MVC File Download asking for Authentication - file

I encountered a weird scenario. I have created an MVC2 Application and deployed it to IIS7, to 2 web sites (Default Web Site and another manually created "Test Web Site" ... they are using different application pools targeting v2.0). I am using SQL 2008 R2 Filestream feature to store files.
The problem I have is that I have a feature where the user browsing the site can download a document. The document is created in the server and the server then streams that to the client. The problem is, Default Web Site asks for authentication when user tries to download.
This doesn't happen for Test Web Site and it downloads fine.
Now, I do not have a clue what setting I need to change? The only different things I recall is that I manually created Test Web Site compared to just reusing the Default Web Site and also that I allowed inbound connections to Test Web Site (it was on port 8080).
What are the configurations needed to change so that user can download files from Default Web Site without going through authentication?

Try changing authentication settings in IIS Site->Authentication->Anonymous Authentication set to Enable

Turns out it was conflicting with the SQL Server Reports Manager.
Found this out from here: source

Related

Run the application from its EAR

I have only ear file of the application and I need to deploy it on the server. I tried deploying it directly on my integrated weblogic server but because of security in the EAR, it is asking username/password from me and when I provide one from jazn file of the application, it does not accept.
Next I tried creating customization application of the ear and there I gave reference to jazn file while creating project. Now it is accepting my password but while running, it is throwing error -
[oracle.jbo.NoDefException][oracle.jbo.mom.DefinitionManager.findDefinitionObject][ApplicationCustomer]
I googled this error but seems like it is because it is not able to find business components from the corresponding model project. I added the model project as a dependency but still getting the same error.
Any ideas ?
You can create your own users directly in Weblogic, though Weblogic Console:
http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/taskhelp/security/DefineUsers.html
Since users are server specific and not application specific, you can use these users to log on against your application.
For convenience reasons an ADF application can deploy users and roles, but thats only for testing purposes. In Production systems, users are not being deployed with the application, but either created through Weblogic Console or Enterprise Manager, or 'injected' by a Authentication Provider.
Another option would be to change passwords for the users deployed along with the application. On Weblogic Console, go to:
Security Realms -> My realm -> User and Groups -> select one of the users -> Passwords.
Then provide New Password and Confirm New Password fields. Save.

One Cloud Service, Two Web Sites - securing communication between the two

Question: How can I communicate between two web sites using HTTPS within one Azure Cloud Service deployment?
Details:
I have architected an Azure Cloud Service deployment (one “subdomain.cloudapp.net”) in such a way as to run two separate web sites inside the deployment by using different ports.
Site 1 is what I’m calling a Service Site that is a standard ASP.NET site that hosts a bunch of WCF Services with no HTML or ASPX pages (except for a default.aspx page that redirects to site 2). Site 1 is running on port 80.
Site 2 is my main site and hosts a Silverlight application that uses the services from Site 1 to access the database and process results. It is only accessible by way of HTTPS and uses port 443.
Both of these sites are defined in a Visual Studio Azure solution with two endpoints, one for each port. Further, each endpoint is associated with the two web site project insides of the VS Solution by way of the ServiceDefinition.csdef configuration file in the Azure project.
I have purchased my security certificate and associated it with a domain name that I am using with Site 2 by way of domain name redirecting and CName mapping at my DNS.
Accessing site 2 using the mapped domain name and an encrypted connection works well via HTTPS. However, when I try to make a service call internally from Site 2 to Site 1, I am going from an HTTPS connection to an HTTP connection because I don’t have a SSL Certificate at Site 1. As a result, when site 2 makes a service call to Site 1, it tries to serve clientaccesspolicy.xml. This causes Internet Explorer to display the ‘Mixed Content’ message (Because of the HTTPS/HTTP mix). Bottom line is I need to get rid of this pop-up prompt. I know it can be disabled on the client end but with over a thousand users, I can’t depend on them being able to turn the message off. I need to make the message go away on the server side.
Back to the question, so is there a way to access site 1 using SSL from site 2 all within the one Azure Cloud Service? What it sounds like I need to do is assign an SSL Certificate to site 1. However, I’m hitting two roadblocks. First, I can’t assign an SSL Certificate to a wildcard.clouapp.net domain name. Second, I can’t assign a second domain name to the Azure Cloud Service since I can’t do domain name forwarding to a specific port (remember that Site 2 is already using domain forwarding anyway).
I could accomplish a solution by breaking out the two sites into their own cloud services but I would rather not because it would double my cost. Are there any suggestions on how to accomplish getting this “Mixed Content” message to go away, either by way of securing site 1 or some other method?

