Windows Authentication on a Coldfusion Application

Similar Messages

• How to make use of Windows authentication from my Java application

  I have a Java application, Instead I design one more login page for my application, I want to make use of Windows Authentication.
  How should I use that windows authentication in my java application
  can any help me in suggesting a solution

  How will they be able to access your application if they aren't users of the system?

• Windows authentication from an enterprise application

  Hi All,
  Does anyone has any idea how to go about implementing windows active directory authentication from an enterprise application.The requirement is that the users across a particular domain should be able to use the application by using their windows login/password.
  Thanks

  I think you should look at Sun or Oracle Identity Management Solutions
  These product offers what you are looking for and they also have SDKs, so you can really extend their strength.
  Regards,
  Michael

• SSO via Windows authentication for a BSP application

  Hi,
  is it possible to configure/implement a bsp-application, so that the user of the application is authenticated in the SAP system through the windows user (without entering the user or password). I search for a mechanism, that is like the SSO mechanism in the SAP EP. We don't have SAP EP, neither we have a java stack installation.
  Exists a way to implement this scenario?
  My idea was it, to use the same functionality, like in the SAP GUI, when configuring SSO. Unfortunately I don't find any hints about this topic.
  Regards,
  Thomas

  One best way is to embed the BSP page in the iview of the EP. As your are telling EP is not available i think there is no other way around.

• Using SQL Server in Window Authentification mode from Coldfusion

  I've received the following private message and don't know
  how to answer. Can anyone else help?
  quote:
  Is there any some simple way to use the sql server in windows
  authentication mode from coldfusion??? Other the creating the ODBC
  Socket.

  Hi Colum,
  get these quite often, which is why I turn PM off most of the
  time.
  Just send them to the right forum:
  http://www.adobe.com/cfusion/webforums/forum/index.cfm?forumid=1
  Cheers
  Craig

• Using the windows authentication

  In my application , I would like use Windows authentication .Currently I am using basic authentication in which the application will get the user details from a file.The file will contains users password and access right(read write permissions). I would like to enhance it with windows authentication in which my application take the windows user and allows him to use the application. Is it possible? If possible , can I set some attributes(like for xxxx value is 1, yyyy value is 2 ) for windows users. Kindly help me if it is possible in Java.

  Apart from transfer logins scripts Ashwin and Stan mentioned, I usually run following script in order to re-establish orphan users to establish if any SQL logins.
  set nocount on
  declare @username    sysname,
          @errcode     int
  select @errcode = 0
  select @username = min(name)
  from sysusers (nolock)
  where uid <> gid and
        name not in ('guest', 'sys', 'INFORMATION_SCHEMA') and
        suser_sname(sid) is null and
        issqlrole = 0
  while @username is not null
  begin
     if exists (select 1
                from master.dbo.syslogins (nolock)
                where name = @username)
     begin
        exec sp_change_users_login @Action = 'Update_One',
                                   @UserNamePattern = @username,
                                   @LoginName = @username
        select @errcode = @@error
        if @errcode = 0
           print 'The user ''' + @username + ''' was re-established in database!'
        else
           print 'Failed to re-establish user ''' + @username + ''' in database!'
     end
     else
     begin
        print 'The user ''' + @username + ''' does not have login ID. So, drop it from database!'
        exec sp_dropuser @username
     end
     select @username = min(name)
     from sysusers (nolock)
     where uid <> gid and
           name not in ('guest', 'sys', 'INFORMATION_SCHEMA') and
           suser_sname(sid) is null and
           issqlrole = 0 and
           name > @username
  end
  go

• Windows authentication of Sharepoint Page viewer Web Part applications

  Hi,
  I am working on a new Sharepoint portal which will have Page viewer Web Parts hosting asp.net applications. The standalone applications those are hosted are using windows authentication. my requirment is, when the client logs in to sharepoint need to authenticate
  all web parts with same user credentials so that then don't need to log in again. those asp.net applications are hosted as standalone also out side sharepoint. Can some one advise me how to do that?..
  Thanks
  Ram

  We havent tried that.  We changed the link in the web part to access an html page that claims that the report is loading.  It states in the html that if the page doesnt load to "click here" which redirects to the crystalreportviewer.  Its a temp fix for it.  One thing we are looking at is the 64 bit version of the Sharepoint integration kit.  That may contain a reportviewer webpart.
  Thanks for the reply.
  Brian

• Problem when consuming web service on WIndows authentication applcation

  Hi,
  I am having a tough time in consuming web services on a
  Windows authentication IIS server.
  In one of my application I have created web services and
  consuming those web services from my another application.
  If I turned off the Windows authentication everything works
  fine, but If I turned on the Windows authentication web services
  stop working.
  Has anyone encountered such error while working with web
  services on Windows authentication server.
  Attach Code
  Could not perform web service invocation "funGetCustomer".
  Here is the fault returned when invoking the web service
  operation:
  AxisFault
  faultCode: {
  http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (401)Unauthorized
  faultActor:
  faultNode:
  faultDetail:
  {}:return code: 401
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "
  http://www.w3.org/TR/html4/strict.dtd">
  <HTML><HEAD><TITLE>You are not authorized
  to view this page</TITLE>
  <META HTTP-EQUIV="Content-Type" Content="text/html;
  charset=Windows-1252">
  <STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
  </STYLE>
  </HEAD><BODY><TABLE width=500 border=0
  cellspacing=10><TR><TD>
  <h1>You are not authorized to view this page</h1>
  You do not have permission to view this directory or page
  using the credentials that you supplied because your Web browser is
  sending a WWW-Authenticate header fi...

  You could try switching the HTTP transport provided in the
  Apache Axis embedded in ColdFusion to "CommonsHTTPSender".
  See this blog post:
  http://tjordahl.blogspot.com/2007/03/apache-axis-and-commons-httpclient.html

• Database access using windows authentication

  We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5.
  We have set up the ColdFusion Application Service to run under an AD service account and have created the data sources in CFAdmin leaving the username and password blank. The data sources verify and all seems good. The problem comes when running a query. The credential passed to the database is the service account and not the windows authenticated user. As such the query fails. What are we missing to get CF to pass the Windows Authenticated user credential instead of the service account?
  Thanks
  Tim

  ColdFusion does not pass user's credentials to the database connections by default, and cannot pass Windows Authentication credentials that way.  It only sends the service account's credentials (if you leave username/password blank as you have done).  The only way to pass user credentials is to put them into the individual query calls themselves, and even then you can't pass Windows Authentication credentials.  You would have to use SQL Server Logins, and create accounts for each user.
  I think most people are using either a dedicated SQL Server login for ColdFusion and run all queries under that account, or they do as you have already done and use Windows Authentication along with the ColdFusion service account.  If you need an audit trail, then pass usernames into the insert/update queries and store them manually along with the other data you are inserting/updating.
  -Carl V.

• Help with file uploader, php script, Windows Authentication

  I am trying to setup a really basic web-based file uploader that I will expand upon later. I have the flex application working well enough (very basic). However, I have a php script in a secure folder using windows authentication. When I try to send the file to the script, it doesn't seem to like my credentials, and refuses to do anything. I do not get an error message; just nothing happens.
  My questions are:
  Does anybody know where I should've looked before posting this thread?
  Do I even have PHP set up correctly? (At first I just made a txt file and put a .php extension on it, then I tried to setup PHP on the server, but it was a little confusing for me)
  Is Windows Authentication the problem?
  I do plan on implementing SQL Server in the future (to keep track of Files and user-defined attributes for files), but I do not want to store the files in SQLserver, just their pathnames.
  Is there a simple way to use ColdFusion (for free) to acheive this end?
  I am somewhat experienced at coding applications, but am totally new to server-side scripts.
  This is my php script:
  <?php
  $tempFile = $_FILES['Filedata']['tmp_name'];
  $fileName = $_FILES['Filedata']['name'];
  $fileSize = $_FILES['Filedata']['size'];
  move_uploaded_file($tempFile, "./" . $fileName);
  ?>
  This is my flex application:
  <?xml version="1.0" encoding="utf-8"?>
  <s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
                    xmlns:s="library://ns.adobe.com/flex/spark"
                    xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600">
  <fx:Script>
       <![CDATA[
       private var fileRef:FileReference
       private var uploadFilePath:String
       private function selectFile():void
            fileRef = new FileReference();
            fileRef.addEventListener(Event.SELECT, fileRef_select);
            fileRef.browse();
       private function fileRef_select(evt:Event):void
            fileRef.upload(new URLRequest("http://SERVERLOCATION/PDFUploader.php"));
       ]]>
  </fx:Script>
       <s:Button top="30" left="5" label="Browse" click="selectFile()"/>
  </s:Application>
  Thanks to any who take the time to respond.

  Hey, so far all I have found is this tutorial.. I'm about to try it out
  http://www.smartwebby.com/Flash/external_data.asp

• ADFS 3.0 Windows Authentication not working

  I recently upgraded from ADFS 2.1 and TMG 2010 as the reverse proxy to ADFS 3.0 and Web Application Proxy as the reverse proxy.  I have upgraded to ADFS 3.0 successfully and it is working without anything changing to the end users.  This is still
  using TMG 2010 as the reverse proxy. 
  When I make the changes to use WAP as the reverse proxy, I get prompted with a forms based authentication page instead of the usual windows authentication screen.  This poses a problem since this creates an extra step for people when logging on to our
  sites that use SSO since there's no "save password" box.  I can move the traffic back to TMG and it's back to working like it should but we are looking to remove TMG very soon.
  When I am on the "inside" network connecting to ADFS without the reverse proxy, it works just fine.  However, ALL of our users are "outside" of the network will be using the reverse proxy.  None of the computers are domain joined.
  The issue seems to only be when using Web Application Proxy server to service ADFS SSO requests.....TMG servicing these requests does not have this issue.
  What's the difference?  How can I get this functionality back with WAP?

  Hi Eric,
  Based on my research, when publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users
  to the published application.
  To use Integrated Windows authentication, the Web Application Proxy server must be joined to an AD DS domain.
  More information for you:
  Web Application Proxy: Some applications are configured to perform backend authentication using Integrated Windows authentication but the server is not joined to a domain
  http://technet.microsoft.com/en-us/library/dn464299.aspx
  Best Regards,
  Amy

• My MacBook Pro Retina's Bluetooth chipset unknown/odd login message on the login screen states Login Window Authentication Login window Name edit text has keyboard focus. In addition, the login screen is not remembering me

  I have been experiencing several issues with my MacBook Pro Retina mid 2012. My MBPR is scheduled to go into the depot. However, I am wondering if anyone may be able to shed light on a few issues as this is the third "official" time my MBPR is going back for service ("one depot" trip; "one authorized" dealer; several in-store visits).
  My Bluetooth is stating that the Bluetooth Chipset is Unknown (0). I also have had Bluetooth Preferences mysteriously change on me. In addition, while Bluetooth is off there are two serial modems turning on. I have turned them off, but they continue to pop up.
  In addition, when I log in, my MBPR is not remembering me and my login name is not appearing on the slate-gray screen. The name and password are blank and the following message appears in the lower left hand corner. "login window authentication login window Name edit text has keyboard focus."  As a side note, I am the only user. The login issue is a recent occurrence as we just totally wiped it again via a Command + R, and I don't believe I have an accessibility setting set to anything that would cause this, but wanted to check.
  Should I be concerned here? Has anyone else had issues like this? I don't want to worry if I don't have to. I have had so many issues over the course of nine months. 5-6 wipes. Airport card replaced and I am about to pull my hair out if my MBPR doesn't come back worldly like clock work this time. I just can't send my days trying to get a $2300 product to work for me any longer. No idea what is wrong with it, but it is driving me insane. Cross your fingers for me and any guidance you have or thoughts would be welcomed. Thank you. EMM

  A few more issues...
  In Console, the following is greyed out:
  User and Diagnostic reports
  Com.apple.launchd.peruser.0
  Com.apple.launchd.peruser.88
  Com.apple.launchd.peruser.89
  Com.apple.launchd.peruser.92
  Com.apple.launchd.peruser.97
  Com.apple.launchd.peruser.200
  Com.apple.launchd.peruser.201
  Com.apple.launchd.peruser.202
  Com.apple.launchd.peruser.212
  *[user logs are accessible]
  Krb5kdc
  Radius
  My guest files are locked, but again I am the administrator of MBPR.
  I am worried about a keystroke logged or at least, trying to rule it out.
  Also:
  Mdworker32(225) [and other mdworker numbers] are sandboxing; stating deny Mach-lookup
  Com.apple.Powermanagement.control, etc. long attachment with those files with version: ??? (???).
  Postinstall: removing applications/Microsoft Office 2011/Microsoft Outlook.app
  WARNINGS in Console include:
  [NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 19.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction] instead.
  There are a ton of other warnings. Before I go through this again, can someone tell me if this is normal (all of it -- above too); or if these are symptoms is a keystroke logger or hardware issues? 
  I ask because originally, when my computer went in for diagnostics (more than once), Apple stated the hardware was fine (other than Airport Card -- finally). However, if I've done 5-6 total wipes; created new users; do not have sharing set-up; have not played around in Terminal; and am up-to-date with versions -- and various issues KEEP COMING BACK -- I am left wondering if a keystroke logger would be possible here?!? I thought maybe a faulty logic board, but why would diagnostics be okay, then? Not trying to be hyperbole, just desperate.
  Please help me rule keystroke logger out or at least, tell me so I know, so I can take appropriate action. If you think it could be the logic board with symptoms above, that would be a great too.
  All I want to do is use the computer as intended, but I can't seem to get a real answer, so after nine months -- I am turning to the communities to see if anyone -- anyone at all -- can help. The last thing I can do is have the MBPR come back from the depot and the same thing occur. Any guidance or advice would be so gratefully appreciated.

• Getting SPWeb.CurrentUser as null with Windows Authentication (AD), when configured for Claims Authentication

  Hi All,
  We recently migrated to SP 2013 from SP 2010. We are using most of the OOB features, with a few custom code. We have implemented a custom ASP.NET Membership Provider that authenticates against a web service. This was working fine on SP 2010.
  The entire code base was migrated to SP 2013 (with .net fw 4.5, etc) and any issues Compile / Runtime were fixed. However, we are stuck at one bug, which seems to be occuring only while trying to login with Windows Authentication. When a user tries to login
  with Forms Authentication, the error is never noticed.
  Scenrio: Login as Windows Authentiction.
  Result: The user is signed into the system and is authenticated against the AD. For random page loads - it throws access denied (even though he is a site collection admin). While attaching a debugger, we found that, at times the SPWeb.CurrentUser is null (weird).
  At the same time, the HttpContext.Current.Request.IsAuthenticated returns true. Which means the User is Authenticated, but not available in the SPWeb.CurrentUser object. 
  Attached are couple of ULS Logs that we found. The line which says IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 is a little disturbing. Can you please let me know what is happening here? I am not able to access the root site (http://win2012d2:1234/)
  however, i am able to access (http://win2012d2:1234/SitePages/Home.aspx) just fine, without any issues.
  Please note, this error is only when the user is logged into sharepoint as a windows user. The forms user faces no such issues.
  ULS Logs:
  Name=Request (GET:http://win2012d2:1234/)
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0
  Application error when access /, Error=Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue  
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Getting Error Message for Exception System.ArgumentException: Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue    
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2} 
  Unknown SPRequest error occurred. More information: 0x80070005
  SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPContext.get_ListId()    
   at Microsoft.SharePoint.SPContext.get_List()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPWeb.InitWeb()    
   at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

  Hi Mohamed,
  According to your description, my understanding is that the error occurred when users login with Windows Authentication.
  From the error message, I recommend to check if the anonymous access is enabled for the web application.
  And please also make sure that the users all are available and have permission to access the site.
  Here is a similar thread for you to take a look:
  http://social.technet.microsoft.com/Forums/en-US/28623bdc-a2f0-4876-9be4-9a764f106366/getting-spwebcurrentuser-as-null-with-windows-authentication-ad-when-configured-for-claims?forum=sharepointdevelopment
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Windows authentication failure on SharePoint 2013 zone

