Re: a WWW-Authenticate header field that the server is not configu

Hi David,

1. that https://myserver:4032 was atypo. Aplogoies - probbably that is what
you call tiredness!
2. The application has it's own scripting for authenticating users. I have
OWA (Exchange) running on another box and I followed the same steps in
enablinsg SSL on this site.
3. "Web browser is sending a WWW-Authenticate header field that the Web
server is not configured to accept" is the error message I get on my browser
window when try to access the site through port 4043. - it is not my
interpretation. I've tried in IE6 and Firefox and both browsers return the
above error.



"David Wang" wrote:


1. Read the IIS documentation on how to set up Client Certificate
based Authentication. Your scenario requires -- Require Client
Certificate -- IIS requires some user token in order to process the
request, and if you turn off all IIS Authentication Methods as well as
make Client Certificate optional, it becomes possible to attempt
processing requests with no user token, which IIS will reject.

2. You say the website is listening on port 4043 but your example
request went to 4032. Since you are using non-default ports, I don't
know if this is typo or some other configuration behavior

3. Two problems with your observation:
"Web browser is sending a WWW-Authenticate header field that the Web
server is not configured to accept"
--> IIS does not send responses that look like that
--> Web browsers do not send WWW-Authenticate headers. Web Servers
send WWW-Authenticate headers telling the browser which authentication
method to use.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

.

Relevant Pages

  • Re: Cant make a domain user the "anonymous access" user
    ... When dealing with authentication issues it is VERY important to ... Some of the things you claim is not consistent with a default IIS ... If you use a browser that cannot do NTLM, by definition, a 401.2 error is ... user account that works and your domain account that does not. ...
    (microsoft.public.inetserver.iis.security)
  • Re: client gets always every first time for every page a 401
    ... cause the browse will always try anonymous access first. ... How IIS Authenticates Browser Clients ... > I have an issue with the basic authentication from IIS. ...
    (microsoft.public.inetserver.iis.security)
  • RE: logout a browser under integrated security
    ... due to the browser. ... but not server ... >server by using Basic or NTLM authentication, ... >IIS Authenticates Browser Clients" ...
    (microsoft.public.inetserver.iis.security)
  • Re: NT Authentication with ASP
    ... Without credentials, IIS will assume anonymous access. ... If Anonymous authentication is enabled, ... unless the browser has already authenticated. ...
    (microsoft.public.inetserver.asp.general)
  • Re: a WWW-Authenticate header field that the server is not configu
    ... between IIS and your web browser, which is returning the response you ... Enabling SSL on IIS does not require the steps you describe. ... The steps you've described is for Client Certificate Authentication ... "Web browser is sending a WWW-Authenticate header field that the Web ...
    (microsoft.public.inetserver.iis.security)
Loading