Application Sub Folder Authentication...

Hi All,

I have an authentication problem that is causing access errors when a user tries to get at anything in our Application/help folder. We use appcmd.exe to set user name and password on our Application folder during install. It seems that most of the subfolders inherit the same Authentication information as that set for the Application itself (<machine or domain>\UserName).

Underneath our application folder is another application folder. The username and password is set in the same fashion as mentioned above.

Actually, there are two subfolders that have incorrect authentication information. They are located both immediately before and after the sub application folder, however, the bin folder is not giving us access problems at the moment. Maybe a directory tree would help here...

Code:

[COLOR="Blue"]Application[/COLOR] (main virtual directory or application folder)        
    Hammer        
    App_Themes        
    bin (contains authentication of IUSR_MachineName)        
    [COLOR="blue"]SubApplication[/COLOR] (sub virtual directory or app folder)        
    [COLOR="Red"]help[/COLOR] (also contains authentication of [COLOR="Red"]IUSR_[/COLOR]MachineName)     
    images        
    Scripts        
    Styles        
    WebServiceHelpers

Again, the help folder is getting specific user identity set to IUSR_MachineName. What is causing this? Is there any way, using appcmd maybe, that I can set the help folder to the correct MachineName\User information?

I'm virtually an IIS newb so fire questions for more information if this is unclear. Maybe I'm missing an option with the use of appcmd to set the user name and password. ??

Thanks for any info in advance.

 

It sounds like you want to password protect a directory. Try looking at some of these links.

http://support.Winhost.com/KB/a671/password-protecting-directories-in-iis-7.aspx
http://forum.Winhost.com/showthread.php?t=7579

 

I don't know if that is quite it. The area where I am seeing the deficiency is Authentication (not Authorization Rules - currently set to Allow-All Users) in the Features view of IIS with the problematic folder highlighted.

On a 'good' folder I highlight, choose Authentication, highlight Anonymous Authentication, click the Edit... link and it is correctly set to Specific User:<system/domain>\User.

If I do the same on the problematic help folder, I see... Specific User:IUSR_SystemName.

I don't know if that is good additional information or not.

I don't know that I want to password protect the folder and its contents. I don't want to have to have a user enter a password to access our help information.

 

Are you trying to do forms authentication? If you are try looking at this kb article for setting up ASP.Net membership/roles provider.

http://support.Winhost.com/KB/a619/how-to-configure-the-aspnet-membershiproles-provider.aspx

 

I just needed to set Anonymous Authentication on a sub folder of our Virtual Directory. I was able to derive the correct appcmd.exe command with the Configuration Editor.

 

What do you mean by "set Anonymous Authentication on a sub folder". By default, your Anonymous ASPNet IUSR has all the rights you need on the root. And those rights automatically propagate down to your subfolders.

 

I was told by Development and QA that the user assigned to Anonymous Authentication (IUSR_Computername) of our help subfolder post install did not allow access to the contents of that folder. The Application root virtual directory has this setting set to a <machine/domain>\user chosen during installation.

Through the use of appcmd called during our install, I am able to set the user correctly to match the application root folder.

All I know it is works now - or so they tell me.

The problem is, I'm no IIS expert and it doesn't apper that we really have one on board here.

 

When you upload your files to our server, you will not transfer the (IUSR_Computername). I believe this maybe the source of the confusion. Rather, the application you uploaded will be assigned the web servers of your account (ASPNet IUSR) account. And that account has full read and write permission to your root and all of the files and folders within it. If your application needs read/write permission to its subfolder "Help", then it should already have it. If the subfolder "Help" is outside of your root, then you will not have read or write permission to that.
If you are experiencing any errors with your web application uploading or writing to your subfolder "Help" we will need the full exact error message you are getting so we can look into it.

 

I'll try to get the error to you ASAP.

 

Huh, apparently QA/Dev can no longer reproduce the error condition, but it was recalled that the error was: HTTP 401.2.

Don't know if that helps to diagnose or not.

Thanks for the replies!!

 

Does anyone know of any tricks to set the Authenticaion on an application sub-folder in IIS 6?

I think we're OK for now in IIS 7 through the use of appcmd.exe, but 6 a problem.

I will continue to look for deeper problems, but I'm in need of a quick workaround for IIS 6.

 

We don't offer IIS 6, but if you have a hosting provider that is offering IIS 6, someone on there end may have to manually set it for you.

 

Not really sure what you mean by that, but we are a software provider of a web application. Post install, one directory has Authentication User set to IUSR_ComputerName. When changed to match what was used for the parent Virtual Directory (main application folder) everything is fine.

I've able to tweak the install with a custom action to set the user to what we need via appcmd and was wondering if there was a way to automate the same in IIS 6.

However, I seem to have tracked the problem down to settings in the installation authoring tool itself.