Re: Combining Anonymous + Integrated Windows auth
From: samson (samson.lee_at_nih.gov)
Date: 10/23/03
- Next message: anonymous_at_discussions.microsoft.com: "passwd protecting directories"
- Previous message: paul bearne: "how to apply security to iis to sql"
- In reply to: Karl Levinson [x y] mvp: "Re: Combining Anonymous + Integrated Windows auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Oct 2003 07:46:46 -0700
Ok, I changed the http error page for 401.2 in Custom Errors in IIS to
my error-friendly page. Found two problems: 1) when I changed it to an
aspx page, Netscape doesn't recognize the file extension and brings up
an "unknown file type" dialog box. 2) When I changed it to an html
page, it works fine except that all images are broken. (I double
checked the image file paths - they are correct)
I'm hoping I can use the aspx page so I can use my server side
includes... if static pages (html) can be used only, how can I make
the images to appear?
levinson_k@despammed.com (Karl Levinson [x y] mvp) wrote in message news:<e51f18d1.0310220834.729b41@posting.google.com>...
> I agree that Basic authentication has advantages, such as no need for
> users to upgrade their browsers, works with non-Windows workstations,
> works through firewalls and proxy servers, etc. You'd want to
> consider encrypting it with an SSL certificate such as one from
> www.entrust.net [or you can generate your own using Makecert or
> Windows certificate server, if you can get the cert or your cert
> authority trusted on all client workstations somehow].
> www.iisfaq.com/ssl has more info on all of this.
>
> Note that windows integrated authentication is NOT securely encrypted
> as it traverses the network, tools such as dsniff can capture
> passwords if installed somewhere in the path between the client and
> server.
>
> Otherwise, you could use the IIS MMC to change the error page users
> see for a failed authentication [think it's the error page for 401.3]
> to an HTML or .ASP page of your creation that 1) tells users to
> upgrade their browser, and/or 2) redirects users to an anonymous
> authentication page. You could use two different virtual server
> instances in IIS to serve up the same content, one where Windows
> authentication is the only authentication permitted, the other using
> anonymous.
>
> Another possible method could be to have the default first page on the
> web server be an .ASP page [configured in the IIS MMC for Anonymous
> authentication] that checks the client name and redirects users to the
> Windows authenticated virtual server instance if IE on Windows is
> detected. This might be less reliable as there could perhaps be IE
> users behind a proxy or firewall that causes problems for windows
> integrated authentication.
>
>
>
> samson <anonymous@discussions.microsoft.com> wrote in message news:<04AC748D-4364-4CDE-A776-86F602708D7D@microsoft.com>...
> > I am running Intranet with Win2k/IIS 5/asp.net and am trying to
> force Integrated Windows auth to IE users and give a friendly error
> message saying "change your browser to IE" to those who access the
> site with none-IE browsers. In IIS 5, when I enable both Anonymous
> access and Integrated Windows authetication, it ignores the Integrated
> Windows auth. Is there any way I can make it so that Integrated
> Windows auth takes precedence over Anonymous access? If this can be
> done, I can let IIS to allow the non-IE users and my script can
> redirect them to the friendly error page. Can anyone help on this?
- Next message: anonymous_at_discussions.microsoft.com: "passwd protecting directories"
- Previous message: paul bearne: "how to apply security to iis to sql"
- In reply to: Karl Levinson [x y] mvp: "Re: Combining Anonymous + Integrated Windows auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
