Try our conversational search powered by Generative AI!

AI OnAI Off

Problem with EPiServer 6 / WIndows 2008 R2 untrusted providers

jens.altback@spv.se
jens.altback@spv.se
Vote:
 

I have recently upgrade a development enviroment from Windows 2003 to Windows 2008 R2. I also made the necessary change to web.config to support IIS 7.5 / v.4.0 / Integrated mode. It is an Intranet Site with support of Singel Sign On and the site using WindowsRoleProvider and WindowsMembershipProvider to authenticate against our internal Active Directory. Anonymous authentication is not allowed for the site. When i try accessing the site it fails because the web server can not authenticate with my domain user. The only solution i have found for this problem is to add the EPiServer providers to <trustedProviders> in administration.config (c:\windows\system32\inetsrv\config\):

<trustedProviders allowUntrustedProviders="true">
  <add type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  <add type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  <add type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  <add type="EPiServer.Security.WindowsRoleProvider, EPiServer" />
  <add type="EPiServer.Security.WindowsMembershipProvider, EPiServer" />
</trustedProviders>

I have not found any information about this issue in the installation manual for EPiServer 6.
Are there anyone else having experience with Windows 2008 R2 / EPiServer 6 / SSO as a development enviroment?


Regards
Jens

#49006
Feb 28, 2011 14:12
David Knipe
David Knipe
Vote:
 

Hello Jens

Are you using:

<authentication mode="Windows">

If so then you may find my blog post helpful on enabling Windows authenication on your local development machine:

http://world.episerver.com/Blogs/David-Knipe/Dates/2010/9/Checklist-for-setting-up-Windows-Authentication-in-EPiServer-on-a-development-machine/

In particular you may find point 4. useful "Ensure that the machine allows Windows Integrated authentication using a local loopback address"    

Let me know how you go.

David

#49013
Feb 28, 2011 16:46
jens.altback@spv.se
jens.altback@spv.se
Vote:
 

Hello David

Thank you for your reply!

Yes, the site is using Windows authentication mode (<authentication mode="Windows"> in web.config). I tried the regedit trick with the "BackConnectionHostNames", but the same error occurs with a login prompt for my domaincredentials. I have not tried to disable loopback check yet. Without the above mentioned trusted providers i am not able to access the site. In a default installation of Windows 2008 R2 it seems like the attribute "allowUntrustedProviders" is set to False. I am talking about the "administration.config" file in C:\Windows\System32\Inetsrv\Config\. How can then IIS 7.5 allow the two untrusted providers from EPiServer to run? Just a thought... it seems a little bit strange for me.

My machinename and localhost is added as allowed local intranet zone in IIS 8.

Jens

#49016
Feb 28, 2011 17:28
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.