  I am attempting to set up a Windows authentication zone in a SharePoint 2013 installation for use by the search crawler.  The zone has been configured to use NTLM in order to eliminate Kerberos from the equation.  The result of my
  attempts to access the Windows authentication zone is a 403 error.  Central Administration is working on the same server, and of course is using Windows authentication.
  I know about the issue of using Windows authentication to localhost, and have configured the backconnectionhostnames entry in the registry.  To prove that I can use Windows authentication using the intended host name for the SharePoint zone, I have
  set up a test IIS site that binds to the host name used by the zone, and successfully authenticated using Windows authentication.
  From monitoring the ULS logs it's obvious that I'm actually successfully completing Windows authentication, and getting a SharePoint claim, but from that point I'm being denied by SharePoint.  I do know that my Windows credentials has site collection
  administrator privileges.  The most interesting failure in the ULS log appears to be:
  SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
  Another odd thing is that after the ULS indicates I have failed authentication, I'm redirected to /_layouts/AccessDenied.aspx instead of the login page defined in web.config.  I have tried many things, including enabling Kernel-mode authentication. 
  Below is an excerpt from my ULS logs:
  SPApplicationAuthenticationModule: There is no Authorization header, can't try to perform application authentication.
  Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.53, Original Level: Verbose] Value for isAnonymousAllowed is : {0}
  [Forced due to logging gap, Original Level: Verbose] Value for checkAuthenticationCookie is : {0}
  Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.56, Original Level: VerboseEx] Sending HTTP response {0} - {1}:{2}.
  [Forced due to logging gap, Original Level: Verbose] SPRequestModule.PreSendRequestHeaders
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5320.19544383434
  Name=Timer Job SchedulingApproval
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=16.4101862108173
  Name=Timer Job SchedulingApproval
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=14.9021733209109
  Name=Timer Job SchedulingApproval
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.95, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnEndRequest: Start
  SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=17.2175513927049
  Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
  Name=Request (GET:https://crawler.my.host:443/)
  Micro Trace Tags: 0 nasq
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=9.54646470431298
  Name=Request (GET:https://crawler.my.host:443/)
  SPTokenCache.ReadTokenXml: Successfully read token XML 'mydomain\myuser'.
  Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
  Token Cache: Entry missing for user 'mydomain\myuser'.
  Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
  Claims Windows Sign-In: User 'mydomain\myuser' for request url 'https://crawler.my.host/' does not have a cached SessionSecurityToken.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:33.24, Original Level: VerboseEx] We are in claims windows only mode for for request url '{0}'.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:33.71, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  SPSecurityContext: Added JsonWebSecurityTokenHandler to trust channel factory
  SPSecurityContext: Replaced WSTrustRequestSerializer with SPTrust13RequestSerializer
  SPSecurityContext: The SecurityTokenServiceBehavior is attached to the TrustChannel.
  SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'
  MessageId: 'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
  SecurityTokenServiceReceiveRequest: LocalAddress: 'http://servername:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId:
  'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
  Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No
  STS Call: Issuing new security token.
  SPSecurityTokenServiceManager!EnsureSharePointLogonRequestClaims: Found primary sid claim. Value: 's-0-0-0-0-0-0-1234'.
  Using claim provider 'System' for operation because it is default and it is visible.
  Excluding claim provider 'AD' for operation because it is not default and .
  Using claim provider 'AllUsers' for operation because it is default and it is visible.
  Excluding claim provider 'Forms' for operation because it is not default and .
  Using claim provider 'User Profile Claim Provider' for operation because it is default and it is visible.
  STS Call Claims Windows: Setting cookie lifetime to: Microsoft.IdentityModel.Protocols.WSTrust.Lifetime
  STS Call Claims Windows: Successfully requested sign-in claim identity for user 'mydomain\myuser'.
  STS Call: Successfully issued new security token.
  Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=13.187150880908
  [Forced due to logging gap, cached @ 12/01/2014 15:48:34.87, Original Level: Verbose] The SecurityTokenServiceHeaderInfo including the correlation ID was added.
  Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=719.713539011243
  [Forced due to logging gap, cached @ 12/01/2014 15:48:35.60, Original Level: Verbose] ____{0}={1}
  Claims Windows Sign-In: Siginging in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
  Updating X.509 certificate validation policy
  [Forced due to logging gap, cached @ 12/01/2014 15:48:36.26, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  Adding X.509 certificate thumbprint '493E6806F4178EDD685BE5EA0AAF79ED30FB4A90' to root authority trust
  SPLocalLoginProvider: Initializing and creating S2S Claim Mappings
  SPLocalLoginProvider: Initialized S2S Claim Mappings.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:36.37, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:37.17, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:37.96, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnSessionSecurityTokenCreated: Start
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.10, Original Level: VerboseEx] SPSam.SetPrincipalFromSessionToken: End
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
  Token Cache: Failed to add token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to Add the token for '0).w|s-0-0-0-0-0-0-1234'.
  Token Cache: Successfully added token to cache for '0).w|s-0-0-0-0-0-0-1234'.
  SPTokenCache.ReadTokenXml: Successfully read token XML '0).w|s-0-0-0-0-0-0-1234,0#.w|mydomain\myuser,123456789012345,True,dpoRtB/hPcjVrEaJtqVWxhY8Pbfm++oHwWQ5TCB9jBlLx5n2Ky5OqGXM7ntfLB0kqIJNDUkeQrl4wL7xW2m4r0rV1TiOUf+e2mpHq8WOgN67puRViZbCxCkwmmxUpE/1OVNcDFXRCh26tvVFieK99LKZn8BJUtmP8RqxtwtwqBolNjCyZ3rfSSmtFyM3pdWjphdj312R9Lcp9/EhTpvvV1J2lFCig901ZGaPo7zOw3pFyXl1eDs+gF2Bcbc7/mMZw67/gEccsFaekBVH1TK0d9qqr6P/ISeEgzhlK4DChV94ntsw8m8Pb255yTL8WrbTykMFV3jC7R2MvqCmiKGK+g==,https://crawler.my.host/'.
  Claims Windows Sign-In: Not writing a cookie for request 'https://crawler.my.host/'.
  Claims Windows Sign-In: Successfully signed-in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
  Updating header 'LOGON_USER' with value '0#.w|mydomain\myuser' for the request url 'https://crawler.my.host/'.
  Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=4957.74267399907
  SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|mydomain\myuser, ClaimsCount=27
  Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=31.2877754016223
  Micro Trace Tags: 0 nasq,69 air4a,1 air4b,22 air4a,0 air4b,1641 aeayb,732 b4ly,654 erv2,58 erv3,1814 air36,0 air37,42 b4ly,5 agb9s,39 b4ly
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5101.04328902137
  SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.24, Original Level: Verbose] {0}
  [Forced due to logging gap, Original Level: VerboseEx] SPRequestParameters: AppPrincipal={0}, UserName={1}, UserKye={2}, RoleCount={3}, Roles={4}
  Site=/
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.37, Original Level: Verbose] {0}
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.40, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.48, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  Access Denied for /. StackTrace:    at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnEndRequest(Object sender,
  EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)    
  at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)     at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)     at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
  wr, HttpContext context)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr
  rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr
  nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  Leaving Monitored Scope (SPFederationAuthenticationModule.OnEndRequest). Execution Time=351.625416079418
  Entering monitored scope (Request (GET:https://crawler.my.host:443/_layouts/AccessDenied.aspx?Source=https%3A%2F%2Fcrawler%2Emy%2Ehost)). Parent No
   

