Re: Authentication with tomcat

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 10/22/03 

Date: Wed, 22 Oct 2003 11:40:18 -0700

That indicates that you have "Integrated Authentication" turned on in the
vdir in IIS. Turn it all off except for Anonymous if you do NOT want IIS to
do any authentication handshakes. 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
news:3f96331a$1@news.swissonline.ch...
Thanks for quickly answer.
I try to change IIS config, but I alway have in header "Authorization" the
value "Negotiate TlRMTVNTUAABAAAAB4IAXXXAAAAAAAAAA=".
When I change password or username, this value don't change... I think that
IIS is sending anonymous authentication?
Strange...
Thanks
        Pascal
"David Wang [Msft]" <someone@online.microsoft.com> a écrit dans le message
de news: OlmNWcFmDHA.1488@TK2MSFTNGP12.phx.gbl...
> If you have authentication enabled on IIS and the client send
Authorization
> header, then IIS will negotiate authentication for you.  Otherwise, IIS
will
> not.
>
> If you want the application to handle its own authentication, then make
sure
> IIS is only running Anonymous authentication (i.e. no authentication).
This
> would be a configuration issue since there is no way for IIS to know
whether
> an application running on it is trying to do some other custom
> authentication.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
> news:3f94ed75@news.swissonline.ch...
> Hello,
>
> I have a problem with IIS (I think):
>
> I'm doing a servlet that work under Tomcat 4.1. She ask for authentication
> and check in a database for user and password.
>
> She work fine directly in Tomcat access (8080 port).
>
> But when I try to launch it trougth IIS (isapi_redirect.dll : IIS ->
> ISAPII -> Tomcat), it doesn't work...
> It's like if IIS make an own authentication...
>
> In fact I see that the http header variable "Authorization" is always void
> when I call the servlet trougth IIS and is setted trougth Tomcat (8080).
>
> Anybody has idee?
>
> Thanks a lot...
>
>
>

Relevant Pages

  • Re: HELP PLEASE The request failed with HTTP status 401: Access Denied.
    ... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Accessing Authenticate Header
    ... IIS configuration for anonymous access ONLY (NO Basic Authentication) ... Handler or Module reads the AUTHORIZATION header and authenticates ...
    (microsoft.public.dotnet.security)
  • RE: Can no longer access ActiveSync
    ... OMA and Exchange/Exchange-OMA virtual directory. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... issue may be caused by the Exchange attribute of original user account. ...
    (microsoft.public.exchange.admin)
  • Re: Accessing Authenticate Header
    ... >From my experience with building a custom authorization module, ... a basic auth header, parse it and then use the username and password from ... ability to provide authentication services. ... >> of IIS. ...
    (microsoft.public.dotnet.security)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... I didn't realise the Web Sites folder in IIS manager threw up a global ... sure that Basic Authentication is allowed to function on your server. ... ACCOUNTNAME, this is the account that I am trying to grant access to: ... Account: COMPUTERNAME\ACCOUNTNAME Access type: FULL ...
    (microsoft.public.inetserver.iis.security)