Re: URGENT... mixed anonymous and integrated security issue
From: David Wang [Msft] (someone@online.microsoft.com)
Date: 03/28/03
- Next message: Andreas Claudi: "Re: Signing effects"
- Previous message: Alek Davis: "Re: RSA encryption and decryption!!!!"
- In reply to: alien251: "URGENT... mixed anonymous and integrated security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Wang [Msft]" <someone@online.microsoft.com> Date: Thu, 27 Mar 2003 23:43:16 -0800
A 401.2 means that the client was not able to use a authentication protocol
which the server requires. This means that it isn't necessarily an issue of
IIS leaving off the WWW-Authenticate header -- IIS is telling the client
with this response that it didn't send the right Authorization headers. I'm
less inclined to blame the server so easily -- just because there are more
clients than servers doesn't make the clients bug-free.
I think that something in between the client and server is consuming
Authorization/WWW-Authenticate headers, breaking connections, or the client
isn't sending the headers for whatever reason. I suspect that IE Zones may
have something to do with it as well.
I also hope you realize that IE does cache knowledge of the type of
authentication used at a website -- so mixing authentication on a website
doesn't work so well with IE (especially mixing Windows auth and anonymous).
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "alien251" <billow_dan@hotmail.com> wrote in message news:eR2C1m78CHA.1612@TK2MSFTNGP11.phx.gbl... We've written an ASP.NET application that uses Integrated Security we've tested it and are about to begin doing user acceptance testing and training for a hundred or so users... The environment our network engineers setup for us is in a seperate domain specifically used for testing, this is where they will do acceptance testing and training... Ultimately this new application will run on a web server in the same domain that the users will already be logged into... I have an Intranet site that allows anonymous access... From that site I have a link to the new application in an untrusted domain, the web server requires nt authentication... For some clients IIS will challenge them and given the correct credentials allow access to the site... For other users they are not even challenged just denied access 401.2... I'm confused whether or not this is a server configuration error or the problem is on the client... I've checked the "Use Integrated Security" in the Browser\Tools\Option\Advanced\Security section but it doesn't seem to make a difference... Could IIS be leaving off the Authenticate header in some cases? Please help... Thank you!!!
- Next message: Andreas Claudi: "Re: Signing effects"
- Previous message: Alek Davis: "Re: RSA encryption and decryption!!!!"
- In reply to: alien251: "URGENT... mixed anonymous and integrated security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
