Re: IIS Security strange things

From: Arvind P Rangan (arvind99_at_hotmail.com)
Date: 03/01/04

• Next message: Alexey Smirnov: "Re: IIS Security strange things"
• Previous message: Alexey Smirnov: "IIS Security strange things"
• In reply to: Alexey Smirnov: "IIS Security strange things"
• Next in thread: Alexey Smirnov: "Re: IIS Security strange things"
• Reply: Alexey Smirnov: "Re: IIS Security strange things"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 1 Mar 2004 19:41:50 +0530

Hi ,
In IE open Options -> select Security
Select Custom LEVEL -> User Authentication
Check if the user has checked Prompt for user name and password.
If its marked make it to auttomatic login only in intranet zone.
Arvind
"Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
news:OSktyX5$DHA.392@TK2MSFTNGP12.phx.gbl...
> I have intranet application based on ASP.NET on Win2000AS (Framework 1.1).
>
> Website uses an Integrated Windows Authentication as Authentication method
> in IIS and has following security configuration in the web.config
>
> ------------------------------------------
> <identity impersonate="false" />
>
> <authentication mode="Windows" />
> <authorization>
> <deny users="?" />
> </authorization>
>
> <customErrors defaultRedirect="CustomError.aspx" mode="Off">
> <error statusCode="401" redirect="Custom401.html"/>
> </customErrors>
> ------------------------------------------
>
> And everything goes fine for 99.9% users and not for one only, who always
> get a popup login window to login this website.
> He has WinXP box, with latest browser, like many others, but for any
reason
> website cannot recognize that user as a valid internal user.
>
> Any ideas? Thank you
>
>

---

• Next message: Alexey Smirnov: "Re: IIS Security strange things"
• Previous message: Alexey Smirnov: "IIS Security strange things"
• In reply to: Alexey Smirnov: "IIS Security strange things"
• Next in thread: Alexey Smirnov: "Re: IIS Security strange things"
• Reply: Alexey Smirnov: "Re: IIS Security strange things"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Enabling telnet, ftp, pop3 for root... ... Where did I say ANYTHING about not using authentication. ... You're presenting it like direct root login would be a total security ... DON'T have access to the port. ... (alt.os.linux) Re: Force Relogin. IIS6, ASP.NET app, IE6+ browser ... now it appears you are suggesting I either write a custom authentication ... not prompt with a login dialog. ... The problem you face is that a browser will automatically attempt ... If you can control the browsers to not auto-login to your website, ... (microsoft.public.inetserver.iis.security) Re: Enabling telnet, ftp, pop3 for root... ... Where did I say ANYTHING about not using authentication. ... You're presenting it like direct root login would be a total security ... The ssh account is only used for remote login. ... secret to get to your SSH port is as easy as sniffing. ... (alt.os.linux) Re: WebBrowser ... With a Windows Authentication or Permission on a folder ... With this type of security you may be able to access the ... If the login page is a Username / Password textbox with a Submit or Login ... send requests to a web server and get some type of response / data back. ... (microsoft.public.vb.controls) Re: Penetration test of 1 IP address ... I have been asked to perform a security audit of 1 IP address ... login page. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2004-03