Feb 17, 2010 05:24 PM|Stew312|LINK
Good afternoon gentlemen (and ladies). I'm having an IIS issue this week, and while the site in question is classic ASP I'm assuming the same might apply to .NET troubleshooting, so I figured I'd try a post here as this site has enough traffic to possibly
solicit some answers. 8 hours of Google hasn't turned up anything helpful.
The issue: Recently we moved a large website to a new server, and I have been tasked with re-configuring some IIS settings to allow the site to function as it did previously. The site is run on Ektron CMS, which I fear might be related and I don't have
any experience with that system. Anyway, the site is set for anonymous access but we have an admin section set to Basic Authentication for access to those with local accounts. Long story short, we pull back AUTH_USER from the server variables to store in
a database for 'last modified by' reporting. No matter what I do in IIS and NTFS, I haven't been able to receive values in ANY of the following server variables:
..They all show up blank. The admin directory is prompting for username/password, and seems to validate just fine. I do NOT have 'Enable anonymous access' checked, and fooling with 'Integrated' vs. 'Basic' authentication does infact change the prompt message.
Both allow me to login with my local account. Now, why would AUTH_TYPE (and others) not show me any data if the site is authenticating without anonymous access? Maybe the CMS has some conflicts? The Authentication Mode for the site is set to 'Forms', and
I have tried a number of things. I am modifying IIS settings at the 'admin' folder level, and reviewing the properties of the pages in question show me that the settings have propogated properly. An interesting test showed me that:
> Setting 'Deny="?"' (at the admin level) in my web config will forward the user on to the CMS login portion of the website after I login to the admin section. This would tell me that even after a login, some portion of the site still things I am anonymous,
but some part validated enough to satisfy IIS? So the question is, which part thinks I'm anonymous even after I login? Same happens for all users, naturally.
IIS 6, Windows Server 2003 R2, ASP .NET framework 2.0.