|
Home > Archive > IIS Server Security > June 2005 > Accessing Site as Anonymous
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Accessing Site as Anonymous
|
|
|
| I am out of options on trying to get this to work. I have a site that sits
on our development box in a vlan. No matter what I do I can't access the
site as an anonymous user - it just prompts me with a challenge response. If
I cancel and try to access the site, my menu control does not render
properly. I'm using the IE web controls for that. My current set up is
Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET
account with a custom account that I have set up according to documentation
in patterns and practices. In IIS Manager I have set the Identity in
DefaultAppPool to this custom account and in the directory security of the
web site I have checked the Allow Anonymous and left the IUSR account as the
user id. I can see in the task manager that the worker process is running
under my custom account. My web.config file contains the statement:
<authorization>
<allow users="*" />
</authorization>
So, what else can I check or do to get this to work? I've thought about
running aspnet_regiis to reset everything in hopes of starting over, but I'm
not sure if that will work. There is also a new version of aspnet_regiis in
the 2.0 framework that accepts a switch "-ga" that assigns the proper
permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not
sure if I can use that on a 1.1 version of the framework.
Thanks for ANY help!!!!
--
Mike Gasperino
Sr. Software Developer
office: 919-807-2310
****************************************
************************************
E-mail correspondence to and from this address may be subject to the North
Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third
parties
****************************************
************************************
| |
| David Wang [Msft] 2005-06-10, 5:56 pm |
| My suspicion is that the username/password for the anonymous user account is
out of sync with the local machine's account. You want to synchronize it to
make anonymous work again.
Check the web server log file (%systemroot%\System32\LogFiles\W3SVC#\*
.log)
for your requests -- if they are failing with 401 1 <win32 error code> then
this is probably the problem.
See this URL for other reasons for anonymous not working.
http://blogs.msdn.com/david.wang/ar...
mous_User.aspx
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Mike" <announ@tkd.net> wrote in message
news:OWK%23uXPbFHA.2696@TK2MSFTNGP09.phx.gbl...
I am out of options on trying to get this to work. I have a site that sits
on our development box in a vlan. No matter what I do I can't access the
site as an anonymous user - it just prompts me with a challenge response. If
I cancel and try to access the site, my menu control does not render
properly. I'm using the IE web controls for that. My current set up is
Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET
account with a custom account that I have set up according to documentation
in patterns and practices. In IIS Manager I have set the Identity in
DefaultAppPool to this custom account and in the directory security of the
web site I have checked the Allow Anonymous and left the IUSR account as the
user id. I can see in the task manager that the worker process is running
under my custom account. My web.config file contains the statement:
<authorization>
<allow users="*" />
</authorization>
So, what else can I check or do to get this to work? I've thought about
running aspnet_regiis to reset everything in hopes of starting over, but I'm
not sure if that will work. There is also a new version of aspnet_regiis in
the 2.0 framework that accepts a switch "-ga" that assigns the proper
permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not
sure if I can use that on a 1.1 version of the framework.
Thanks for ANY help!!!!
--
Mike Gasperino
Sr. Software Developer
office: 919-807-2310
****************************************
************************************
E-mail correspondence to and from this address may be subject to the North
Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third
parties
****************************************
************************************
| |
|
| What is the proper way to re-sync the passwords?
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:O3SyXycbFHA.3048@TK2MSFTNGP12.phx.gbl...
> My suspicion is that the username/password for the anonymous user account
> is
> out of sync with the local machine's account. You want to synchronize it
> to
> make anonymous work again.
>
> Check the web server log file
> (%systemroot%\System32\LogFiles\W3SVC#\*
.log)
> for your requests -- if they are failing with 401 1 <win32 error code>
> then
> this is probably the problem.
>
> See this URL for other reasons for anonymous not working.
> http://blogs.msdn.com/david.wang/ar...
mous_User.aspx
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Mike" <announ@tkd.net> wrote in message
> news:OWK%23uXPbFHA.2696@TK2MSFTNGP09.phx.gbl...
> I am out of options on trying to get this to work. I have a site that sits
> on our development box in a vlan. No matter what I do I can't access the
> site as an anonymous user - it just prompts me with a challenge response.
> If
> I cancel and try to access the site, my menu control does not render
> properly. I'm using the IE web controls for that. My current set up is
> Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET
> account with a custom account that I have set up according to
> documentation
> in patterns and practices. In IIS Manager I have set the Identity in
> DefaultAppPool to this custom account and in the directory security of the
> web site I have checked the Allow Anonymous and left the IUSR account as
> the
> user id. I can see in the task manager that the worker process is running
> under my custom account. My web.config file contains the statement:
>
> <authorization>
> <allow users="*" />
> </authorization>
>
> So, what else can I check or do to get this to work? I've thought about
> running aspnet_regiis to reset everything in hopes of starting over, but
> I'm
> not sure if that will work. There is also a new version of aspnet_regiis
> in
> the 2.0 framework that accepts a switch "-ga" that assigns the proper
> permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not
> sure if I can use that on a 1.1 version of the framework.
