| David Wang 2007-03-21, 1:34 am |
| If you do not see record of the request in the %windir%
\System32\LogFiles\W3SVC1 files, then either IIS did not handle the
request or the logfile has not flushed yet. It does *not* mean that
"IIS appears to prevent access" because even if IIS prevents access,
it should be logged.
Can you clearly state exactly what you are trying to do -- what user
identity has access to what and where. At this point, you described a
whole bunch of configuration, some of them redundant and others
conflicting, and I don't know what you are trying to accomplish. It is
a recipe for having authentication issues.
What I want to know:
Do you want authenticated user credentials from the client ASP.Net
application to flow to the server ASP.Net application, or do you want
to authenticate the user identity on the front-end but use a different
impersonated identity to reverse-proxy access to the server ASP.Net
application. And what is the configured Application Pool identity
running the client ASP.Net application.
FYI: This "hassle" is a good thing because it reminds the coders that
they may not be as up-to-date on application security and
authentication protocols as they should be. It is important to hassle
coders to get it right because this is the front door and roadmap to
their server's kingdom, and you want it to be sturdy and secure, not
just gaping wide open. Security does not happen "automagically" - it
happens by design.
Personally, I think that if you get a 401, you should think "darn,
what else did I forget" and NOT "darn, why is Microsoft making it a
hassle". The era of running as administrator or LocalSystem to avoid
"access denied" and have things "magically work" is over.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Mar 20, 11:08 am, Grant_S<nos...@developmentnow.com> wrote:
> I have an asp.net web application which posts a request to another asp.net web application. I am coding in C# using Visual studio 2003, with .Net Framework 1.1 on a Wiondows 2003 server (running IIS 6.0.). In order to have all code running as managed co
de, I changed existing code which uses MSXML ServerXMLHTTPClass to post requests to code using the .Net HTTPWebRequest class. When migrating the application to the Test web server, IIS appears to prevent access (=no record of the request in the Windows\Sy
stem32\Logfiles\W3SVC1 files). I am using impersonation in the web.config file of the client and 'server' web applications. The Application needs to be configured in IIS to 'Windows Authentication' only. The impersonated account is a member of IIS_WPG gro
up an has NTFS permissions to the Applications physical folder. Even if I open up security (allow everyone). There is no web proxy issue. Both client and Server applications are at this point both on the same Test server with the same specs as the develop
ment machine (above).
>
> THE ONLY WAY IT FUNCTIONS IS IF IIS FOR THE APPLICATION ON THE SERVER HAS 'ENABLE ANONYMOUS' TICKED.
>
> I see a lot of posts on the internet highlighting this problem without any difinitive answer. Surely, Microsoft wishes the Managed classes to be used. Why then does there appear to be such a hassle for coders to use the class to achieve the same result
as the MSXML classes?
>
> The code below is what I am using to make the call. Tracing shows that the call fails when the request is made (GetResponse()).
>
> HttpWebRequest request=null;
> Uri uri = new Uri(requestTargetAndQuery);
> request = (HttpWebRequest) WebRequest.Create(uri);
> request.Method = "GET";
> request.Credentials = new NetworkCredential(this.m_User, this.m_Password);
> string result=string.Empty;
> using (HttpWebResponse response = (HttpWebResponse) request.GetResponse())
> {
> request response.",traceSwitch);
> using (Stream responseStream = response.GetResponseStream())
> {
> using (StreamReader readStream = new StreamReader (responseStream, Encoding.UTF8))
> { result = readStream.ReadToEnd();
> }
>
> }
> }
>
> Hopefully someone can point me in the right direction (or let me know if the Framework class does not have the capability to achieve what I am trying)
>
> Thanks Grant_S
>
> Fromhttp://developmentnow.com/g/91_0_0_0_0_0/inetserver-iis-security.htm
>
> Posted via DevelopmentNow.com Groupshttp://www.developmentnow.com
|