Hello All,

I have a small ASP.Net Web application with a single aspx page.

Following code is written in page load of the Webform1.aspx

private void Page_Load(object sender, System.EventArgs e)

{

// Put user code to initialize the page here

Response.Write("Logged user is " + User.Identity.Name.ToString()+ "<br>" ) ;




}



Application is using Windows Integrated Authentication



When webform1.aspx is viewed in IE Browser it works fine but if we look at
the IIS Log file a 401 http code is logged.

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2005-10-21 11:08:46
#Fields: time c-ip cs-method cs-uri-stem sc-status

11:26:45 127.0.0.1 GET /test401/webform1.aspx 401
11:26:45 127.0.0.1 GET /test401/webform1.aspx 200



Can anybody has a clue regarding this??

If this is not the correct forum please redirect me to the correct one.



Thanks and Regards

Jagjeet Chahal

[quoted text, click to view]

That's normal. On the first access, IE tries anonymous first which
generates the 401.

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS

The 401 is expected. Think about it this way:

By default, the browser makes requests assuming no authentication is
required (because how is a browser supposed to magically know WHAT
authentication protocol an arbitrary server requires BEFORE ever making a
request to it? It doesn't. Thus, it assumes anonymous).

Suppose the browser makes an anonymous request to a server that REQUIRES
authentication and disallows anonymous. What should happen? The browser
didn't know about authentication requirements and thus tried anonymous
first, but the server requires authentication and thus MUST reject with a
401 response.

This 401 response is what you see logged prior to the 200.

The next question is why you did not see the 401 in the browser but just saw
the 200. Well, modern day browsers are aware of servers requiring
authentication, and when configured, the browser will attempt to
AUTO-AUTHENTICATE with the server using whatever acceptable authentication
protocols that are allowed by the server and client.

In your case, the browser auto-authenticated with Integrated authentication
(which is a series of request/response handshakes), and the end result is
that it succeeded and hence IE just displays the end result of a 200OK, and
that is also what the server logs.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
Hello All,

I have a small ASP.Net Web application with a single aspx page.

Following code is written in page load of the Webform1.aspx

private void Page_Load(object sender, System.EventArgs e)

{

// Put user code to initialize the page here

Response.Write("Logged user is " + User.Identity.Name.ToString()+ "<br>" ) ;




}



Application is using Windows Integrated Authentication



When webform1.aspx is viewed in IE Browser it works fine but if we look at
the IIS Log file a 401 http code is logged.

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2005-10-21 11:08:46
#Fields: time c-ip cs-method cs-uri-stem sc-status

11:26:45 127.0.0.1 GET /test401/webform1.aspx 401
11:26:45 127.0.0.1 GET /test401/webform1.aspx 200



Can anybody has a clue regarding this??

If this is not the correct forum please redirect me to the correct one.



Thanks and Regards

Jagjeet Chahal