Tips and Tricks in a world of Mix

Archive for the ‘IIS’ Category

Setting constant parameter in WebAPI

So the mission was to set static member for connectionString , so that we’ll get the string from web.config just once. On the way we did Encrypt and Decrypt of the connectionString.

So the trouble was that we couldn’t be sure that the static field is staying or going on the request- response model of WebApi.

The easy solution was to reuse the existing code to init HttpContext.Current.Application[“connectionString”] value if it’s null at the global.asax at Application_Start function.

When initialized in that function at the host/server side of the distributed system , the HttpContext.Current.Application[“connectionString”] is initialized for the first time and until the IISReset.

If you want something constant for one request the way to go is to put it in Init function at gobal.asax 

The trouble was that the Application variable has been resetting itself each request.

The solution was that because of decryption that has been saving the web.config it has been resetting the site values held by the IIS, so actually it has been recycling the site data resetting the Application variables values also.

At the end the encryption has been executed on publish to the server, the decrypt has been decrypting the secured section but hasn’t been saving it back , so the web.config actually haven’t changed throughout running host , so the Application data kept intact.

Advertisements

401.1 when you browse a Web site that uses Integrated Authentication

 

In Web.config

<authentication mode="Windows"></authentication >

In IIS : anonymous – disabled ; windows – enabled !

image

 

Internet Information Services 7.5

Error Summary

HTTP Error 401.1 – Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

image

 

Solution :

http://support.microsoft.com/kb/896861

 

this one worked for me:

 

Method 1: Specify host names (Preferred method if NTLM authentication is desired)

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Set the

    DisableStrictNameChecking

    registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

    281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name

  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  4. Right-click MSV1_0, point to New, and then click Multi-String Value.
  5. Type BackConnectionHostNames, and then press ENTER.
  6. Right-click BackConnectionHostNames, and then click Modify.
  7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  8. Quit Registry Editor, and then restart the IISAdmin service.

HTTP Error 403.14–Forbidden – Default Document missing

 

 

image

 

Solution 1 – Final – best practice

Insert in Web.Config of the Website inside system.webServer those lines –

<defaultDocument>

<files>

<add value="index.aspx" />

</files>

</defaultDocument>

The value is obviously your default document.

Solution 2

The problem is probably your site doesn’t know what is the default web page it must enter .

So you must define it at

image

 

Add your start page inside , for instance :

image

 

Add –> insert the page name –> you can see it added (in my case index.aspx)

It will work now..

 

Why is this solution bad?

Each time you’ll upload your WebSite you’ll need to define the Default Document .

If you’ll forget the application won’t work.

 

Solution 3

 

Other solution I’ve found at http://www.smallworkarounds.net/2010/01/http-error-40314-forbidden-web-server.html .

 

If you are using IIS 7 then you probably might face this error.It’s a little frustrating when such errors occur and simple IIS 6 or IIS 5.1 users when it was really simple to configure and run a website, those users feel really hooked up.

I myself faced a lot of issues but as you progress with IIS 7 you will find it simple to configure and very easy to manage.

As far as this issue is concerned in the earlier versions of IIS we used to just set the directory browsing checkbox to be checked in order to enable directory browsing on the virtual directory or the website, its really simple in IIS 7 also just click the directory browsing option in the configuration section and on the right side of the directory browsing view you will find enable by default directory browsing is disabled.It will be more clear from the below image.

clip_image001

clip_image002

This will solve your Directory Browsing issue for IIS 7.Stay tuned for more on IIS 7 tips and tricks series.

 

 

Why is this solution bad?

The second solution I’ve found I am not sure about what are the security outcomes of permitting browsing the whole website directory ..

I think that people can just enter the System Folder on your Server – it’s a severe security problem.

Redirect WebSite IIS 7–Host Name

 

Create a new WebSite at IIS 7 (no , virtual directory is not good enough)

image

  1. Define site name
  2. Connect to physical path
  3. Define redirect site name – Host Name

image

The Host Name is the new url address for your site . It”ll work through port 80 , as defined at the picture.

You can enter another port , if you wish.

Port 80 is a default port for http protocol unsecured traffic . (Second default port is 8080)

Port 443 is a default port for https ssl enabled , secured with certificates traffic . 

 

image

New Website called WebDDD

Edit Site(right pane) –> Bindings… –> YourNewRedirectName “DDD” on port 80

Add –> You can add more redirects with different names and ports.

 

 

Now we should see the IP of our server

Start –> run –> cmd  –> ping YourServerName –> get the YourServerNameIP

Goto –> Your local terminal –>  C:\Windows\System32\drivers\etc –> open hosts with Notepad –>

add a line

YourServerNameIP    YourNewRedirectName

Now you’ve connected the Local Terminal with the Server Binding .

That’s it . On your local PC you can access the web site through http://DDD

and you’ll go to http://WebDDD  .

 

If you get some security message from IIS – > check in the File System –> Your WebSite folder –> properties –> security –> Domain Users

 

If you are working with Server you should define the DNS in your Active Directory also..

Permissions for Shared Folder for IIS 7 Application Pool Identity Across Domain

So the scenario today , is upgraded to IIS 7 and using now the Application Pool Identity as defined in the best practice of Microsoft .

In the IIS 7 , standing on MY APPLICATION POOL

press Advanced Settings :

image

 

We’ve deployed the application and it tries to access some  shared folder on some other server .

“\\OtherServerName\Some Folder”

 

Once we were Network Service , IIS IUSR and so on , but not any more..

So who are we now ? How can we access the folder ?

Who is that mysterious ApplicationPoolIdentity guy ?

 

So the answer is quite simple :

Go to the Shared Folder –> right click –> properties  -> security –>edit –> add (so far as usual ) -> choose object types –> check on computers –> now enter the computer name where your application is working from , where you published your application.

image

That’s it – now you have the access to the Shared Folder!

Good luck!

HttpContext.Current.User.Identity.Name is Empty

OS: windows 7 x64 bit

IIS: 7.5

run –> inetmgr –> click your website –> enter in features view Authentication –>

 

image

 

Enable Windows Authentication

Disable Anonymous Authentication

image

Pay attention that you did this definitions on your website specificly!!

Another solution is to add to web.config in the system.web section:

<authentication mode="Windows" />

<authorization>
   <deny users="?"/>
</authorization>

 

Now you”l get your Identity back!

 

(if you don’t have the right Authentication options then :

Turn Windows features on or off

image

image

 

image

Turn Windows features on or off  –> IIS –> WWWS –> Security –> Basic, Digest and Windows.

 

At the end restart your machine for the changes to take effect.

Now do the beginning of the post. )

The (SAMAccountName=) search filter is invalid

Starting a website got this error.

Untitled4

 

It means that Authentication level in IIS is not the right one .

It also means that probably you didn’t add all the needed features to IIS.

go to :

Start –> Control Panel –> Programs –>

(more…)

Tag Cloud

%d bloggers like this: