Re: Authenticate user and allow anonymous access

From: Joseph Geretz (jgeretz@nospam.com)
Date: 03/16/03

  • Next message: Joseph E Shook: "Re: Authenticate user and allow anonymous access"
    From: "Joseph Geretz" <jgeretz@nospam.com>
    Date: Sat, 15 Mar 2003 20:40:12 -0500
    
    

    Hi Joseph,

    > Just turn on Basic Auth and Integrated. Turn off Anonymous and create a
    > generic username and password for users that do not have domain accounts.
    > This would be a domain account but a restriced domain account with out
    logon
    > local types of permissions.

    How will this work? As Stefan said above, some users are coming in without
    credentials and he doesn't want them to be challenged, he'd like them to
    succeed as Anonymous. With what you have suggested, Anonymous users will be
    challenged for credentials since you have disabled Anonymous.

    Or am I missing something?

    Thanks,

    Joseph Geretz

    >
    >
    > "Joseph Geretz" <jgeretz@nospam.com> wrote in message
    > news:#LPyGTJ6CHA.1040@TK2MSFTNGP10.phx.gbl...
    > > Hi Stefan,
    > >
    > > > This will not work, simply because when checking both Windows
    > > > Integrated Authentication and Anonymous Access, IIS will default to
    > > > the lowest and never begin a challenge of the user, causing the
    > > > credentials to never be passed on to the application.
    > >
    > > I thought this might be the case. Oh well...
    > >
    > > > Anyone that has an idea/hack/whatever on how to do this, please let me
    > > > know.
    > >
    > > Here's a hack: IIS allows you to replace specific error pages with your
    > own
    > > page. Set up two virtual directories into your site; Anon & Auth. Anon
    > > allows anonymous access, Auth disallows anonymous. By default, users
    come
    > in
    > > on Auth. If they have credentials, they are in. All url's on the site
    > should
    > > be relative, so as they continue to browse they kep coming in through
    the
    > > Auth virtual directory.
    > >
    > > If they do not have credentials, that will fire an IIS error (505 I
    > think?).
    > > Remap your IIS 505 (or whatever) error to a page which simply redirects
    > > anonymous users to the Anon virtual directory. Again, since all url's on
    > the
    > > site are relative, as they continue to browse they kep coming in through
    > the
    > > Anon virtual directory.
    > >
    > > Not bullet-proof. Network users, can explicitly 'jump' over to Anon of
    > they
    > > want. But if user's 'play by the rules' that is they use the links
    > supplied
    > > by the application, rather than using the browser url bar, this might
    work
    > > for you.
    > >
    > > Like I said, it's a hack.
    > >
    > > Hope this helps,
    > >
    > > Joseph Geretz
    > >
    > >
    >
    >


  • Next message: Joseph E Shook: "Re: Authenticate user and allow anonymous access"

    Relevant Pages

    • Re: Authenticate user and allow anonymous access
      ... Just turn on Basic Auth and Integrated. ... This would be a domain account but a restriced domain account with out logon ... > anonymous users to the Anon virtual directory. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Vista SSO not working
      ... Same result (asked to login for app), except this time I wasn't even given the option to save the credentials. ... Manage your network passwords in the left panel, ... appear if SSO is working properly and you're using a Domain account. ...
      (microsoft.public.windows.terminal_services)
    • conflicting credentials
      ... >administrative share C$ on the IIS server. ... >credentials gives error "Supplied Credentials conflict ... >the Domain account name untill I click apply. ... >account name turns into SID info. ...
      (microsoft.public.win2000.security)
    • conflicting credentials
      ... shared home folder on the DC. ... administrative share C$ on the IIS server. ... credentials gives error "Supplied Credentials conflict ... the Domain account name untill I click apply. ...
      (microsoft.public.win2000.security)
    • Re: Domain user logon when network is not available
      ... A handy trick to log into a machine after your ... > domain account is disabled is to simply unplug the network cable. ... "Disable Caching of Logon Credentials During Interactive Log On ... This feature is provided for system availability reasons such as ...
      (comp.os.ms-windows.nt.admin.security)