RE: Integrated Windows Authentication

From: David Dietz [MS] (ddietz_at_online.microsoft.com)
Date: 09/10/03


Date: Wed, 10 Sep 2003 13:45:31 GMT


Sharky,

Chances are that you are running into a problem with either Kerberos or
NTLM authentication, both of which are represented by Windows Integrated.

Kerberos will have a significant problem if the machine trying to connect
to the resource is not a member of the same domain as the web server. This
would explain why it works fine inside your LAN and from some other
locations; most likely remote machines that are members of the domain.

If you are not using Kerberos then you are using NTLM which will work
across a few types of proxies and routers, but not most. Generally it is a
fluke when NTLM works across the Internet due to all the routing and proxy
hardware and software involved.

You have two real options for accessing the directory from the Internet,
Basic and Digest.

If you want to use Basic I would also recommend configuring SSL on the
directory so the password and user ID (which are sent in effectively clear
text) are protected from prying eyes.

If you want to use Digest please see the following article for instructions
on how to configure it properly:

222028 Setting Up Digest Authentication for Use with Internet Information
http://support.microsoft.com/?id=222028

Hope this helps.

David Dietz -- IIS Support Professional
Search our online Knowledge Base
http://support.microsoft.com/support/

This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved

--------------------
|>From: "sharky" <sharky@nospam.com>
|>Subject: Integrated Windows Authentication
|>Date: Sun, 24 Aug 2003 18:00:03 -0700
|>Lines: 19
|>X-Priority: 3
|>X-MSMail-Priority: Normal
|>X-Newsreader: Microsoft Outlook Express 6.00.2720.3000
|>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
|>Message-ID: <#Lg3yQqaDHA.2436@TK2MSFTNGP12.phx.gbl>
|>Newsgroups: microsoft.public.inetserver.iis.security
|>NNTP-Posting-Host: w036.z064002055.sjc-ca.dsl.cnc.net 64.2.55.36
|>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|>Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:4019
|>X-Tomcat-NG: microsoft.public.inetserver.iis.security
|>
|>I am using Integrated Windows Authentication to protect a directory on a
web
|>server. All clients connect and authenticate using MSIE using W2k or
better.
|>It works fine inside my LAN, and on some other places outside my LAN, but
on
|>some computers when I connect to the password protected directory (still
|>using MSIE), I simply get; "Error. Access Denied". These users can connect
|>to the main web server just fine- they only get this error when they try
to
|>access that particular directory.
|>
|>The error is not coming from my customized error pages, and the user does
|>not get a Windows password prompt. Just the error. There are no access
|>priveliges denied on the web server or on the firewall to this web server
or
|>directory.
|>
|>Does anyone know if this is a client-side or server-side issue, or if
there
|>is a way to fix this for my users?
|>
|>Thanks in advance for suggestions/solutions.
|>
|>
|>



Relevant Pages

  • Re: Using IIS w/ASP .NET 2.0 Web Application Projects
    ... If you select Windows Integrated Authentication, anonymous users won't be able to login. ... ASP.NET has a *separate* authentication configuration which IIS doesn't interfere with. ... Integrated Windows Authentication overrides the Anonymous authentication default. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Using IIS w/ASP .NET 2.0 Web Application Projects
    ... if you enable Windows Integrated Authentication, ... See my previous post for more details regarding use of Windows Authentication with ASP.NET. ... at least within non-ASP.NET IIS applications. ... Integrated Windows Authentication overrides the Anonymous authentication default. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Using IIS w/ASP .NET 2.0 Web Application Projects
    ... you said that I must set ASP .NET authentication to Windows - I ... the problem is now solved as the issue was that IIS does not ... Integrated Windows Authentication overrides the Anonymous ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: New post: Integrated Windows Authentication for remote users
    ... Can you generalize about the OS version on the clients ... Microsoft MVP (Windows, Security) ... > I am using Integrated Windows Authentication to protect a directory on a ... > priveliges denied on the web server or on the firewall to this web server ...
    (microsoft.public.inetserver.iis.security)
  • Re: server authentication & ASP authentication
    ... The SQL Server and web server are on the same machine (Windows 2000). ... Use windows instead of standard authentication on SQL Server. ...
    (microsoft.public.sqlserver.security)