Re: identify disabled users and bad bad passwords

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 12/21/04

Next message: Bernard: "Re: Getting "The function requested is not supported" -IIS 6"
Previous message: Ken Schaefer: "Re: Need a Teacher on CA"
In reply to: Scilabop: "identify disabled users and bad bad passwords"
Next in thread: Scilabop: "Re: identify disabled users and bad bad passwords"
Reply: Scilabop: "Re: identify disabled users and bad bad passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 21 Dec 2004 14:55:29 +0800

Well, 401.1 stands for login failed, hence it could be username/password
wrong, it could be account disabled and lockout. Not sure if the win32
status code field will give you more detail, but you can try enable it in
the w3c extended iis log format.

as for the login prompt, it's actually client browse control. IIS only
return authentication header and it's up to client browser to react.

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Scilabop" <scilabop@Xuvic.ca> wrote in message 
news:%23pBcz6H5EHA.1404@TK2MSFTNGP11.phx.gbl...
> Hello,
>
> We are using IIS5.0 and integrated windows authentication to protect 
> network
> resource.
> The system takes both disabled accounts and bad username and password 
> pairs
> as HTTP401.1 error. My task is to distinguish these errors, and then take
> corresponding actions. But I have problem to retreive the unauthorized
> username.
>
> I am really curious about what triggers those .htr files within
> /inetsrv/iisadmpwd. Is that the iisadminpwd.dll file controls everything? 
> If
> I could look into the source code for the little popup authentication
> window, my task would be easy to get done.
>
> Any helps are appreciated.
>
> Ally
>
>
>
>

Next message: Bernard: "Re: Getting "The function requested is not supported" -IIS 6"
Previous message: Ken Schaefer: "Re: Need a Teacher on CA"
In reply to: Scilabop: "identify disabled users and bad bad passwords"
Next in thread: Scilabop: "Re: identify disabled users and bad bad passwords"
Reply: Scilabop: "Re: identify disabled users and bad bad passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Web Forms Auth fails when rfValidator triggered
... © 2002 Microsoft Corporation. ... | Content-Type: text/plain ... | | basically has a username field, ... | | If I enter garbage text in BOTH fields, the authentication ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: Adding a virtual FTP folder to IIS
... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ...
(microsoft.public.dotnet.framework)
Re: OWA login problems
... But anyway, since just using USERNAME works from the desktop, this indicates ... Maybe one of the authentication ... Outlook Web Access For PDA, ... the Virtual Directory named Exchange and select properties. ...
(microsoft.public.exchange.connectivity)
RE: Web Forms Auth fails when rfValidator triggered
... | basically has a username field, ... | If I enter garbage text in BOTH fields, the authentication ... | controls do their job and display the "error text" stating ... | Jeff Ptak ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: RWW authentication
... By entering just the username without any ... Much of this RWW info is right inside of there. ... but the Isa firewall ... SSL authentication seems to work just fine however on the actual RWW login ...
(microsoft.public.windows.server.sbs)