IIS / NTFS Security Issues with hyperlink within e-mail

From: Ben Saragozza (saragob@svhm.org.au)
Date: 10/03/02

Next message: Tim Frey: "FTP Access"
Previous message: Atrax _: "Re: Restricting access to files"
Next in thread: Ken Schaefer: "Re: IIS / NTFS Security Issues with hyperlink within e-mail"
Reply: Ken Schaefer: "Re: IIS / NTFS Security Issues with hyperlink within e-mail"
Reply: Stefan Schachner[MS]: "RE: IIS / NTFS Security Issues with hyperlink within e-mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ben Saragozza" <saragob@svhm.org.au>
Date: Wed, 2 Oct 2002 18:16:40 -0700

Some users within our network apx: 20-30% are experiancing
the following problem, any feedback would be appreciated.

Scenario:
~~~~~~~~~~
I have an asp page on our Intranet server which is set
to "windows integrated security" the NTFS permissions on
this file are "Everybody - Full control", the sole purpose
of this is to ensure that requests to this page contain
the "AUTH_USER" server variable.

Problem:
~~~~~~~~~
When this page is navigated to via the home page of the
Intranet all works well for all users. When users link to
this URL directly via an outlook e-mail the following
problem occurs. The page is displayed by the "Callange /
Security" dialog is also displayed requesting the user
authenticates to access the page, all authentication
attempts fail however when the user selects cancel they
are able to use the page until submit on the page causes
the "Callenge / Security" dialog to appear again.

This is not a machine config problem as I have requested
problem users try other machine (ones used by working
users) and the problem seems to follow them.

I have not found any KB articles on issues with
hyerlinking from an e-mail to a secure page on an IIS web
server hence I feel that I'm missing somthing???

Next message: Tim Frey: "FTP Access"
Previous message: Atrax _: "Re: Restricting access to files"
Next in thread: Ken Schaefer: "Re: IIS / NTFS Security Issues with hyperlink within e-mail"
Reply: Ken Schaefer: "Re: IIS / NTFS Security Issues with hyperlink within e-mail"
Reply: Stefan Schachner[MS]: "RE: IIS / NTFS Security Issues with hyperlink within e-mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NEWS] Abyss Web Server Directory Traversal and Administration Bugs
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Abyss Web Server is a free personal web server ... Keep-Alive Requests: ...
(Securiteam)
RE: Options for securing a Public Webserver and Private Intranet on same server.
... Options for securing a Public Webserver and Private Intranet on same server. ... Use the IIS checklist and tools and regularly apply all new security patches ...
(Focus-Microsoft)
Client to server authentication
... I've only recently started working as a security analyst so please be ... The majority of worms and attacks on servers seem to stem from ... market that blocks requests to a server that do not originate from the ...
(Security-Basics)
I need flowchart for how Internet Explorer determines security zon
... the security domain to find out if the action is allowed. ... zone until all of the IE patches have been distributed. ... adding the site to the intranet site's list would still have this fixed. ... When the server I was pulling the assembly from was in the intranet zone, ...
(microsoft.public.internet.explorer.ieak)
Re: Enhanced Security Settings Windows 2003 Server
... how to configure terminal server in combination with enhanced security. ... Do you use a proxy server for your Internet connection? ... to your applications and Intranet while NOT being able to get to the ... Maybe someone else in this group has more info about the enhanced security ...
(microsoft.public.windows.terminal_services)