Re: Problem - moving to IIS 6.0

From: David Wang [Msft] (someone@online.microsoft.com)
Date: 04/18/03 

From: "David Wang [Msft]" <someone@online.microsoft.com>
Date: Thu, 17 Apr 2003 18:59:04 -0700

I do not see anything wrong with what you are saying nor what is happening
(i.e. the behavior is by-design). I'll just offer you some explanation of
what is probably going on.

First Q:
As a part of Integrated authentication's handshake, you will always see a
401.2. This is because web browsers, by default, do not know if a web
server supports/requires authentication, so it always sends a request using
anonymous auth (i.e. no auth). Web Servers that require authentication and
disallow anonymous will reject that request with a 401.2 and tell the client
what authentication method(s) it support(s). Subsequently, it is up to the
client to figure out how to optimize the requests to not trigger unnecessary
authentication attempts (but realize with any optimization strategy that the
server can always be mis-configured to foil any optimization strategy of the
client, so it really takes a little cooperation between the client and
server). In the case of Integrated authentication, IE will be fine as long
as the connection it uses is kept alive. IE does remember if a site
requires Integrated authentication, so subsequent requests tend to go over
the same connection and never trigger 401.2. I think IE has trouble with
pipelined requests (multiple different requests) over the same connection
and the web server uses authentication (of any sort) -- all those pipelined
requests will be rejected with 401.2 initially, and then everything is ok.
Once again, this is a client-side optimization.

Take Away -- You can only assume that authentication can be automatically
negotiated for you; it is irrational to assume that authentication happens
by premonition. If a browser doesn't know a website requires
authentication, it cannot pre-send any authentication credentials since that
is a security risk.

Second Q:
Windows Server 2003 comes with .Net Framework 1.1 by default. You will need
to install .Net Framework 1.0 and also instruct ASP.Net to use 1.0 files
instead of 1.1 files on a per-vdir basis (use aspnet_regiis.exe inside of
v1.0.3705 directory to do this to the vdir containing your ASP.Net
application -- look at the -s or -sn switch).

I do not know if .Net, at run time, will run ASP.Net with different versions
of the Framework through dynamic determination or static hints. It seems
like something that should be configured (like what I was noting with
aspnet_regiis.exe) on the server for each application. 

--
//David
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Andy Doyle" <doyle_am@hotmail.com> wrote in message
news:06a901c3034f$a9b6b910$a401280a@phx.gbl...
Hi,
I've got an ASP.NET app that I've designed and tested on
a Win2k box running .NET Framework 1.0.  Everything was
looking great so I decided to copy the app over to a
Win2k3 box to make sure it worked there.
Problem!  Now when I navigate around the app files aren't
always loaded or take a while to load.  Looking at the
IIS logs, I can see that there are sometimes 2 requests
for the same file.  The first one fails with a 401.2
error but the next one loads okay - the only difference I
can see is that the one that passes provided the username
in the log string.
My IIS folders are all set up with only Integrated
Security enabled - so why is it trying to load a file
without providing the login details?
Well that's the first Q - but I have another.  I'm also
seeing a problem with my app trying to read the
SmartNav.htm file from the asp_net\1.1........ folder;
and it just sits there trying to access it.  Can someone
tell me if it is possible to force my app to use version
1.0 of the framework when it runs rather than just using
the latest?  That way I could rule out v1.1 causing the
problem.
I would be very grateful if someone could help me out
with this.
Regards,
Andy

Relevant Pages

  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Windows 2003/IIS 6.0 + IE 6.0 - random authentication dialog
    ... NetMon can be found in Add/Remove Programs under Network ... Proper Integrated Authentication functionality requires strict adherence to ... authentication and runnning under Windows 2003 Server Standard ... It happens when the UI requests dynamic content from ...
    (microsoft.public.inetserver.iis.security)
  • Re: Problem - moving to IIS 6.0
    ... >what authentication methodit support. ... >client to figure out how to optimize the requests to not ... >I've got an ASP.NET app that I've designed and tested on ...
    (microsoft.public.inetserver.iis.security)
  • Authentication Sharing Across Apps
    ... For my part "B" question that I had (Login App was not returning ... authentication to calling app), I found the solution. ... Basically, in both the Login App and Calling App Web.Config, I did ... authenticated connection with SQL server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: authentication problem
    ... > I'm developing an asp.net app on my local machine at home ... > the machine is part of a domain and running the app on my machine ... I went in and removed authentication all together and suddenly ... Sounds like your IIS Server (server running on your workstation, ...
    (microsoft.public.dotnet.framework.aspnet)
Loading