Re: 401.3 when logging in as user on the same system
- From: Chris <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Jul 2008 02:17:02 -0700
Great response David.
The odd thing is, though, we get the correct application / developed error
page if a random username is tried. But if we use a username that's on the
server (yet doesnt have access to the site, yet we try to login anyway) we
get the IIS custom error. So, does work, but if a system username is used it
doesn't. Does that make sense?
Thanks
Chris
"David Wang" wrote:
This is because the Custom Error you configure in IIS is not applied.
nor accepted by all applications running on IIS. This hybrid approach
gives a great deal of power/control to the applications, but it can
also frustrate system administrators who want to have consistent
Custom Errors returned by all the applications running on the web
server.
This represents a constant struggle between the System Administrator
and the Application Developer with IIS stuck in the middle, and IIS
makes various tradeoffs favoring one side or the other. What is clear
is that you often cannot make both parties happy at the same time with
any configuration.
When you don't provide the correct username/password to even login,
IIS Custom Errors take effect, partly because the Application isn't
even invoked yet (IIS has to first authenticate correctly, THEN
execute Application using that logon identity). System Administrators
get their day at the expense of Application control. Now, some
Application Developers want to control those error cases as well and
handle it programmatically, and it possible to configure IIS to do so.
Thus, Application Developers can also get their way at the expense of
System Administrator. The battle continues... and who gets the last
technical word? System Administrators, who may not allow such
configuration by the Developer.
When you provide a correct username/password to login, the Application
and its configuration takes over, so when the user fails to
subsequently access resources as the application, you get the
application-defined Custom Errors -- IIS knows nothing about access
issues at this point since it has transferred control to the
application. Thus, Application Developers get full control, and there
is no way for System Administrator to insert their desired Custom
Errors. Now, it is also possible for System Administrators to force
Application Developers to use a standardized Custom Error output
module, which the System Administrator can control with Custom Error
configuration, but there is no assurances that the developer follows
such rules unless there is friendship or external political pressure.
As you can see, this is really a cat-and-mouse game between the System
Administrator and Application Developer, and there is no definitive
"winner" by default.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Jul 8, 7:10 am, Chris <Ch...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks Bernard,
The user that has access to the site has modify access to the whole
directory along with the IIS_WPG. What we need to do is find out why we're
getting different error pages when a user (that doesn't have permission to
the site) tries to access the site 3 times.
Does that make sense?
Thanks
Chris
"Bernard Cheah [MVP]" wrote:
Can you post the iis log for those error request?
if you have custom error pages, make sure you configure the correct model
(IIS or .NET),
then ensure the user has at least READ access to those pages.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"Chris" <Ch...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE1A99E3-0140-44ED-923C-3ADD8460536A@xxxxxxxxxxxxxxxx
Thanks for the reply.
The log is showing a user that is on the same server I tested with. This
user should not have access, and it does get denied, but it's showing the
wrong custom error page.
what I think it is, because the user account doesnt have access to the 404
page we designed via permissions. It has the IUSR_servername but as we're
trying to log in with an account that exists on the server already, the
permissions aren't the same as if the IUSR_servername is being used. Can
you
shed any light on this?
Thanks
Chris
"Bernard Cheah [MVP]" wrote:
401.3 is permission related. check the log file and see what user is
accessing the resource.
..net error msgs and IIS custom error msgs are different.
iis -
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Librar....
..net -http://support.microsoft.com/kb/910434
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"Chris" <Ch...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F6EAB26F-5E17-40B5-8FF6-2D0D9D4A30F7@xxxxxxxxxxxxxxxx
Hi all.
I have a website. I have directory security (Directory Security from
the
website properties tab) for the whole site turned off for the IUSR
account,
so you need a windows login for access to this site.
Now, the user for the site that has modify permissions has full access
and
no issues. When you keep pressing OK / or cancel at the login for the
website
without putting a username in or you put a random one in you get the
correct
401.3 page that is setup for the website, and each page thereafter..
Now, if I use a username that is on the same system to try and login,
the
401.3 is NOT the page that I've setup in the custom errors. Instead I
get:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Access is denied.
Description: An error occurred while accessing the resources required
to
serve this request. You might not have permission to view the requested
resources.
Error message 401.3: You do not have permission to view this directory
or
page using the credentials you supplied (access denied due to Access
Control
Lists). Ask the Web server's administrator to give you access.
...which is the default IIS / .NET error page.
Why do I see this instead of the correct custom error I setup in the
site
properties and also the actual page properties?
Thanks
chris- Hide quoted text -
- Show quoted text -
- Follow-Ups:
- Re: 401.3 when logging in as user on the same system
- From: David Wang
- Re: 401.3 when logging in as user on the same system
- References:
- Re: 401.3 when logging in as user on the same system
- From: Bernard Cheah [MVP]
- Re: 401.3 when logging in as user on the same system
- From: Chris
- Re: 401.3 when logging in as user on the same system
- From: David Wang
- Re: 401.3 when logging in as user on the same system
- Prev by Date: Re: IIS raises an exception when I use https to connect WCF servic
- Next by Date: Re: 401.3 when logging in as user on the same system
- Previous by thread: Re: 401.3 when logging in as user on the same system
- Next by thread: Re: 401.3 when logging in as user on the same system
- Index(es):
Relevant Pages
|
