Windows Authentications Issues

Hi,

New to the group and need some help. I've set up a new web site on our
server and want to limit access to the site to a selection of users with
windows account son the server.

I've set the site to windows authentication, removed the 'Users' group from
the permissions for the site in IIS and added a new group 'test' that
includes my selected users. I've ensured that the new 'Test' group has rights
on the folders. I can log on to the sit ok and view .htm files, but am unable
to view aspx files. When I look in the logs I see 500 errors.

Any ideas?

Re: Windows Authentications Issues

I seems that you have a problem with your aspx page. Turn of friendly http
error on your IE(Tools/Internet options.../Advance/Show friendly http
errors) and you will get a more detailed description of the problem.


"lostdante" wrote in message
news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
> Hi,
>
> New to the group and need some help. I've set up a new web site on our
> server and want to limit access to the site to a selection of users with
> windows account son the server.
>
> I've set the site to windows authentication, removed the 'Users' group
> from
> the permissions for the site in IIS and added a new group 'test' that
> includes my selected users. I've ensured that the new 'Test' group has
> rights
> on the folders. I can log on to the sit ok and view .htm files, but am
> unable
> to view aspx files. When I look in the logs I see 500 errors.
>
> Any ideas?

Re: Windows Authentications Issues

Thanks for the reply.

I've already turned the friendly http errors off. I've also set the
web.config file to display details asp errors but this is failing so i'm
having to look at the error codes in the log (500).

The aspx page loads fine if i have the 'Users' group added in the
permissions and only fails when this group is removed. Without the users
group i can only view .htm and .asp pages no apsx. I've added the aspnet user
to the group but atill the aspx pages aren't displayed.....



"Urban Andersson" wrote:

> I seems that you have a problem with your aspx page. Turn of friendly http
> error on your IE(Tools/Internet options.../Advance/Show friendly http
> errors) and you will get a more detailed description of the problem.
>
>
> "lostdante" wrote in message
> news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
> > Hi,
> >
> > New to the group and need some help. I've set up a new web site on our
> > server and want to limit access to the site to a selection of users with
> > windows account son the server.
> >
> > I've set the site to windows authentication, removed the 'Users' group
> > from
> > the permissions for the site in IIS and added a new group 'test' that
> > includes my selected users. I've ensured that the new 'Test' group has
> > rights
> > on the folders. I can log on to the sit ok and view .htm files, but am
> > unable
> > to view aspx files. When I look in the logs I see 500 errors.
> >
> > Any ideas?
>
>
>

Re: Windows Authentications Issues

What exactly have you set in your web.config? By default on a generic error
page is shown to remote users...

What is the exact error you are seeing in your browser?

Cheers
Ken


"lostdante" wrote in message
news:3C589173-764F-45D1-B2A6-85F4731252B9@microsoft.com...
: Thanks for the reply.
:
: I've already turned the friendly http errors off. I've also set the
: web.config file to display details asp errors but this is failing so i'm
: having to look at the error codes in the log (500).
:
: The aspx page loads fine if i have the 'Users' group added in the
: permissions and only fails when this group is removed. Without the users
: group i can only view .htm and .asp pages no apsx. I've added the aspnet
user
: to the group but atill the aspx pages aren't displayed.....
:
:
:
: "Urban Andersson" wrote:
:
: > I seems that you have a problem with your aspx page. Turn of friendly
http
: > error on your IE(Tools/Internet options.../Advance/Show friendly http
: > errors) and you will get a more detailed description of the problem.
: >
: >
: > "lostdante" wrote in message
: > news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
: > > Hi,
: > >
: > > New to the group and need some help. I've set up a new web site on our
: > > server and want to limit access to the site to a selection of users
with
: > > windows account son the server.
: > >
: > > I've set the site to windows authentication, removed the 'Users' group
: > > from
: > > the permissions for the site in IIS and added a new group 'test' that
: > > includes my selected users. I've ensured that the new 'Test' group has
: > > rights
: > > on the folders. I can log on to the sit ok and view .htm files, but am
: > > unable
: > > to view aspx files. When I look in the logs I see 500 errors.
: > >
: > > Any ideas?
: >
: >
: >

Re: Windows Authentications Issues

Ken,

The error in the browser is:
Server Error in '/' Application.
------------------------------------------------------------ --------------------

Runtime Error
Description: An application error occurred on the server. The current custom
error settings for this application prevent the details of the application
error from being viewed remotely (for security reasons). It could, however,
be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable
on remote machines, please create a tag within a "web.config"
configuration file located in the root directory of the current web
application. This tag should then have its "mode" attribute
set to "Off".











Notes: The current error page you are seeing can be replaced by a custom
error page by modifying the "defaultRedirect" attribute of the application's
configuration tag to point to a custom error page URL.











The settings in the web.config file are:























traceMode="SortByTime" localOnly="true" />



mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>








Thanks


"Ken Schaefer" wrote:

> What exactly have you set in your web.config? By default on a generic error
> page is shown to remote users...
>
> What is the exact error you are seeing in your browser?
>
> Cheers
> Ken
>
>
> "lostdante" wrote in message
> news:3C589173-764F-45D1-B2A6-85F4731252B9@microsoft.com...
> : Thanks for the reply.
> :
> : I've already turned the friendly http errors off. I've also set the
> : web.config file to display details asp errors but this is failing so i'm
> : having to look at the error codes in the log (500).
> :
> : The aspx page loads fine if i have the 'Users' group added in the
> : permissions and only fails when this group is removed. Without the users
> : group i can only view .htm and .asp pages no apsx. I've added the aspnet
> user
> : to the group but atill the aspx pages aren't displayed.....
> :
> :
> :
> : "Urban Andersson" wrote:
> :
> : > I seems that you have a problem with your aspx page. Turn of friendly
> http
> : > error on your IE(Tools/Internet options.../Advance/Show friendly http
> : > errors) and you will get a more detailed description of the problem.
> : >
> : >
> : > "lostdante" wrote in message
> : > news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
> : > > Hi,
> : > >
> : > > New to the group and need some help. I've set up a new web site on our
> : > > server and want to limit access to the site to a selection of users
> with
> : > > windows account son the server.
> : > >
> : > > I've set the site to windows authentication, removed the 'Users' group
> : > > from
> : > > the permissions for the site in IIS and added a new group 'test' that
> : > > includes my selected users. I've ensured that the new 'Test' group has
> : > > rights
> : > > on the folders. I can log on to the sit ok and view .htm files, but am
> : > > unable
> : > > to view aspx files. When I look in the logs I see 500 errors.
> : > >
> : > > Any ideas?
> : >
> : >
> : >
>
>
>

Re: Windows Authentications Issues

Can you check that there aren't any other web.config files overriding this
setting?

Even though you've specified the customErrors
setting it still set to "On".

Also, this web.config file is in the root of your web application right? Not
just in any old folder?

Cheers
Ken


"lostdante" wrote in message
news:68EB581E-6B1F-44B0-90BE-ED210D3518A4@microsoft.com...
: Ken,
:
: The error in the browser is:
: Server Error in '/' Application.
: ------------------------------------------------------------ --------------------
:
: Runtime Error
: Description: An application error occurred on the server. The current
custom
: error settings for this application prevent the details of the application
: error from being viewed remotely (for security reasons). It could,
however,
: be viewed by browsers running on the local server machine.
:
: Details: To enable the details of this specific error message to be
viewable
: on remote machines, please create a tag within a
"web.config"
: configuration file located in the root directory of the current web
: application. This tag should then have its "mode" attribute
: set to "Off".
:
:
:
:
:
:
:
:
:
:
:
: Notes: The current error page you are seeing can be replaced by a custom
: error page by modifying the "defaultRedirect" attribute of the
application's
: configuration tag to point to a custom error page URL.
:
:
:
:
:
:
: defaultRedirect="mycustompage.htm"/>
:
:
:
:
: The settings in the web.config file are:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
: : traceMode="SortByTime" localOnly="true" />
:
:
:
: : mode="InProc"
: stateConnectionString="tcpip=127.0.0.1:42424"
: sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
: cookieless="false"
: timeout="20"
: />
:
:
:
:
:
:
:
:
: Thanks
:
:
: "Ken Schaefer" wrote:
:
: > What exactly have you set in your web.config? By default on a generic
error
: > page is shown to remote users...
: >
: > What is the exact error you are seeing in your browser?
: >
: > Cheers
: > Ken
: >
: >
: > "lostdante" wrote in message
: > news:3C589173-764F-45D1-B2A6-85F4731252B9@microsoft.com...
: > : Thanks for the reply.
: > :
: > : I've already turned the friendly http errors off. I've also set the
: > : web.config file to display details asp errors but this is failing so
i'm
: > : having to look at the error codes in the log (500).
: > :
: > : The aspx page loads fine if i have the 'Users' group added in the
: > : permissions and only fails when this group is removed. Without the
users
: > : group i can only view .htm and .asp pages no apsx. I've added the
aspnet
: > user
: > : to the group but atill the aspx pages aren't displayed.....
: > :
: > :
: > :
: > : "Urban Andersson" wrote:
: > :
: > : > I seems that you have a problem with your aspx page. Turn of
friendly
: > http
: > : > error on your IE(Tools/Internet options.../Advance/Show friendly
http
: > : > errors) and you will get a more detailed description of the problem.
: > : >
: > : >
: > : > "lostdante" wrote in message
: > : > news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
: > : > > Hi,
: > : > >
: > : > > New to the group and need some help. I've set up a new web site on
our
: > : > > server and want to limit access to the site to a selection of
users
: > with
: > : > > windows account son the server.
: > : > >
: > : > > I've set the site to windows authentication, removed the 'Users'
group
: > : > > from
: > : > > the permissions for the site in IIS and added a new group 'test'
that
: > : > > includes my selected users. I've ensured that the new 'Test' group
has
: > : > > rights
: > : > > on the folders. I can log on to the sit ok and view .htm files,
but am
: > : > > unable
: > : > > to view aspx files. When I look in the logs I see 500 errors.
: > : > >
: > : > > Any ideas?
: > : >
: > : >
: > : >
: >
: >
: >

Re: Windows Authentications Issues

Ken,

This is the only web.config file in the application and it sits in the root
folder for the application.

In .net 1.1 is it the aspnet user who runs the asp.net processes?

"Ken Schaefer" wrote:

> Can you check that there aren't any other web.config files overriding this
> setting?
>
> Even though you've specified the customErrors
> setting it still set to "On".
>
> Also, this web.config file is in the root of your web application right? Not
> just in any old folder?
>
> Cheers
> Ken
>
>
> "lostdante" wrote in message
> news:68EB581E-6B1F-44B0-90BE-ED210D3518A4@microsoft.com...
> : Ken,
> :
> : The error in the browser is:
> : Server Error in '/' Application.
> : ------------------------------------------------------------ --------------------
> :
> : Runtime Error
> : Description: An application error occurred on the server. The current
> custom
> : error settings for this application prevent the details of the application
> : error from being viewed remotely (for security reasons). It could,
> however,
> : be viewed by browsers running on the local server machine.
> :
> : Details: To enable the details of this specific error message to be
> viewable
> : on remote machines, please create a tag within a
> "web.config"
> : configuration file located in the root directory of the current web
> : application. This tag should then have its "mode" attribute
> : set to "Off".
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> : Notes: The current error page you are seeing can be replaced by a custom
> : error page by modifying the "defaultRedirect" attribute of the
> application's
> : configuration tag to point to a custom error page URL.
> :
> :
> :
> :
> :
> :
> : > defaultRedirect="mycustompage.htm"/>
> :
> :
> :
> :
> : The settings in the web.config file are:
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> :
> : > : traceMode="SortByTime" localOnly="true" />
> :
> :
> :
> : > : mode="InProc"
> : stateConnectionString="tcpip=127.0.0.1:42424"
> : sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes"
> : cookieless="false"
> : timeout="20"
> : />
> :
> :
> :
> :
> :
> :
> :
> :
> : Thanks
> :
> :
> : "Ken Schaefer" wrote:
> :
> : > What exactly have you set in your web.config? By default on a generic
> error
> : > page is shown to remote users...
> : >
> : > What is the exact error you are seeing in your browser?
> : >
> : > Cheers
> : > Ken
> : >
> : >
> : > "lostdante" wrote in message
> : > news:3C589173-764F-45D1-B2A6-85F4731252B9@microsoft.com...
> : > : Thanks for the reply.
> : > :
> : > : I've already turned the friendly http errors off. I've also set the
> : > : web.config file to display details asp errors but this is failing so
> i'm
> : > : having to look at the error codes in the log (500).
> : > :
> : > : The aspx page loads fine if i have the 'Users' group added in the
> : > : permissions and only fails when this group is removed. Without the
> users
> : > : group i can only view .htm and .asp pages no apsx. I've added the
> aspnet
> : > user
> : > : to the group but atill the aspx pages aren't displayed.....
> : > :
> : > :
> : > :
> : > : "Urban Andersson" wrote:
> : > :
> : > : > I seems that you have a problem with your aspx page. Turn of
> friendly
> : > http
> : > : > error on your IE(Tools/Internet options.../Advance/Show friendly
> http
> : > : > errors) and you will get a more detailed description of the problem.
> : > : >
> : > : >
> : > : > "lostdante" wrote in message
> : > : > news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
> : > : > > Hi,
> : > : > >
> : > : > > New to the group and need some help. I've set up a new web site on
> our
> : > : > > server and want to limit access to the site to a selection of
> users
> : > with
> : > : > > windows account son the server.
> : > : > >
> : > : > > I've set the site to windows authentication, removed the 'Users'
> group
> : > : > > from
> : > : > > the permissions for the site in IIS and added a new group 'test'
> that
> : > : > > includes my selected users. I've ensured that the new 'Test' group
> has
> : > : > > rights
> : > : > > on the folders. I can log on to the sit ok and view .htm files,
> but am
> : > : > > unable
> : > : > > to view aspx files. When I look in the logs I see 500 errors.
> : > : > >
> : > : > > Any ideas?
> : > : >
> : > : >
> : > : >
> : >
> : >
> : >
>
>
>

RE: Windows Authentications Issues

I've done some more digging, the error seems to be:

System.Web.HttpException: Access denied to 'D:\foldername\foldername\'.
Failed to start monitoring file changes.


[HttpException (0x80070005): Access denied to 'D:\foldername\foldername\'.
Failed to start monitoring file changes.]
System.Web.DirMonCompletion..ctor(DirectoryMonitor dirMon, String dir,
Boolean watchSubtree, UInt32 notifyFilter) +139
System.Web.DirectoryMonitor.StartMonitoring() +42
System.Web.DirectoryMonitor.StartMonitoringFile(String file,
FileChangeEventHandler callback, String alias) +154

System.Web.FileChangesMonitor.StartMonitoringDirectoryRename sAndBinDirectory(String dir, FileChangeEventHandler callback) +278
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +331

[HttpException (0x80004005): ASP.NET Initialization Error]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +983
System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequ est wr) +128

I rechecked that the group and aspnet had the required priveledges, all ok.
I eventually found that if I added the 'Authenticated Users' account the aspx
pages would load.

Unfortunately this now means all those with user accounts on the machine can
access the site.

Does the .net process behind the aspx pages being run under athenticated
user? How do I get round this?

Any ideas....




"lostdante" wrote:

> Hi,
>
> New to the group and need some help. I've set up a new web site on our
> server and want to limit access to the site to a selection of users with
> windows account son the server.
>
> I've set the site to windows authentication, removed the 'Users' group from
> the permissions for the site in IIS and added a new group 'test' that
> includes my selected users. I've ensured that the new 'Test' group has rights
> on the folders. I can log on to the sit ok and view .htm files, but am unable
> to view aspx files. When I look in the logs I see 500 errors.
>
> Any ideas?

Re: Windows Authentications Issues

On Windows 2000 member servers (not domain controllers), the default process
identity for the aspnet_wp.exe process is the Machine\ASPNET account

On Windows Server 2003, the process identity is whatever identity is
assigned to the hosting web application pool (w3wp.exe process). the default
identity is NT Authority\Network Service.

On Windows Server 2003 there is a local group called IIS_WPG which contains
accounts like Network Service and ASPNET. You should assign permissions to
your website to this group (unless you have reason not to - e.g. to isolate
different websites)

Cheers
Ken


"lostdante" wrote in message
news:ADBE88C1-7119-4B56-8614-288A38AF0B2F@microsoft.com...
: Ken,
:
: This is the only web.config file in the application and it sits in the
root
: folder for the application.
:
: In .net 1.1 is it the aspnet user who runs the asp.net processes?
:
: "Ken Schaefer" wrote:
:
: > Can you check that there aren't any other web.config files overriding
this
: > setting?
: >
: > Even though you've specified the customErrors
: > setting it still set to "On".
: >
: > Also, this web.config file is in the root of your web application right?
Not
: > just in any old folder?
: >
: > Cheers
: > Ken
: >
: >
: > "lostdante" wrote in message
: > news:68EB581E-6B1F-44B0-90BE-ED210D3518A4@microsoft.com...
: > : Ken,
: > :
: > : The error in the browser is:
: > : Server Error in '/' Application.
: >
: ------------------------------------------------------------ --------------------
: > :
: > : Runtime Error
: > : Description: An application error occurred on the server. The current
: > custom
: > : error settings for this application prevent the details of the
application
: > : error from being viewed remotely (for security reasons). It could,
: > however,
: > : be viewed by browsers running on the local server machine.
: > :
: > : Details: To enable the details of this specific error message to be
: > viewable
: > : on remote machines, please create a tag within a
: > "web.config"
: > : configuration file located in the root directory of the current web
: > : application. This tag should then have its "mode"
attribute
: > : set to "Off".
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > : Notes: The current error page you are seeing can be replaced by a
custom
: > : error page by modifying the "defaultRedirect" attribute of the
: > application's
: > : configuration tag to point to a custom error page URL.
: > :
: > :
: > :
: > :
: > :
: > :
: > : : > defaultRedirect="mycustompage.htm"/>
: > :
: > :
: > :
: > :
: > : The settings in the web.config file are:
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > : : > : traceMode="SortByTime" localOnly="true" />
: > :
: > :
: > :
: > : : > : mode="InProc"
: > : stateConnectionString="tcpip=127.0.0.1:42424"
: > : sqlConnectionString="data
: > source=127.0.0.1;Trusted_Connection=yes"
: > : cookieless="false"
: > : timeout="20"
: > : />
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > :
: > : Thanks
: > :
: > :
: > : "Ken Schaefer" wrote:
: > :
: > : > What exactly have you set in your web.config? By default on a
generic
: > error
: > : > page is shown to remote users...
: > : >
: > : > What is the exact error you are seeing in your browser?
: > : >
: > : > Cheers
: > : > Ken
: > : >
: > : >
: > : > "lostdante" wrote in message
: > : > news:3C589173-764F-45D1-B2A6-85F4731252B9@microsoft.com...
: > : > : Thanks for the reply.
: > : > :
: > : > : I've already turned the friendly http errors off. I've also set
the
: > : > : web.config file to display details asp errors but this is failing
so
: > i'm
: > : > : having to look at the error codes in the log (500).
: > : > :
: > : > : The aspx page loads fine if i have the 'Users' group added in the
: > : > : permissions and only fails when this group is removed. Without the
: > users
: > : > : group i can only view .htm and .asp pages no apsx. I've added the
: > aspnet
: > : > user
: > : > : to the group but atill the aspx pages aren't displayed.....
: > : > :
: > : > :
: > : > :
: > : > : "Urban Andersson" wrote:
: > : > :
: > : > : > I seems that you have a problem with your aspx page. Turn of
: > friendly
: > : > http
: > : > : > error on your IE(Tools/Internet options.../Advance/Show friendly
: > http
: > : > : > errors) and you will get a more detailed description of the
problem.
: > : > : >
: > : > : >
: > : > : > "lostdante" wrote in
message
: > : > : > news:ABB63BBE-AF78-4A00-B523-FAC0D51127EB@microsoft.com...
: > : > : > > Hi,
: > : > : > >
: > : > : > > New to the group and need some help. I've set up a new web
site on
: > our
: > : > : > > server and want to limit access to the site to a selection of
: > users
: > : > with
: > : > : > > windows account son the server.
: > : > : > >
: > : > : > > I've set the site to windows authentication, removed the
'Users'
: > group
: > : > : > > from
: > : > : > > the permissions for the site in IIS and added a new group
'test'
: > that
: > : > : > > includes my selected users. I've ensured that the new 'Test'
group
: > has
: > : > : > > rights
: > : > : > > on the folders. I can log on to the sit ok and view .htm
files,
: > but am
: > : > : > > unable
: > : > : > > to view aspx files. When I look in the logs I see 500 errors.
: > : > : > >
: > : > : > > Any ideas?
: > : > : >
: > : > : >
: > : > : >
: > : >
: > : >
: > : >
: >
: >
: >