| Groups | Blog | Home |
iis security : IIS and Integrated Windows Authentication
We have a problem with our ASP.NET application and the IIS in our company: As soon as you disable the "Anonymous access" and use the integrated Windows Authentication, some users (it is only XP-profile dependant, not PC dependant !) receive a "Bad Request" when calling the startpage. If you look closely at the communication with a sniffer, there you see an "authentication failed" error before receiving the "Bad request" one. I also made a simple ASP.NET page with an asp-button on it without any functionality and the same settings for the IIS. And guess what ???? The error also appears ! So no problem with our program. We have no idea what to do any further ............ Any ideas would be welcome ! Thank you all for your support !
Hmmm, thanks.
But why does this not happen to ALL people, but only a few with their certain profile. How can this be profile related ? In the company each one has the same installation and updates. Some have more software than others. But in the end, the browser configuration is the same to all. I thought if I activate "Integrated WIndows Authentication", the login of the user is used automatically and all the rights for drives and so on are taken from the Active Directory, as it is for all who do not get the error ? [quoted text, click to view] "Miha Pihler" wrote:
> Hi, > > You will always get authentication failed on a website that is not > accessible anonymously. This is "caused" by web browser (any of them) trying > to access site anonymously (browser can't know beforehand that site is > protected). Once the site returns "authentication failed" it will return > list of authentication options that it will support (e.g. IA, Basic, ...). > > INFO: How IIS Authenticates Browser Clients > http://support.microsoft.com/default.aspx?scid=kb;en-us;264921 > > Mike > > "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message > news:6BC95DC9-1E4F-4DCE-B6DE-CE2B17CA9DF3@microsoft.com... > > Hello @ll :) > > > > We have a problem with our ASP.NET application and the IIS in our company: > > > > As soon as you disable the "Anonymous access" and use the integrated > > Windows > > Authentication, some users (it is only XP-profile dependant, not PC > > dependant > > !) receive a "Bad Request" when calling the startpage. If you look closely > > at > > the communication with a sniffer, there you see an "authentication failed" > > error before receiving the "Bad request" one. > > > > I also made a simple ASP.NET page with an asp-button on it without any > > functionality and the same settings for the IIS. And guess what ???? > > The error also appears ! > > > > So no problem with our program. > > > > We have no idea what to do any further ............ > > Any ideas would be welcome ! > > > > Thank you all for your support ! > > > > Christian > >
That's sure :))
Erm, yes, that's what other guys told me, too. It is in the local intranet of our comapny and also added to the trusted ones. As I said, for most of the people it works, but there are few which cannot access it, because of some settings in their profile. And that is making me crazy :)) [quoted text, click to view] "Miha Pihler" wrote:
> Integrated Authentication works only for sites that are located in Local > Intranet zone in IE (if you think logically, why would browser send your > credentials to just any site on the _internet_ that would request them ;-) > ....). This would be default be e.g. http://site/ but not > http://site.domain.com or http://10.10.10.10 (where 10.10.10.10 is IP of > site.domain.com). If you add http://site.domain.com to your Local Intranet > Zone your browser will then use IA for when client accesses this site. > > You can centrally manage IE Zones using group policy and Active Directory. > > Mike > > "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message > news:1B2F0B06-EF5F-482B-B44D-E8DBB20DCB11@microsoft.com... > > Hmmm, thanks. > > > > But why does this not happen to ALL people, but only a few with their > > certain profile. > > How can this be profile related ? In the company each one has the same > > installation and updates. Some have more software than others. But in the > > end, the browser configuration is the same to all. > > I thought if I activate "Integrated WIndows Authentication", the login of > > the user is used automatically and all the rights for drives and so on are > > taken from the Active Directory, as it is for all who do not get the error > > ? > > > > "Miha Pihler" wrote: > > > >> Hi, > >> > >> You will always get authentication failed on a website that is not > >> accessible anonymously. This is "caused" by web browser (any of them) > >> trying > >> to access site anonymously (browser can't know beforehand that site is > >> protected). Once the site returns "authentication failed" it will return > >> list of authentication options that it will support (e.g. IA, Basic, > >> ...). > >> > >> INFO: How IIS Authenticates Browser Clients > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921 > >> > >> Mike > >> > >> "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message > >> news:6BC95DC9-1E4F-4DCE-B6DE-CE2B17CA9DF3@microsoft.com... > >> > Hello @ll :) > >> > > >> > We