>
> Thanks for ANY help!!!!
>
>
> --
> Mike Gasperino
> Sr. Software Developer
> office: 919-807-2310
>
> ****************************************
************************************
> E-mail correspondence to and from this address may be subject to the North
> Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third
> parties
> ****************************************
************************************
>
>
>
| |
|
| Mike,
Your web.config file states that all authenticated users are authorized
for browsing the web site. In order to alow anonymous browsing you must
add another element.
Here=B4s a sample:
<authorization>
<allow users=3D"*" /> <!-- Grant access to known users -->
<allow users=3D"?" /> <!-- Grant access to unknown users -->
</authorization>
Mike wrote:
> I am out of options on trying to get this to work. I have a site that sits
> on our development box in a vlan. No matter what I do I can't access the
> site as an anonymous user - it just prompts me with a challenge response.=
If
> I cancel and try to access the site, my menu control does not render
> properly. I'm using the IE web controls for that. My current set up is
> Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET
> account with a custom account that I have set up according to documentati=
on
> in patterns and practices. In IIS Manager I have set the Identity in
> DefaultAppPool to this custom account and in the directory security of the
> web site I have checked the Allow Anonymous and left the IUSR account as =
the
> user id. I can see in the task manager that the worker process is running
> under my custom account. My web.config file contains the statement:
>
> <authorization>
> <allow users=3D"*" />
> </authorization>
>
> So, what else can I check or do to get this to work? I've thought about
> running aspnet_regiis to reset everything in hopes of starting over, but =
I'm
> not sure if that will work. There is also a new version of aspnet_regiis =
in
> the 2.0 framework that accepts a switch "-ga" that assigns the proper
> permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not
> sure if I can use that on a 1.1 version of the framework.
>
> Thanks for ANY help!!!!
>
>
> --
> Mike Gasperino
> Sr. Software Developer
> office: 919-807-2310
>
> ****************************************
*********************************=
***
> E-mail correspondence to and from this address may be subject to the North
> Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third
> parties
> ****************************************
*********************************=
***
| |
|
| I made the changes to the web.config file and re-synced the IUSR password
and it made no difference whatsoever.
Don't know where to turn next...
"Vitor" <vitor.m.o@gmail.com> wrote in message
news:1118695321.217121.306350@g14g2000cwa.googlegroups.com...
Mike,
Your web.config file states that all authenticated users are authorized
for browsing the web site. In order to alow anonymous browsing you must
add another element.
Here´s a sample:
<authorization>
<allow users="*" /> <!-- Grant access to known users -->
<allow users="?" /> <!-- Grant access to unknown users -->
</authorization>
Mike wrote:
> I am out of options on trying to get this to work. I have a site that sits
> on our development box in a vlan. No matter what I do I can't access the
> site as an anonymous user - it just prompts me with a challenge response.
> If
> I cancel and try to access the site, my menu control does not render
> properly. I'm using the IE web controls for that. My current set up is
> Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET
> account with a custom account that I have set up according to
> documentation
> in patterns and practices. In IIS Manager I have set the Identity in
> DefaultAppPool to this custom account and in the directory security of the
> web site I have checked the Allow Anonymous and left the IUSR account as
> the
> user id. I can see in the task manager that the worker process is running
> under my custom account. My web.config file contains the statement:
>
> <authorization>
> <allow users="*" />
> </authorization>
>
> So, what else can I check or do to get this to work? I've thought about
> running aspnet_regiis to reset everything in hopes of starting over, but
> I'm
> not sure if that will work. There is also a new version of aspnet_regiis
> in
> the 2.0 framework that accepts a switch "-ga" that assigns the proper
> permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not
> sure if I can use that on a 1.1 version of the framework.
>
> Thanks for ANY help!!!!
>
>
> --
> Mike Gasperino
> Sr. Software Developer
> office: 919-807-2310
>
> ****************************************
************************************
> E-mail correspondence to and from this address may be subject to the North
> Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third
> parties
> ****************************************
************************************
| |
| David Wang [Msft] 2005-06-15, 8:55 pm |
| Please give the actual web log entries corresponding to your failure to
authenticate. All of them.
Should be in the form of 401.x -- I want to know the specific "x" as well as
the accompanying Win32 error code.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Mike" <announ@tkd.net> wrote in message
news:e90LVXacFHA.1456@TK2MSFTNGP15.phx.gbl...
I made the changes to the web.config file and re-synced the IUSR password
and it made no difference whatsoever.
Don't know where to turn next...
"Vitor" <vitor.m.o@gmail.com> wrote in message
news:1118695321.217121.306350@g14g2000cwa.googlegroups.com...
Mike,
Your web.config file states that all authenticated users are authorized
for browsing the web site. In order to alow anonymous browsing you must
add another element.
Here´s a sample:
<authorization>
<allow users="*" /> <!-- Grant access to known users -->
<allow users="?" /> <!-- Grant access to unknown users -->
</authorization>
Mike wrote:
> I am out of options on trying to get this to work. I have a site that sits
> on our development box in a vlan. No matter what I do I can't access the
> site as an anonymous user - it just prompts me with a challenge response.
> If
> I cancel and try to access the site, my menu control does not render
> properly. I'm using the IE web controls for that. My current set up is
> Windows 2003 running and asp.net app in IIS. I am impersonating the ASPNET
> account with a custom account that I have set up according to
> documentation
> in patterns and practices. In IIS Manager I have set the Identity in
> DefaultAppPool to this custom account and in the directory security of the
> web site I have checked the Allow Anonymous and left the IUSR account as
> the
> user id. I can see in the task manager that the worker process is running
> under my custom account. My web.config file contains the statement:
>
> <authorization>
> <allow users="*" />
> </authorization>
>
> So, what else can I check or do to get this to work? I've thought about
> running aspnet_regiis to reset everything in hopes of starting over, but
> I'm
> not sure if that will work. There is also a new version of aspnet_regiis
> in
> the 2.0 framework that accepts a switch "-ga" that assigns the proper
> permissions to a passed account. It works nicely on ASP.NET 2.0 apps - not
> sure if I can use that on a 1.1 version of the framework.
>
> Thanks for ANY help!!!!
>
>
> --
> Mike Gasperino
> Sr. Software Developer
> office: 919-807-2310
>
>
****************************************
************************************[vbc
ol=seagreen]
> E-mail correspondence to and from this address may be subject to the North
> Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to third
> parties
>[/vbcol]
****************************************
************************************
| |
| David Wang [Msft] 2005-06-17, 2:52 am |
| The error code 2148074252 translated into hexadecimal is 0x8009030C , which
if you look up with any Win32 error lookup tool (Visual Studio comes with
such a viewer) means "The logon attempt failed". Basically, it means that
the username/password used for authentication did not match.
The failure occurred on access for this URL:
/aspnet_client/system_web/1_1_4322/WebUIValidation.js
Thus, you need to look in IIS configuration for this website to verify:
1. What authentication is applicable for the URL:
/aspnet_client/system_web/1_1_4322/WebUIValidation.js
2. If it is anonymous, then make sure that the configured Anonymous
username/password is in sync with the local SAM (or AD if you are using a
domain account for the anonymous user).
The application pool identity should not affect this situation unless the
following conditions apply (all documented in the same section that
introduces how to configure IIS6 application pool identity -- you do read
documentation, yes?):
1. Server is in a domain
2. Integrated Authentication is enabled and used by the client to
authenticate
3. The user identity has been customized from the default value of Network
Service
4. SETSPN (mentioned in documentation) has not be configured correctly
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Mike" <announ@tkd.net> wrote in message
news:e9t5iPmcFHA.1404@TK2MSFTNGP09.phx.gbl...
Thanks David,
Here is the log file from the web server....
Thanks for your help
Mike
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:OYmUrUhcFHA.220@TK2MSFTNGP12.phx.gbl...
> Please give the actual web log entries corresponding to your failure to
> authenticate. All of them.
>
> Should be in the form of 401.x -- I want to know the specific "x" as well
> as
> the accompanying Win32 error code.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Mike" <announ@tkd.net> wrote in message
> news:e90LVXacFHA.1456@TK2MSFTNGP15.phx.gbl...
> I made the changes to the web.config file and re-synced the IUSR password
> and it made no difference whatsoever.
>
> Don't know where to turn next...
>
>
> "Vitor" <vitor.m.o@gmail.com> wrote in message
> news:1118695321.217121.306350@g14g2000cwa.googlegroups.com...
> Mike,
>
>
> Your web.config file states that all authenticated users are authorized
> for browsing the web site. In order to alow anonymous browsing you must
> add another element.
>
> Here´s a sample:
>
> <authorization>
> <allow users="*" /> <!-- Grant access to known users -->
> <allow users="?" /> <!-- Grant access to unknown users -->
> </authorization>
>
>
>
> Mike wrote:
>
****************************************
************************************[vbc
ol=seagreen]
>[/vbcol]
****************************************
************************************[vbc
ol=seagreen]
>
>
>[/vbcol]
|
|
|
|
|