Re: a WWW-Authenticate header field that the server is not configured
- From: David Wang <w3.4you@xxxxxxxxx>
- Date: Sun, 11 May 2008 06:08:45 -0700 (PDT)
On May 11, 2:39 am, Patrick <Patr...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have IIS6.0 website for which I wish to use SSL encryption. I did the
following to secure it.
1. II've set SSL port to 4043. I have another app (App A) using port 443.
2. I secured the Application Directory using a Enterprise Root CA which I
created for App A (using built-in MS Certificate Service)
3. Uncheckked Anonymous Logon box and none of the 4 Authentication Access
boxes are checked.
4. I've Enabled Certificate Trust List (Under Secure Communications) and
imported the certificate into it so that there is an entry under Current CTL.
5. For Client Certifcates, I have "Accept Client Certificates" selected. I
tried with "Ignore Client Certificates" as well.
When I try to access the site (https://myserver:4032), the browser spits out
the error message below:
"Web browser is sending a WWW-Authenticate header field that the Web server
is not configured to accept"
Obviously I've missed some config parameter somewhere and I can not just
figure it out. Help!
Thanks and Regards
1. Read the IIS documentation on how to set up Client Certificate
based Authentication. Your scenario requires -- Require Client
Certificate -- IIS requires some user token in order to process the
request, and if you turn off all IIS Authentication Methods as well as
make Client Certificate optional, it becomes possible to attempt
processing requests with no user token, which IIS will reject.
2. You say the website is listening on port 4043 but your example
request went to 4032. Since you are using non-default ports, I don't
know if this is typo or some other configuration behavior
3. Two problems with your observation:
"Web browser is sending a WWW-Authenticate header field that the Web
server is not configured to accept"
--> IIS does not send responses that look like that
--> Web browsers do not send WWW-Authenticate headers. Web Servers
send WWW-Authenticate headers telling the browser which authentication
method to use.
- Prev by Date: Re: both Windows and Custom Authentication for Web Services
- Next by Date: Re: a WWW-Authenticate header field that the server is not configu
- Previous by thread: a WWW-Authenticate header field that the server is not configured
- Next by thread: Re: a WWW-Authenticate header field that the server is not configu