have a problem with our ASP.NET application and the IIS in our > >> > company: > >> > > >> > As soon as you disable the "Anonymous access" and use the integrated > >> > Windows > >> > Authentication, some users (it is only XP-profile dependant, not PC > >> > dependant > >> > !) receive a "Bad Request" when calling the startpage. If you look > >> > closely > >> > at > >> > the communication with a sniffer, there you see an "authentication > >> > failed" > >> > error before receiving the "Bad request" one. > >> > > >> > I also made a simple ASP.NET page with an asp-button on it without any > >> > functionality and the same settings for the IIS. And guess what ???? > >> > The error also appears ! > >> > > >> > So no problem with our program. > >> > > >> > We have no idea what to do any further ............ > >> > Any ideas would be welcome ! > >> > > >> > Thank you all for your support ! > >> > > >> > Christian > >> > >> > >> > >
Hi,
You will always get authentication failed on a website that is not accessible anonymously. This is "caused" by web browser (any of them) trying to access site anonymously (browser can't know beforehand that site is protected). Once the site returns "authentication failed" it will return list of authentication options that it will support (e.g. IA, Basic, ...). INFO: How IIS Authenticates Browser Clients http://support.microsoft.com/default.aspx?scid=kb;en-us;264921 Mike [quoted text, click to view] "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message news:6BC95DC9-1E4F-4DCE-B6DE-CE2B17CA9DF3@microsoft.com... > Hello @ll :) > > We have a problem with our ASP.NET application and the IIS in our company: > > As soon as you disable the "Anonymous access" and use the integrated > Windows > Authentication, some users (it is only XP-profile dependant, not PC > dependant > !) receive a "Bad Request" when calling the startpage. If you look closely > at > the communication with a sniffer, there you see an "authentication failed" > error before receiving the "Bad request" one. > > I also made a simple ASP.NET page with an asp-button on it without any > functionality and the same settings for the IIS. And guess what ???? > The error also appears ! > > So no problem with our program. > > We have no idea what to do any further ............ > Any ideas would be welcome ! > > Thank you all for your support ! > > Christian
Integrated Authentication works only for sites that are located in Local
Intranet zone in IE (if you think logically, why would browser send your credentials to just any site on the _internet_ that would request them ;-) ....). This would be default be e.g. http://site/ but not http://site.domain.com or http://10.10.10.10 (where 10.10.10.10 is IP of site.domain.com). If you add http://site.domain.com to your Local Intranet Zone your browser will then use IA for when client accesses this site. You can centrally manage IE Zones using group policy and Active Directory. Mike [quoted text, click to view] "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message news:1B2F0B06-EF5F-482B-B44D-E8DBB20DCB11@microsoft.com... > Hmmm, thanks. > > But why does this not happen to ALL people, but only a few with their > certain profile. > How can this be profile related ? In the company each one has the same > installation and updates. Some have more software than others. But in the > end, the browser configuration is the same to all. > I thought if I activate "Integrated WIndows Authentication", the login of > the user is used automatically and all the rights for drives and so on are > taken from the Active Directory, as it is for all who do not get the error > ? > > "Miha Pihler" wrote: > >> Hi, >> >> You will always get authentication failed on a website that is not >> accessible anonymously. This is "caused" by web browser (any of them) >> trying >> to access site anonymously (browser can't know beforehand that site is >> protected). Once the site returns "authentication failed" it will return >> list of authentication options that it will support (e.g. IA, Basic, >> ...). >> >> INFO: How IIS Authenticates Browser Clients >> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921 >> >> Mike >> >> "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message >> news:6BC95DC9-1E4F-4DCE-B6DE-CE2B17CA9DF3@microsoft.com... >> > Hello @ll :) >> > >> > We have a problem with our ASP.NET application and the IIS in our >> > company: >> > >> > As soon as you disable the "Anonymous access" and use the integrated >> > Windows >> > Authentication, some users (it is only XP-profile dependant, not PC >> > dependant >> > !) receive a "Bad Request" when calling the startpage. If you look >> > closely >> > at >> > the communication with a sniffer, there you see an "authentication >> > failed" >> > error before receiving the "Bad request" one. >> > >> > I also made a simple ASP.NET page with an asp-button on it without any >> > functionality and the same settings for the IIS. And guess what ???? >> > The error also appears ! >> > >> > So no problem with our program. >> > >> > We have no idea what to do any further ............ >> > Any ideas would be welcome ! >> > >> > Thank you all for your support ! >> > >> > Christian >> >> >>
There is not much I can do...
