Hi,

I installed YAF on my Windows server 2012 with IIS 8.

The authorization method set in IIS was "anonymous authentication", and the YAF went well. However, when I want to log in an account, it won't apply the user profile, and still shows "Welcome Guest! To enable all features please Login or Register."

If I change authorization method to "form authorization", I got the following error message when I enter the website:

===============================================================================
Server Error in '/' Application.

---

The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested URL: /login.aspx

===============================================================================

Is there anyone can tell me which authorization method should I enable in IIS, and how to solve this login problem?

Thanks a lot.

IIS 7 and 8 interact directly with the web.config file. Any changes you make to ASP.NET settings in IIS will change the web.config file in the webroot, or the web.config file in the folder you are making changes to.

Without knowing what other steps you took during installation, such as how you configured your IIS 8, there is too many gray area to diagnose. HTTP 404 = server cannot find a file or complete a request. You asked for a file it cannot find. If changing your Authentication Method in IIS caused this to happen - you need to investigate your server configuration further.

YAF requires nothing special to be configured in IIS. All it needs is an Application Pool running ASP.NET 4 in Integrated Pipeline, and a place on the server to reside. IIS can use an Anonymous user account (usually an IUSR account or an IWAM account -- or something of the likes) to serve the YAF files - this is NOT the same as the ASP.NET "Authentication" method -- this is the low-level IIS website 'worker process' user. The rest of the user authentication for YAF is handled by YAF internally with it's membership and role/profile providers (as defined in YAF web.config - see below). If you change ASP.NET settings in IIS, that will change YAF web.config, and can most likely disrupt those settings from using YAF providers as needed. In your case, you changed IIS setting and your whole site decided to start throwing 404's... That is an IIS issue most likely related to your application pool settings...

After that, you upload YAF, make whatever web.config, app.config, db.config, and mail.config changes you need (or just use the installer to setup your database connection and mailserver info, and you're done. The web.config (rename from recommended-web.config when you upload) handles the rest. The most you would do is add a 'machineKey' element in there so that when IIS restarts, your user's cookies are still good. Without it, cookies are useless whenever IIS restarts the application pool.

I haven't worked with IIS 8 / Server 2012 yet - but on IIS7/Server 2008 I can have a YAF site up and running usually in about 10 minutes and very rarely ever have to venture into IIS other than to 'convert the YAF folder to a "Virtual Application"' and run the installer...

---

Thank you for your reply and clear explanation. I'll try it again.

So in the IIS setting, is it ok just to enable "Anonymous Authentication" and disable "Forms Authentication" ?

No. What I'm saying is those settings in IIS that say ASP.NET (whatever) shoudl be left alone. They shouldn't need to be altered to begin with at all. An ASP.NET's web application config (web.config) should have all necessary settings in it to operate the application.

What you will need to do is most likely remove the website from IIS because you have made settings chagnes that will change the web.config file that is stored in the filesystem.

You will most likely have to remove the current site and application pool. Create a new pool, using ASP.NET 4.0 with Integrated Pipeline. Then create a new website in IIS, and link the site to the application pool and properly set the HTTP Header Bindings...

Then, upload your YAF application. If it is going into the root of the website, no further configuration should be necessary - go to the website URL/install/default.aspx, answer the questions and install.

If it is going into a sub-folder, and will be a stand-alone application (not part of any other ASP.NET application on that site) - then you go back into IIS after uploading to the subfolder, right click on the subfolder in the tree on the left, and select "Convert to Virtual Application" or something of the sort. Close IIS manager, and run YAF install (website URL/forum-folder/install/default.aspx --

The problem is once you make changes to ASP.NET settings in IIS, IIS alters the web.config file in the folder on the filesystem. It is usually next to impossible to easily restore the settings exactly the way they were before the changes - easiest way is to restore the web.config and restart the webserver and give the install a try. IF that fails, use my steps above, and start over --

---

Hi, thank you.

I've followed your direction and tried again. The website is ok to show but still got problem when entered username/password to log in.

I still got the error message "HTTP Error 401.2 - Unauthorized" (attached at the end of the post)

The weird thing is that I tried to install YAF on my Win 7 PC with IIS 7.5, and everything went well, no any problem when log in. Just so easy to install.

I'll try to figure out what's going on on my server 2012 with IIS 8.

If you have any suggestion please let me know. Thank you very much.

======================================================================================
HTTP Error 401.2 - Unauthorized

You are not authorized to view this page due to invalid authentication headers.



Most likely causes:
•No authentication protocol (including anonymous) is selected in IIS.
•Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
•Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
•The Web server is not configured for anonymous access and a required authorization header was not received.
•The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.



Things you can try:
•Verify the authentication setting for the resource and then try requesting the resource using that authentication method.
•Verify that the client browser supports Integrated authentication.
•Verify that the request is not going through a proxy when Integrated authentication is used.
•Verify that the user is not explicitly denied access in the "configuration/system.webServer/authorization" configuration section.
•Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.



Detailed Error Information:



Module
IIS Web Core

Notification
AuthenticateRequest

Handler
PageHandlerFactory-Integrated-4.0

Error Code
0x80070005



Requested URL
http://xx.xx.xx.xx:80/login.aspx?ReturnUrl=%2finstall%2fdefault.aspx 

Physical Path
C:\inetpub\wwwroot\forum\login.aspx

Logon Method
Not yet determined

Logon User
Not yet determined




More Information:
This error occurs when the WWW-Authenticate header sent to the Web server is not supported by the server configuration. Check the authentication method for the resource, and verify which authentication method the client used. The error occurs when the authentication methods are different. To determine which type of authentication the client is using, check the authentication settings for the client.
View more information »

Microsoft Knowledge Base Articles:
•907273
•253667
======================================================================================

I am doing research for you as I am experienced in IIS 4 through 7.5 - but I do not have any IIS 8 servers as of yet. In my IIS 7/7.5 configurations, I will attach some screen shots -

I am following and it is appearing that you are working with a bare-metal configuration starting from scratch for a public facing server. In that aspect, there will be some minor settings we will address. Due of this, will be an error on my part in past post because I did not follow correctly that you might have a bare-metal installation we are working with. Please give me some moments, and I will follow up with further information for you

:cheesy:

---

Hi,

I finally figure out what is causing this strange problem.

In IIS 8, in "Forms Authorization", the login URL should be changed to "default.aspx?g=login&", where the default value is "login.aspx"

In IIS 7.5, the website went well if we keep the default setting of "Forms Authorization". But in IIS 8, the default setting will take effect and cause the problem when login.

Anyway, thanks for helping me solve the problem.:cheesy:

For what it's worth, most likely resetting your IIS 8 config as you did helped to locate this issue - as once things like the authentication from inside IIS changes, sometimes it is hard to get back where you want it -- been a battle of IIS for many versions --

---