windows authentication uses guest

From: Roger Miller (rogerm_at_gasullivan.com)
Date: 06/26/03


Date: Thu, 26 Jun 2003 14:48:17 -0500


My problem is I can't get authentication to fail like I think it should.

I've got a fat client using web services on Windows 2000. Initially to
access the web services, we attempt to use the default credentials. If this
fails (we have some cross domain scenarios), we prompt the user to provide a
username/password. We set the web references credentials to a new
credential object we create, and (if successful) use these credentials for
all future access.

My problem is this...when I supply bogus credentials, its not failing
authentication. I have anonymous off in IIS (for this virtual directory)
and integrated windows authentication on; also my web config sets windows
authentication; so I expect a 401: Access denied error.

Instead it apparently works and goes into my
windowsAuthentication_onAuthenticate method in the global.asax. Looking at
the user there, the identity is "servername\guest".

There are a few strange circumstances.
1) I'm in development, so both my client and web service are sitting on the
same box.
2) As such, I'm running in a single domain.
3) Since I would authenticate, I've commented out the lines (client side)
that try to authenticate with the default user and go straight into my
exception code.
4) The other odd thing is that if I supply a valid user credentials, the
identity is correct; If I supply one with bogus domain, I get the "Access
Denied" error I expect.

It could be a testing artifact, but it makes me very nervous. Any thoughts
on whats wrong and why I get the servername\guest as the identity.

Thanks,
Roger



Relevant Pages

  • Re: Cached Logon
    ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
    (microsoft.public.windows.server.general)
  • Re: Cached Logon
    ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
    (microsoft.public.sqlserver.connect)
  • Re: Cached Logon
    ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
    (microsoft.public.sqlserver.server)
  • Re: Cached Logon
    ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
    (microsoft.public.win2000.networking)
  • Re: Cached Logon
    ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
    (microsoft.public.inetserver.iis)