DNN / WebMatrix / Localhost / Multiple Sites

It seems that DNN is undergoing an upgrade and I cannot access the forums or many of the docs. Needing an answer soon, and Google providing too many varied types of hits (none of which are helpful or most of which post to the DNN site that is undergoing that upgrade), I had a few questions about setting up DNN.
First, I am coming from Orchard. There I was able to use Webmatrix - I downloaded the web version, opened as administrator, created modules, messed with themes, etc. Using the Orchard Docs, I was able to set up a multi-tenant site and run it on local host (IIS express through Webmatrix) - this included modifying the host/config files to view the multi-tenant sites. I could then publish to my own server running IIS 7. On the server I set up the landlord site then bound the tenants with no problem.
Being new to DNN (and things not being readily available at the moment on their site), I was hoping I could get some guidance on how to set up DNN similar to what I did with Orchard.
First question is obviously whether or not that is possible (i.e., no IIS, only IIS Express (Webmatrix) on my local machine).
Here would be my other questions:
If I can run it locally, can I just download the 7.1.0 new install package, and open Webmatrix (as Admin) on the folder I unzipped it in?
Assuming I just "Run" the website, I will then set up the "Landlord" instance of DNN on the following screens, correct? (i.e., where it asks for credentials and what DB setup I can use)
Can I then go ahead and create sub-tenant sites (alias/portal)? If so, do I go about manually updating my host/config files to run those tenants (depending on the port)?
Assume all of the above is correct, do I have to "reinstall" the 7.1.0 package on my webserver, or will a simple publish from Webmatrix do (with the proper credentials in Settings)? If so, I can handle pointing to the landlord on my server and then binding my subtenants in IIS.
Sorry for the n00b questions. Thanks!
On the Download page on dnnsoftware.com, there's a link to click which will start the install process within WebMatrix: http://www.microsoft.com/web/gallery/install.aspx?appsxml=www.microsoft.com%2fweb%2fwebpi%2f2.0%2fWebApplicationList.xml&appid=106
When you create a new portal, you can specify that it uses a URL which is a subdirectory of the current URL (i.e. a child portal alias), so that you don't have to use different ports. I'm not especially familiar with IIS Express, so I would expect that you could point multiple ports to the site, and map those as different portal aliases, but not sure exactly how you could do that, if you don't want to make use of child portal aliases.
To publish a site, you should just need to push the file system and database, and setup IIS.

silverlight web application prevent file access from webserver through url

Hi Team,
I have a silverlight WebApplication, it has a folder on webserver that download a document and store for clients to view. The issue I am facing is that eventhough windows authentication is enabled and directory browesing is disabled. I am able to access and view the image using the url i.e. (http:\loclahost\webapp\dir\image1.tif) form a different domain.Is there some configuration I can do on web server (IIS 8) or I need to adopt some encryption logic in my code.
Any suggestion or help on this would be of gr8 help.
If it's what I'm thinking, You must set permissions to IISUSRS (a system user created for ISS) to write and read your folder.

why does my xbap crashes when loading from a web site that is routed through Sun IDM server?

I have a hybrid website, a mix of aspx and XBAPP resources, which is hosted on IIS6.0 on top of Windows 2003 server. We have a Sun IDM server for single-sign-on as there are multiple applications and a proxy, which rewrites the url. The website is hosted on a separate server and the IDM server on different machine. This is especially done to hide the actual resources being called from the IDM server. Every url hit goes to the IDM server and rewrites to the required resource server. Now the problem is when I call the website hosted server's url directly it works perfectly fine and XBAPP loads and run exactly as required but crashes when called through the IDM server. What I observed on Fiddler is that the moment the URL is called by the PresentationHost, there is a new session on the server and causes an authentication failure.
Look if you are redirecting to any self generated url. You should use a relative path everywhere to maintain the session. The proxy server might be impersonating the requests and the url. In such a case, a request to your absolute path might violate the impersonation and hence the loss of session.

Resources