Re: MSPOP-UP MESSAGE SERVICE <KILLER POP-UPS>
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/01/03
- Next message: Bernard: "Re: Strange W3svc log entries"
- Previous message: David Wang [Msft]: "Re: IIS TOMCAT Security"
- Next in thread: Kathy: "Re: MSPOP-UP MESSAGE SERVICE <KILLER POP-UPS>"
- Reply: Kathy: "Re: MSPOP-UP MESSAGE SERVICE <KILLER POP-UPS>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 20:20:00 -0700
Basic authentication is pretty straight forward. If the server requests
Basic authentication and the request has the magic Authorization: Basic
header, it's allowed access (after the ACL checks out). Else, it's denied
access.
Presence of the authentication dialog mainly indicates that the browser
received a 401 response and after a couple of authentication attempts (this
is configurable in IE), it failed to auto-negotiate credentials for you.
The particular type of 401 (IIS has five predefined types) determines what
you should do to address the situation.
Based on what I've said, there are several ways to troubleshoot this:
1. Make sure the client is auto-negotiating credentials for you (since most
users expect this). IE turns off auto-negotiating for Internet sites, and
all this is Configurable, so you need to see what you've got configured.
2. If you get 401.1, it means logon failed. If you hit cancel on the dialog
boxes, you get Access Denied. Check your domain/username/password.
3. If you get 401.3, it means you logged on correctly, but your credentials
didn't have access. Check your ACLs on the resource
4. If you get 401.4, some ISAPI filter installed on the server rejected you
access for arbitrary reason
5. If you get 401.5, the application itself denied you access. Check your
ACLs on the resource and on the Application DLL/Script.
On IIS6, the sub status codes are logged. They are not logged on prior IIS
versions, so you'll need to access the 401 responses to see what it is (use
a network sniffer).
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "Kathy" <rrnews@btaw.com> wrote in message news:1IYVa.24990$Vp.1109133@twister.socal.rr.com... "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message news:uQU73XuVDHA.2488@TK2MSFTNGP09.phx.gbl... > You've got a good sense of humor but a bad way of using it. Try making it > obvious that you're joking with us so it won't be taken so.....literally ;-) I'll try to be less sarcastic. I guess it was the suggestion that I get a firewall that got me started, kind of like suggesting to me that I not hit myself in the head with a hammer or that I look both ways before crossing the street or that I not run with scissors. I guess I assumed (incorrectly, perhaps) that people posting questions in an IIS security ng were perhaps administrating web servers and/or writing asp applications and were past the "you should be using a firewall" state. Now, I'd be delighted if one of you could help me with my "real" problem-- the recent appearance of 2 authentication dialogs when trying to open ASPX pages on my client's website. ASP pages only see the first authentication dialog. It obviously has something to do with using basic authentication in a web application that uses ASP pages _and_ .NET, but I don't have any idea where to begin on that one. Or maybe someone knows of a more appropriate ng for my question? I posted also on microsoft.public.dotnet.framework.aspnet.security, and although nobody there has accused my ignorance and severe lack of knowledge of being the major source of problems on the internet, neither has anyone answered my question. I have googled, and looked in MSDN, either I am suffering from that severe lack of knowledge I was accused of, or I don't know how to ask the question, or I really _am_ the cause of all the problems on the internet and I ought to unplug my network cable. (sigh) - Kathy > > BTW - I installed that patch on every computer in my house, glad to know I'm > up to date <g>
- Next message: Bernard: "Re: Strange W3svc log entries"
- Previous message: David Wang [Msft]: "Re: IIS TOMCAT Security"
- Next in thread: Kathy: "Re: MSPOP-UP MESSAGE SERVICE <KILLER POP-UPS>"
- Reply: Kathy: "Re: MSPOP-UP MESSAGE SERVICE <KILLER POP-UPS>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
