Re: windows authentication uses guest
From: Roger Miller (rogerm_at_gasullivan.com)
Date: 06/26/03
- Next message: Matjaz Ladava: "Re: windows authentication uses guest"
- Previous message: Matjaz Ladava: "Re: windows authentication uses guest"
- In reply to: Matjaz Ladava: "Re: windows authentication uses guest"
- Next in thread: Matjaz Ladava: "Re: windows authentication uses guest"
- Reply: Matjaz Ladava: "Re: windows authentication uses guest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jun 2003 15:43:23 -0500
Yes, I did. I just disabled it and now I got "401: access denied".
Thanks that solved my problem!!!!!!!!!!!!!! I guess that's in the standard
security handbook to disable guest.
But I'm a little bit disturbed that the authentication mechanism
automatically rolled over to use a guest account. Could you explain why
that is (if you have time or understand the reasoning)?
Thanks again!
Roger
"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:eD4zXJCPDHA.3088@TK2MSFTNGP10.phx.gbl...
> Do you have your guest account enabled on the server ?
>
> --
> Regards
>
> Matjaz Ladava, MCSE (NT4 & 2000)
> matjaz@ladava.com
> http://ladava.com
>
> "Roger Miller" <rogerm@gasullivan.com> wrote in message
> news:uO5OFwBPDHA.2788@TK2MSFTNGP10.phx.gbl...
> > My problem is I can't get authentication to fail like I think it should.
> >
> > I've got a fat client using web services on Windows 2000. Initially to
> > access the web services, we attempt to use the default credentials. If
> this
> > fails (we have some cross domain scenarios), we prompt the user to
provide
> a
> > username/password. We set the web references credentials to a new
> > credential object we create, and (if successful) use these credentials
for
> > all future access.
> >
> > My problem is this...when I supply bogus credentials, its not failing
> > authentication. I have anonymous off in IIS (for this virtual
directory)
> > and integrated windows authentication on; also my web config sets
windows
> > authentication; so I expect a 401: Access denied error.
> >
> > Instead it apparently works and goes into my
> > windowsAuthentication_onAuthenticate method in the global.asax. Looking
> at
> > the user there, the identity is "servername\guest".
> >
> > There are a few strange circumstances.
> > 1) I'm in development, so both my client and web service are sitting on
> the
> > same box.
> > 2) As such, I'm running in a single domain.
> > 3) Since I would authenticate, I've commented out the lines (client
side)
> > that try to authenticate with the default user and go straight into my
> > exception code.
> > 4) The other odd thing is that if I supply a valid user credentials, the
> > identity is correct; If I supply one with bogus domain, I get the
"Access
> > Denied" error I expect.
> >
> > It could be a testing artifact, but it makes me very nervous. Any
> thoughts
> > on whats wrong and why I get the servername\guest as the identity.
> >
> > Thanks,
> > Roger
> >
> >
> >
>
>
- Next message: Matjaz Ladava: "Re: windows authentication uses guest"
- Previous message: Matjaz Ladava: "Re: windows authentication uses guest"
- In reply to: Matjaz Ladava: "Re: windows authentication uses guest"
- Next in thread: Matjaz Ladava: "Re: windows authentication uses guest"
- Reply: Matjaz Ladava: "Re: windows authentication uses guest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
