ASP.Net website asks user and password continously
-
Hi, We have a website which has been hosted in IIS7 and it runs with asp.net impersonation and windows authentication. we had been continously prompted with username and password when we are trying to access the website. it is accessible when we add an user as local admin on that server. we did the following but still no luck We gave file permission at the NTFS level for all the users. We also tried changing the windows authentication providers to NTLM. changed the website pool(classic asp.net one) to work with local service. Appreciate your help on this Any responses are much appreciated.
-
Hi, We have a website which has been hosted in IIS7 and it runs with asp.net impersonation and windows authentication. we had been continously prompted with username and password when we are trying to access the website. it is accessible when we add an user as local admin on that server. we did the following but still no luck We gave file permission at the NTFS level for all the users. We also tried changing the windows authentication providers to NTLM. changed the website pool(classic asp.net one) to work with local service. Appreciate your help on this Any responses are much appreciated.
Any exceptions being generated? Any code we could dissect? Anything in logs that looks hokey? What is the sequence of events?
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. nils illegitimus carborundum me, me, me
-
Hi, We have a website which has been hosted in IIS7 and it runs with asp.net impersonation and windows authentication. we had been continously prompted with username and password when we are trying to access the website. it is accessible when we add an user as local admin on that server. we did the following but still no luck We gave file permission at the NTFS level for all the users. We also tried changing the windows authentication providers to NTLM. changed the website pool(classic asp.net one) to work with local service. Appreciate your help on this Any responses are much appreciated.
What browser are you using? If it's IE, try adding the url to the list of trusted sites.
-
What browser are you using? If it's IE, try adding the url to the list of trusted sites.
The login screen comes up contiously even after I give my credencials. It just comes for three times and shows me 401. Error message. I don't think it has anything to do with my local IE as it works OK when we furnish the admin login of the server when it prompts for username and password I guess it is something to do with iis trying to access some folder. We gave everyone access to the physical folder for all the users but still no luck
-
The login screen comes up contiously even after I give my credencials. It just comes for three times and shows me 401. Error message. I don't think it has anything to do with my local IE as it works OK when we furnish the admin login of the server when it prompts for username and password I guess it is something to do with iis trying to access some folder. We gave everyone access to the physical folder for all the users but still no luck
It's not seeing your Active Directory. It's working with a local user on the IIS box, right? When you try it with users that aren't local users on that computer, it fails. The "asking three times and giving a 401" is known behavior for when the login is failing. In your case, it's the login itself that is failing, nothing in your code. If the login worked and the application had trouble, you would see a yellow screen of death exception or your custom error page. SO, I think it's just not able to authenticate AD users - does it work with other LOCAL users on the machine? Try this article - it's a little more complicated than what you said you did. Using AD with ASP.Net[^] Also, remember that "impersonation=true" means that once a user is authenticated, they "impersonate" the ASP.Net user. If you want things to run under the actual user's context then you make impersonation=false. From your first post, I can't tell which method you're trying to do.
-
It's not seeing your Active Directory. It's working with a local user on the IIS box, right? When you try it with users that aren't local users on that computer, it fails. The "asking three times and giving a 401" is known behavior for when the login is failing. In your case, it's the login itself that is failing, nothing in your code. If the login worked and the application had trouble, you would see a yellow screen of death exception or your custom error page. SO, I think it's just not able to authenticate AD users - does it work with other LOCAL users on the machine? Try this article - it's a little more complicated than what you said you did. Using AD with ASP.Net[^] Also, remember that "impersonation=true" means that once a user is authenticated, they "impersonate" the ASP.Net user. If you want things to run under the actual user's context then you make impersonation=false. From your first post, I can't tell which method you're trying to do.
This is what i got as a response in fiddler. No Proxy-Authorization Header is present. Authorization Header is present: NTLM 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP......... 88 00 00 00 88 01 88 01 A0 00 00 00 06 00 06 00 ..... ....... 58 00 00 00 0E 00 0E 00 5E 00 00 00 1C 00 1C 00 X.......^....... 6C 00 00 00 00 00 00 00 28 02 00 00 05 82 88 A2 l.......(....¢ 06 01 B1 1D 00 00 00 0F 1F 64 08 E3 8A A9 CC 7B ..±......d.ã©Ì{ 7E C9 ED 3D FB CD A2 7E 45 00 55 00 52 00 41 00 ~Éí=ûÍ¢~E.U.R.A. 44 00 43 00 58 00 50 00 38 00 38 00 4C 00 45 00 D.C.X.P.8.8.L.E. 31 00 31 00 4E 00 49 00 4D 00 42 00 38 00 56 00 1.1.N.I.M.B.8.V. 57 00 44 00 53 00 31 00 00 00 00 00 00 00 00 00 W.D.S.1......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4F DF A3 72 70 D9 4E 45 4D AA 89 FB 27 90 12 74 OߣrpÙNEMªû'.t 01 01 00 00 00 00 00 00 9D 06 28 57 1A 31 CE 01 .........(W.1Î. EA BC FB C0 0A 85 32 43 00 00 00 00 02 00 06 00 ê¼ûÀ. 2C........ 45 00 55 00 52 00 01 00 18 00 57 00 51 00 56 00 E.U.R.....W.Q.V. 53 00 50 00 41 00 56 00 59 00 44 00 4D 00 30 00 S.P.A.V.Y.D.M.0. 36 00 04 00 22 00 65 00 75 00 72 00 2E 00 62 00 6...".e.u.r...b. 6E 00 79 00 6D 00 65 00 6C 00 6C 00 6F 00 6E 00 n.y.m.e.l.l.o.n. 2E 00 6E 00 65 00 74 00 03 00 3C 00 57 00 51 00 ..n.e.t...<.W.Q. 56 00 53 00 50 00 41 00 56 00 59 00 44 00 4D 00 V.S.P.A.V.Y.D.M. 30 00 36 00 2E 00 65 00 75 00 72 00 2E 00 62 00 0.6...e.u.r...b. 6E 00 79 00 6D 00 65 00 6C 00 6C 00 6F 00 6E 00 n.y.m.e.l.l.o.n. 2E 00 6E 00 65 00 74 00 05 00 1A 00 62 00 6E 00 ..n.e.t.....b.n. 79 00 6D 00 65 00 6C 00 6C 00 6F 00 6E 00 2E 00 y.m.e.l.l.o.n... 6E 00 65 00 74 00 07 00 08 00 9D 06 28 57 1A 31 n.e.t......(W.1 CE 01 06 00 04 00 02 00 00 00 08 00 30 00 30 00 Î...........0.0. 00 00 00 00 00 00 00 00 00 00 00 20 00 00 84 8F ........... .. 59 77 D7 C1 7F B3 48 CF 72 EA AC F3 10 C6 3D 7D Yw×Á³HÏrê¬ó.Æ=} 86 0E DA D2 F5 8B D3 DF D5 FB 9C F1 72 C0 0A 00 .ÚÒõÓßÕûñrÀ.. 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 09 00 46 00 48 00 54 00 54 00 50 00 2F 00 ....F.H.T.T.P./. 77 00 71 00 76 00 73 00 70 00 61 00 76 00 79 00 w.q.v.s.p.a.v.y. 64 00 6D 00 30 00 36 00 2E 00 65 00 75 00 72 00 d.m.0.6...e.u.r. 2E 00 62 00 6E 00 79 00 6D 00 65 00 6C 00 6C 00 ..b.n.y.m.e.l.l. 6F 00 6E 00 2E 00 6E 00 65 00 74 00 00 00 00 00 o.n...n.e.t..... 00 00 00 00 00 00 00 00 ........ -[NTLM Type3: Authentication]------------------------------ Provider: NTLMSSP
-
This is what i got as a response in fiddler. No Proxy-Authorization Header is present. Authorization Header is present: NTLM 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP......... 88 00 00 00 88 01 88 01 A0 00 00 00 06 00 06 00 ..... ....... 58 00 00 00 0E 00 0E 00 5E 00 00 00 1C 00 1C 00 X.......^....... 6C 00 00 00 00 00 00 00 28 02 00 00 05 82 88 A2 l.......(....¢ 06 01 B1 1D 00 00 00 0F 1F 64 08 E3 8A A9 CC 7B ..±......d.ã©Ì{ 7E C9 ED 3D FB CD A2 7E 45 00 55 00 52 00 41 00 ~Éí=ûÍ¢~E.U.R.A. 44 00 43 00 58 00 50 00 38 00 38 00 4C 00 45 00 D.C.X.P.8.8.L.E. 31 00 31 00 4E 00 49 00 4D 00 42 00 38 00 56 00 1.1.N.I.M.B.8.V. 57 00 44 00 53 00 31 00 00 00 00 00 00 00 00 00 W.D.S.1......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4F DF A3 72 70 D9 4E 45 4D AA 89 FB 27 90 12 74 OߣrpÙNEMªû'.t 01 01 00 00 00 00 00 00 9D 06 28 57 1A 31 CE 01 .........(W.1Î. EA BC FB C0 0A 85 32 43 00 00 00 00 02 00 06 00 ê¼ûÀ. 2C........ 45 00 55 00 52 00 01 00 18 00 57 00 51 00 56 00 E.U.R.....W.Q.V. 53 00 50 00 41 00 56 00 59 00 44 00 4D 00 30 00 S.P.A.V.Y.D.M.0. 36 00 04 00 22 00 65 00 75 00 72 00 2E 00 62 00 6...".e.u.r...b. 6E 00 79 00 6D 00 65 00 6C 00 6C 00 6F 00 6E 00 n.y.m.e.l.l.o.n. 2E 00 6E 00 65 00 74 00 03 00 3C 00 57 00 51 00 ..n.e.t...<.W.Q. 56 00 53 00 50 00 41 00 56 00 59 00 44 00 4D 00 V.S.P.A.V.Y.D.M. 30 00 36 00 2E 00 65 00 75 00 72 00 2E 00 62 00 0.6...e.u.r...b. 6E 00 79 00 6D 00 65 00 6C 00 6C 00 6F 00 6E 00 n.y.m.e.l.l.o.n. 2E 00 6E 00 65 00 74 00 05 00 1A 00 62 00 6E 00 ..n.e.t.....b.n. 79 00 6D 00 65 00 6C 00 6C 00 6F 00 6E 00 2E 00 y.m.e.l.l.o.n... 6E 00 65 00 74 00 07 00 08 00 9D 06 28 57 1A 31 n.e.t......(W.1 CE 01 06 00 04 00 02 00 00 00 08 00 30 00 30 00 Î...........0.0. 00 00 00 00 00 00 00 00 00 00 00 20 00 00 84 8F ........... .. 59 77 D7 C1 7F B3 48 CF 72 EA AC F3 10 C6 3D 7D Yw×Á³HÏrê¬ó.Æ=} 86 0E DA D2 F5 8B D3 DF D5 FB 9C F1 72 C0 0A 00 .ÚÒõÓßÕûñrÀ.. 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 09 00 46 00 48 00 54 00 54 00 50 00 2F 00 ....F.H.T.T.P./. 77 00 71 00 76 00 73 00 70 00 61 00 76 00 79 00 w.q.v.s.p.a.v.y. 64 00 6D 00 30 00 36 00 2E 00 65 00 75 00 72 00 d.m.0.6...e.u.r. 2E 00 62 00 6E 00 79 00 6D 00 65 00 6C 00 6C 00 ..b.n.y.m.e.l.l. 6F 00 6E 00 2E 00 6E 00 65 00 74 00 00 00 00 00 o.n...n.e.t..... 00 00 00 00 00 00 00 00 ........ -[NTLM Type3: Authentication]------------------------------ Provider: NTLMSSP
That doesn't really tell you anything useful, only what kinds of requests are possible. This is a security process - it is deliberately designed to be hard to figure out. I can't really help beyond the article I posted. You need to look at every tiny little detail in that article and make sure you have it right. Security systems are designed to fail if any tiny little thing is wrong, and you're running into some little problem in your setup somewhere. That article should be able to tell you what it is, but you're going to have to take a couple days maybe and look at it in detail.