Re: Integrated Windows Authentication - Does not work on Virtual websites

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/22/04 

Date: Thu, 22 Apr 2004 12:17:57 +1000

Hi John,

In IIS 4.0 and IIS 5.0, can you ensure that logging for the website in
question is W3C Extended, then choose to log all the properties for each
request (in particular the cs-user etc).

Then perform some requests for files in that directory, and post the
relevant lines from the logfile to the group? I'd like to see if IIS think
that the browser is sending some credentials.

If worst comes to worst, we can install Ethereal (www.ethereal.com) on your
client machines, and do a network capture of the traffic passing back and
forward between IIS and your browser, and then I can tell you what auth
mechanisms IIS is using, and what the browser is doing in response.

Cheers
Ken

"John" <anonymous@discussions.microsoft.com> wrote in message
news:239d01c427ac$84a0b7c0$a001280a@phx.gbl...
: Ken,
:
: Thanks for your response. The answers are as below.
:
: 1.Anonymous Authentication is not Enabled.
: 2.I am trying to test this site from the Intranet. But,
: even trying it externally it does not work either in
: Windows NT 4.0 IIS 4.0 or Win2K and IIS 5.0.
:
: This site is not in the default website, but another site
: has been created which is a virtual site in IIS.
:
: This has not been working in IIS 4.0 nor in IIS 5.0.
:
: >-----Original Message-----
: >a) Is anonymous authentication enabled? If so, disable it.
: >
: >b) Are you using Internet Explorer? If so, it may be
: automatically logging
: >you in, if the site is in the local Intranet security
: zone. see:
: > http://support.microsoft.com/?id=258063
: >
: >Cheers
: >Ken
: >
: >"John" <anonymous@discussions.microsoft.com> wrote in
: message
: >news:226301c427a8$a8b6fc90$a101280a@phx.gbl...
: >: Hi,
: >:
: >: Please, kindly let me know that there has been no answer
: >: for my posting for a long time. I have another site
: >: created in the webserver [Win2k and IIS 5.0]. A folder
: >: within this site needs to be password protected and it
: >: should use Windows Authentication. I have disabled Basic
: >: Authentication and have only enabled Integrated Windows
: >: Authentication. But, it does not authenticate and it
: goes
: >: in straight to the website. Is this a security flaw in
: IIS
: >: 4.0 and IIS 5.0?
: >:
: >: Please is there anyone with IIS expertise. Let me know
: >: What could be wrong?
: >
: >
: >.
: >

Relevant Pages

  • Re: HELP PLEASE The request failed with HTTP status 401: Access Denied.
    ... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Strange IIS Server behavior
    ... Well what i ment was in IIS for this virtual directory, ... In the website internally, we have a login module which is ... Due to Server Configuration with No Authentication) ...
    (microsoft.public.inetserver.iis.security)
  • RE: Windows Authentication on iis new website not working (fine on
    ... Is the server a MS or a SA server? ... If authentication baffles you ... Trying to move the contents on the default website onto a new website ... Full IIS running on a domain network. ...
    (microsoft.public.inetserver.iis.security)
  • RE: Can no longer access ActiveSync
    ... OMA and Exchange/Exchange-OMA virtual directory. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... issue may be caused by the Exchange attribute of original user account. ...
    (microsoft.public.exchange.admin)
  • Re: IIS 6 fails anonymous connection
    ... > I have a newly built Windows Server 2003, with IIS 6 installed. ... > NTFS for website folders is set to IUSR RO, ... Integrated authentication, I can view it. ...
    (microsoft.public.inetserver.iis.security)
Quantcast