Re: client gets always every first time for every page a 401
From: Stephen L Nicoud (nicouds_at_hotmail.com)
Date: 05/29/03
- Next message: All Pennies: "Netpalnow"
- Previous message: BB: "Re: options and propfind"
- In reply to: BB: "Re: client gets always every first time for every page a 401"
- Next in thread: BB: "Re: client gets always every first time for every page a 401"
- Reply: BB: "Re: client gets always every first time for every page a 401"
- Reply: BB: "Re: client gets always every first time for every page a 401"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 May 2003 06:24:34 -0400
I think you are missing megloff's point.
What you say is correct with respect to the first non-anonymous access to a server. Megloff's point is that he is seeing this behavior (anonymous access first, which is denied; then a second request for the same resource with credentials) for each and every resource request.
His log (see his post that started this thread) is showing 2 GET requests for every resource. The first of the two requests for a resource is denied because it is sent without credentials. The second is successful because it does include the credentials. For all but the first access to any non-anonymous resource on a server there should only be one GET request.
"BB" <qbernard@hotmail.com> wrote in message news:#eLBIxaJDHA.2068@TK2MSFTNGP10.phx.gbl...
> Errr this is what i read
> ---
> Orders of Precedence: When the browser makes a request, it always considers
> the first request to be Anonymous. Therefore, it does not send any
> credentials. If the server does not accept Anonymous or if the Anonymous
> user account set on the server does not have permissions to the file being
> requested, the IIS server responds with an "Access Denied" error message and
> sends a list of the authentication types that are supported by using one of
> the following scenarios:
>
> --If Windows Integrated is the only supported method (or if Anonymous
> fails), then the browser must support this method to communicate with the
> server. The server tries Kerberos first, and if this fails, then the server
> falls back to Windows NT Challenge/Response. If this fails, the server does
> not try any of the other methods.
>
> --If Basic is the only supported method (or if Anonymous fails), then a
> dialog box appears in the to get the credentials, and then passes these to
> the server. It attempts to send the credentials up to three times. If these
> all fail, the browser does not connect to the server.
>
> --If both Basic and Windows Integrated are supported, the browser determines
> which method is used. If the browser supports Kerberos or Windows NT
> Challenge/Response, it uses this method. It does not fall back to Basic. If
> Windows NT Challenge/Response and Kerberos are not supported, the browser
> uses Basic, Digest, or Fortezza if it supports these. The order of
> precedence here is Basic, Digest, and then Fortezza.
> ____
>
>
> From what I've seen it always try anonymous connection first,
> I'm not sure how to make 'basic' auth the first choice. as far
> as IE is concern, unlikely you able to change it.
>
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
>
>
> "megloff" <joes@bluewîn.ch> wrote in message
> news:uOfUfDVJDHA.1360@TK2MSFTNGP10.phx.gbl...
> > Thank you, but on that page is this behaviour not clear enough
> > described. Here the following snipped extract:
> >
> > ---
> > When your browser establishes a connection with a Web site by using
> > Basic or NTLM authentication, it does not fall back to Anonymous during
> > the rest of that session with the server.
> >
> > If you try to connect to a Web page that is marked for Anonymous only
> > after authenticating, you will be denied. (This may or may not hold true
> > for Netscape).
> > When Internet Explorer has established a connection with the server by
> > using Basic or NTLM authentication, it passes the credentials for every
> > new request for the duration of the session.
> > ---
> >
> > I analyzed the log file of the IIS, it seems that the browser does not
> > make an anonymous authentication for every new site. Sometimes it passes
> > the credentials also directly for new pages, although they are the first
> > time requested in the session.
> >
> > So my further question, what needs my browser (IE 5.01) in order to not
> > fail back to the anonymous mode ? What are the criterias ? Does the IIS
> > set some cookies for the authentication ? If yes, exists there any
> > detailed information ?
> >
> > You ask may be your self, why is that so important for me. We are using
> > Vignette, a CMS which operates with an own ISAPI filter. Unfortunately
> > when the basic authentiation is activated on that server instance, it
> > produces double form posts, because the filter is not intelligent enough
> > to identify that the first request is handled by the IIS with an 401.
> > This product version is also not supported any more, that means I have
> > to look for a workaround.
> >
> > So any further suggestions ?
> > Thank you in advance.
> > regards
> >
> > Mark
> >
> >
> >
> >
> >
> >
> >
> > *** Sent via Developersdex http://www.developersdex.com ***
> > Don't just participate in USENET...get rewarded for it!
>
>
- Next message: All Pennies: "Netpalnow"
- Previous message: BB: "Re: options and propfind"
- In reply to: BB: "Re: client gets always every first time for every page a 401"
- Next in thread: BB: "Re: client gets always every first time for every page a 401"
- Reply: BB: "Re: client gets always every first time for every page a 401"
- Reply: BB: "Re: client gets always every first time for every page a 401"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
