Published asp.net WebApp won't connect. 401.1 unauthorized

StackOverflow https://stackoverflow.com/questions/11584676

Domanda

asp.net app (c#) worked fine in debug mode; published, getting 401.1 error (unauthorized). When I put in the url, a dialog asks for username & password. Put it in 3x, error.

It's an internal app, using Windows authentication only.

  • IIS 7.5, using ApplicationPoolIdentity.

  • SQLServer Database

Specific Error Message from 401.1 page:

  • Module WindowsAuthenticationModule

  • Notification AuthenticateRequest

  • Handler ExtensionlessUrlHandler-Integrated-4.0

  • Error Code 0x8009030e

  • Requested URL http://smalltools.dbsvc.com:80/ Ap

  • Physical Path C:\inetpub\SmallTools

  • Logon Method Not yet determined

  • Logon User Not yet determined

The app has a users table to determine the "role" of that user. I put a method in the master page that queries the table based on authenticated user, and returns the role. This, in turns, determines which buttons are visible on the navigation bar.

Looked in the security log, and found the following 3 entries:

2012-07-20 14:55:11 10.0.1.38 GET / - 80 - 10.0.13.106 Mozilla/5.0+(Windows+NT+6.1;+rv:14.0)+Gecko/20100101+Firefox/14.0.1 401 2 5 15

2012-07-20 14:55:20 10.0.1.38 GET / - 80 DE\cin.bro 10.0.13.106 Mozilla/5.0+(Windows+NT+6.1;+rv:14.0)+Gecko/20100101+Firefox/14.0.1 500 0 0 125

2012-07-20 14:55:20 10.0.1.38 GET /favicon.ico - 80 DE\cin.bro 10.0.13.106 Mozilla/5.0+(Windows+NT+6.1;+rv:14.0)+Gecko/20100101+Firefox/14.0.1 404 0 2 0

Any idea what might be causing the inability to log in? Any clues what I can fix to make it work? I've researched all day and haven't found what might be the problem. Any information is gratefully received. Thanks Cindy

È stato utile?

Soluzione

I've successfully solved the issue; I had to allow impersonation, and make an adjustment to the AD group.

The article in the following link helped a great deal: http://msdn.microsoft.com/en-us/library/bsz5788z.aspx

Altri suggerimenti

If this is an external site, then Windows authentication isn't really the way to go. But you can still do it, here's some links I found that should help.

Q&A about similar issue

Microsoft guide on how to implement

Typically Windows Authentication is used with internal systems because the users are logged on directly to the system and all their credentials are right there. However for external apps this isn't always the case, since your home Windows account and work windows account aren't the same, in addition you may not even be using windows from the external location.

Another gotcha I came across is the local loopback address security check when you setup a DEV instance and modify hosts file to use Fully Qualified Domain Name (FQDN) or simply when you browse IIS site with custom headers and the name does not match the server hostname. While this is necessary for production servers it is a problem when setting up Developer environments.

"This issue occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address"

There are two main methods to resolve the issue:

  1. Specify host names (Preferred method if NTLM authentication is desired) by creating/updating the Multi-String value:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  2. Disable the loopback check (less-recommended method - do not use on production servers) by setting the following registry DWORD value to 1

    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck

Please refer to this HTTP 401.1 - Unauthorized: Logon Failed - Microsoft Support article for detailed overview and registry settings.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top