You can try and reset IE settings (Open IE -> Tools -> Internet Options -> Advanced tab -> Restore Defaults). Also compare Security settings (Open IE -> Tools -> Internet Options -> Security) between working and non-working computers. You can also try and disable IA in IE under Advanced tab just for a test (you will have to reboot the computer). Mike [quoted text, click to view] "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message news:5E30F6EF-E8A8-4D27-A1EC-38F0FA4E3C50@microsoft.com... > That's sure :)) > Erm, yes, that's what other guys told me, too. It is in the local intranet > of our comapny and also added to the trusted ones. As I said, for most of > the > people it works, but there are few which cannot access it, because of some > settings in their profile. And that is making me crazy :)) > > "Miha Pihler" wrote: > >> Integrated Authentication works only for sites that are located in Local >> Intranet zone in IE (if you think logically, why would browser send your >> credentials to just any site on the _internet_ that would request them >> ;-) >> ....). This would be default be e.g. http://site/ but not >> http://site.domain.com or http://10.10.10.10 (where 10.10.10.10 is IP of >> site.domain.com). If you add http://site.domain.com to your Local >> Intranet >> Zone your browser will then use IA for when client accesses this site. >> >> You can centrally manage IE Zones using group policy and Active >> Directory. >> >> Mike >> >> "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message >> news:1B2F0B06-EF5F-482B-B44D-E8DBB20DCB11@microsoft.com... >> > Hmmm, thanks. >> > >> > But why does this not happen to ALL people, but only a few with their >> > certain profile. >> > How can this be profile related ? In the company each one has the same >> > installation and updates. Some have more software than others. But in >> > the >> > end, the browser configuration is the same to all. >> > I thought if I activate "Integrated WIndows Authentication", the login >> > of >> > the user is used automatically and all the rights for drives and so on >> > are >> > taken from the Active Directory, as it is for all who do not get the >> > error >> > ? >> > >> > "Miha Pihler" wrote: >> > >> >> Hi, >> >> >> >> You will always get authentication failed on a website that is not >> >> accessible anonymously. This is "caused" by web browser (any of them) >> >> trying >> >> to access site anonymously (browser can't know beforehand that site is >> >> protected). Once the site returns "authentication failed" it will >> >> return >> >> list of authentication options that it will support (e.g. IA, Basic, >> >> ...). >> >> >> >> INFO: How IIS Authenticates Browser Clients >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921 >> >> >> >> Mike >> >> >> >> "Viperlein" <Viperlein@discussions.microsoft.com> wrote in message >> >> news:6BC95DC9-1E4F-4DCE-B6DE-CE2B17CA9DF3@microsoft.com... >> >> > Hello @ll :) >> >> > >> >> > We have a problem with our ASP.NET application and the IIS in our >> >> > company: >> >> > >> >> > As soon as you disable the "Anonymous access" and use the integrated >> >> > Windows >> >> > Authentication, some users (it is only XP-profile dependant, not PC >> >> > dependant >> >> > !) receive a "Bad Request" when calling the startpage. If you look >> >> > closely >> >> > at >> >> > the communication with a sniffer, there you see an "authentication >> >> > failed" >> >> > error before receiving the "Bad request" one. >> >> > >> >> > I also made a simple ASP.NET page with an asp-button on it without >> >> > any >> >> > functionality and the same settings for the IIS. And guess what ???? >> >> > The error also appears ! >> >> > >> >> > So no problem with our program. >> >> > >> >> > We have no idea what to do any further ............ >> >> > Any ideas would be welcome ! >> >> > >> >> > Thank you all for your support ! >> >> > >> >> > Christian >> >> >> >> >> >> >> >> >>
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |