AD wont let me in!

Are u usiing Windows Authentication?
when do u get 402.1 error? do wan to do?
:Patrick
Wha

"dhnriverside" <da*@musoswire.com> wrote in message
news:C8**********************************@microsof t.com...

Hi guys

I've got a web application on a Win2k IIS5 server. I've been coding it using anonymous access, and have just come to test the AD stuff - trouble is - all i get is a 402.1 error ("not authorised to view this page").

I've set <deny users="?"> in my <authorisation> bit of web.config, and ive
got <authentication mode="Windows"> in there too.

I've got anonymous access disabled and "Integrated Windows Authentication"
checked in the Directory Security tab of the Application in IIS.

Still, it wont let me in as a normal user or as an administrator! What have I missed?

Cheers
Dan

Hiya

Yeah... well, trying to. I want my site to recognise who is the logged in
Windows user. As I said I've got <deny users="?"> and
<authentication="Windows> in web.config, and IWA set on the Application in
IIS. Is there something else I've missed?

The error comes when i try and view any page on the site, it just wont let
me in!

Cheers
Dan

"Patrick.O.Ige" wrote:

Are u usiing Windows Authentication?
when do u get 402.1 error? do wan to do?
:Patrick
Wha

"dhnriverside" <da*@musoswire.com> wrote in message
news:C8**********************************@microsof t.com...

Hi guys

I've got a web application on a Win2k IIS5 server. I've been coding it

using

anonymous access, and have just come to test the AD stuff - trouble is -

all

i get is a 402.1 error ("not authorised to view this page").

I've set <deny users="?"> in my <authorisation> bit of web.config, and ive
got <authentication mode="Windows"> in there too.

I've got anonymous access disabled and "Integrated Windows Authentication"
checked in the Directory Security tab of the Application in IIS.

Still, it wont let me in as a normal user or as an administrator! What

have

I missed?

Cheers
Dan

Do u use a domain Acct Since you said you are testing against Active
Directory??
Becos it seems you don't have permission!!!
Check in ur IIS by going to your APPLICATION right click and see what is
configured!
Make sure u have right securities both on at ur application and your
directory level!
GDLUCK..
**And by the way do you have any security specification in you web.confg**
If you have pls paste ur web.config!!


"dhnriverside" <da*@musoswire.com> wrote in message
news:FB**********************************@microsof t.com...

Hiya

Yeah... well, trying to. I want my site to recognise who is the logged in
Windows user. As I said I've got <deny users="?"> and
<authentication="Windows> in web.config, and IWA set on the Application in
IIS. Is there something else I've missed?

The error comes when i try and view any page on the site, it just wont let
me in!

Cheers
Dan

"Patrick.O.Ige" wrote:

Are u usiing Windows Authentication?
when do u get 402.1 error? do wan to do?
:Patrick
Wha

"dhnriverside" <da*@musoswire.com> wrote in message
news:C8**********************************@microsof t.com...

Hi guys

I've got a web application on a Win2k IIS5 server. I've been coding it

using

anonymous access, and have just come to test the AD stuff - trouble is -

all

i get is a 402.1 error ("not authorised to view this page").

I've set <deny users="?"> in my <authorisation> bit of web.config, and

ive got <authentication mode="Windows"> in there too.

I've got anonymous access disabled and "Integrated Windows Authentication" checked in the Directory Security tab of the Application in IIS.

Still, it wont let me in as a normal user or as an administrator! What

have

I missed?

Cheers
Dan

Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers
Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Conne ction=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>

Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers
Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Conne ction=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>

Hi

Just some more info on the problem.

I've now got the <authorisation> section of my web config like so...

<authorisation>
<deny users="?">
</authorisation>

I've tested this on the server by doing both "http://localhost/app" and
"http://10.0.0.254/app"

When I try the first option, using localhost, I don't get a popup box and I
get straight in to the site, and my site works with User.Identity etc.

However, i try with the IP (still on the server), I get a popup box, which i
put the credentials in and it works. Whys that then?

Finally, if I try and access http://10.0.0.254/app from any of the other
machines on the network (Win98, WinXP, both IE 6.0.2800), I dont get into the
site, I dont get a popup login box, I just get sent straight to the 401.2
error page.

What's going on!?!?

Any help appreciated!

Cheers
Dan

"dhnriverside" wrote:

Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers
Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Conne ction=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>

Possibly because IE thinks the server is in a different security zone.
You can see the indicator in the lower right. With localhost IE sends
credentials automaically - that is the default setting for the
Intranet zone. By IP IE possibly thinks it is in the Internet security
zone. This is configurable under Tools -> Options -> Security
settings.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Mon, 29 Nov 2004 03:57:03 -0800, dhnriverside <da*@musoswire.com>
wrote:

Hi

Just some more info on the problem.

I've now got the <authorisation> section of my web config like so...

<authorisation>
<deny users="?">
</authorisation>

I've tested this on the server by doing both "http://localhost/app" and
"http://10.0.0.254/app"

When I try the first option, using localhost, I don't get a popup box and I
get straight in to the site, and my site works with User.Identity etc.

However, i try with the IP (still on the server), I get a popup box, which i
put the credentials in and it works. Whys that then?

Finally, if I try and access http://10.0.0.254/app from any of the other
machines on the network (Win98, WinXP, both IE 6.0.2800), I dont get into the
site, I dont get a popup login box, I just get sent straight to the 401.2
error page.

What's going on!?!?

Any help appreciated!

Cheers
Dan

"dhnriverside" wrote:

Hiya

Yep it would seem I dont have permission! I'm not sure about the domain
account. I'm logged into the computer as Administrator, and I have the domain
option on the login box at startup, which of course is set to my domain. AD
is setup to be a domain controller. Is that what you mean? If not, sorry, I'm
quite new to AD, so all help appreciated!

What do I need to set the directory up to work? I'm thinking that might be
the problem.

Web.Config wise, attached below

Cheers
Dan

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<compilation
defaultLanguage="c#"
debug="false"
/>

<customErrors
mode="Off"
/>

<authentication mode="Windows" />

<authorization>
<allow users="*" /> <!-- Deny unknown users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="false"
/>

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>

</system.web>

<appSettings>
<!-- Application -->
<add key="Application_Name" value="myapp" />

<!-- System -->
<add key="System_SmtpServer" value="localhost:3099" />
<add key="System_ActiveDirPath" value="my.com" />
<add key="System_LibraryPath" value="mypath" />
<add key="System_ConnectionString"
value="server=myserver;database=mydb;Trusted_Conne ction=yes" />
<add key="System_MaxResultsLimit" value="20" />
</appSettings>

</configuration>