2

I have a PHP site (Default Web Site) and an ASP.NET site (application under the Default Web Site) running together.

I have set up Windows Authentication for the Default Web Site and it's fine. The problem is my ASP.NET application creates a web request - (HttpWebRequest)WebRequest.Create(url) - to pull in information from the PHP application. It's fine without authentication but with Windows Authentication it gets a (401) Unauthorized response.

I figured out I can pass credentials with request.Credentials = new NetworkCredentials(user, pwd, domain); but I'm really looking for a way for the PHP application allow the other application on the same server (site even) through.

How can I tell the Default Web Site to allow these requests?

DaveO
  • 175
  • 1
  • 5
  • 16

4 Answers4

1

I don't think you can bypass the IIS authentication. After all, this is what it is for :)

What you could do is setup the PHP website twice, once with authentication, and once without.

On the site without authentication, make sure you set IP Restrictions, to only allow localhost requests

MichelZ
  • 11,008
  • 4
  • 30
  • 58
  • worked brilliant thanks. Set up new Web Site pointing to the same root , set binding to 127.0.0.1, set IP Address and Domain Restrictions to deny from all and allow from 127.0.0.1, changed WebRequest code to use 127.0.0.1 as the host in the request url – DaveO May 29 '12 at 06:40
0

Just remove the Windows Authentication from the Default Website, and set it on your application under the default website.

This is of course assuming that you don't need authentication on the default website (PHP)

MichelZ
  • 11,008
  • 4
  • 30
  • 58
  • I do need the authentication for both, but I need the application to bypass it so it can get content from the PHP site, either by through settings in IIS or passing authentication (when required) when it makes the request. – DaveO May 25 '12 at 11:47
0

Create a duplicate (called e.g. x_internal.php) of the php page (or pages) that you want to access from the .net app and (on those pages only) set them to allow anonymous access and use IP filtering to restrict access to the local IP only to prevent direct access from non local clients.

I've done similar things in the past without issue.

Chris W
  • 2,670
  • 1
  • 23
  • 32
  • Thanks, unfortunately rewrite rules and whatnot made the duplicate Web Site solution much easier. – DaveO May 29 '12 at 06:41
0

This looks a lot like an issue caused by Microsoft closing a security vulnerability.

If it is the same issue I have seen, http://support.microsoft.com/kb/896861 will give you enough details to sort it out. In my case, this was simply a question of editing the registry.

Dominic Cronin
  • 670
  • 4
  • 21
  • Since the above link is broken, this is the new link to the solution of this problem: https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locally-by-using-its-fqd – alex3683 Feb 28 '20 at 07:51