0

I am having a strange issue with IIS where I suddenly receive HTTP 500 errors after a few seconds or minutes when navigating around in my website. After a while I found out that I had anonymous authentication enabled in the IIS settings and this seems to have caused the problem because the site needs Windows authentication in order to work. While both anyonymous and Windows authentication were enabled, it seems to just suddenly switch between those methods so sometimes the IIS would receive requests with and sometimes without the user being logged in the IIS logfiles. How does it determine wether or not anonymous or Windows authentication should be used and why does it seem to randomly switch between them if both methods are enabled?

Chris
  • 1,417
  • 4
  • 21
  • 53
  • I need detailed information about the 500 error to help you troubleshoot this issue. first, you can check if there is detailed error logged in Event Viewer. second, you can try to setup Failed Request Tracing, this will often give you details on the 500 error. finally ,you can look through the web log files, this is especially helpful for an intermittent 500 error you can parse the log files to see if there is a trend with a specific page that is throwing a 500 error. – samwu Sep 17 '20 at 03:01
  • @samwu There is nothing logged in the Event Viewer. What details do you need in addition to this? I already know what causes the 500 error as stated in my question but I just want to know why there is a switch between anonymous and Windows authentication happening. – Chris Sep 17 '20 at 10:57
  • Normally, if you enable both windows authentication and anonymous authentication at the same time, then it will use anonymous authentication by default. I suggest you clear the cache and try again. – samwu Sep 18 '20 at 09:02

1 Answers1

0

A 500 error means server-side error. It always come with a message. We need to know that message. If you have both anonymous and windows authentication set. It will use anonymous by default. You'll have to trigger authentication yourself by code. https://techcommunity.microsoft.com/t5/iis-support-blog/windows-authentication-http-request-flow-in-iis/ba-p/324645

Warny
  • 27
  • 3
  • Where can I find that message? I already checked the IIS logfiles and I could not find any additional message besides the 500 error. It also didn't seem to use anonymous all the time because as I said, sometimes it would give a 500 error and sometimes not. It just seems like it is randomly switching between anonymous and windows authentication which does not make any sense in my opinion. – Chris Sep 16 '20 at 14:03
  • Error content are logged in the Event Viewer's Aplication log. If it was an authentication problem, you would get a 402 or 403 error. You can also create a global.asax file in your project to trap errors as describe here : https://stackoverflow.com/questions/2340572/what-is-the-purpose-of-global-asax-in-asp-net – Warny Sep 17 '20 at 06:29
  • I already checked the Event Viewer and there was nothing logged at all regarding the error. Unfortunately I cannot simply change the project right now and test it because the website is currently running in a production environment. You said that if both anonymous and windows authentication are enabled it would use anonymous by default, but this is simply not the behavior I was seeing regarding this problem. – Chris Sep 17 '20 at 10:59
  • You can trace the browser requests using F12 until you get an error. You may get more infos. You can also configure the web.config to get the detailed error using CustomError mode=off or CustomError mode="remoteOnly" (and browsing from your server) – Warny Sep 17 '20 at 14:20