Re: Code runs until Basic Authentication or Digest Authentication is r

From: Kenneth Koh (PlsHelpMePls_at_hotmail.com)
Date: 10/26/05 

Date: Wed, 26 Oct 2005 22:44:41 +0800

Hi Bmeyer

Steven's absolutely right.
Take a look at this, IIS first, then the ASP.net settings.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp

Good luck!
Kenneth

"Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message
news:qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl...
> Thanks for Ken's inputs.
>
> Hi Bmeyer,
>
> As ken mentioned, no matter we specify the credential in web.config's
> identity/impersonate element or not, the client always need to supply the
> clientside credential (if IIS anonymous access is turn off). Also, I'm
> not
> sure how are you accessing the asp.net web application, through client
> browser(interactively) or through other webrequest components (like
> httpwebrequest) programmatically? If convenient, would you provide us
> some
> detailed background of your applicaiton's logic?
>
> Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
>
>
> --------------------
> | From: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com>
> | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
> | Subject: Re: Code runs until Basic Authentication or Digest
> Authentication is r
> | Date: Wed, 26 Oct 2005 12:28:44 +1000
> | Lines: 29
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
> | Message-ID: <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
> | Newsgroups: microsoft.public.inetserver.iis.security
> | NNTP-Posting-Host: 203.53.153.82
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.inetserver.iis.security:8811
> | X-Tomcat-NG: microsoft.public.inetserver.iis.security
> |
> | Supplying a username/password in web.config does not mean that the user
> | doesn't supply credentials.
> |
> | Questions that you need to answer:
> | a) Do you want the user to have to authenticate (i.e. supply Windows
> | credentials)?
> | b) Do you have your authentication mode set to Windows in your
> web.config
> | file?
> | c) Are you trying to have ASP.NET impersonate the supplied user
> credentials?
> | Or do you want ASP.NET to run under a fixed user identity?
> |
> | Cheers
> | Ken
> |
> | "BMeyer" <bmeyer@community.nospam> wrote in message
> | news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com...
> | : We have Windows 2003 server running IIS 6.0.
> | :
> | : Have an application that creates ASPX session variables based on
> values
> | : found in ASP session cookie.
> | :
> | : Works great if anyonymous is allowed. Once Basic or Digest Auth is
> | : required, we get 401 errors. We've even included a default user
> account
> | : username,pwd and domain in our web.config file to try and pass the
> | : credentials manually. Still no luck.
> | :
> | : Need to open a case on this one via MSDN so you can try to run our
> code
> |
> |
> |
>

Relevant Pages

  • Re: Code runs until Basic Authentication or Digest Authentication is r
    ... the client always need to supply the ... | Subject: Re: Code runs until Basic Authentication or Digest ... | Supplying a username/password in web.config does not mean that the user ... | doesn't supply credentials. ...
    (microsoft.public.inetserver.iis.security)
  • Re: credential files
    ... What sort of credentials are you talking about? ... The server asks the client to prove that it is who it says it ... is by supplying a valid, authenticated, certificate. ... If the server is configured to require a client cert it will request it. ...
    (RedHat)
  • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
    ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
    (microsoft.public.inetserver.iis.security)
  • Re: Authentication woes
    ... I can not really understand how the client should connect to the DC when they are at work with the 192.x.x.x ip when the server is in 10.x.x.x network. ... If i read the output for the client it is member of domainb.internal and not member of domain.com like the DC, ... If the user logon with cached credentials, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Terminal Services Security Issue with Cached Credentials
    ... I tried the setting "Allways prompt client for password upon connect" ... on a server and then tried connecting to it using cached credentials. ... What version of the Terminal Services client are you using? ... "Always prompt client for password upon connection" ...
    (microsoft.public.windows.server.security)