Re: iis user failure when using windows
From: jt (torjo01@ca.com)
Date: 12/10/02
- Next message: Jeff Cochran: "Re: IIS Secure Baseline Builds - New IIS Security Paper Published"
- Previous message: Karl Levinson [x y] mvp: "Re: Authentication Problems"
- In reply to: Karl Levinson [x y] mvp: "Re: iis user failure when using windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "jt" <torjo01@ca.com> Date: Tue, 10 Dec 2002 08:46:26 -0800
I enabled auditing. I set the domain in Basic
Authorization but it still fails with Integrated Windows
is used and when its disabled as well. They go to the
site, its asks them for there domain username and
password, and they put the proper one, and it still fails.
In the Security log it says the logon/logoff of user
System is failing. So users trying to access this site are
being logged on as system...its not picking up their
userid over the web. So to me when reading the only way
that a username password is asked is when domain
authorization fails..is this correct? Then why does it
fail? System user has full security access on the folders
in question though.
Any help would be appreciated.
jt
ps all this happened after MS security patches were
installed.
>-----Original Message-----
>
>"jt" <jtingres@comcast.net> wrote in message
>news:4-CdnfX5fsyb5GigXTWcpg@comcast.com...
>> I'm still having trouble finding a problem with our asp
page. Basically we
>> have an xml script that gets the users identification,
queries a database
>> and brings back the information. I can't use anoymous
to my knowledge to
>get
>> the users id, I have to use Integrated windows
authentication to get a
>users
>> id..correct?
>
>You could also use Basic Authentication [though then
users would have to
>enter an ID and password to see the site]. You could
also use anonymous
>access and script your own login form with a list of user
IDs, passwords and
>permissions kept in a table such as a SQL or Access
database, etc.
>
>> This is a server on a domain with domain users
accessing this
>> site, but it fails getting regular users information,
but any
>> administrators on the box it works fine. I've given
iusr account security
>> access on the folder....is there some sort of access
I'm missing to give
>> users access to the web folder? What security access do
i have to give for
>> domain users to log onto an asp web page site that the
xml can pick up
>> userid's.
>
>Enable auditing to see what permission is being denied to
which login ID.
>It sounds like maybe you need to create either an IUSR or
an IWAM account on
>the domain and use that in IIS instead. It could also be
that the IWAM user
>is being used instead of IUSR. More information:
>
>http://securityadmin.info/faq.htm#iwam
>
>
>
>
>.
>
- Next message: Jeff Cochran: "Re: IIS Secure Baseline Builds - New IIS Security Paper Published"
- Previous message: Karl Levinson [x y] mvp: "Re: Authentication Problems"
- In reply to: Karl Levinson [x y] mvp: "Re: iis user failure when using windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
