Re: client gets always every first time for every page a 401
From: BB (qbernard_at_hotmail.com)
Date: 05/29/03
- Next message: BB: "Re: Command line util to change anon username"
- Previous message: perseus_medusa_at_hotmail.com: "options and propfind"
- In reply to: megloff: "Re: client gets always every first time for every page a 401"
- Next in thread: Stephen L Nicoud: "Re: client gets always every first time for every page a 401"
- Reply: Stephen L Nicoud: "Re: client gets always every first time for every page a 401"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 May 2003 14:33:53 +0800
Errr this is what i read
--- Orders of Precedence: When the browser makes a request, it always considers the first request to be Anonymous. Therefore, it does not send any credentials. If the server does not accept Anonymous or if the Anonymous user account set on the server does not have permissions to the file being requested, the IIS server responds with an "Access Denied" error message and sends a list of the authentication types that are supported by using one of the following scenarios: --If Windows Integrated is the only supported method (or if Anonymous fails), then the browser must support this method to communicate with the server. The server tries Kerberos first, and if this fails, then the server falls back to Windows NT Challenge/Response. If this fails, the server does not try any of the other methods. --If Basic is the only supported method (or if Anonymous fails), then a dialog box appears in the to get the credentials, and then passes these to the server. It attempts to send the credentials up to three times. If these all fail, the browser does not connect to the server. --If both Basic and Windows Integrated are supported, the browser determines which method is used. If the browser supports Kerberos or Windows NT Challenge/Response, it uses this method. It does not fall back to Basic. If Windows NT Challenge/Response and Kerberos are not supported, the browser uses Basic, Digest, or Fortezza if it supports these. The order of precedence here is Basic, Digest, and then Fortezza. ____ >From what I've seen it always try anonymous connection first, I'm not sure how to make 'basic' auth the first choice. as far as IE is concern, unlikely you able to change it. -- Regards, Bernard Cheah http://support.microsoft.com/ "megloff" <joes@bluewîn.ch> wrote in message news:uOfUfDVJDHA.1360@TK2MSFTNGP10.phx.gbl... > Thank you, but on that page is this behaviour not clear enough > described. Here the following snipped extract: > > --- > When your browser establishes a connection with a Web site by using > Basic or NTLM authentication, it does not fall back to Anonymous during > the rest of that session with the server. > > If you try to connect to a Web page that is marked for Anonymous only > after authenticating, you will be denied. (This may or may not hold true > for Netscape). > When Internet Explorer has established a connection with the server by > using Basic or NTLM authentication, it passes the credentials for every > new request for the duration of the session. > --- > > I analyzed the log file of the IIS, it seems that the browser does not > make an anonymous authentication for every new site. Sometimes it passes > the credentials also directly for new pages, although they are the first > time requested in the session. > > So my further question, what needs my browser (IE 5.01) in order to not > fail back to the anonymous mode ? What are the criterias ? Does the IIS > set some cookies for the authentication ? If yes, exists there any > detailed information ? > > You ask may be your self, why is that so important for me. We are using > Vignette, a CMS which operates with an own ISAPI filter. Unfortunately > when the basic authentiation is activated on that server instance, it > produces double form posts, because the filter is not intelligent enough > to identify that the first request is handled by the IIS with an 401. > This product version is also not supported any more, that means I have > to look for a workaround. > > So any further suggestions ? > Thank you in advance. > regards > > Mark > > > > > > > > *** Sent via Developersdex http://www.developersdex.com *** > Don't just participate in USENET...get rewarded for it!
- Next message: BB: "Re: Command line util to change anon username"
- Previous message: perseus_medusa_at_hotmail.com: "options and propfind"
- In reply to: megloff: "Re: client gets always every first time for every page a 401"
- Next in thread: Stephen L Nicoud: "Re: client gets always every first time for every page a 401"
- Reply: Stephen L Nicoud: "Re: client gets always every first time for every page a 401"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
