0

I have mixed ASP.NET Web Forms, MVC and WebApi application with AspNet.Identity deployed to an IIS8 on Windows 2012 R2 server.

And when I'm accessing this app from local netrowk it work fine. On the other hand, when I or anybody else accessing application from internet, after login with correct login/password it shows:

Forbidden

You don't have permission to access /ProjectFolder/Default.aspx on this server.

In addition in the log file it seams that status is 200 OK:

2017-06-16 10:48:13 10.77.61.44 GET /ProjectFolder/Default.aspx - 80 login_name@companyname.com 10.77.61.254 Mozilla/5.0+(Linux;+Android+7.0;+SM-G930F+Build/NRD90M)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/58.0.3029.83+Mobile+Safari/537.36 http://subdomain.domain.com/ProjectFolder/Login.aspx 200 0 0 274

What could be the reason?

Oleg Oshkoderov
  • 500
  • 1
  • 4
  • 17
  • Login page is accessible form internet? – शेखर Jun 16 '17 at 11:49
  • 1
    When you say "after login with correct login/password", what are you using for login? Forms, NTLM, plain text, or something else? – tgolisch Jun 16 '17 at 12:36
  • It is a Web Form that internally uses Asp.Net Identity to check credentials and then AuthenticationManager to authenticate. Users data is stored in SQL database. Both Login.aspx and Logout.aspx pages work fine. – Oleg Oshkoderov Jun 16 '17 at 13:11
  • make sure you use the application pool identity instead of the pass-through for folder access, and that the app pool identity has access to the folder. – Alex Terry Jun 16 '17 at 20:43
  • @ATerry, Thank you for suggestion. I've checked App Pool Configuration, and it have ApplicationPoolIdentity value set for Identity field. I've granted full controll access for everyone on application folder for a test, but still same issue: works from local network, and forbidden after login from internet. – Oleg Oshkoderov Jun 19 '17 at 07:22
  • What authentication method are you using on the site? This shouldn't matter between localhost and remote but the default user for anonymous authentication is IUSR. You can try changing that to application pool identity or add IUSR to folder permissions. – Alex Terry Jun 19 '17 at 15:41
  • Also, what access denied code are you recieving? – Alex Terry Jun 19 '17 at 17:18
  • @ATerry, Thank you for your help.When we checked responce headers with Forbidden status code we noticed that responce was genearted by Apache server. It turned out to be a firewall that was blocking access to the application. – Oleg Oshkoderov Jun 21 '17 at 08:37

0 Answers0