Windows Authentication – user cannot login

Possibly save 2 hours of your time: When your new application uses windows authentication, typically you will authorize against a specific windows security group. Once you launch your application and users are starting to access this website, but they try to login with their windows credentials but still have no access.

First, go to the website on IIS, right click on the website and choose Edit Permissions. Then go to Security tab and click on Edit. Then Add the windows security group with the Read permission and any other required permissions.

Second, you can get them to logout of their windows machine and then log back in.

Third, if that doesn’t work, then you can send them the following instructions and have them check if they are part of an assigned windows security group.

  • Run command prompt
  • Type: GPRESULT /R > gp.txt
  • Type: notepad gp.txt
  • Search for windows groupname in the txt file

On Windows 10, use the following command instead:

  • Type: GPRESULT /USER username /V > gp.txt
  • Type: notepad gp.txt

 

Clear web application server cache

Possibly save 2 hours of your time: Most applications have cached data. When business updates reference data or some cached data, one needs to clear the cache directly so that the cache can be refreshed. There are multiple ways on how to clear the web server cache.

One way is to recycle application pool for that website. When application pool starts again, the cache has been cleared.

  • Open Internet Information Services (IIS), under the server connection click on Application Pools. Then you will see the list of application pools. Find the one that is assigned to your application. Then right click on the application pool and choose Recycle.
  • There are ways to use Microsoft.Web.Administration.ServerManager.ApplicationPools.Recycle() to recycle the application pools; however this requires an elevated IIS administrator rights. So this is not considered since the target user are business administrators.

Second way is to drop an app_offline.htm file. And then remove it right after. This file will put the application offline and you can customize this file with your company logo embedded as svg image (see bullet point).  This is usually used during maintenance. This file triggers application pool for this website to stop and then when this file is removed, the application pool will start with previous cache cleared. Your application will handle the refresh of the cache when it has been cleared. See below for this code.

  • background: url(data:image/svg+xml;base64,[…image binary goes here…])

Third way is an application specific solution in which the application will provide the ability to clear the cache.

For local development, run iisreset on command prompt will recycle all application pools.

public Exception RestartApplicationViaOffline(string offlineFile, string targetLocation)
{
Exception exception = null;
var appOffline = “app_offline.htm”;
try
{
if (string.IsNullOrEmpty(offlineFile))
throw new Exception($”app_offline.htm [actionId] is not valid at {offlineFile}.”);

if (!offlineFile.EndsWith(appOffline))
offlineFile = Path.Combine(offlineFile, appOffline);

if (string.IsNullOrEmpty(targetLocation))
throw new Exception($”app_offline target folder [target] is not found at {targetLocation}.”);

if (!targetLocation.EndsWith(appOffline))
targetLocation = Path.Combine(targetLocation, appOffline);

// Will overwrite if the destination file already exists.
File.Copy(offlineFile, targetLocation, true);

File.Delete(targetLocation);

}
catch (Exception ex)
{
exception = ex;
}

return exception;
}

Technology stack:

  • Windows Server 2012 R2
  • Internet Information Services (IIS Version 8.5.9600.16384)