Re: Integrated Authentication Fails, Basic Authentication works

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/07/03


Date: Thu, 7 Aug 2003 13:53:16 +1000


With Integrated Authencation, the web server *never* has the user's
password, so it can't authenticate to the remote machine on the user's
behalf. When you use Basic authentication, then the user's username and
password are both sent in clear-text to the webserver, so it can then
"impersonate" the user account to the remote file server, allowing you to
manipulate resources remote to the webserver.

For this reason, it is recommended to use SSL in combination with Basic
authentication.

Cheers
Ken

"Kevin Jackson" <softwiz@covad.net> wrote in message
news:uJg1SWJXDHA.1872@TK2MSFTNGP12.phx.gbl...
: I'm seeing sort of the same situation myself. In my case, I'm trying to
: copy a file to a share point on another box and it doesn't appear my user
: context is getting set correctly with Integrated Authentication and
: therefore the ASP page doesn't have sufficient rights to copy the file.
:
: I can get it to work with basic but not with authenticated if I'm copying
: off box.
:
: Very strange...
:
:
: "Dan" <dzuck@yahoo.com> wrote in message
: news:b8be951a.0308061913.164ea681@posting.google.com...
: > I was wondering if anyone has seen this before? We have a Win 2k
: > server (sp3) w/ IIS v5. The server is on an Active Directory with
: > valid domain accounts. When we set the directory security to
: > Integrated we cannot logon w/ domain users. The NTFS security is wide
: > open on the directory and the users are administrators. If we create
: > a local acount, we can logon no problem. If we switch to Basic Auth
: > we can logon no problem w/ the domain accounts.
: >
: > As soon as we enable windows auth, no go? Not sure if there is a
: > policy setting, hack, patch or what for this?
: >
: > Any help would be appreciated.
:
:



Relevant Pages

  • Re: Access Denied Error - w3upload
    ... > I can reproduce the error using with the following configurations: ... > not the remote directory permissions... ... just a misunderstanding how Windows Integrated authentication ... actually send the password from browser to web server - so the web server ...
    (microsoft.public.inetserver.iis)
  • Re: IE7 and Companyweb Authentication
    ... take an in-depth look at how my remote users login. ... This was what caused the problem with IE7 ... wants to have users authenticate using Basic Authentication which allows ...
    (microsoft.public.windows.server.sbs)
  • Re: Application pool with domain account & anonymous access disabled
    ... Web server must use the remote user's identity to access network ... authentication protocol so that IIS forces authentication (though the choice ... The issue is called "delegation", ...
    (microsoft.public.inetserver.iis)
  • Re: Getting seteuid/setegid functionality out of Windows
    ... the web client supplies to the web server ... via some password-request via SSL, or, in a pure Windows Authentication ... on a remote machine. ...
    (microsoft.public.win32.programmer.kernel)
  • "Local" and "Remote" considered insufficient
    ... These types of discrepancies in terminology happen fairly often. ... to include the amount of "authentication" required, ... vs. remote terminology for a while. ... When an FTP bug is exploitable by "authenticated" users, ...
    (Bugtraq)