IIS 5 - Security Denied but access granted??? Help Please

From: Stewart Kember (kembers@comp.lancs.ac.uk)
Date: 11/01/02

• Next message: Jeff Cochran: "Re: URL Scan Tweaking"
• Previous message: C S: "impersonation / changing ownership of uploaded files with IIS FTP"
• In reply to: Rob Carey: "IIS 5 - Security Denied but access granted??? Help Please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Stewart Kember" <kembers@comp.lancs.ac.uk>
Date: Fri, 1 Nov 2002 04:10:43 -0800

Have you found a solution to this problem? - im
experiencing the same. I'm running Windows 2000 server
with all anonymous access denied and Integrated Windows
Authentication enabled. NTFS permissions are set, IUSR
account is disabled yet when accessing a web page the user
simply hits enter twice (i.e. 'OK' on blank log in prompt
x 2)and the page is loaded. Any help appreciated.
regards
S Kember

>-----Original Message-----
>Good Day Everyone,
>
>I have a strange question.
>I am running IIS 5.0 on a windows 2K Pro box. The W2K Pro
>box has access to active directory, active directory
>contains all of the user accounts. I have IIS security
set
>to INTEGRATED. anonymous access is denied. File system is
>NTFS - anonymous access here is denied too.
>
>When a user hits the web site they get a login prompt and
>enter thier name, password, and domain. all is good so
far.
>
>The problem starts here...
>
>There are some pages within the website that need to be
>restricted to only certian users of the domain. When a
>user who should not et access to this page clicks on the
>link for it they get a password prompt again, if they
>enter thier crudentials again they will be denied - this
>is good!, but if they leave the password, userid and
>dmoain blank and hit enter the page opens.. Why does this
>happen?
>
>If you can help me, or would require any further
>information please email me directly at
>Rob_carey*NOSMAP_PLEASE*@gov.nt.ca..
>
>Thank you
>.
>

---

• Next message: Jeff Cochran: "Re: URL Scan Tweaking"
• Previous message: C S: "impersonation / changing ownership of uploaded files with IIS FTP"
• In reply to: Rob Carey: "IIS 5 - Security Denied but access granted??? Help Please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Users list ... Hi all I'm running windows XP Pro... ... I have installed IIS and turned off ... anonymous access. ... (microsoft.public.windowsxp.general) Re: Users list ... Never mind I found it in Local Security Settings -> Local Policies -> User ... Rights Assignment -> Deny logon locally ... > Hi all I'm running windows XP Pro... ... > anonymous access. ... (microsoft.public.windowsxp.general) Re: Setting up a server ... This is because of the way authentication is set for your web. ... If you want to allow anonymous access to your web (that is without being ... > from my computer and try to access it, a window pops up ... > running windows XP and that XP firewall is not running ... (microsoft.public.security) Re: Why cant I browse to this file on my local IIS Server? ... Here's what I found in the Event Log: ... > I have the virtual directory set to Allow Anonymous Access. ... but unless I supply my own credentials (via Integrated Windows ... (microsoft.public.inetserver.iis) Using Windows Integrated Authentication to access Active Directory ... I have disabled "Anonymous Access" & enabled "Integrated Windows ... Web.config file has the following entries: ... application successfully runs after determining the windows user in the ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)