  I'm extending an existing claims based web application.  The way I'm testing authentication is by attempting to log in to the Windows authentication zone using the browser and an account with site collection administrator privileges.  I've also
  tried using the intended crawler service account, but that also fails authentication.
  With regard to the default zone issue, I've already experimented with using both the default zone and another zone, but neither works.
  BTW, I already have this working in a SharePoint 2013 development environment, and a similar configuration has been in a SharePoint 2010 production environment for over a year, which makes this a particularly maddening problem.
  I have enabled Failed Request Tracing, and get a 401.1, 401.2, then a 403 (which says it was caused by the 401.2).  I'm not sure of the significance, but the 403 trace shows the module for the 401.2 to be UrlAuthorizationModule, while the module for
  the 403 error is FederatedAuthentication.
  Per my ULS trace included in my original post, it appears that I'm actually getting a SharePoint claim.

• HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008

  I had an error while executing asp.net appcation from IIS as follows
  Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  Description:
  An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  [SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
  Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
  'IIS APPPOOL\ASP.NET v4.0'  ?
  If yes, how to create the login?
  If no,what is the best possible solution?
  Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.

  Hi Praveen,
  To fix this issue, you need to change the Identity of your website's Application Pool to use the
  NetworkService account (or the less secure LocalSystem account).  By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
  Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, drill down into Default Web Site and click on your website.
  3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
  4.Click Cancel...  If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
  Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, click on Application Pools.
  3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
  4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
  5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
  Hope this helps.
  Best Regards,
  Peja
  Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.