iis security: [quoted text, click to view]

Of course it's possible, but what's the issue - the authentication dialog?
Is this the problem?
http://support.microsoft.com/default.aspx?scid=kb;en-us;258063&Product=ie600

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

Hi,

Running IIS5 on Windows 2000.

We have a web-site running, accessible from the "outside" as www.yyy.zzz

The question is: Is it possible to access this web-site from within the
domain? Whenever I try to call www.yyy.zzz, I get a login popup. Of course,
I'm authenticated within our domain.

Any chance?

Norb

[quoted text, click to view]

In some way. It looks like as if the local IUSR anonymous login is not used.

In the properties section of the external web-site in Internet Information
Services, Directory Security, both anonymous access and Integrated Windows
authentication are ticked.

Maybe the server running IIS does not get a chance to verify the internal
user, it's not a DC.

I'm puzzled.

Norb

Is this server NAT'd?
Is the IP that you are using to access the server a public or private IP?
Based on your description it sounds like it's a public ip.
Is this server in a DMZ?
Can you try to browse the site using the private IP? What are the results?
When you access this site externally are you prompted for credentials?
Should anonymous users have access to this site?
If you go ahead and pass your credentials when prompted can you access the
site?
Does browsing the site using the netbios name of the server work?

There's the potential for several different problems here. You can have
anonymous access enabled in IIS, but still deny anonymous access to
portions of your site or all of your site by restricting NTFS permissions
to your content. It could also be that the anonymous account isn't
synchronized between the NT account and IIS's metabase. This is all
assuming that anonymous access is supposed to be allowed.

If the issue is getting prompted for credentials it could be that HTTP
keep-alives have been disabled. It could also be that you are accessing
the site with the public IP, in which case a proxy or other network device
is most likely getting in the way. Integrated Windows Authentication
requires a point-to-point connection. Check out
<http://support.microsoft.com/?id=264921>. Also, make sure that the user
that is trying to access the site has proper permissions to the content.

Browsing the site via the public given that you have anonymous access
enabled you should not have any issues as long as the iusr account has
rights to the content, the credentials for the iusr account in the metabase
are correct, and http://support.microsoft.com/?id=271071

Regards,

Eric

This posting is provided "AS IS" with no warranties, and confers no rights.