Setting up website to be available only inside the domain

[Guest]

HI,

I am having problems setting up a website so that it will be available
only inside the domain. We have three servers. One is iis server and second
one is internal server and the third one is sql server. I have deployed the
web application in the internal server. It is not able to access the sql
server that is on another server. If I deploy the same application on IIS, it
is working fine. How should I set up the web application in the Internal
server? Please let me know.

The error that I am getting when it is trying to connect to sql server
is
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Thanks,
Sridhar.

 

[Juan T. Llibre]

re:

The error that I am getting when it is trying to connect to sql server
is Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Apparently, you are connecting as that account,
but that account doesn't have database permissions in the SQL Server.

Probably, the account which ASP.NET is running as on the IIS server has the
appropiate permissions to the SQL Server DB, while the account which ASP.NET
is running as on the internal server (NT AUTHORITY\ANONYMOUS LOGON) doesn't.

Are all the machines on the same domain ?

If so, the solution could be as easy as running ASP.NET,
on the internal server, as NT AUTHORITY\ANONYMOUS LOGON.

If you can't do that...

Are you impersonating ASP.NET in either the IIS Server or the internal server ?

If you aren't, you could setup a domain account, run ASP.NET impersonating
that account on your internal server, and grant that account access right to te SQL Server.

 

[Guest]

Hi,

We have a domain account which can connect to the sql server. We are
impersonating that account to connect to sql server. In our internal server,
I have enabled the Anonymous login and set the user name and password of the
domain account that we have. But still it is not working. In IIS server, we
are using the same username and password and it is working fine. Please let
me know if there is anything I am missing.

Thanks,
Sridhar.

 

[Juan T. Llibre]

re:

We have a domain account which can connect to the sql server. We are
impersonating that account to connect to sql server.
In our internal server, I have enabled the Anonymous login and set the
user name and password of the domain account that we have.

Please run this script on the internal server :

identity.aspx:
-------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>Who is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>

 

[Juan T. Llibre]

re:

The only problem I have is that the email is being sent every time the last page is
refreshed. How to disable this? How to check if the page has been refreshed?

If the action is initiated by a submit button you have no way of checking whether
the page has been refreshed or not because the page will always be a Postback.

A refresh *will* re-post all the data sent via the submit button.

One thing you could try is set the @OutputCache directive to "None" ( looking for the page
fields to have to be refilled, since they haven't been cached) but some browsers may cache anyway.

<%@ OutputCache Location="None" %>

You can also use Response.Cache.SetNoStore ();
Here's a simple C# page which doesn't get cached. Test it :

nocache.aspx
--------------
<%@ Page Language="C#" %>
<html>
<body>
<%
Response.Cache.SetNoStore();
Response.Write (DateTime.Now.ToLongTimeString ());
%>
</body>
</html>
---------

Finally, if you are using textboxes to input data, you could clear the textboxes
after submitting the data...and use a validator to insure that the textboxes must
have some data in order to process the Email send.

That way, the page refresh (after the page is submitted)
will result in the controls not being validated.

See which of those techniques works for you and let us know how you did, OK ?

 

[Guest]

Hi,

I have connected to the internal server through remote desktop from my
computer. when I ran the script, it is giving my windows login. But in the
IIS, I set it to another windows account and in the web.config, I set the
impersonate option to true. I am not sure why it is not working.

Thanks,
Sridhar

 

[Juan T. Llibre]

re:

I have connected to the internal server through remote desktop from my
computer. when I ran the script, it is giving my windows login.

That makes sense.
*Everything* will run through your Windows account when you use Remote Desktop.

Can you reach your internal server via http with your browser ?

Run that script *with your browser*...and give the Windows account the
script reports the necessary SQL Server permissions for the database.

Let us know how you make out.

 

[Guest]

If i ran the same script with in my browser, it is giving the same account
name i.e. my windows account.

 

[Juan T. Llibre]

re:

If i ran the same script with in my browser, it is giving the same account
name i.e. my windows account.

OK, just to make sure we're on the same page...

You uploaded the file to your internal web server's root directory, or any other directory,
called it from your browser like this : http://internalwebservername/identity.aspx
....and it returned *your* Windows account name ?

If that's the case, you did *not* enable anonymous browsing like you said you did.

What steps did you take to "enable anonymous browsing" ?

 

[Guest]

I have uploaded the files to the root directory i.e. c:\inetpub\wwwroot. I
have enabled the anonymous login using the steps below.

First I went to IIS and right clicked on the virtual directory. Then
selected properties. There I went to Directory Security -> Clicked on Edit of
Anonymous Access and Authentication Control. Then I clicked the checkbox
saying Anonymous access and entered the windows username and pwd by clicking
on edit button.
Also I have entered "identity impersonate=true" in web.config file.

Other that that, I haven't done anything. These are the same steps that I
followed when putting the website in IIS server. And it is working fine. But
when I do the same steps in Internal server, it is not working. Do I need to
do anything else?
Please let me know.

Thanks for your patience.

Sridhar.

 

[Juan T. Llibre]

re:

Then I clicked the checkbox saying Anonymous access and entered
the windows username and pwd by clicking on edit button.

Sridhar,

Anonymous access means just that : anonymous access.

If you use a Windows account as your "anonymous access" account,
then *that* account is the one which will be authenticated as the Anonymous account.

That is why *your* account name is being returned.

For anonymous browsing, you should be using the server's IUSR_MachineName account.

If you changed the Anonymous user after clicking on the "Edit" button,
change it back to the server's IUSR_MachineName account and password.

If you don't know or don't remember the password for the Anonymous account,
go to your user manager and change the IUSR_MachineName account's password
to something which you can remember and write when you edit the anonymous account
you want to use in the IIS Manager.

Test the script again after you make the changes outlined above,
and post the results you got.

re:

Also I have entered "identity impersonate=true" in web.config file.

And...which account did you setup as the impersonated account in web.config ?

You should have something like :

<identity impersonate="true" userName="someaccount" password="somepassword" />

Do you ?

If you *do* impersonate here...that's the account which needs permissions to the SQL Server DB.