Archives for category: IIS

Use the following steps to encrypt/decrypt the connectionStrings section in a web.config file:

  1. Open the web.config file and write down the “targetFramework” attribute value in the <compilation> section. (ex: 4.0)
  2. Start -> All Programs -> Accessories -> (right click) Command Prompt -> Run as administrator -> Yes
  3. Enter “cd\” to get to the root folder
  4. In the following step, replace “MyTargetFramwork” with the available version number that best matches the “targetFramework” value you wrote down in step 1. (ex: v4.0.30319)
  5. Enter “cd Windows\Microsoft.NET\Framework\MyTarketFramework\”
  6. To choose a web.config file based on file location, skip to step 7 and 8; To choose a web.config file based on IIS web application path, skip to step 9 and 10.
  7. To encrypt the connectionStrings section, enter: aspnet_regiis –pef “connectionStrings” C:\inetpub\wwwroot\MyWebApplicationPath
  8. To decrypt the connectionStrings section, enter: aspnet_regiis –pdf “connectionStrings” C:\inetpub\wwwroot\MyWebApplicationPath
  9. To encrypt the connectionStrings section, enter: aspnet_regiis –pe “connectionStrings” – app “/MyWebApplicationPath
  10. To decrypt the connectionStrings section, enter: aspnet_regiis –pd “connectionStrings” – app “/MyWebApplicationPath

The <connectionStrings> section of the web.config file should be encrypted/decrypted now.

After deploying a new ASP.NET web application with Windows authentication, hosted by IIS, I encountered a repeated “Authentication Required” popup folled by a 401 Error screen.

authreq401error01

Here are some of the configuration settings I used to resolve the issue:

authreq401error02

IIS -> MyServer -> Application Pools -> (right click) Add Application Pool
authreq401error03

By default, IIS will create a virtual account (a server account, not a domain account) named “IIS AppPool\MyApplicationPool”

 

IIS-> MyServer -> Sites -> MyWebSite -> MyApplication (right click) -> Manage Application -> Advanced Settings

Set “Application Pool” to “MyApplicationPool”
IIS -> MyServer -> Sites -> MyWebSite -> MyApplication -> .NET AuthorizationRules
authreq401error04

IIS -> MyServer -> Sites -> MyWebSite -> MyApplication -> Authentication -> (right click) Edit Permissions -> Security -> Edit -> Add
Type “IIS AppPool\MyApplicationPool” in the “Enter the object names to select” box and click “Check Names”

Locations -> MyServer -> OK -> OK -> OK

Set “Full control” to “Allow” and click “OK”

 

IIS -> MyServer -> Sites -> MyWebSite -> MyApplication -> Authentication -> (right click) Open Feature -> Anonymous Authentication (right click) -> Edit -> Application pool identity -> OK

IIS -> MyServer -> Sites -> MyWebSite -> MyApplication -> Authentication -> (right click) Open Feature -> Windows Authentication (right click) -> Advanced Settings

Set “Extended Protection” = “Accept” and “Enable Kernel-mode authentication” = “Checked”
IIS -> MyServer -> Sites -> MyWebSite -> MyApplication -> Authentication -> (right click) Open Feature -> Windows Authentication (right click) -> Providers -> NTLM -> Move Up -> OK
authreq401error05