Re: Cached Logon
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/22/04
- Next message: Roger Abell: "Re: Cached Logon"
- Previous message: Peter Kaufman: "To DMZ or not DMZ"
- In reply to: Roland Hall: "Re: Cached Logon"
- Next in thread: Roland Hall: "Re: Cached Logon"
- Reply: Roland Hall: "Re: Cached Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 04:29:44 -0700
>From what you have described, I am at a loss as to a
probable cause/explaination.
One thing I noticed in your reply was mention that you
understood browsing client authentications as
> It was my understanding that Windows would try to authenticate with the
> current credentials and only after failing would prompt for credentials.
Keep in mind that whether the IE browser will supply the Windows
credentials or not is configurable in the IE security settings.
This however does not seem to be a factor in what you have
described as some of the cross-test seem to rule this out.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Roland Hall" <nobody@nowhere> wrote in message
news:OZdeOn95EHA.1452@TK2MSFTNGP11.phx.gbl...
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:%23fCBKGh5EHA.2592@TK2MSFTNGP09.phx.gbl...
> : Why did you reference domain1 and domain2 ?
> : > domain1\administrator - domain2\administrator both have the same
> password.
> : What is their relationship to this?
> : It appears that the IIS and the SQL are installed on one machine ?
> : Is the XP used to access the asp pages allowed to provide "behind
> : the scenes" windows authentication information?
> : You are saying that the connection string used for ado is
> : identical on all three pages ?
>
> Domain1:
> Win2K Adv. Server
> DC
> AD
> DNS
> MS SQL 2K
> IIS
>
> Domain2:
> XP Pro SP2
>
> The folder on IIS holds all 3 .asp files.
> All 3 connect to MS SQL using the same exact code for the connection and
> same authentication.
> On the server I was logged in as domain1\administrator.
> On XP, I was logged in as domain2\administrator.
>
> When I tried to access StraightASP.asp, I was asked for credentials. I
> typed in domain1\administrator and that password which is the same
password
> used for the domain2\administrator. IIS, on that web server, uses Basic
and
> Integrated authentication only. MS SQL was set for SQL and Windows
> authentication.
>
> Only access the first page prompted me for credentials and then told me
> access was denied.
> The pages that used XML did not. The only difference between those files
is
> CSS in StraightXML1.asp and XSL in StraightXML2.asp.
>
> It was my understanding that Windows would try to authenticate with the
> current credentials and only after failing would prompt for credentials.
I
> also assumed that domain1\administrator would be treated differently than
> domain2\administrator even though they had the same password. It appeared
> that part worked correctly by requesting credentials but then failed to
> authenticate. Only a reboot of the server itself cleared the problem and
> ONLY the first file failed. The two others worked fine. And, when I
> renamed the first file, it also worked. Rename is back, it fails. Rename
> it to something else again, it works.
>
> So, where is it being cached by filename, failing authentication, but
> allowing it for other files with the same code? I restarted IIS, SQL and
> cleared IE cache and closed all IE windows and started fresh and still
only
> a reboot of the server cleared the apparent caching issue.
>
> I've never seen this issue and other than what I listed before the reboot,
I
> cannot reproduce the error.
>
> I knew it was not IE, but I tested all that I thought could possibly be
> involved. IE from the server and from the workstation both failed with
the
> same file and the other two worked on both. It apparently was happening
at
> the server level but I cannot prove it.
>
> This is the connection string in all 3 files: (The password is not blank.
> It has just been removed from here.)
>
> Function GetRecordset()
> Dim cnn
> Set cnn = CreateObject("ADODB.Connection")
> cnn.Open "Provider=SQLOLEDB.1;Initial Catalog=PUBS;Data
Source=localhost",
> "sa", ""
> Set GetRecordset = cnn.Execute("select * from authors")
> End Function
>
> The only thing different in the first file, when run the first time, was
an
> error in the file I received from MSFT. CatalogPUBS should have been
> Catalog=PUBS. All I did was add an the = sign and the password.
>
> --
> Roland Hall
> /* This information is distributed in the hope that it will be useful, but
> without any warranty; without even the implied warranty of merchantability
> or fitness for a particular purpose. */
> Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
> WSH 5.6 Documentation -
http://msdn.microsoft.com/downloads/list/webdev.asp
> MSDN Library - http://msdn.microsoft.com/library/default.asp
>
>
- Next message: Roger Abell: "Re: Cached Logon"
- Previous message: Peter Kaufman: "To DMZ or not DMZ"
- In reply to: Roland Hall: "Re: Cached Logon"
- Next in thread: Roland Hall: "Re: Cached Logon"
- Reply: Roland Hall: "Re: Cached Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
