Re: Code runs until Basic Authentication or Digest Authentication
From: Kenneth Koh (PlsHelpMePls_at_hotmail.com)
Date: 10/26/05
- Previous message: BCW: "Re: Certsrv Page not authenticating with IE"
- In reply to: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Next in thread: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Reply: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Oct 2005 23:47:10 +0800
Hi Bmeyer
Yes and no.
Yes, your codes are probably working for "impersonation".
No, no matter how you configure the web.config, if anonymous access is
disabled, IIS will check for the identity.Isauthenticated (something like
that) value. If the user is not authenticated, the user will be prompted
for the login user ID and password by IIS.
Only upon a successful login will the control be passed to ASP.NET, with
Web.config settings and your scripts doing the impersonation.
Hope this helps.
Kenneth
"BMeyer" <bmeyer@community.nospam> wrote in message
news:8006BECE-3358-4886-83D2-5AB8A8112A2C@microsoft.com...
> Thanks for the quick reply. It sounds like you're saying that our
> code/logic
> is probably fine, but we've either got IIS or something to tweak in
> web.config?
>
>
> "Kenneth Koh" wrote:
>
>> Hi Bmeyer
>>
>> Steven's absolutely right.
>> Take a look at this, IIS first, then the ASP.net settings.
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp
>>
>>
>> Good luck!
>> Kenneth
>>
>> "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message
>> news:qutGVld2FHA.1144@TK2MSFTNGXA01.phx.gbl...
>> > Thanks for Ken's inputs.
>> >
>> > Hi Bmeyer,
>> >
>> > As ken mentioned, no matter we specify the credential in web.config's
>> > identity/impersonate element or not, the client always need to supply
>> > the
>> > clientside credential (if IIS anonymous access is turn off). Also, I'm
>> > not
>> > sure how are you accessing the asp.net web application, through client
>> > browser(interactively) or through other webrequest components (like
>> > httpwebrequest) programmatically? If convenient, would you provide us
>> > some
>> > detailed background of your applicaiton's logic?
>> >
>> > Thanks,
>> >
>> > Steven Cheng
>> > Microsoft Online Support
>> >
>> > Get Secure! www.microsoft.com/security
>> > (This posting is provided "AS IS", with no warranties, and confers no
>> > rights.)
>> >
>> >
>> >
>> >
>> > --------------------
>> > | From: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com>
>> > | References: <5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com>
>> > | Subject: Re: Code runs until Basic Authentication or Digest
>> > Authentication is r
>> > | Date: Wed, 26 Oct 2005 12:28:44 +1000
>> > | Lines: 29
>> > | X-Priority: 3
>> > | X-MSMail-Priority: Normal
>> > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>> > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>> > | Message-ID: <OwXa#Td2FHA.1276@TK2MSFTNGP09.phx.gbl>
>> > | Newsgroups: microsoft.public.inetserver.iis.security
>> > | NNTP-Posting-Host: 203.53.153.82
>> > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>> > | Xref: TK2MSFTNGXA01.phx.gbl
>> > microsoft.public.inetserver.iis.security:8811
>> > | X-Tomcat-NG: microsoft.public.inetserver.iis.security
>> > |
>> > | Supplying a username/password in web.config does not mean that the
>> > user
>> > | doesn't supply credentials.
>> > |
>> > | Questions that you need to answer:
>> > | a) Do you want the user to have to authenticate (i.e. supply Windows
>> > | credentials)?
>> > | b) Do you have your authentication mode set to Windows in your
>> > web.config
>> > | file?
>> > | c) Are you trying to have ASP.NET impersonate the supplied user
>> > credentials?
>> > | Or do you want ASP.NET to run under a fixed user identity?
>> > |
>> > | Cheers
>> > | Ken
>> > |
>> > | "BMeyer" <bmeyer@community.nospam> wrote in message
>> > | news:5B162BE5-1935-4FF3-8900-A430A9CB68A0@microsoft.com...
>> > | : We have Windows 2003 server running IIS 6.0.
>> > | :
>> > | : Have an application that creates ASPX session variables based on
>> > values
>> > | : found in ASP session cookie.
>> > | :
>> > | : Works great if anyonymous is allowed. Once Basic or Digest Auth is
>> > | : required, we get 401 errors. We've even included a default user
>> > account
>> > | : username,pwd and domain in our web.config file to try and pass the
>> > | : credentials manually. Still no luck.
>> > | :
>> > | : Need to open a case on this one via MSDN so you can try to run our
>> > code
>> > |
>> > |
>> > |
>> >
>>
>>
>>
- Previous message: BCW: "Re: Certsrv Page not authenticating with IE"
- In reply to: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Next in thread: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Reply: BMeyer: "Re: Code runs until Basic Authentication or Digest Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
