Re: windows authentication uses guest
From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: Thu, 26 Jun 2003 22:53:18 +0200
This is a behaviour in Windows system. If you for example access a remote
computer over the network with nonexistent credentials, then guest account
will be used (if enabled). That is why it is dissabled by default.
-- Regards Matjaz Ladava, MCSE (NT4 & 2000) firstname.lastname@example.org http://ladava.com "Roger Miller" <email@example.com> wrote in message news:eeRi5OCPDHA.3192@TK2MSFTNGP10.phx.gbl... > Yes, I did. I just disabled it and now I got "401: access denied". > > Thanks that solved my problem!!!!!!!!!!!!!! I guess that's in the standard > security handbook to disable guest. > > But I'm a little bit disturbed that the authentication mechanism > automatically rolled over to use a guest account. Could you explain why > that is (if you have time or understand the reasoning)? > > Thanks again! > Roger > > "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message > news:eD4zXJCPDHA.3088@TK2MSFTNGP10.phx.gbl... > > Do you have your guest account enabled on the server ? > > > > -- > > Regards > > > > Matjaz Ladava, MCSE (NT4 & 2000) > > firstname.lastname@example.org > > http://ladava.com > > > > "Roger Miller" <email@example.com> wrote in message > > news:uO5OFwBPDHA.2788@TK2MSFTNGP10.phx.gbl... > > > My problem is I can't get authentication to fail like I think it should. > > > > > > I've got a fat client using web services on Windows 2000. Initially to > > > access the web services, we attempt to use the default credentials. If > > this > > > fails (we have some cross domain scenarios), we prompt the user to > provide > > a > > > username/password. We set the web references credentials to a new > > > credential object we create, and (if successful) use these credentials > for > > > all future access. > > > > > > My problem is this...when I supply bogus credentials, its not failing > > > authentication. I have anonymous off in IIS (for this virtual > directory) > > > and integrated windows authentication on; also my web config sets > windows > > > authentication; so I expect a 401: Access denied error. > > > > > > Instead it apparently works and goes into my > > > windowsAuthentication_onAuthenticate method in the global.asax. Looking > > at > > > the user there, the identity is "servername\guest". > > > > > > There are a few strange circumstances. > > > 1) I'm in development, so both my client and web service are sitting on > > the > > > same box. > > > 2) As such, I'm running in a single domain. > > > 3) Since I would authenticate, I've commented out the lines (client > side) > > > that try to authenticate with the default user and go straight into my > > > exception code. > > > 4) The other odd thing is that if I supply a valid user credentials, the > > > identity is correct; If I supply one with bogus domain, I get the > "Access > > > Denied" error I expect. > > > > > > It could be a testing artifact, but it makes me very nervous. Any > > thoughts > > > on whats wrong and why I get the servername\guest as the identity. > > > > > > Thanks, > > > Roger > > > > > > > > > > > > > > >