Hi,

I have created a folder on my website which has basic authentication.
The website uses asp.

The only problem is in my secured folder, it only accepts the
username/password if you want to use html.
If you try and access an asp page it says the username/password does not
work.

????

Any Ideas Much Appreciated!

Many Thanks

JJ

For any permissions problem, enable auditing to see what is happening:

http://securityadmin.info/faq.asp#auditing


[quoted text, click to view]

Yes I have, but the problem appears to be a bit more complicated.
It seems to be something to do with the Global.asa file which is in the root
folder.
If I rename it, it all works ok!

JJ

[quoted text, click to view]

I assume you have the same problem as I did.

For the accounts that have access to this dir also add read and execute
rights on global.asa

PL.

Exactly what does auditing solve ? I've seen that standard answer
a lot of times but the messages you get in the logs are so cryptic
they are of no use at all.

If you are of another opinion please let me know how to intepret
the messages in the logs, they only say fail or succeeded, possibly
a user account and then some numbers.

PL.

"Karl Levinson [x y] mvp" <levinson_k@despammed.com> skrev i meddelandet news:e7feM0atDHA.2440@TK2MSFTNGP12.phx.gbl...
[quoted text, click to view]

Have you checked the NTFS permissions on the files/folders in question?

Cheers
Ken


[quoted text, click to view]
: Hi,
:
: I have created a folder on my website which has basic authentication.
: The website uses asp.
:
: The only problem is in my secured folder, it only accepts the
: username/password if you want to use html.
: If you try and access an asp page it says the username/password does not
: work.
:
: ????
:
: Any Ideas Much Appreciated!
:
: Many Thanks
:
: JJ
:
:

Hi,

The original problem was because of the global.asa permissions. I actually
got the problem again on a completely different website, which was because
the file I was calling was including other files.

I have to agree about auditing. All I learned from that was that it wouldn't
accept my username / password, which obviously I knew anyway.

What you really need in this situation is something that says 'you can't
access the resource because of permissions on file X'.

JJ


[quoted text, click to view]

Can you post the contents of your global.asa file?

Cheers
Ken

[quoted text, click to view]
: Yes I have, but the problem appears to be a bit more complicated.
: It seems to be something to do with the Global.asa file which is in the
root
: folder.
: If I rename it, it all works ok!
:
: JJ
:
[quoted text, click to view]
: > Have you checked the NTFS permissions on the files/folders in question?
: >
: > Cheers
: > Ken
: >
: >
[quoted text, click to view]
: > : Hi,
: > :
: > : I have created a folder on my website which has basic authentication.
: > : The website uses asp.
: > :
: > : The only problem is in my secured folder, it only accepts the
: > : username/password if you want to use html.
: > : If you try and access an asp page it says the username/password does
not
: > : work.
: > :
: > : ????
: > :
: > : Any Ideas Much Appreciated!
: > :
: > : Many Thanks
: > :
: > : JJ
: > :
: > :
: >
: >
:
:

Three things - first, there are a few different kinds of auditing, and file
auditing is different from auditing authentication [which I think are the .
Second, you have to be careful about what kind of auditing you enable so the
logs don't fill up with unrelated garbage. If you want to see file access
where permission is denied, only enable file access failures. Third,
auditing should show you which account is being denied access to which file,
and what kind of access [read, write, execute, etc.] is being requested.

Possibly neither of you actually read the FAQ or the link I took the time
out to post, because it states that file auditing is a two step process.
The second step, after enabling auditing, is to right-click on the folders
you wish to audit and enable auditing on those files in the NTFS security
properties. If you didn't do that, then we're not talking about the same
kind of auditing.

[quoted text, click to view]

If you or someone else hadn't found that web site, FILE auditing would have
helped you figure out that the global.asa file was the problem. That's why
file auditing can be helpful, because there are other locations such as
windowsroot\system32 or \program files\ where web users sometimes also need
permissions.

Even if you didn't have file auditing enabled, authentication auditing is
still possibly helpful, because people are often surprised to find that when
they select medium or high isolation in the application isolation settings,
the IWAM account may be used instead. That's the number one problem people
have when they find that .ASP files don't work.

[quoted text, click to view]

That's not file auditing.

[quoted text, click to view]

Exactly. Which is file auditing.


[quoted text, click to view]

I suspect you're not talking about file auditing.

[quoted text, click to view]

File auditing should give you the file name and type of access being
requested.

If you want to see individual file access denied messages you have two
options:

a) you can enable file access auditing on any/all files, and messages will
be logged to the Windows Event Log.
b) Alternatively, you can get the FileMon tool from www.sysinternals.com
which will log all file accesses (which users, and the result), and you can
filter for "access denied" errors.

However, your first step is to look in the Windows Event Log for user logon
type errors (you should always have, at least, failed logon attempts
logged). I'm sorry that you find such things cryptic, but information on the
various logon types, and the status codes can be found in Technet
(www.microsoft.com/technet/). If you want to admin a server, you *need* to
know about these things.

Cheers
Ken


[quoted text, click to view]
: Hi,
:
: The original problem was because of the global.asa permissions. I actually
: got the problem again on a completely different website, which was because
: the file I was calling was including other files.
:
: I have to agree about auditing. All I learned from that was that it
wouldn't
: accept my username / password, which obviously I knew anyway.
:
: What you really need in this situation is something that says 'you can't
: access the resource because of permissions on file X'.
:
: JJ
:
:
[quoted text, click to view]
: >
: > Exactly what does auditing solve ? I've seen that standard answer
: > a lot of times but the messages you get in the logs are so cryptic
: > they are of no use at all.
: >
: > If you are of another opinion please let me know how to intepret
: > the messages in the logs, they only say fail or succeeded, possibly
: > a user account and then some numbers.
: >
: > PL.
: >
: > "Karl Levinson [x y] mvp" <levinson_k@despammed.com> skrev i meddelandet
: news:e7feM0atDHA.2440@TK2MSFTNGP12.phx.gbl...
: > > For any permissions problem, enable auditing to see what is happening:
: > >
: > > http://securityadmin.info/faq.asp#auditing
: > >
: > >
[quoted text, click to view]
: > > >
: > > > I assume you have the same problem as I did.
: > > >
: > > > For the accounts that have access to this dir also add read and
: execute
: > > > rights on global.asa
: > > >
: > > > PL.
: > > >
: > > >
: > >
: > >
: >
: >
:
: