question

AbdurhmanAlsobhi-0201 avatar image
0 Votes"
AbdurhmanAlsobhi-0201 asked BruceZhang-MSFT commented

Unautorized 401 While I'm not using any Authentication

Im using ASP.NET Core 6 WebAPI,

As you can see in my Program.cs im not using any kind of auth, In development (dotnet run) everything works,
but when I deploy to IIS with dotnet publish -r win-x64 --self-contained -o release12, I get 401.2 unauthorized on all routes
web.config on IIS looks like this

 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <location path="." inheritInChildApplications="false">
     <system.webServer>
       <handlers>
         <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
       </handlers>
       <aspNetCore processPath=".\MaintBader.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
     </system.webServer>
   </location>
 </configuration>

This is my Program.cs

 using Microsoft.EntityFrameworkCore;
 using MaintBader.Data;
 using MaintBader.Settings;
    
 var  MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    
 var builder = WebApplication.CreateBuilder(args);
 builder.Services.AddCors(options =>
 {
     options.AddPolicy(name: MyAllowSpecificOrigins,
                       builder =>
                       {
                           builder.WithOrigins("http://localhost:4040",
                                               "http://127.0.0.1:5500")
                                                 .AllowAnyHeader()
                                                 .AllowAnyMethod();
                       });
 });
    
    
 // Add services to the container.
    
    
 builder.Services.AddDbContext<MaintBaderContext>(options =>
     options.UseSqlServer(builder.Configuration.GetConnectionString("SB-STTN-Dev-Connection")));
    
    
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
    
 var app = builder.Build();
    
 // Configure the HTTP request pipeline.
    
     app.UseSwagger();
     app.UseSwaggerUI();
    
    
 using (var scope = app.Services.CreateScope())
 {
     var services = scope.ServiceProvider;
    
     var context = services.GetRequiredService<MaintBaderContext>();
     context.Database.EnsureDeleted();
     context.Database.EnsureCreated();
     DbInitializer.Initialize(context);
        
 }
    
    
 app.UseHttpsRedirection();
 app.UseStaticFiles();
 app.UseRouting();
    
 app.UseCors(MyAllowSpecificOrigins);
    
    
    
 app.MapControllers();
    
 app.Run();






windows-server-iisdotnet-aspnet-core-mvcdotnet-aspnet-core-webapidotnet-aspnet-core-auth
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

IIS has authentication settings too. Make sure Windows Authentication is disabled on IIS and Anonymous Authentication is enabled.

0 Votes 0 ·

It is, and Anonymous is Enabled

0 Votes 0 ·

Hi @AbdurhmanAlsobhi-0201 ,

Can you show the complete process of deployment? How you publish and deploy, how you set permission?

I think the issue may be caused by the permission of site folder. After deploy, you need to right click the site folder and choose securtiy item. Then add IIS APPPOOL\pool name and set it full control permission so that IIS has permission to read and execute files in it.

0 Votes 0 ·
AgaveJoe avatar image
0 Votes"
AgaveJoe answered

The full error is 401.2 - Logon failed due to server configuration.

It is, and Anonymous is Enabled

If Anonymous Authentication and only Anonymous Authentication is enabled in IIS then the Anonymous account has not been granted access to the application directory.

Also, I think --self-contained needs to be followed by true/false.

https://docs.microsoft.com/en-us/dotnet/core/deploying/deploy-with-cli#self-contained-deployment



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZaidAshraf-6343 avatar image
0 Votes"
ZaidAshraf-6343 answered ZaidAshraf-6343 edited

I'm just checking in to see if the information provided above was of assistance. Please let us know if you have any other questions.

Thank you very much.

https://batteriadipentole.com/

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.