Re: client gets always every first time for every page a 401

From: megloff (joes_at_bluewîn.ch)
Date: 05/28/03 

Date: Wed, 28 May 2003 12:39:35 -0700

Thank you, but on that page is this behaviour not clear enough
described. Here the following snipped extract: 

---
When your browser establishes a connection with a Web site by using
Basic or NTLM authentication, it does not fall back to Anonymous during
the rest of that session with the server.
If you try to connect to a Web page that is marked for Anonymous only
after authenticating, you will be denied. (This may or may not hold true
for Netscape).
When Internet Explorer has established a connection with the server by
using Basic or NTLM authentication, it passes the credentials for every
new request for the duration of the session.
---
I analyzed the log file of the IIS, it seems that the browser does not
make an anonymous authentication for every new site. Sometimes it passes
the credentials also directly for new pages, although they are the first
time requested in the session.
So my further question, what needs my browser (IE 5.01) in order to not
fail back to the anonymous mode ? What are the criterias ? Does the IIS
set some cookies for the authentication ? If yes, exists there any
detailed information ?
You ask may be your self, why is that so important for me. We are using
Vignette, a CMS which operates with an own ISAPI filter. Unfortunately
when the basic authentiation is activated on that server instance, it
produces double form posts, because the filter is not intelligent enough
to identify that the first request is handled by the IIS with an 401.
This product version is also not supported any more, that means I have
to look for a workaround.
So any further suggestions ?
Thank you in advance.
regards
Mark
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: Cant make a domain user the "anonymous access" user
    ... When dealing with authentication issues it is VERY important to ... Some of the things you claim is not consistent with a default IIS ... If you use a browser that cannot do NTLM, by definition, a 401.2 error is ... user account that works and your domain account that does not. ...
    (microsoft.public.inetserver.iis.security)
  • Re: client gets always every first time for every page a 401
    ... cause the browse will always try anonymous access first. ... How IIS Authenticates Browser Clients ... > I have an issue with the basic authentication from IIS. ...
    (microsoft.public.inetserver.iis.security)
  • RE: logout a browser under integrated security
    ... due to the browser. ... but not server ... >server by using Basic or NTLM authentication, ... >IIS Authenticates Browser Clients" ...
    (microsoft.public.inetserver.iis.security)
  • Re: NT Authentication with ASP
    ... Without credentials, IIS will assume anonymous access. ... If Anonymous authentication is enabled, ... unless the browser has already authenticated. ...
    (microsoft.public.inetserver.asp.general)
  • Re: a WWW-Authenticate header field that the server is not configu
    ... "Web browser is sending a WWW-Authenticate header field that the Web ... Read the IIS documentation on how to set up Client Certificate ... and if you turn off all IIS Authentication Methods as well as ... "Web browser is sending a WWW-Authenticate header field that the Web ...
    (microsoft.public.inetserver.iis.security)