Ciao Moreno,
Dopo settimane di attesa, All fine il nostro system administrator non ha creato un Active Directory service account per ragioni di sicurezza.
Di conseguenza sono punto e a capo.
Devo assolutamente cercare di rimuovere le mie credenziali da IIS.
Riassumendo:
Web.Config:
<?xml version="1.0"?>
<configuration>
<system.webServer>
<!--++++++++++++++++++++++++ COMMENT IF WORKING IN DEVELOPMENT MODE ++++++++++++++++++++++++-->
<httpErrors errorMode="Custom">
<remove statusCode="401"/>
<error statusCode="401" path="/Denied.aspx" responseMode="ExecuteURL" prefixLanguageFilePath=""/>
<remove statusCode="403"/>
<error statusCode="403" path="/Denied.aspx" responseMode="ExecuteURL" prefixLanguageFilePath=""/>
<remove statusCode="404"/>
<error statusCode="404" path="/Denied.aspx" responseMode="ExecuteURL" prefixLanguageFilePath=""/>
</httpErrors>
<!--++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-->
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<remove name="ChartImageHandler"/>
<add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</handlers>
</system.webServer>
<connectionStrings>
<add name="CS_611_QA_BRR" connectionString="Data Source=XXXXXXX\YYYYYYYY;Initial Catalog=611_QA_BRR; Integrated Security=SSPI; Persist Security Info=False;" providerName="System.Data.SqlClientSystem.Data.SqlClient"/>
</connectionStrings>
<system.web>
<httpHandlers>
<add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<!--++++++++++++++++++++++++ COMMENT IF WORKING IN DEVELOPMENT MODE ++++++++++++++++++++++++-->
<authorization>
<allow roles="PIPPOPLUTO\APP-BEXTeam_City, PIPPOPLUTO\APP-IE-AdminTeam_City, PIPPOPLUTO\APP-IE-ProdTeam_City, PIPPOPLUTO\APP-IE-QATeam_City" />
<deny users="*"/>
</authorization>
<!--++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-->
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting" assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</controls>
</pages>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Data.Services.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.ApplicationServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Data.Services.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.DynamicData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.ComponentModel.DataAnnotations, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<!--++++++++++++++++++++++++ COMMENT IF WORKING IN DEVELOPMENT MODE ++++++++++++++++++++++++-->
<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="Error.aspx">
<error statusCode="401" redirect="/Error.aspx"/>
<error statusCode="403" redirect="/Denied.aspx"/>
<error statusCode="404" redirect="/Denied.aspx"/>
</customErrors>
<!--++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-->
</system.web>
<!--++++++++++++++++++++++++ COMMENT IF WORKING IN DEVELOPMENT MODE ++++++++++++++++++++++++-->
<location path="QA">
<system.web>
<authorization>
<allow roles="PIPPOPLUTO\APP-BEXTeam_City, PIPPOPLUTO\APP-IE-AdminTeam_City, PIPPOPLUTO\APP-IE-QATeam_City"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Prod">
<system.web>
<authorization>
<allow roles="PIPPOPLUTO\APP-BEXTeam_City, PIPPOPLUTO\APP-IE-AdminTeam_City, PIPPOPLUTO\APP-IE-ProdTeam_City"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Admin">
<system.web>
<authorization>
<allow roles="PIPPOPLUTO\APP-BEXTeam_City, PIPPOPLUTO\APP-IE-AdminTeam_City"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<!--++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-->
<appSettings>
<add key="ChartImageHandler" value="storage=memory;deleteAfterServicing=true;"/>
</appSettings>
</configuration>
Global.asax:
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Dim SessionId As String = Session.SessionID
Response.Buffer = True
'++++++++++++++++++++++++ COMMENT IF WORKING IN DEVELOPMENT MODE ++++++++++++++++++++++++
Session("User") = HttpContext.Current.User.Identity.Name
Dim currentUser As WindowsIdentity = CType(HttpContext.Current.User.Identity, System.Security.Principal.WindowsIdentity) 'WindowsIdentity.GetCurrent()
For Each iRef As IdentityReference In currentUser.Groups
'------------ BEX -------------------
If iRef.Translate(GetType(NTAccount)).ToString = "PIPPOPLUTO\APP-BEXTeam_City" Or iRef.Translate(GetType(NTAccount)).ToString = "PIPPOPLUTO\APP-IE-AdminTeam_City" Then
Session("NTAccount_Group") = "PIPPOPLUTO\APP-IE-AdminTeam_City"
Response.Redirect("~/Daily_Dashboard.aspx")
Return
End If
Next
For Each iRef As IdentityReference In currentUser.Groups
'------------------- QA ---------------------------
If iRef.Translate(GetType(NTAccount)).ToString = "PIPPOPLUTO\APP-IE-QATeam_City" Then
Session("NTAccount_Group") = "PIPPOPLUTO\APP-IE-QATeam_City"
Response.Redirect("~/QA/Default_QA.aspx")
Return
'------------------- PROD ---------------------------
ElseIf iRef.Translate(GetType(NTAccount)).ToString = "PIPPOPLUTO\APP-IE-ProdTeam_City" Then
Session("NTAccount_Group") = "PIPPOPLUTO\APP-IE-ProdTeam_City"
Response.Redirect("~/Prod/Default_Prod.aspx")
Return
End If
Next
If Session("NTAccount_Group") = "" Then
Response.Redirect("~/Denied.aspx")
Return
End If
End Sub
IIS - Site
- ASP.NET Impersonation: Enable (Property - Identity to impersonate = Specific user: "le mie credenziali")
- Windows Authentication: Enable ( Advance Settings: Extended Protection = Off, Enable Kernel-mode authentication: flagged, Providers: NTLM, Negotiate)
Tutte le altre Authentications sono disabilitate
IIS - Application Pool - Basic Settings
- .NET Framework version: .NET Framework v4.0.3.319
- Managed pipeline mode: Integrated
- Start application pool immediately: flagged
IIS - Application Pool - Advanced Settings
- Processed Model: Identity = "le mie credenziali"
IIS - Application Pool - Bindings
Type: http
IP Address: 10.XXX.XX.XX
Port: 8080
Host name: vuoto
--------------------------------------------------------------------------
Ieri sera ho provato a verificare l'identita' di collegamento al site con quando l'utente BIX si collega e sotto trovi il risultato:
HttpContext.Current.Request.LogonUserIdentity.Name = PIPPOPLUTO\BIX
HttpContext.Current.Request.IsAuthenticated = True
HttpContext.Current.User.Identity.Name = PIPPOPLUTO\BIX
System.Environment.UserName = "il mio username"
Security.Principal.WindowsIdentity.GetCurrent().Name = PIPPOPLUTO\"il mio username"
Page.User.Identity.Name = PIPPOPLUTO\BIX
Vedi qualcosa di strano che impedisca l'authentication senza le mie credenziali?
Grazie ancora
Marco