.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Authentication issues when moving to IIS 7

Posted By:      Posted Date: September 10, 2010    Points: 0   Category :ASP.Net
I am having a strange authentication issue moving sites from IIS 6 to 7. I am still very new to IIS 7 and have not been able to find a reason for this. The site is running with form authentication and windows authentication enabled and anonymous disabled just as it was in IIS 6. I did not find any useful posts here or on the IIS site, so I am hoping someone might know the answer to this. When accessing the site I can get to any page on the first level of directories just fine, whether its protected by by forms authentication or if all authenticated users have access, IE http://mysite/directory1. But if i try to access any subdirectories I always get sent to the page listed in the web.config for the loginURL even on pages that are not protected, IE http://mysite/directory1/subdirectory. If I turn off forms authentication I can access the public pages just fine but the protected pages throw up a windows login prompt. So the issue seems to be with the forms authentication in IIS 7. Has anyone encountered this behavior when transitioning .net sites to IIS 7 or have a possible resolution for this? Any help is appreciated.

View Complete Post

More Related Resource Links

authentication issues using exchange web service within sql CLR functions

Hi Hope this is the right forum for this question, we have a VB assembly we have written to perform simple email functions via calls to EWS. We use a high level user who has rights to impersonate the normal exchange users, and this usually works OK, but what we are seeing is that occasional email messages are being created in the wrong user's draft folders. We belive this is because the impersonating account information is getting overwritten within our code when multiple users access the functions at the same time Example call to the WS is... <Microsoft.SqlServer.Server.SqlProcedure()> _ Public Shared Sub InsertEmail( _ ByVal Impersonate As String, _ ByVal Subject As String, _ ByVal Body As String, _ ByVal ToAddress As String, _ ByVal CCAddress As String, _ ByVal BCCAddress As String, _ ByVal HTMLEmail As Boolean, _ <Out()> ByRef ItemID As String, _ <Out()> ByRef ChangeKey As String) 'ByVal CCAddress As String, _ 'ByVal BCCAdddress As String, _ Using esb As Helper = New Helper(Impersonate) ' Create the CreateItem request. Dim createEmailRequest As New ews.CreateItemType() ' Specifiy how the e-mail will be handled. createEmailRequest.MessageDisposition = ews.MessageDispositionType.SaveOnly createEmailRequest.MessageDispositionSpecified

Moving to Active Directory to 2008 R2 - any issues with MOSS 2007?


Moving to Active Directory to 2008 R2 - any issues with MOSS 2007?

Anybody else running that combination? Any considerations.

Authentication issues with clients behind proxy


I am having an issue with clients behind a proxy and Windows Integrated authentication on IIS 7.5 - as far as I know this was never an issue when the site was on IIS 6.

Essentially, their credentials are not passing for resources in _layouts or _themes and they are repeatedly prompted.  The IIS log file never shows their credentials for these requests (shows a 401 status), but it does show for the aspx pages (with a 200 status).

When accessing without the proxy, everything is good - so I know it's not an authorization issue.

Why would these resource folders behave differently? Has anyone else seen this? I know there are issues with WIA through a proxy but why did IIS 6 not have a problem?  Google did not turn up much ...

IIS7 anonymous authentication issues (401 Unauthorized Error)


I am trying to get anonymous access to my asp.net MVC web application.  My application pool is running as 'Network Service' adn I have given this account full access to my website root folder.  I have also enabled Anonymous Authentication within IIS for my website.  I have also given the 'IUSR' account full control of my website root folder (I understand that IIS runs as this account with anonymous access). 

What am I missing?  I continuously get the following 401 ERROR :

HTTP Error 401.0 - Unauthorized

You do not have permission to view this directory or page.

  • The authenticated user does not have access to a resource needed to process the request.
Logon Method  Anonymous
Logon User Anonymous
Module ManagedPipelineHandler
Notification ExecuteRequestHandler
Handler UrlRoutingHandler
Error Code


troubleshooting client certificate authentication issues



i am using self created certs for client authentication. for one of the cert it works fine but ith another cert it does work. i get an error, can't rer connect to server.

is there any way/tool to troubleshoot cert issue?



Issues after moving SP 2010 server to new domain


We moved our SP 2010 Foundation server from one domain to another. We ran through all of the commands mentioned in KB934838 here and all of the sites seemed to work without issue, however there are some areas throughout the Central Admin page we now can no longer access. One of the main areas is Configure service accounts. When navigating to this page, we get the following error:


Some or all identity references could not be translated. 

Troubleshoot issues with Microsoft SharePoint Foundation. 

Correlation ID: f8fd7cbd-3f10-47d2-a44e-23c198ab5b56 


Looking this correlation ID up in the logs returned this:


04/14/2011 15:07:06.83 	w3wp.exe (0x11FC)      	0x113C	SharePoint Foundation   	Logging Correlation Data  	xmnv	Medium 	Name=Request (GET:http://fal-demoserver9:34442/_admin/FarmCredentialManagement.aspx)	f8fd7cbd-3f10-47d2-a44e-23c198ab5b56
04/14/2011 15:07:06.84 	w3wp.exe (0x11FC)      	0x113C	SharePoint Foundation   	Logging Correlation Data  	xmnv	Medium 	Site=/	f8fd7cbd-3f10-47d2-a44e-23c198ab5b56
04/14/2011 15:07:06.86 	w3wp.exe (0x11FC)      	0x113C	SharePoint Foundation   	Configuration     	bmf2	High 	SID |0 cannot be resolved. Using old name: |1. |2	f8fd7cbd-3f10-47d2-a44e-23c198ab5b56
04/14/2011 15:07:06.8

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

How to authenticate local user usin ldap or non domain authentication



I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.. any how.... please help...

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend