at 666.218.85.169 must be then redirecting users to your
IP address.
Cheers
Ken
"John Burns" <marinmountainman@sbcglobal.net> wrote in message
news:uS4Y$XvFEHA.3456@tk2msftngp13.phx.gbl...
: I figured out how to get rid of the net logon dialog on the client
: machine. So now I have DNS installed and remote clients can view my
: website the same as before active directory was installed.
:
: One remaining problem is how do I get my domain name to replace the ip
: address when someone visits my site.
:
: Type in ibidem.us in your browser address window and it will bring up
: this site:
:
: http://66.120.7.237/ShopIbidemUs/default.aspx
:
: I would like it to say either:
:
: http://ibidem.us/ShopIbidemUs/default.aspx
:
: or
:
: http://www.ibidem.us/ShopIbidemUs/default.aspx
:
: Is this because I am using a forwarding record instead of a cname record
: at Yahoo domains?
:
: Anyone know how to do this?
:
:
: John Burns
: MarinMountainMan@sbcGlobal.Net
: Shop with US at www.ibidem.us
:
:
: *** Sent via Developersdex http://www.developersdex.com ***
: Don't just participate in USENET...get rewarded for it!
| |
|
|
|
|
|