+ Post New Thread
Results 1 to 14 of 14
Home Access Plus+ Thread, HAP - unathorised access in Projects:; I have setup HAP on server 2008 with IIS7. If i log on as administrator I am able to see ...
  1. #1
    gaz003's Avatar
    Join Date
    Feb 2010
    Location
    UK
    Posts
    40
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    HAP - unathorised access

    I have setup HAP on server 2008 with IIS7. If i log on as administrator I am able to see the mapped drives setup and browse the folders. logging on as a student or myself I get the error: unauthorised access you have attempted to access a restricted resource

    I have messed around with the basic permissions in IIS, added server-ts1 with full control to the mapped drive folders. As a user I have full control to the mapped drives, and so struggling as to why I am unable to access them in HAP.

    Has anyone had the same issue where they could talk me through a solution to this?

  2. #2
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,471
    Thank Post
    37
    Thanked 483 Times in 415 Posts
    Rep Power
    109
    The server should be impersonating the user, and as such running as it to connect to network resources. You need to ensure interactive logons are enabled on your server.

  3. #3

    Join Date
    Nov 2011
    Location
    italy
    Posts
    56
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    invalid login

    Quote Originally Posted by nickbro View Post
    The server should be impersonating the user, and as such running as it to connect to network resources. You need to ensure interactive logons are enabled on your server.
    dear Nick, I have been looking for a web app like with for 10 years. thanks. thanks. thank.
    here is my problems:

    backgrounds)
    environment win 2003r2 and win2008r2 domain controlled. hap installed in win2008r2. on the same server but different site installed sharepoint.
    everything installed following video instructions. hap runs if login as a member of domain admins. version installed HAP.Web v7.7.1122.1650 downloaded from this forum

    1) setup page Active directory browsing shows only 2 organizational units out of apprix. 20.

    2) if login as a studente (member of students) I have "invalid login". please note that "studente" does log on the HAP server. I think this mean logon locally works.
    wwwroot/hap directory has "system" "apppool" and "domain admins" only. do I need to add "students"?

    many thanks for yout superb and terrific work !!!!

    Gian
    Last edited by gianzack; 28th November 2011 at 11:53 AM.

  4. #4
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,471
    Thank Post
    37
    Thanked 483 Times in 415 Posts
    Rep Power
    109
    The students group does not need adding as HAP+ runs as the apppool for anything requiring access to the local server. Check that you can logon as a student on the server. As this may be what's stopping it working properly, as HAP+ will attempt to log on as the user logged in to process it's requests, but if the server isn't set to allow interactive logons this won't be able to happen.

    One option may be to try the Basic Authentication Mode which will be in the delayed v7.7 release

  5. #5

    Join Date
    Nov 2011
    Location
    italy
    Posts
    56
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nickbro View Post
    Check that you can logon as a student on the server.
    thanks for the quick reply.
    I tried and I confirm that I can log on the HAP server as a student.

    Could it be an LDAP issue?

    many thanks again
    gian

  6. #6

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nickbro View Post
    The students group does not need adding as HAP+ runs as the apppool for anything requiring access to the local server. Check that you can logon as a student on the server. As this may be what's stopping it working properly, as HAP+ will attempt to log on as the user logged in to process it's requests, but if the server isn't set to allow interactive logons this won't be able to happen.

    One option may be to try the Basic Authentication Mode which will be in the delayed v7.7 release
    I'm somewhat confused by this.

    By default, only domain admins can log on our servers. Does this mean teaching staff will not be able to use HAP once it's loaded onto a server? (As its now running on my local machine for test purposes)

  7. #7
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,471
    Thank Post
    37
    Thanked 483 Times in 415 Posts
    Rep Power
    109
    When do you get the not authorised message? After they have logged in. When they try and access a drive.

    If the first, check the ~/web.config file, look for authorisation groups

  8. #8

    Join Date
    Nov 2011
    Location
    italy
    Posts
    56
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    should I edit <deny users="?" />

    in the following part of web.config?

    <system.web>
    ...
    <authorization>
    <deny users="?" />
    </authorization>
    <customErrors mode="Off" />
    </system.web>

  9. #9

    Join Date
    Nov 2011
    Location
    italy
    Posts
    56
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nickbro View Post
    When do you get the not authorised message? After they have logged in. When they try and access a drive.

    If the first, check the ~/web.config file, look for authorisation groups

    I have the error on the form itself
    sorry for my ignorance, which part of the web.config should I change?

    thanks again

  10. #10
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,471
    Thank Post
    37
    Thanked 483 Times in 415 Posts
    Rep Power
    109
    Ok, just wanted to check the config was still generic. What page are you trying to access when it gives you the unauthorised error, can you post a screenshot of the error

  11. #11

    Join Date
    Nov 2011
    Location
    italy
    Posts
    56
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    dear nick
    here is the page:
    HAP - unathorised access-new-picture-1-.jpg

    please note that
    1)I CAN logon as a member of domain admins
    2) in the sepup.aspx page after I enter "domain UPN" and "admin" and "pass" the active directory browser gives me only a small part of the active directory structure
    HAP - unathorised access-new-picture-2-.jpg

    a) do you think the 2 problems are connected?
    b) I did these test on the release 7.7.1128
    c) could you please drive me on how to enable basic authentication?

    many thanks again for your help and work

  12. #12
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,471
    Thank Post
    37
    Thanked 483 Times in 415 Posts
    Rep Power
    109
    Ok, one thing you can do, is set HAP+ to run as a Domain User instead of the IISAppPool\HAP user, see if that fixes some things?

  13. #13

    Join Date
    Nov 2011
    Location
    italy
    Posts
    56
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nickbro View Post
    Ok, one thing you can do, is set HAP+ to run as a Domain User instead of the IISAppPool\HAP user, see if that fixes some things?
    dear nick I have some news:
    1) I tried to run as a Domain User or domain admins but still same problem.
    2) I setup basic authentication: if I access the default.aspx as student it sees me as a student and viceversa if I login as an admin.
    3) but if load login.aspx (with basic authentication) and try to login as a student it still tells me invalid login.
    4) I still have the problem (with all the settings I tried) that I can see only a very small part of Active directory with the AD browser but I can bypass it with hapconfig.xml

    do you think the problem is with login.aspx?

    thanks again

  14. #14
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,471
    Thank Post
    37
    Thanked 483 Times in 415 Posts
    Rep Power
    109
    Under basic authentication, login.aspx is redundant

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 17th January 2011, 02:36 PM
  2. 1901 census free access
    By browolf in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 23rd September 2005, 08:15 AM
  3. Replies: 0
    Last Post: 26th August 2005, 01:29 AM
  4. Access based Enumeration
    By ChrisH in forum Windows
    Replies: 2
    Last Post: 28th June 2005, 01:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •