Re: Integrated Windows Authentication not working
From: Stephen L Nicoud (nicouds@hotmail.com)
Date: 05/17/02
- Next message: Todd: "Re: Disabling .inc files with IIS"
- Previous message: Steve: "Re: I want to become a Certified CA"
- In reply to: MHughes: "Re: Integrated Windows Authentication not working"
- Next in thread: MHughes: "Re: Integrated Windows Authentication not working"
- Reply: MHughes: "Re: Integrated Windows Authentication not working"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 May 2002 22:00:03 -0700 From: Stephen L Nicoud <nicouds@hotmail.com>
> > Hughes wrote:
> > >
> > > I've had this working with out issue on other sites. Everytime the users
> > > enters the web site into their browser, the cert comes up, they say yes,
> and
> > > then the dialog comes up to enter their credentials. This is for a
> employee
> > > only web site and no one is behind a proxy server. Their IE credentials
> will
> > > not work because they are logged into their ISP and not our domain.
So, you are saying that your web server is directly on the Internet with
NO proxy in front of it and you are absolutely sure that there is no
proxy server between the various user's ISPs and your web server? How
do you know that?
If you web server is directly on the Internet, can you post the URL so
that we can try to access it to see if we get prompted?
> When
> you
> > > log in, the cert comes up, click on yes, and then it goes straight to
> the
> > > you are not authorized page without ever asking for additional
> credentials.
> > >
> > > My server is all NTFS, but I have not made any settings beyond the
> default
> > > for permissions.
> >
> > 1. What are the default permissions? Do you have domain users, domain
> > groups or local groups that contain domain users or groups on the access
> > control lists for your file resources.
> 1. I only have specific local users on the ACL
Just to be clear, you are talking about the NTFS permissions on all of
your .asp files, right, including all directories?
Is the local IUSR_hostname, guest or everyone account one of those
accounts?
If you put a plain html or text file in the same directory as your .asp
files and ensure that it has the same permissions and if try to access
that file what happens?
And you're sure that the authentication settings for the virtual
directory that maps to the physical directory where the .asp files are
does not have anonymous enables, but does have Basic Authentication and
Integrated Windows Authentication enabled?
> > 2. On your client computer, when you connect with IE to your web site
> > which security zone does IE report the site being in?
> 2. It reports Internet
OK.
> > 3. What is the value of the "User Authentication > Logon" option for the
> > zone identified in question #2?
> 3. Not sure how to determine this info
In IE follow this route Tools > Internet Options > Security > Internet >
Custom Level > Settings: > User Authentication > Logon".
> > 4. In IE, what is the value of the "Enable Integrated Windows
> > Authentication (requires restart)" security option on the "Advanced" tab
> > of "Internet Options"?
> 4. It is off
So, IE is not even configured to do IWA.
> > 5. Do you get different behavior if you disable Integrated Windows
> > Authentication but leave Basic Authentication enabled?
> 5. No
Just to be clear I meant disabling of IWA on the web server. I didn't
mean disabling of IWA in IE.
Is it possible that you logged in to some other part of the website
before going to your .asp files?
-- Reply to the newsgroup.
- Next message: Todd: "Re: Disabling .inc files with IIS"
- Previous message: Steve: "Re: I want to become a Certified CA"
- In reply to: MHughes: "Re: Integrated Windows Authentication not working"
- Next in thread: MHughes: "Re: Integrated Windows Authentication not working"
- Reply: MHughes: "Re: Integrated Windows Authentication not working"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
