IIS 10 - Windows Authentication - AuthenticationType "unavailable" - windows-authentication

I am a web app that I'm trying to get working with Windows Auth. However, no matter what I do, I can't get past a 401.
web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<windowsAuthentication enabled="true">
<providers>
<clear />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
<authorization>
<clear />
<add accessType="Deny" users="?" />
<add accessType="Allow" users="CABLE\mmulhe200" />
</authorization>
</security>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="WWW Server" areas="Authentication,Security,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket" verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="401.1" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
</configuration>
IIS Failed Request Trace Output (Partial)
<failedRequest url="http://dev.windowsauthtest.com:80/"
siteId="3"
appPoolId="windowsAuthTest"
processId="33204"
verb="GET"
authenticationType="NOT_AVAILABLE" activityId="{80000727-0003-F400-B63F-84710C7967BB}"
failureReason="STATUS_CODE"
statusCode="401.1"
triggerStatusCode="401.1"
timeTaken="0"
xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
>
The part that concerns me is
authenticationType="NOT_AVAILABLE"
I get prompted to enter my credentials and I enter my NT username/password and it just keeps re-prompting.
Any ideas?

Related

If I don't specify the hosting model in web.config, what will be the default process in asp.net core 5.0

This is my web.config file, I am getting 500 exception after I have deployed project in azure server, If I remove V2 in modules application runs, but it runs on kestrel not in IIS.
<configuration>
<location path="." inheritInChildApplications="false">
<!--<system.web>
<httpRuntime maxRequestLength="204800" enableVersionHeader="false" />
</system.web>-->
<system.webServer>
<security>
<!--Removes Server header from response-->
<requestFiltering removeServerHeader="true">
<!--200 MB in bytes-->
<requestLimits maxAllowedContentLength="209715200" maxQueryString="10240" />
</requestFiltering>
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="X-AspNet-Version" />
<remove name="X-Forwarded-Host" />
<remove name="Server" />
</customHeaders>
</httpProtocol>
<handlers>
<remove name="aspNetCore" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Data.WebAPI.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" hostingModel = "inprocess"/>
</system.webServer>
</location>
</configuration>```

OKTA SSO redirection : Getting HTTP Error 405.0 - Method Not Allowed

I am using OKTA as an Idp for SSO feature. I have added a application in OKTA & have defined below settings :
Single sign on URL & Audience URI (SP Entity ID) : http://localhost/KentorBeginner/ (Even tried by removing trailing slash)
On browsing OKTA SSO Url (different than above), okta redirects to my IIS configured application (KentorBeginner) but I am getting a HTTP Error 405.0 - Method Not Allowed.
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
Please find the below screenshots for reference.Direct-browse
Thanking you.
Regards,
Ravi Karavadia

Actually, the problem lied in posting the request to html file.
IIS sees html files as static and only allows them to use GET and HEAD verbs, so when a form was posted I was getting "405 Method Not Allowed...cannot be displayed because an invalid method (HTTP verb) is being used" error.
We need to configure whatever language you're using to handle the html files instead of the static file handler.
So I added below entry for handling html file with a different handler.
under handlers tag of System.WebServer.
Below is my web.config snippet.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="ISAPI-dll" />
<remove name="StaticFile" />
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Script" />
<add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Either" requireAccess="Execute" allowPathInfo="true" preCondition="bitness32" />
<add name="html" path="*.html" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
</handlers>
<defaultDocument enabled="true">
<files>
<clear />
<add value="Hello.html" />
</files>
</defaultDocument>
<security>
<requestFiltering>
<verbs>
<add verb="POST" allowed="true" />
</verbs>
<fileExtensions>
<add fileExtension=".html" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
Thanking you.
Regards,
Ravi Karavadia

I was getting this error on Firefox because I was using Facebook Container extension. After disabling Facebook Container in about:addons I can log in normally - without getting "Method Not Allowed" error

Nuget web.config.install.xdt not transforming

I'm having problems figuring out how to transform the web.config file when my NuGet package it installed. It's doing some of the transformations, but not all of them.
Here's the untouched web.config file that I need to modify upon installation of my NuGet package:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<authentication mode="None" /> ***** I want this removed *****
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" /> ***** I want this removed *****
</modules>
</system.webServer>
</configuration>
Here's what I want as the result:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="MvcMailer.BaseURL" value="" />
<add key="SecurityGuardEmailFrom" value="info#email.net" />
<add key="SecurityGuardEmailSubject" value="Your Password has been reset." />
<add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/SGAccount/Login" timeout="2880" />
</authentication>
</system.web>
<system.webServer>
<modules>
</modules>
</system.webServer>
</configuration>
This is transformed web.config file in the MVC application, which is incorrect:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="MvcMailer.BaseURL" value="" />
<add key="SecurityGuardEmailFrom" value="info#email.net" />
<add key="SecurityGuardEmailSubject" value="Your Password has been reset." />
<add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" />
</appSettings>
<system.web>
<authentication mode="None" /> ***** Not removed when it should be *****
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/SGAccount/Login" timeout="2880" />
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" /> ***** Not removed when it should be *****
</modules>
</system.webServer>
</configuration>
And this is my web.config.install.xdt file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<authentication mode="None" xdt:Transform="Remove" xdt:Locator="Match(mode)" />
<authentication mode="Forms" xdt:Transform="Insert">
<forms loginUrl="~/SGAccount/Login" timeout="2880" />
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" xdt:Transform="Remove" xdt:Locator="Match(name)" />
</modules>
</system.webServer>
</configuration>
I've read all the documentation on the Nuget.org site about how to use the XDT transformations, and it even works on this tester site; https://webconfigtransformationtester.apphb.com/, but it doesn't work in action.
I'm stumped. Any suggestions on how to make this work?

Here's what the new web.config.install.xdt looks like that handled the job successfully:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="SecurityGuardEmailFrom" value="info#email.net" xdt:Transform="Insert" />
<add key="SecurityGuardEmailSubject" value="Your Password has been reset." xdt:Transform="Insert" />
<add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" xdt:Transform="Insert" />
</appSettings>
<system.web>
<authentication mode="Forms" xdt:Transform="SetAttributes" />
<authentication mode="Forms">
<forms loginUrl="~/SGAccount/Login" timeout="2880" xdt:Transform="Insert" />
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" xdt:Transform="Remove" />
</modules>
</system.webServer>
</configuration>
Instead of trying to Remove the original authentication element, I changed the mode attribute, then I Inserted the forms element. The rest seemed to work itself out once this worked correctly.

authentication for perl(awstats)

i am using awstats for my IIS7.5
I try to use forms authenrication, but it only work on the directory only( http://XXXX.com/awstats/wwwroot/cgi-bin/ ).
However, I can go to http://XXXX.com/awstats/wwwroot/cgi-bin/awstats.pl?config=testsite directly without login.
I want people to to execute this (awstats.pl?config=testsite) before login.
I don't want to create a local domain for the users becasue I will have many user to using awstats in different subfoler.
The web.config in the /awstats
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="SIPE_ASPXAUTH" loginUrl="~/Login.aspx" protection="All" path="/" timeout="20">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="Perl" path="*.pl" verb="GET,HEAD,POST" modules="CgiModule" scriptProcessor="C:\Perl64\bin\perl.exe "%s" %s" resourceType="Unspecified" requireAccess="Script" preCondition="bitness64" />
</handlers>
<httpErrors errorMode="Detailed" />
</system.webServer>
</configuration>

asp2 roles and membership settings in web.config

How can i set up web.config file to support user membership with roles for my mvc page with only database file as i do not have access to sql server at the moment.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn"
protection="All"
timeout="30"
name="AppNameCookie"
path="~/Account/LogOn"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider" type="NudaJeFuc.WebUI.Classes.MyMembershipProvider"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" MinRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager>
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="NudaJeFuc.WebUI.HtmlHelpers"/>
</namespaces>
</pages>

Your web.config looks fine, but you need to set up a connectionString (in your case named ApplicationServices) to point to Sql server that will store membership database.
You can create membership database using a wizard, just run aspnet_regsql from VS cmd. You can read more on MSDN.