Re: Integrated Windows Authentication

From: BB (Bernard_at_3exp.com)
Date: 04/09/03


From: "BB" <Bernard_at_3exp.com>
Date: Wed, 9 Apr 2003 15:17:04 +0800


Of coz. if you have proxy in between. NTLM won't work.
Normally we do Basic Auth + SSL

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
"bimosekin" <bimosekin@hotmail.com> wrote in message
news:047101c2fe63$6d200e70$a401280a@phx.gbl...
> It does not work in my case, I guess this might have to
> do with the browser being configured with proxy-server.
>
> If I then have to use "Basic Authentication", how can I
> proted username and password" from potential sniffers.
>
>
> >-----Original Message-----
> >Check you IE settings.
> >Option - Security - based on the zone,
> >click on customer level, scroll down to the bottom,
> >select 'prompt for username and password'.
> >
> >
> >
> >-- 
> >Regards,
> >Bernard Cheah
> >http://support.microsoft.com/
> >
> >
> >"bimosekin" <bimosekin@hotmail.com> wrote in message
> >news:065201c2fe06$97715100$2f01280a@phx.gbl...
> >> We have a subdirectory within a website on IIS 5.0, on
> >> which users are to login with their username and
> password
> >> before accessing it.
> >>
> >> The Webserver is place in DMZ and not part of the
> domain.
> >> Local accounts are also created on the server with
> >> required NTFS permission on the subdirectory.  On the
> IIS
> >> level, the directory is enabled only with "Integrated
> >> Windows Authentication".
> >>
> >> However the user get "not authorized message" whenever
> >> they try to login through their WindowsXP clients
> wuthin
> >> the domain.  No login paged is displayed for them to be
> >> able to enter their credentials. But I do get a login
> page
> >> when I tried accessing the subdirectory from external
> >> connection on W2K client.
> >>
> >> The only way I get the login page within the domain is
> if
> >> I enabled "Basic Authentication", but I do not wish to
> >> leave this enable due to security reason.
> >>
> >> Any help?
> >
> >
> >.
> >


Relevant Pages

  • Re: Integrated Windows Authentication
    ... do with the browser being configured with proxy-server. ... proted username and password" from potential sniffers. ... >> they try to login through their WindowsXP clients ...
    (microsoft.public.inetserver.iis.security)
  • Problem handling Login control Authenticate event
    ... login process. ... required for login… they have a username, password, and another “location ... and when the extra input field is submitted ... for the users where this concatenation of the two input field ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: failed password tries...!!
    ... but log only the username if the ... password/username pair is reversed but otherwise valid; and if a login ... The encryption code must be on the auth ... without first compromising your private key somehow. ...
    (comp.lang.java.programmer)
  • Re: Problem with Upgrade MS Access 2003 to Access 2007
    ... requires a login (I assume you mean username) and password. ... When working with Workgroup Security the best advice is to realize ... I did go to the immediate window posting, and tried it out, doing the command ...
    (microsoft.public.access.security)
  • eFiction <= 2.0 multiple vulnerabilities
    ... "Efiction is a software program that enables users to run automated original or fanfiction ... if magic_quotes_gpc off -> Login bypass: ... username: 'UNION SELECT 'd41d8cd98f00b204e9800998ecf8427e',penname,uid,userskin,level,email FROM fanfiction_authors where level=1/* ...
    (Bugtraq)