Re: windows authentication uses guest

From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: 06/26/03

  • Next message: John Smith: "Need to encrypt everything due to new California law? Advice please"
    Date: Thu, 26 Jun 2003 22:53:18 +0200
    
    

    This is a behaviour in Windows system. If you for example access a remote
    computer over the network with nonexistent credentials, then guest account
    will be used (if enabled). That is why it is dissabled by default.

    -- 
    Regards
    Matjaz Ladava, MCSE (NT4 & 2000)
    matjaz@ladava.com
    http://ladava.com
    "Roger Miller" <rogerm@gasullivan.com> wrote in message
    news:eeRi5OCPDHA.3192@TK2MSFTNGP10.phx.gbl...
    > Yes, I did.  I just disabled it and now I got "401: access denied".
    >
    > Thanks that solved my problem!!!!!!!!!!!!!!  I guess that's in the
    standard
    > security handbook to disable guest.
    >
    >  But I'm a little bit disturbed that the authentication mechanism
    > automatically rolled over to use a guest account.  Could you explain why
    > that is (if you have time or understand the reasoning)?
    >
    > Thanks again!
    > Roger
    >
    > "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
    > news:eD4zXJCPDHA.3088@TK2MSFTNGP10.phx.gbl...
    > > Do you have your guest account enabled on the server ?
    > >
    > > -- 
    > > Regards
    > >
    > > Matjaz Ladava, MCSE (NT4 & 2000)
    > > matjaz@ladava.com
    > > http://ladava.com
    > >
    > > "Roger Miller" <rogerm@gasullivan.com> wrote in message
    > > news:uO5OFwBPDHA.2788@TK2MSFTNGP10.phx.gbl...
    > > > My problem is I can't get authentication to fail like I think it
    should.
    > > >
    > > > I've got a fat client using web services on Windows 2000.  Initially
    to
    > > > access the web services, we attempt to use the default credentials.
    If
    > > this
    > > > fails (we have some cross domain scenarios), we prompt the user to
    > provide
    > > a
    > > > username/password.  We set the web references credentials to a new
    > > > credential object we create, and (if successful) use these credentials
    > for
    > > > all future access.
    > > >
    > > > My problem is this...when I supply bogus credentials, its not failing
    > > > authentication.  I have anonymous off in IIS (for this virtual
    > directory)
    > > > and integrated windows authentication on;  also my web config sets
    > windows
    > > > authentication; so I expect a 401: Access denied error.
    > > >
    > > > Instead it apparently works and goes into my
    > > > windowsAuthentication_onAuthenticate method in the global.asax.
    Looking
    > > at
    > > > the user there, the identity is  "servername\guest".
    > > >
    > > > There are a few strange circumstances.
    > > > 1) I'm in development, so both my client and web service are sitting
    on
    > > the
    > > > same box.
    > > > 2) As such, I'm running in a single domain.
    > > > 3) Since I would authenticate, I've commented out the lines (client
    > side)
    > > > that try to authenticate with the default user and go straight into my
    > > > exception code.
    > > > 4) The other odd thing is that if I supply a valid user credentials,
    the
    > > > identity is correct;  If I supply one with bogus domain, I get the
    > "Access
    > > > Denied" error I expect.
    > > >
    > > > It could be a testing artifact, but it makes me very nervous.  Any
    > > thoughts
    > > > on whats wrong and why I get the servername\guest as the identity.
    > > >
    > > > Thanks,
    > > > Roger
    > > >
    > > >
    > > >
    > >
    > >
    >
    >
    

  • Next message: John Smith: "Need to encrypt everything due to new California law? Advice please"

    Relevant Pages

    • Re: Cached Logon
      ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
      (microsoft.public.win2000.networking)
    • Re: Cached Logon
      ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
      (microsoft.public.inetserver.iis)
    • Re: Cached Logon
      ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
      (microsoft.public.sqlserver.security)
    • Re: Cached Logon
      ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
      (microsoft.public.win2000.security)
    • Re: Cached Logon
      ... > current credentials and only after failing would prompt for credentials. ... Keep in mind that whether the IE browser will supply the Windows ... the scenes" windows authentication information? ... > On the server I was logged in as domain1\administrator. ...
      (microsoft.public.windows.server.general)