Re: a WWW-Authenticate header field that the server is not configu

The client certificates you issued. How are you mapping them to Windows user accounts?

Cheers
Ken

--
My IIS blog: http://adopenstatic.com/blog

"Patrick" <Patrick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DEC3FC7E-C727-4E0D-BB73-EF088D824E41@xxxxxxxxxxxxxxxx
Hi david,

Thank you for your prompt responses. Really appreciated.

OK. I enabled "integrated Windows Authentication" and now everything works!

Obviuosly there is a gap in my knowledge how Authentication and Encryption
works together in IIS. I've gone through the IIS documentation but was not
that helpful - at the very least I was looking at wromg sections of the
documentation.

Could you recommend a good source covering this?

Thank you for your help.


"David Wang" wrote:

Then it seems like you have something else, either running on IIS or
between IIS and your web browser, which is returning the response you
see. You will need to diagnose that 3rd party software to determine
what is wrong, and that is beyond the scope of this newsgroup and the
topic of security.

Enabling SSL on IIS does not require the steps you describe. It just
requires one SSL Server Certificate installed for IIS to use, a
secured port binding, and one URL on IIS that allows SSL.

The steps you've described is for Client Certificate Authentication
over SSL, slightly misconfigured, which is completely additional from
the perspective of "enabling SSL".

Can you describe exactly what you want to do. Then it will be clear
what steps are not necessary and possibly what extraneous software is
generating the undesired response.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//




On May 11, 5:08 pm, Patrick <Patr...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi David,
>
> 1. thathttps://myserver:4032was atypo. Aplogoies - probbably that is > what
> you call tiredness!
> 2. The application has it's own scripting for authenticating users. I > have
> OWA (Exchange) running on another box and I followed the same steps in
> enablinsg SSL on this site.
> 3. "Web browser is sending a WWW-Authenticate header field that the Web
> server is not configured to accept" is the error message I get on my > browser
> window when try to access the site through port 4043. - it is not my
> interpretation. I've tried in IE6 and Firefox and both browsers return > the
> above error.
>
>
>
> "David Wang" wrote:
>
> > 1. Read the IIS documentation on how to set up Client Certificate
> > based Authentication. Your scenario requires -- Require Client
> > Certificate -- IIS requires some user token in order to process the
> > request, and if you turn off all IIS Authentication Methods as well > > as
> > make Client Certificate optional, it becomes possible to attempt
> > processing requests with no user token, which IIS will reject.
>
> > 2. You say the website is listening on port 4043 but your example
> > request went to 4032. Since you are using non-default ports, I don't
> > know if this is typo or some other configuration behavior
>
> > 3. Two problems with your observation:
> > "Web browser is sending a WWW-Authenticate header field that the > > Web
> > server is not configured to accept"
> > --> IIS does not send responses that look like that
> > --> Web browsers do not send WWW-Authenticate headers. Web Servers
> > send WWW-Authenticate headers telling the browser which > > authentication
> > method to use.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //- Hide quoted text -
>
> - Show quoted text -



.

Relevant Pages

  • Re: a WWW-Authenticate header field that the server is not configu
    ... between IIS and your web browser, which is returning the response you ... Enabling SSL on IIS does not require the steps you describe. ... The steps you've described is for Client Certificate Authentication ... "Web browser is sending a WWW-Authenticate header field that the Web ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS 6.0 cannot download a Verisign CRL !!
    ... Does the IIS server have outbound permission through its proxy? ... > using Verisign client certificates for a .NET application. ... > The revocation function was unable to check revocation because the ... > Your client certificate was revoked, or the revocation status could not ...
    (microsoft.public.security)
  • RE: Set client certificate is IIS
    ... Install Client Certificate on IIS Server for ServerXMLHTTP ... |>This example uses a serialized certficate store because ...
    (microsoft.public.inetserver.iis.security)
  • RE: HTTPS Send Port + Client Certificate Authentication
    ... errors defined in IIS are: ... - Client certificate required. ... This error code is specific to IIS 6.0. ... If the web server is IIS6 on Win2K3, you can collect the web site's ...
    (microsoft.public.biztalk.general)
  • Programming a certificate handshake for IIS in VB.NET and ASP.NET
    ... running WebMethods and our site running IIS. ... When we set an IIS ... setting to "Ignore client certificate" or "Accept Client ...
    (microsoft.public.inetserver.iis.security)