RE: Integrated Windows Authentication
From: David Dietz [MS] (ddietz_at_online.microsoft.com)
Date: Wed, 10 Sep 2003 13:45:31 GMT
Chances are that you are running into a problem with either Kerberos or
NTLM authentication, both of which are represented by Windows Integrated.
Kerberos will have a significant problem if the machine trying to connect
to the resource is not a member of the same domain as the web server. This
would explain why it works fine inside your LAN and from some other
locations; most likely remote machines that are members of the domain.
If you are not using Kerberos then you are using NTLM which will work
across a few types of proxies and routers, but not most. Generally it is a
fluke when NTLM works across the Internet due to all the routing and proxy
hardware and software involved.
You have two real options for accessing the directory from the Internet,
Basic and Digest.
If you want to use Basic I would also recommend configuring SSL on the
directory so the password and user ID (which are sent in effectively clear
text) are protected from prying eyes.
If you want to use Digest please see the following article for instructions
on how to configure it properly:
222028 Setting Up Digest Authentication for Use with Internet Information
Hope this helps.
David Dietz -- IIS Support Professional
Search our online Knowledge Base
This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
|>From: "sharky" <firstname.lastname@example.org>
|>Subject: Integrated Windows Authentication
|>Date: Sun, 24 Aug 2003 18:00:03 -0700
|>X-Newsreader: Microsoft Outlook Express 6.00.2720.3000
|>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
|>NNTP-Posting-Host: w036.z064002055.sjc-ca.dsl.cnc.net 220.127.116.11
|>Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:4019
|>I am using Integrated Windows Authentication to protect a directory on a
|>server. All clients connect and authenticate using MSIE using W2k or
|>It works fine inside my LAN, and on some other places outside my LAN, but
|>some computers when I connect to the password protected directory (still
|>using MSIE), I simply get; "Error. Access Denied". These users can connect
|>to the main web server just fine- they only get this error when they try
|>access that particular directory.
|>The error is not coming from my customized error pages, and the user does
|>not get a Windows password prompt. Just the error. There are no access
|>priveliges denied on the web server or on the firewall to this web server
|>Does anyone know if this is a client-side or server-side issue, or if
|>is a way to fix this for my users?
|>Thanks in advance for suggestions/solutions.