This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
We’re currently experiencing a high volume of support requests, which may result in longer response times — thank you for your patience and understanding.
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Still hot issue - Securing access to web console

TelhioCU
Engaged Sweeper

‎10-16-2008 07:23 PM

I have received a solution that did not work to correct my issues with securing access to the web console.

The documentation states to add the approved group name/s to the web.config file. I have done so without success. Additionally, I have attempted to use "allowed" users and had no success.

Changing the permissions in IIS/NTFS works to prevent users from getting to the site without authentication, however it also prevents proper use of the web console by causing web application errors.

I really need to get a solution for this problem.

Thanks,

TCU

Attached is the web.config that is in place now, as well as one I have edited to deploy the group restriction without success.



This one is operational without any security settings:

<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=BR01SQL03;Initial Catalog=Lansweeper32;User ID=xxxxxxxxx;Password=xxxxxxxxxx"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="dd/MM/yyyy"/>
</appSettings>
<system.web>

<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<httpHandlers><remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules></system.web>
</configuration>

---------

This one has the recommended security settings and does not work:

<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=BR01SQL03;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=mysecretpassword0*"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="dd/MM/yyyy"/>
</appSettings>
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow roles="domain\my dept" />
<deny users="*" />
</authorization>
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<httpHandlers><remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules></system.web>
</configuration>

Once put the security in place, from a remote PC when I try to open the website I get the following error:

Server Error in '/lansweeper32' Application.
--------------------------------------------------------------------------------

Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

However, if I login on the local LanSweeper32 machine (as the same account I am attempting to use from the remote location) everything works fine!
The IIS Settings have anonymous enabled, along with integrated windows security. That is all.


Labels:
0 Kudos
21 REPLIES 21
Hemoco
Lansweeper Alumni

‎01-12-2009 04:40 PM

<compilation debug="True" strict="false" explicit="true"> should end with "/>" instead of ">"

like this:

<compilation debug="True" strict="false" explicit="true"/>
0 Kudos
Hemoco
Lansweeper Alumni

‎01-10-2009 03:19 PM

Could you please attach your config file to the post please. (instead of copy/paste)

Please also attach a screenshot of your complete errorpage in internet explorer.
0 Kudos
mz3prs
Engaged Sweeper
In response to Hemoco

‎01-12-2009 04:10 PM

Lansweeper wrote:
Could you please attach your config file to the post please. (instead of copy/paste)

Please also attach a screenshot of your complete errorpage in internet explorer.


OK uploaded
0 Kudos
mz3prs
Engaged Sweeper

‎01-09-2009 05:58 PM

I am having a similar issue with the authentication and I get the following error message.

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Unrecognized element 'authorization'.

Source Error:
Line 13: <identity impersonate="true" />
Line 14: <compilation debug="True" strict="false" explicit="true">
Line 15: <authorization>
Line 16: <allow roles="domain\group name" />
Line 17: <deny users="*" />

Source File: C:\Program Files\lansweeper32\website\web.config Line: 15

Under IIS I have the following setting...Directory Security>Authentication and Access Control

Unchecked - Enable Anonymous Access
Checked - Intergrated Windows Authentication


Here is a copy of my web.config file...

<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=SERVERNAME;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=mysecretpassword0*"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="dd/MM/yyyy"/>
</appSettings>

<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<compilation debug="True" strict="false" explicit="true">
<authorization>
<allow roles="domainname\group name" />
<deny users="*" />
</authorization>

<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>

</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
</configuration>

It looks the same as everyone else, so I don't understand why it is not working.

Thanks
Preview file
3 KB
Preview file
55 KB
0 Kudos
Illuminator7532
Engaged Sweeper

‎12-13-2008 09:03 AM

What about trying to secure the webconsole via IIS based on ip-adresses ? Wouldn't that be much simpler ? Give your own computer a reserved dhcp address, register that ip-address in IIS and you're done
0 Kudos
aquateen
Engaged Sweeper

‎10-20-2008 04:34 PM

Possibly, but I was able to get it to work when I used the Domain Admins group so.....
0 Kudos
Hemoco
Lansweeper Alumni

‎10-18-2008 02:32 PM

Might be a problem with the "space" in the group name?
0 Kudos
DGoodwin
Engaged Sweeper

‎10-17-2008 07:19 PM

Here's what I found. My site security is only "Integrated Windows Authentication" The Groups were not working, so i added the users manually and it all works fine. See below.

<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=RALINV01;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=mysecretpassword0*"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="MM/dd/yyyy"/>
</appSettings>
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true" />
<compilation debug="false" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
<authorization>
<allow users="domain\name1, domain\name2, domain\name3, domain\name4, domain\name5, domain\name6, domain\name7" />
<deny users="*" />
</authorization> </system.web>
</configuration>
0 Kudos
aquateen
Engaged Sweeper

‎10-17-2008 06:06 PM

After about a half-hour of trail and error yesterday, it seems you have to put the suggested configuration changes in the XML (I believe xml) conf file in a specific order.

<configuration><appSettings><add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/><add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=SERVERNAME;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=YOURPASSWORD*"/><add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/><add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/><add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/><add key="dateformat" value="dd/MM/yyyy"/></appSettings><system.web><authentication mode="Windows"/><identity impersonate="true"/><compilation debug="false" strict="false" explicit="true"><assemblies><add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=23894723040"/><add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=45u9083459"/><add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=901238478123904"/><add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B3457439857430"/></assemblies></compilation><httpHandlers><remove verb="*" path="*.asmx"/><add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/><add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=358-548-543" validate="false"/><add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/></httpHandlers><httpModules><add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/></httpModules><authorization><allow roles="YOURDOMAIN\YOURDOMAINGROUP"/><deny users="*"/></authorization></system.web></configuration>


I also disabled anonymous access.

Please don't copy and paste this, as I have modified several things for security purposes; just take note of the order in which the tags or elements are placed.
Sorry it's not laid out better, that's the way the file is by default and my IDE editor isn't working right now.

Hope this helps.
0 Kudos
Hemoco
Lansweeper Alumni

‎10-16-2008 11:23 PM

Could you upload (as attachment) your complete web.config file please.

Could you also upload a complete screenshot of the webpage error that you are getting.
0 Kudos

Archive

This board contains archived posts from the retired Lansweeper Forum and Insiders Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now