Re: Kerberos

---

• From: arduk <arduk@xxxxxxxxxxxxx>
• Date: Wed, 21 Nov 2007 15:31:01 -0800

---

Hi WenJun - thanks for your reply.

Firstly, this is not client specific - I have tried this on a number of
client machines, with the same result each time.


The web server that is in use is not IIS (however the theory should be the
same - it is a windows login box that is coming up), as it is an SAP portal
system that I am connecting to. The logs that I can collect from it are shown
below - they appear to be the same both when you are prompted, and when you
aren't.

The logs for the non-prompted login show:

[Nov 22, 2007 8:15:32 AM ] - 10.100.26.37 : GET /irj/portal HTTP/1.1 401 2633
[Nov 22, 2007 8:15:32 AM ] - 10.100.26.37 : GET /irj/portal HTTP/1.1 200
12282
after this the actual content is sent

The logs for the prompted login show:

[Nov 22, 2007 8:12:58 AM ] - 10.100.26.37 : GET /irj/portal HTTP/1.1 401 2634
At this point it is waiting for you to login (windows prompt on screen).
Once you login it then continues below...
[Nov 22, 2007 8:13:35 AM ] - 10.100.26.37 : GET /irj/portal HTTP/1.1 200
12280
after this the actual content is sent

This appears to be correct in my understanding - initially the request is
anonymous and so is unauthorised. After that it should go back and get a
kerberos sso ticket, but if the browser hasn't been opened (or has been
opened to about:blank), it appears to be prompting for login details.

I look forward to any comments you may have.



""WenJun Zhang[msft]"" wrote:

Hi Arduk,

According to your discussion with Ken, it looks like the issue is regarding
to unexpected behavior of IE authentication. Below are some thoughts of
mine:

1. We can gather and review IIS log to determine if there is some actual
difference when IE prompts for login(without opening a browser window
first) and not(with a window opening). To do this:

1) Reproduce the popup behavior without opening a browser window first.
Then wait for several minutes(to make sure the records are written into the
log file) and collect the lastest log files in \System32\LogFiles\W3SVC[n]\
directory (n here is the Site ID which can be viewed in the right panel by
clicking Web Sites folder in IIS).

2) Gather log again with a IE window opened(no login popup) as the same
steps.

2. To narrow down if the issue is specific to the client machine and IE,
please test with some other machines. If other client doesn't encounter the
bahavior, we can confirm this is not an IIS server-side issue.

I look forward to your update.

Have a nice day.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• Follow-Ups:
  • Re: Kerberos
    • From: "WenJun Zhang[msft]"

• References:
  • Re: Kerberos
    • From: Ken Schaefer
  • Re: Kerberos
    • From: arduk
  • Re: Kerberos
    • From: Ken Schaefer
  • Re: Kerberos
    • From: arduk
  • Re: Kerberos
    • From: Ken Schaefer
  • Re: Kerberos
    • From: arduk
  • Re: Kerberos
    • From: "WenJun Zhang[msft]"

• Prev by Date: Re: Kerberos
• Next by Date: Re: Kerberos
• Previous by thread: Re: Kerberos
• Next by thread: Re: Kerberos
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Login control and restricted member pages ... The HTML of the aspx page loads fine, but I recieve a login dialog ... NTFS permission limitation. ... Microsoft MSDN Online Support Lead ... Login control and restricted member pages ... (microsoft.public.dotnet.framework.aspnet.security) RE: Login control and restricted member pages ... I think it is likely caused by windows ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... Login control and restricted member pages ... (microsoft.public.dotnet.framework.aspnet.security) RE: WMP 11 Download Songs from URGE ... it's a music online download site that need to login to use its service. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.vb.general.discussion) Re: Shutdown, No Login/Logout Window ... I have problems Log Out> End Session, takes me straight to the 'shell' ... login window and goes right back to Desktop of last user. ... If I reboot computer I get the "Login Window" ... (Fedora) Re: Forms Authentication - Sudden Redirect Failure on Login ... login page and executable to the production environment failed, ... web app in VS 2005 using forms authentication. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2007-11