Showing posts with label IIS. Show all posts
Showing posts with label IIS. Show all posts

Friday, August 30, 2013

Configuring ASP.NET Application, IIS and Infrastructure to Utilize Username in Application

Hi folks, here is again an article about a thing from the miraculous world of web software development that drives me crazy.

Background

Currently I am writing a database ASP.NET application to be used within our company's intranet. I want to restrict the data from the database accessible by my users, so I need the user name to perform user-specific selects on the database. In Visual Studio debugging mode, everything works works fine: the user name is available by using the variable:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
Unfortunately, the situation changed as soon as I deployed my application on my IIS 7.5 web server. There nothing was available in the first place.
Further environment characteristics:

  • OS (development & webserver): Windows 7 Enterprise
  • IDE: Visual Studio Express for Web Development 2012
  • IIS: 7.5 installed on my development machine (local admin required)
  • Database: SQL Server 2008 R2 (not important here, but for completeness)

Starting Point

As described in the Introduction, I started having a working application, which even worked in the sense of providing a user name in debugging mode. The minimal web.config provided as standard by Visual Studio looks like this:
<?xml version="1.0" encoding="utf-8"?>

<configuration>
    <system.web>
      <compilation debug="true" targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
    </system.web>
</configuration>

Note: this simple configuration is only provided if you choose the "Empty ASP.NET Web Application". It can as well be more complex. However, running this simple application from within Visual Studio in debugging mode produces the following output:


Deploying on my IIS and running the same thing resulted in this (note: the greyed out area is the URL to the PC, the IIS is running on):



This is where I began searching the web for possible solutions for my problem. One source I found very promising was the following forum thread where the solution to the initial post seemed to fit my needs quite well:
How to get Windows user name when identity impersonate=“true” in asp.net?

Setting Up Web.Config and IIS

According to the stackoverflow-thread above, the problem can be cured by adjusting the web.config file of my development project and by adjusting the settings in IIS.
Following the advices of stackoverflow, I added a line <authentication mode="Windows"> to my web config, which looked like this:
<?xml version="1.0" encoding="utf-8"?>

<configuration>
    <system.web>
      <compilation debug="true" targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
      <authentication mode="Windows" />
    </system.web>
</configuration>
If you do this, please do not forget to re-publish your site to IIS.
To change the IIS properties, first launch IIS (internet information services) in admin mode. Select your site you want to adjust (in my case TestApp) and double click on the "Authentication" Button. In a screenshot this looks like this (please forgive my German speaking screen ;)):


In the "Authentication" section, switch of everything but Windows-authentication:


Then I re-started my application and ... ran into the next problem. Now a login popup window asked me to provide a user and a password. I tried my normal MyDomain\MyUser and normal password without success. I guess I had to create dedicated user on my local PC, which I didn't want as I didn't want to put the login burdon on my users.

Login Popup Problem

As described above, now I had this s***ty lobin popup coming up again and again and it took me about 2 days to find a solution to this. Before I come to this, I'd like to tell what I checked:
  • WebMatrix.*.dll in BIN diectory of my app according to a stackoverflow thread. This was actually a nobrainer as my app was not based on MVC3.
  • Combinations of impersonation in IIS and in web.config, like in this thread
  • I checked all the settings about security zones (added my site to trusted sites) and authentication settings in IE advanced options
  • Some more stuff I don't remember. Nothing worked...
The breakthrough came through an msdn blog: "Things to check when Kerberos authentication fails using IIS/IE…". Somewhere in the lower part, they mention "Are the client and server on the same box?" and guess what - I tested all the time on my local machine where as well my webserver sits. So finally I switched to another machine - configuration of web.config and IIS as described in the previous chapters - and the thing worked. Actually one thing I had to do was to delete my application completely from the server and re-publish it again and afterwards it worked.
My test application yields the following result:

Conclusion: The required user information is available via:

