Re: client gets always every first time for every page a 401
From: BB (qbernard_at_hotmail.com)
Date: 05/29/03
- Next message: Colin Colin: "Re: Use NT security for Web Application, don't use Internet User Guest Account"
- Previous message: Alessandro Perilli: "Re: Probable Internet Explorer Problem"
- In reply to: Stephen L Nicoud: "Re: client gets always every first time for every page a 401"
- Next in thread: BB: "Re: client gets always every first time for every page a 401"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 May 2003 20:08:33 +0800
I'm a bit lost :)
2 GET requests ?
are you referring the double posts of his CMS isapi filter ?
-- Regards, Bernard Cheah http://support.microsoft.com/ "Stephen L Nicoud" <nicouds@hotmail.com> wrote in message news:#J1ZrycJDHA.2224@TK2MSFTNGP11.phx.gbl... I think you are missing megloff's point. What you say is correct with respect to the first non-anonymous access to a server. Megloff's point is that he is seeing this behavior (anonymous access first, which is denied; then a second request for the same resource with credentials) for each and every resource request. His log (see his post that started this thread) is showing 2 GET requests for every resource. The first of the two requests for a resource is denied because it is sent without credentials. The second is successful because it does include the credentials. For all but the first access to any non-anonymous resource on a server there should only be one GET request. "BB" <qbernard@hotmail.com> wrote in message news:#eLBIxaJDHA.2068@TK2MSFTNGP10.phx.gbl... > Errr this is what i read > --- > Orders of Precedence: When the browser makes a request, it always considers > the first request to be Anonymous. Therefore, it does not send any > credentials. If the server does not accept Anonymous or if the Anonymous > user account set on the server does not have permissions to the file being > requested, the IIS server responds with an "Access Denied" error message and > sends a list of the authentication types that are supported by using one of > the following scenarios: > > --If Windows Integrated is the only supported method (or if Anonymous > fails), then the browser must support this method to communicate with the > server. The server tries Kerberos first, and if this fails, then the server > falls back to Windows NT Challenge/Response. If this fails, the server does > not try any of the other methods. > > --If Basic is the only supported method (or if Anonymous fails), then a > dialog box appears in the to get the credentials, and then passes these to > the server. It attempts to send the credentials up to three times. If these > all fail, the browser does not connect to the server. > > --If both Basic and Windows Integrated are supported, the browser determines > which method is used. If the browser supports Kerberos or Windows NT > Challenge/Response, it uses this method. It does not fall back to Basic. If > Windows NT Challenge/Response and Kerberos are not supported, the browser > uses Basic, Digest, or Fortezza if it supports these. The order of > precedence here is Basic, Digest, and then Fortezza. > ____ > > > From what I've seen it always try anonymous connection first, > I'm not sure how to make 'basic' auth the first choice. as far > as IE is concern, unlikely you able to change it. > > > -- > Regards, > Bernard Cheah > http://support.microsoft.com/ > > > "megloff" <joes@bluewîn.ch> wrote in message > news:uOfUfDVJDHA.1360@TK2MSFTNGP10.phx.gbl... > > Thank you, but on that page is this behaviour not clear enough > > described. Here the following snipped extract: > > > > --- > > When your browser establishes a connection with a Web site by using > > Basic or NTLM authentication, it does not fall back to Anonymous during > > the rest of that session with the server. > > > > If you try to connect to a Web page that is marked for Anonymous only > > after authenticating, you will be denied. (This may or may not hold true > > for Netscape). > > When Internet Explorer has established a connection with the server by > > using Basic or NTLM authentication, it passes the credentials for every > > new request for the duration of the session. > > --- > > > > I analyzed the log file of the IIS, it seems that the browser does not > > make an anonymous authentication for every new site. Sometimes it passes > > the credentials also directly for new pages, although they are the first > > time requested in the session. > > > > So my further question, what needs my browser (IE 5.01) in order to not > > fail back to the anonymous mode ? What are the criterias ? Does the IIS > > set some cookies for the authentication ? If yes, exists there any > > detailed information ? > > > > You ask may be your self, why is that so important for me. We are using > > Vignette, a CMS which operates with an own ISAPI filter. Unfortunately > > when the basic authentiation is activated on that server instance, it > > produces double form posts, because the filter is not intelligent enough > > to identify that the first request is handled by the IIS with an 401. > > This product version is also not supported any more, that means I have > > to look for a workaround. > > > > So any further suggestions ? > > Thank you in advance. > > regards > > > > Mark > > > > > > > > > > > > > > > > *** Sent via Developersdex http://www.developersdex.com *** > > Don't just participate in USENET...get rewarded for it! > >
- Next message: Colin Colin: "Re: Use NT security for Web Application, don't use Internet User Guest Account"
- Previous message: Alessandro Perilli: "Re: Probable Internet Explorer Problem"
- In reply to: Stephen L Nicoud: "Re: client gets always every first time for every page a 401"
- Next in thread: BB: "Re: client gets always every first time for every page a 401"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
