Re: Network Credentials not passing in Authentication mode

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 01/29/04 

Date: Thu, 29 Jan 2004 14:53:37 +1100

The filter referred to would be an ISAPI filter of some kind, not a
web.config issue.

Cheers
Ken

"Steve" <steve.cimino@ticketmaster.com> wrote in message
news:b74b67c3.0401281159.17d8c0ae@posting.google.com...
: Thanks for both of your suggestions....
:
: I've even tried this from an IE5 browser (since use windows auth is
: default) to see if that would go through, but no joy. I've double
: checked my IE6 SP1 settings and I do have send windows auth through.
:
: What I get in the IIS logs (after both of your suggestions) is
:
: 17:43:23 127.0.0.1 GET /capex/user.aspx 401 4644 10
:
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
LR+1.0.3705)
: -
: 17:43:23 127.0.0.1 GET /capex/user.aspx 401 4383 0
:
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
LR+1.0.3705)
: -
: 17:43:23 127.0.0.1 GET /capex/user.aspx 401 4644 10
:
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
LR+1.0.3705)
: -
:
:
: Now the 401.4 is
:
: Unauthorized: Authorization failed by a filter installed on the Web
: server.
:
: Thing is, it's my localhost webserver. Now I'd guess that the
: "filter" it's referring to is the web.config log, no? I've even added
: a location to the file... so now it looks like
:
:
: <configuration>
: <location path="CapEx">
: <system.web>
: <authentication mode="Windows" />
: <authorization>
: <allow users="*" />
: </authorization>
: </system.web>
: </location>
: </configuration>
:
: and have even tried <deny users="?">
:
: An inspection of the system log file in Event Viewer says
:
: Event Type: Success Audit
: Event Source: Security
: Event Category: System Event
: Event ID: 515
: Date: 1/28/2004
: Time: 11:08:23 AM
: User: NT AUTHORITY\SYSTEM
: Computer: MYMACHINENAME
: Description:
: A trusted logon process has registered with the Local Security
: Authority. This logon process will be trusted to submit logon
: requests.
:
: Logon Process Name: KSecDD
:
: Does this information help any?
:
: Thank you both for taking time to help me... it is much appreciated.
:
:
:
:
:
:
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:<OkuL$pU5DHA.1804@TK2MSFTNGP12.phx.gbl>...
: > Hi,
: >
: > I would suggest that you enable Windows file-access-failure auditing on
the
: > file in question. Then, attempt to browse the page from your
web-browser.
: > You should see something logged in the event log indicating what user
: > account the server thinks is being used to attempt to access the page,
and
: > then tweak your NTFS permissions appropriately.
: >
: > Also, be aware that NTLM doesn't work through most proxy servers, and
: > Kerberos authentication doesn't work through most firewalls (those are
the
: > two Integrated Authentication options), so if you're browsing from an
: > external site, keep that in mind.
: >
: > Cheers
: > Ken
: >
: >
: > --
: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: > "Steve" <steve.cimino@ticketmaster.com> wrote in message
: > news:b74b67c3.0401270644.13972f16@posting.google.com...
: > : Hi Ken, thanks for the reply.
: > :
: > : No, I'm not using any basic authentication and prompting the user for
: > : the name/password. I'm trying to grab what they've already logged
: > : into the network with. This was a piece of cake in classic ASP, but
: > : I'm still having difficulties getting this to work.
: > :
: > : I also have under IIS the directory listed as an application, not as a
: > : virtual directory. Is there any other information I can provide you?
: > :
: > : Thanks --
: > :
: > :
: > :
: > : "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: > news:<#joLnWH5DHA.1592@TK2MSFTNGP10.phx.gbl>...
: > : > Are you using a pop-up window in your browser asking you for a
: > : > username/password?
: > : >
: > : > Cheers
: > : > Ken
: > : >
: > : > "Steve" <steve.cimino@ticketmaster.com> wrote in message
: > : > news:b74b67c3.0401260911.204e16ca@posting.google.com...
: > : > : All --
: > : > :
: > : > : I've set up a directory where I simply want to know the person's
name
: > : > : when he comes into the directory. I've set up the following:
: > : > :
: > : > : * Uncheck allow anon in IIS
: > : > : * Uncheck basic authentication
: > : > : * Check 'Use windows authentication'
: > : > :
: > : > : My web.config file looks as follows:
: > : > :
: > : > : <configuration>
: > : > : <system.web>
: > : > : <authentication mode="Windows" />
: > : > : <authorization>
: > : > : <allow users="*" />
: > : > : </authorization>
: > : > :
: > : > : </system.web>
: > : > : </configuration>
: > : > :
: > : > :
: > : > : However, I cannot get to the page -- there's no error being
thrown.
: > : > : It seems that it just ignores everything. Checking the IIS logs
shows
: > : > : that a 401 has been issued, but there's no message sent to the
user.
: > : > :
: > : > : The physical folder has 'Everyone' with read permissions. All I
want
: > : > : is the user's DOMAIN\name sent to me so I can do something with
it,
: > : > : but it doesn't seem it's being passed.
: > : > :
: > : > : Any ideas?

Relevant Pages

  • Re: RELAY MAIL
    ... you using an ISA Server with the SMTP filter? ... we used the Exchange 2003 migration as an opportunity to route SMTP ... through the ISA Server; ... then allows authentication commands to reach the Exchange server, ...
    (microsoft.public.exchange2000.protocols)
  • Re: SMTP using SSL with authentication - problem
    ... Everything seems configured right on the FE server... ... Sender Filter, Recipient Filter, Connection Filter, Sender ID Filter ... "My server requires authentication" is checked under "Outgoing Mail ... Setup POP3/SMTP connectivity on this FE 2003 server, ...
    (microsoft.public.exchange.admin)
  • Re: Custom Authentication ISAPI Filter on CE 3.0
    ... Server supports built-in authentication and CE has a database that lets you ... how to achieve user authentication with ISAPI extensions. ... >> current authenticated user name in an ISAPI Extension (NOT the filter), ...
    (microsoft.public.windowsce.app.development)
  • Re: Scheduled Tasks - Strange Permissions Issue
    ... administrator account in order to browse the local website on the server. ... handlers for authentication are noted so "uniquely" as you have said. ... the Logon Process is the weird unicode and the ...
    (microsoft.public.windows.server.security)
  • Re: Scheduled Tasks - Strange Permissions Issue
    ... I actually had to log into the server as the account running the scheduled job, then open IE and disable the "Integrated Windows Authentication" option. ... It was such an easy solution because I had to do the same exact thing to the administrator account in order to browse the local website on the server. ... the Logon Process is the weird unicode and the Authentication is 'NTLM'. ...
    (microsoft.public.windows.server.security)