Re: Using IIS w/ASP .NET 2.0 Web Application Projects

No, you aren't understanding the point of the message.

If I don't turn this on, then VS won't even try to show the page. It must
be turned on in order for VS to debug because VS uses a Windows account to
authenticate the debugger.

As I pointed out earlier turning this on only works when anonymous is either
off or fails.

At any rate, the problem is now solved as the issue was that IIS does not
create a default document of "default.aspx". As soon as I add this, all is
well.

I am able to do this with Windows Authentication AND Anonymous
Authentication both on but with the ASP.NET authentication set to NONE.

-Scott


"Juan T. Llibre" <nomailreplies@xxxxxxxxxxx> wrote in message
news:%23OQal4DYIHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
I've tried to explain to you the authentication mechanism as well as I
can.
If you know so much about this, why are you the one with the problem ?

Go ahead and *** your head against the explanation.

When you're done, you'll see that, if you turn on Windows Authentication.
allegedly in order to debug the app, you're turning Windows Authentication
on for the whole app, and not just for debugging purposes.

That's why you're having problems.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"Scott M." <smar@xxxxxxxxxxxxx> wrote in message
news:OxyVRvDYIHA.5396@xxxxxxxxxxxxxxxxxxxxxxx
See my last post (which I think you missed).

And, comments here too, inline...


"Juan T. Llibre" <nomailreplies@xxxxxxxxxxx> wrote in message
news:Owc0%23eDYIHA.2000@xxxxxxxxxxxxxxxxxxxxxxx
re:
!> I believe that selecting both allows IIS to have the benefits of
both. VS needs integrated

If you select Windows Integrated Authentication, anonymous users won't
be able to login.

Not true - see my other post.


re:
!> Even with what you are saying, I should be able to see the page I'm
trying
!> to access since I do, in fact, have a Windows account on the
development
!> server that I'm testing against and even still, I get a 403 error.

That depends on how you've configured ASP.NET.

ASP.NET has a *separate* authentication configuration which IIS doesn't
interfere with.

I know. If I set it to Form, Windows or None, I get the same results.


In web.config, you must specify <authentication mode="Windows">
if you want Windows Integrated Authentication to work in ASP.NET.

See :
http://msdn2.microsoft.com/en-us/library/aa478979.aspx#aspnet-jspmig-authentication_topic5

Not quite. As you point out the ASP .NET setting is separate from the
IIS setting (although you can set the ASP .NET setting via the ASP .NET
tab in IIS without having to do it in web config).

Let's be clear here. The only reason I have Windows authentication
turned on in IIS is because VS will not enter debug mode without it. I am
not trying to create a Windows authenticated ASP .NET web site and so I
would not set the ASP .NET setting to Windows authentication.

As I point out in my other post you can have both Anonymous and Windows
authentication turned on at the same time and this solves the VS
debugging error.


<quote>
"Windows authentication, also called Integrated Windows authentication,
uses Windows operating
system accounts to verify a user's credentials. This means that the user
must either be logged in
to the domain on which the server is running (in which case they will
not be queried for credentials),
or must log in to the domain when they try to access a protected page.

This authentication scheme is part of IIS, and must be configured and
executed by IIS;
it is entirely separate from ASP.NET and is not, as such, an ASP.NET
authentication mechanism."
</quote>

If you're running an ASP.NET application, you must configure
<authentication mode="Windows"> in web.config.>

Uh, no that's not true.







Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"Scott M." <smar@xxxxxxxxxxxxx> wrote in message
news:EE768BA4-D4BA-4206-A9C6-7E62304EDC37@xxxxxxxxxxxxxxxx

"Juan T. Llibre" <nomailreplies@xxxxxxxxxxx> wrote in message
news:%236pwAu8XIHA.536@xxxxxxxxxxxxxxxxxxxxxxx
re:
!> Anonymous Access is on by default. I only turned on Integrated
Windows
!> Authentication (in addition to the automatically enabled Anonymous
Access)

Integrated Windows Authentication overrides the Anonymous
authentication default.

I'm not so sure about that since both Anonymous and Integrated Windows
are checked simultaneously. If selecting one
disabled the other, I would expect that you would not be able to select
them both together. I believe that selecting
both allows IIS to have the benefits of both. VS needs integrated
Windows authentication to make debugging work.

When you "only turned on Integrated Windows Authentication", in
effect,
you are requiring *all* clients which access your application to have
an
account on the server which is hosting it.

re:
!> Integrated Windows Authentication must be on in order to debug the
application

Which OS are you using ? Which version of IIS are you using ?

XP Pro. SP2 / IIS 6.0

There's different solutions for different OS/IIS versions.

There's a slew of reports/solutions for the problem you report at :
http://www.google.com/search?hl=en&q=debug+%22Visual+Studio%22+%22Windows+Authentication%22

Yes, I've already seen those but that's not really the point of my
post.

Even with what you are saying, I should be able to see the page I'm
trying to access since I do, in fact, have a
Windows account on the development server that I'm testing against and
even still, I get a 403 error.







Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"Scott M." <smar@xxxxxxxxxxxxx> wrote in message
news:utGU6%236XIHA.5816@xxxxxxxxxxxxxxxxxxxxxxx

"Juan T. Llibre" <nomailreplies@xxxxxxxxxxx> wrote in message
news:OIQuSa6XIHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
re:
!> enabled Integrated Windows Authentication
!> When I attempt to run the project, I get an http 403 access
fobidden error

When you run ASP.NET with Windows Authentication enabled,
every single account which accesses the application must have
permission to access the app expressly granted.


Have you considered using Anonymous Authentication or Forms
Authentication ?

Anonymous Access is on by default. I only turned on Integrated
Windows Authentication (in addition to the
automatically enabled Anonymous Access) because Visual Studio
complained that Integrated Windows Authentication must
be on in order to debug the application.

Or, are you set on creating a Windows user account for every single
user of your App ?

See above.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"Scott M." <smar@xxxxxxxxxxxxx> wrote in message
news:OpY5jz5XIHA.2268@xxxxxxxxxxxxxxxxxxxxxxx
In my ASP .NET 2.0 Web Applicaiton Project, I've changed the server
setting to use IIS. I then created the
virtual directory (from the button in VS) and then went and enabled
Integrated Windows Authentication. The site
consists of just a single default.aspx file with nothing in it.
When I attempt to run the project, I get an http
403 access fobidden error.

What am I missing?

Thanks.

















.