IIS 7 and Above
IIS 8.5 Windows Authentication
Last post Feb 13, 2019 08:14 AM by kmclean
Feb 08, 2019 04:23 AM|kmclean|LINK
Hi I have a dotnetcore 2.2 application I am trying to deploy to IIS 8.5
It uses Windows Authentication
My IIS settings are:
Anonymous Authentication Disabled
Basic Authentication Disabled
Digest Authentication Disabled
Windows Authentication Enabled
.NET LCR Version: No Managed Code
Managed pipeline mode: Integrated
Load User Profile: true
When I run the app I get HTTP 500 Internal Server Error
If I use the same settings above except:
change Application Pool Identity to: Custom Account and
enter my Windows credentials
it works but I need it to pick up the Windows logged in user.
Configure your application settings in appsettings.json. Learn more at http://go.microsoft.com/fwlink/?LinkId=786380
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
<aspNetCore processPath="dotnet" arguments=".\WebIM.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true">
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
<globalization uiCulture="en-AU" culture="en-AU" />
<authentication mode="Windows" />
Can anyone help out here?
Feb 09, 2019 03:20 PM|Madness80|LINK
What are the error message details of the HTTP 500 Internal Server Error?
Feb 11, 2019 01:52 AM|kmclean|LINK
The message is:
The website cannot display the page
Most likely causes:
The website has a programming error.
What you can try:
Refresh the page.
Go back to the previous page.
This error (HTTP 500 Internal Server Error) means that the website you are visiting had a server problem which prevented the webpage from displaying.
For more information about HTTP errors, see Help.
Feb 11, 2019 03:20 PM|Madness80|LINK
You need to tell IIS to display the details of the error. In the web.config file add the bolded lines to the appropriate sections.
<customErrors mode="Off" />
<httpErrors errorMode="Detailed" />
If that doesn't work, then you will need to enable failed request tracing for 500 errors. (You might want to do this anyway!) See https://docs.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis-85
In that example they create an error situation for 404.2 to test with. You won't need to do that. Start at the "Enable Failed-Request Tracing" section and set it up for a 500 status code.
Feb 12, 2019 08:10 AM|kmclean|LINK
So it seems when the app runs it is actually picking up the logged in user but only if I set the ApplicationPool Identity to a Custom Account rather than just ApplicationPoolIdentity.
This will get me over the line for the time being for testing but I still need to work out why I'm getting the 500 error when using the ApplicationPoolIdentity. I have updated my web.config like you said and it didn't show any extra info so I'll follow
the steps in the link you sent. Thanks very much for taking the time to help : )
Feb 12, 2019 03:47 PM|Madness80|LINK
Did you grant access to the IIS_IUSRS group on the file system security? https://docs.microsoft.com/en-us/iis/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis
Feb 13, 2019 08:14 AM|kmclean|LINK
Hi, yes I did grant access to the IIS_IUSRS group. On reading the document you sent the link for it looks like it's because the anonymous account needs rights on the network so I think I'll just create a service account where the password doesn't
expire and set the user name and password manually.
Thank you for all your help.