Re: autherntication methods IIS 6

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 05/28/04 

Date: Fri, 28 May 2004 15:07:32 +1000

Hi,

When the server requires authentication, the server sends back a list of
supported authentication mechanisms (which are sent back depends on what you
have checked in the IIS Manager - if you never selected Digest, then the
server will never offer digest). The browser picks the first one on the list
that it supports (the server should send them back in order of strongest ->
weakest).

Rather than explain the whole thing, get the sample chapter from my book
(Securing IIS 6.0) - there's a link on my homepage:
http://www.adopenstatic.com/
It covers, in depth, how the various different authentication mechanisms
work, and what the requirements are to get the working.

If you find it useful it, please consider buying a copy :-) thanks.

Cheers
Ken

"BJM" <barrymockett@hotmail.com> wrote in message
news:Uevtc.265$M_5.79@newsfe2-gui.server.ntli.net...
: Guys
:
: I have a thorny problem which I hope someone can shed a little light on
for
: me.
:
: I have an windows 2000 machine running a secured virtual directory (VD),
: inasmuch as that the anonymous access has been disallowed for that VD.
: Instead the VD is set to use integrated windows authentication, which
works
: beautifully when my users connect from a same domain (as the webserver)
: machine whilst connected to the same physical LAN.
:
: However, these users connect from the outside world using an OPENVPN
: connection to a Linux server. Now, when these same users connect from the
: outside, they cannot connect to the aforementioned VD, but here is the
: kicker, I was getting frustrated one night and forgot to take home my
laptop
: power supply, needed to check some stuff from home (after flattening my
: battery) so connected my personal PC to the VPN and jumped onto the
network
: at my office. The virtual directory served me all the content from the
: secured VD after prompting me for a username and password.
:
: So my issue is this, Microsoft states that security settings on the VD
: should keep trying until it finds an authentication match, but, my domain
: machines across the VPN are failing to connect to the VD properly and pass
: through the credentials, whereas my non-domain personal machine seems to
be
: defaulting to digest authentication. Is this the case, or is it that the
: domain machines will never try digest authentication unless I have it
: enabled?
:
: This is tearing me up as I have some stupid users who do not understand
the
: words: "It works fine on a citrix desktop - please connect to that for the
: time being and call me every day...!Grr" Strangely the CEO is not that
: upset - go figure.
:
: Anyway
:
: Can anyone help me with this - I am loathe just to click buttons on
: production servers and could do with some pointers.
:
: Regards
:
: BJM
:
:
:

Quantcast