Can't use forms authentication when using IIS
in [ASP .NET]
|
From: Tony Johansson on 31 Dec 2009 09:10 Hello! I do some exercise from a book which work if I run from VisualStudo(VS) but doesn't work when run from IIS. This exercise will use forms authentication Here is some background information: I use windows XP pro with a Sql Server express 2005 database. I have also Sql Server Management Studio Express Here is what I have done ******************* I have created a file system web site named Northwind that is using Development Web server. In this web site I have created the following files. A LoginForms.aspx and LoginForm.aspx.cs with one Login control from the Login category from the toolbox.. A CustomerData.aspx and CustomerData.aspx.cs with one label with some text saying "this form will be implemented later". Here is all the property that I have set for the Login control ********************************************* DisplayRememberMe is set to False TitleText is set to Northwind Traders-Inloggning DestinationPageUrl is set to ~/CustomerData.aspx Here is how I implement forms authentication ********************************** To implement forms authentication I use ASP.NET Web Site Administration Tool that is located in a meny to the right just above the solution explorer. Click on Security in the ASP.NET Web Site Administration Tool . Select authentication type and choose from the Internet. Click on Create users and chose these values Username: John Password: Pa$$w9rd Confirm Password: Pa$$w9rd E-post: Some valid E-post format Security question: My best animal Answer on security question: Cat Click on create user Now click on Create access rules. Select Nortwind in the section choose catalog for this rule. Choose John as the user and select allow under section permission Click on OK Now click on Create access rules a second time Select Nortwind in the section choose catalog for this rule Select anynymous user and select deny as permission. Click OK Now you can close the ASP.NET Web Site Administration Tool because you have done all the setting in this tool. Now you can click on refresh in solution explorer so two new files is displayed one in the folder App_Data with the name ASPNETDB.MDF and web.config in the project root catalog. Now EDIT the Web.config so the look is like this ************************************** <?xml version="1.0" encoding="utf-8"?> <configuration> <system.web> <authorization> <allow users="John" /> <deny users="?" /> </authorization> <authentication mode="Forms"> <forms loginUrl="LoginForm.aspx" timeout="5" cookieless="AutoDetect" protection="All" /> </authentication> </system.web> </configuration> I can now test the web application If I write invalid username or password a message inform me that you have entered invalid username or password If I write John as the Username and Pa$$w9rd as the Password the CustomerData form is displayed with it's label saying that this form will be implemanted later. So If I run the web application from visual studio I works fine. If I now start Internet explorer and enter this url http://localhost/Northwind/customerdata.aspx in the bowser I get the Login control and enter John as the Username and Pa$$w9rd as the Password and then I get this kind of error. See some rows below on the whole stack error trace. So as a summary if I run the appliaction from VisualStudio it works fine but if I run the appliaction from IIS it causes error Login failed for user 'HEMPC\ASPNET' I can use Sql Server Management Studio Express to attach to the database located at F:\NORTHWIND\APP_DATA\ASPNETDB.MDF. Have anyone some suggestion what I can do to fix this problem ? Servererror in the applicationprogram /Northwind. -------------------------------------------------------------------------------- Login failed for user 'HEMPC\ASPNET'. Description: One exception which couldn't be handled occured when the current webbrequest was run. More information about the error and where in the code it occured can be found in the stacktrace. Exceptioninformation: System.Data.SqlClient.SqlException: Login failed for user 'HEMPC\ASPNET'. SourceError: One exception which didn't handled was generated by the current web request. Information about the origin for exception and place can be identified with the stacktrace below. StackTrace: [SqlException (0x80131904): Login failed for user 'HEMPC\ASPNET'.] System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +4846887 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +194 System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2392 System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +35 System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) +144 System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +342 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +221 System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +189 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +4861315 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +433 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66 System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +499 System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +65 System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +117 System.Data.SqlClient.SqlConnection.Open() +122 System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) +87 System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +221 System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Boolean updateLastLoginActivityDate, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate) +815 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +105 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78 System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +60 System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +119 System.Web.UI.WebControls.Login.AttemptLogin() +115 System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101 System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37 System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565 //Tony
From: Gregory A. Beamer on 31 Dec 2009 11:27 "Tony Johansson" <johansson.andersson(a)telia.com> wrote in news:jh2%m.14131 $U5.216094(a)newsb.telia.net: > I do some exercise from a book which work if I run from VisualStudo(VS) > but doesn't work when run from IIS. > This exercise will use forms authentication Most likely an improper setting in IIS. And this may relate back to earlier problems you were having. That is where I would examine first. Peace and Grace, -- Gregory A. Beamer (MVP) Twitter: @gbworld Blog: http://gregorybeamer.spaces.live.com ******************************************* | Think outside the box! | *******************************************
From: Tony Johansson on 31 Dec 2009 12:09 If I take a look at the setting for IIS and take property on my virtual directory Northwind the following 6 tabs are listed. Virtual directory Document Directorysecurity HTTP-Head ASP.NET Adjust errormessage Which of these is it that is of interest ? Here is some settings that might be of interest. In tabs ASP.NET I look at change configuration and here is the result Name = LocalSqlServer Connectionparameters = data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true Tab virtual directory look like this A directory on this computer is marked Local searchpath =F:\Northwind ReadAccess is checked Access to Loggfile is checked Index this resourse is checked Applicationname = Northwind If I look at directorysecurity and click on button edit I get this result Anonymous access is checked Username = IUSR_HEMPC Allow IIS to use password is checked Integerated windows-autentisering is checked //Tony "Gregory A. Beamer" <NoSpamMgbworld(a)comcast.netNoSpamM> skrev i meddelandet news:Xns9CF26A2422BDFgbworld(a)207.46.248.16... > "Tony Johansson" <johansson.andersson(a)telia.com> wrote in news:jh2%m.14131 > $U5.216094(a)newsb.telia.net: > >> I do some exercise from a book which work if I run from VisualStudo(VS) >> but doesn't work when run from IIS. >> This exercise will use forms authentication > > Most likely an improper setting in IIS. And this may relate back to > earlier > problems you were having. That is where I would examine first. > > Peace and Grace, > > -- > Gregory A. Beamer (MVP) > > Twitter: @gbworld > Blog: http://gregorybeamer.spaces.live.com > > ******************************************* > | Think outside the box! | > *******************************************
From: Tony Johansson on 31 Dec 2009 13:20 It seems to me that IIS doesn't like ASPNET. So I tried this use "F:\NORTHWIND\APP_DATA\ASPNETDB.MDF" create user [HEMPC\ASPNET] for login [HEMPC\ASPNET] grant select to [HEMPC\ASPNET] grant insert to [HEMPC\ASPNET] grant delete to [HEMPC\ASPNET] When I now run from VisualStudio I get this error Cannot open user default database. Login failed. Login failed for user 'HEMPC\Tony' When I run from IIS I get the same error as before. See my previous mail. So doing this kind of action wasn't any success. Does anybody have any good idea what I can do to solve my problem. //Tony "Gregory A. Beamer" <NoSpamMgbworld(a)comcast.netNoSpamM> skrev i meddelandet news:Xns9CF26A2422BDFgbworld(a)207.46.248.16... > "Tony Johansson" <johansson.andersson(a)telia.com> wrote in news:jh2%m.14131 > $U5.216094(a)newsb.telia.net: > >> I do some exercise from a book which work if I run from VisualStudo(VS) >> but doesn't work when run from IIS. >> This exercise will use forms authentication > > Most likely an improper setting in IIS. And this may relate back to > earlier > problems you were having. That is where I would examine first. > > Peace and Grace, > > -- > Gregory A. Beamer (MVP) > > Twitter: @gbworld > Blog: http://gregorybeamer.spaces.live.com > > ******************************************* > | Think outside the box! | > *******************************************
From: Abdul Sami on 31 Dec 2009 15:27 I suggest follwing two settings: 1: In original settings add identity element in web.config like <system.web> <identity impersonate="true"/> </system.web> 2: If first setting doesn't work then try add asp_net user in user name of security tab of IIS. -- Abdul Sami "Tony Johansson" wrote: > Hello! > > I do some exercise from a book which work if I run from VisualStudo(VS) > but doesn't work when run from IIS. > This exercise will use forms authentication > > Here is some background information: > I use windows XP pro with a Sql Server express 2005 database. > I have also Sql Server Management Studio Express > > Here is what I have done > ******************* > I have created a file system web site named Northwind that is using > Development Web server. > In this web site I have created the following files. > A LoginForms.aspx and LoginForm.aspx.cs with one Login control from the > Login category from the toolbox.. > A CustomerData.aspx and CustomerData.aspx.cs with one label with some text > saying "this form will be implemented later". > > Here is all the property that I have set for the Login control > ********************************************* > DisplayRememberMe is set to False > TitleText is set to Northwind Traders-Inloggning > DestinationPageUrl is set to ~/CustomerData.aspx > > Here is how I implement forms authentication > ********************************** > To implement forms authentication I use ASP.NET Web Site Administration Tool > that is located in a meny to the right > just above the solution explorer. > Click on Security in the ASP.NET Web Site Administration Tool . > Select authentication type and choose from the Internet. > Click on Create users and chose these values > Username: John > Password: Pa$$w9rd > Confirm Password: Pa$$w9rd > E-post: Some valid E-post format > Security question: My best animal > Answer on security question: Cat > Click on create user > > Now click on Create access rules. > Select Nortwind in the section choose catalog for this rule. > Choose John as the user and select allow under section permission > Click on OK > Now click on Create access rules a second time > Select Nortwind in the section choose catalog for this rule > Select anynymous user and select deny as permission. > Click OK > Now you can close the ASP.NET Web Site Administration Tool because you have > done all the setting in this tool. > > Now you can click on refresh in solution explorer so two new files is > displayed one in the folder App_Data > with the name ASPNETDB.MDF and web.config in the project root catalog. > > > Now EDIT the Web.config so the look is like this > ************************************** > <?xml version="1.0" encoding="utf-8"?> > <configuration> > <system.web> > <authorization> > <allow users="John" /> > <deny users="?" /> > </authorization> > <authentication mode="Forms"> > <forms loginUrl="LoginForm.aspx" timeout="5" > cookieless="AutoDetect" protection="All" /> > </authentication> > </system.web> > </configuration> > > I can now test the web application > If I write invalid username or password a message inform me that you have > entered invalid username or password > If I write John as the Username and Pa$$w9rd as the Password the > CustomerData form is displayed with it's label > saying that this form will be implemanted later. > > So If I run the web application from visual studio I works fine. > > If I now start Internet explorer and enter this url > http://localhost/Northwind/customerdata.aspx > in the bowser I get the Login control and enter John as the Username and > Pa$$w9rd as the Password and > then I get this kind of error. See some rows below on the whole stack error > trace. > So as a summary if I run the appliaction from VisualStudio it works fine but > if > I run the appliaction from IIS it causes error Login failed for user > 'HEMPC\ASPNET' > > I can use Sql Server Management Studio Express to attach to the database > located at > F:\NORTHWIND\APP_DATA\ASPNETDB.MDF. > Have anyone some suggestion what I can do to fix this problem ? > > > Servererror in the applicationprogram /Northwind. > -------------------------------------------------------------------------------- > > Login failed for user 'HEMPC\ASPNET'. > Description: One exception which couldn't be handled occured when the > current webbrequest was run. More information > about the error and where in the code it occured can be found in the > stacktrace. > > Exceptioninformation: System.Data.SqlClient.SqlException: Login failed for > user 'HEMPC\ASPNET'. > > SourceError: > > One exception which didn't handled was generated by the current web request. > Information about the origin for exception and > place can be identified with the stacktrace below. > > StackTrace: > > [SqlException (0x80131904): Login failed for user 'HEMPC\ASPNET'.] > System.Data.SqlClient.SqlInternalConnection.OnError(SqlException > exception, Boolean breakConnection) +4846887 > System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject > stateObj) +194 > System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand > cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet > bulkCopyHandler, TdsParserStateObject stateObj) +2392 > System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean > enlistOK) +35 > System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo > serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 > timerExpire, SqlConnection owningObject) +144 > System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String > host, String newPassword, Boolean redirectedUserInstance, SqlConnection > owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +342 > System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection > owningObject, SqlConnectionString connectionOptions, String newPassword, > Boolean redirectedUserInstance) +221 > System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity > identity, SqlConnectionString connectionOptions, Object providerInfo, String > newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) > +189 > System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions > options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection > owningConnection) +4861315 > System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection > owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31 > System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection > owningObject) +433 > System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection > owningObject) +66 > System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection > owningObject) +499 > System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection > owningConnection) +65 > System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection > outerConnection, DbConnectionFactory connectionFactory) +117 > System.Data.SqlClient.SqlConnection.Open() +122 > System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, > Boolean revertImpersonate) +87 > System.Web.DataAccess.SqlConnectionHelper.GetConnection(String > connectionString, Boolean revertImpersonation) +221 > System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String > username, Boolean updateLastLoginActivityDate, Int32& status, String& > password, Int32& passwordFormat, String& passwordSalt, Int32& > failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, > Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate) > +815 > System.Web.Security.SqlMembershipProvider.CheckPassword(String username, > String password, Boolean updateLastLoginActivityDate, Boolean > failIfNotApproved, String& salt, Int32& passwordFormat) +105 > System.Web.Security.SqlMembershipProvider.CheckPassword(String username, > String password, Boolean updateLastLoginActivityDate, Boolean > failIfNotApproved) +42 > System.Web.Security.SqlMembershipProvider.ValidateUser(String username, > String password) +78 > System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs > e) +60 > System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) > +119 > System.Web.UI.WebControls.Login.AttemptLogin() +115 > System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) > +101 > System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37 > System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118 > System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) > +166 > System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String > eventArgument) +10 > System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler > sourceControl, String eventArgument) +13 > System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36 > System.Web.UI.Page.ProcessRequestMain(Boolean > includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565 > > > //Tony > > > > > > > > . >
|
Next
|
Last
Pages: 1 2 Prev: GridView inside a FormView Next: ObjectDataSource and null datetime parameter |