  • Page.User.Identity.Name
  • HttpContext.Current.User.Identity.Name

Test Application

To have a handy look at the variables, I programmed a little test application with output for the parameters interesting for me. This Application has one screen:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="TestApp.WebForm1" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        System.Environment.UserName:<br />
        <asp:Label ID="Label_Environment" runat="server" Text="Label" Width="300px"></asp:Label>
        <br />
        Page.User.Identity.Name<br />
        <asp:Label ID="Label_PageIdentity" runat="server" Text="Label" Width="300px"></asp:Label>
        <br />
        System.Security.Principal.WindowsIdentity:<br />
        <asp:Label ID="Label_Principal" runat="server" Text="Label" Width="300px"></asp:Label>    
        <br />
        HttpContext.Current.User.Identity.Name:<br />
        <asp:Label ID="Label_HttpContext" runat="server" Text="Label" Width="300px"></asp:Label>  
        <br />
        System.Threading.Thread.CurrentPrincipal.Identity:<br />
        <asp:Label ID="Label_Threading" runat="server" Text="Label" Width="300px"></asp:Label> 
    </div>
    </form>
</body>
</html>

The three Label_* fields are filled in the Page_Load method:
protected void Page_Load(object sender, EventArgs e)
{
    Label_Environment.Text =     System.Environment.UserName.ToString();
    Label_PageIdentity.Text = Page.User.Identity.Name;
    Label_Principal.Text =       System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
    Label_HttpContext.Text = HttpContext.Current.User.Identity.Name;
    Label_Threading.Text = System.Threading.Thread.CurrentPrincipal.Identity.ToString();
}

That was it, I hope you can get something out of my findings
Cheers

Tuesday, June 18, 2013

How to Set Up MS SQL Server and IIS 7.5 for ASP.NET 4.5 Application


Background

I am currently developing an ASP.NET 4.5 application with connection to a database on MS SQL Server 2008 R2. I am using some dropdown-box controls on one screen which I configured to connect directly to the DB. To run the application in our company's intranet I deployed it on my local Windows 7 Professional PC, where I was running IIS 7.5 as web server. As development environment I was using MS Visual Studio Express 2012 for Web.
Everything worked fine as long as I was developing in Visual Studio, where I was able to start the application on Chrome and localhost without problems. The trouble started when I deployed my web application to IIS. In principle it worked, I was able to run the application through port 80 after I opened the corresponding port in the fire wall. However, the system crashed as soon I was calling a screen with dropdown-boxes connected to the SQL Server.
The error I got on the dump-screen was the following:
"Server error in application /MyApplication"
"Login Failed for user 'MyDomainName\MyPCName$'"
[...]
"[SQLException (0x80131904): Login failed for user 'MyDomainName\MyPCName$' ....



Attempts

I started to read loads of articles and tried the following things:
  • Introduction of a dedicated user for the login on the SQL Server together with Windows-Authentication didn't work - and why should it?
  • Switching from Windows Authentication to SQL Server Authentication: I convinced our SQL Server admin to switch the Authentication mode from Windows to SQL Server & Windows. However, this was a non-option in the end as I was not the owner of the server and a re-start of the server was prohibited.
  • IIS impersonation: didn't work as this requires SQL Server Authentication (see above)

Solution

In the end I became curious about the fact that the error message which stated something about 'MyDomainName\MyComputerName$'. I created in SQL Server a user 'MyDomainName\MyComputerName' using Windows Authentication mode. This caused the following error message


Create failed for Login 'MyDomainName\MyPCName' [...] Server, Error: 15401
Finally, I found that typing 'MyDomainName\MyPCName$' worked. Furthermore you have to set the following settings:

  • The General Settings look like this:

  • In the database you want to use create a user with the same name MyDomainName\MyPCName$

  • In the Section "User Mapping" of the Login Properties (Section SQL Server Instance --> Security --> Login Properties make the following settings

I hope this article helped you. If not, please send me comments to improve it.

Reference: "Login failed for user <user>"; http://msdn.microsoft.com/en-us/library/ab4e6cky(v=vs.80).aspx