Re: IIS Log Files logs 401 HTTP Codes
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 10/24/05
- Next message: Kenneth Koh: "Re: Login Prompt for remote connection"
- Previous message: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web appli"
- In reply to: Jagjeet Chahal: "IIS Log Files logs 401 HTTP Codes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Oct 2005 04:10:26 -0700
The 401 is expected. Think about it this way:
By default, the browser makes requests assuming no authentication is
required (because how is a browser supposed to magically know WHAT
authentication protocol an arbitrary server requires BEFORE ever making a
request to it? It doesn't. Thus, it assumes anonymous).
Suppose the browser makes an anonymous request to a server that REQUIRES
authentication and disallows anonymous. What should happen? The browser
didn't know about authentication requirements and thus tried anonymous
first, but the server requires authentication and thus MUST reject with a
401 response.
This 401 response is what you see logged prior to the 200.
The next question is why you did not see the 401 in the browser but just saw
the 200. Well, modern day browsers are aware of servers requiring
authentication, and when configured, the browser will attempt to
AUTO-AUTHENTICATE with the server using whatever acceptable authentication
protocols that are allowed by the server and client.
In your case, the browser auto-authenticated with Integrated authentication
(which is a series of request/response handshakes), and the end result is
that it succeeded and hence IE just displays the end result of a 200OK, and
that is also what the server logs.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Jagjeet Chahal" <jagjeet.chahal@in.bosch.com> wrote in message news:djapeb$srl$1@ns2.fe.internet.bosch.com... Hello All, I have a small ASP.Net Web application with a single aspx page. Following code is written in page load of the Webform1.aspx private void Page_Load(object sender, System.EventArgs e) { // Put user code to initialize the page here Response.Write("Logged user is " + User.Identity.Name.ToString()+ "<br>" ) ; } Application is using Windows Integrated Authentication When webform1.aspx is viewed in IE Browser it works fine but if we look at the IIS Log file a 401 http code is logged. #Software: Microsoft Internet Information Services 5.0 #Version: 1.0 #Date: 2005-10-21 11:08:46 #Fields: time c-ip cs-method cs-uri-stem sc-status 11:26:45 127.0.0.1 GET /test401/webform1.aspx 401 11:26:45 127.0.0.1 GET /test401/webform1.aspx 200 Can anybody has a clue regarding this?? If this is not the correct forum please redirect me to the correct one. Thanks and Regards Jagjeet Chahal
- Next message: Kenneth Koh: "Re: Login Prompt for remote connection"
- Previous message: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web appli"
- In reply to: Jagjeet Chahal: "IIS Log Files logs 401 HTTP Codes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
