|
|
You're in the
iis security
group:Integrated Windows Authentication - 401: Access Denied
iis security:
Developing .NET application to acccess web services. In IIS, if Integrated
Windows Authentication is turned on, I get a 401: Access Denied error. However, if I turn off Integrated Windows Authentication and turn on Basic Authentication I am able to authenticate the user with no problem. I am having the same problem with ASP.NET applications, unable to authenticate the user through Windows prompt for Integrated Windows Authentication, but Basic Authentication works fine. This test is being run on the same machine (web server is the same machine as the development machine).
IIS version?
If IIS6, if you use Integrated Authentication AND your machine is in a domain AND you customized the Application Pool Identity AND you failed to setspn the new identity as specified by documentation, then you can see this due to user misconfiguration. You may also look at any double-hop situation in your application because that can also show up as a 401 using Integrated and succeed with basic -- because Basic is less secure. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Garth" <Garth@discussions.microsoft.com> wrote in message news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com... > Developing .NET application to acccess web services. In IIS, if > Integrated > Windows Authentication is turned on, I get a 401: Access Denied error. > However, if I turn off Integrated Windows Authentication and turn on Basic > Authentication I am able to authenticate the user with no problem. > > I am having the same problem with ASP.NET applications, unable to > authenticate the user through Windows prompt for Integrated Windows > Authentication, but Basic Authentication works fine. > > This test is being run on the same machine (web server is the same machine > as the development machine). > > Does anyone have any ideas?
Thank you for the response.
IIS is ver 5. Machine is not in a Domain, did not customize the app. pool id. I did add the user account to the Debugger Users group. If I turn Integrated Windows Authentication on and debug an ASP app from within VS.NET, I am automatically logged in and identified, no problem. If I irun the same ASP application from a browser (outside the IDE) the Integrated Windows Authentication fails. Very Strange. [quoted text, click to view] "David Wang [Msft]" wrote:
> IIS version? > > If IIS6, if you use Integrated Authentication AND your machine is in a > domain AND you customized the Application Pool Identity AND you failed to > setspn the new identity as specified by documentation, then you can see this > due to user misconfiguration. > > You may also look at any double-hop situation in your application because > that can also show up as a 401 using Integrated and succeed with basic -- > because Basic is less secure. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > > "Garth" <Garth@discussions.microsoft.com> wrote in message > news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com... > > Developing .NET application to acccess web services. In IIS, if > > Integrated > > Windows Authentication is turned on, I get a 401: Access Denied error. > > However, if I turn off Integrated Windows Authentication and turn on Basic > > Authentication I am able to authenticate the user with no problem. > > > > I am having the same problem with ASP.NET applications, unable to > > authenticate the user through Windows prompt for Integrated Windows > > Authentication, but Basic Authentication works fine. > > > > This test is being run on the same machine (web server is the same machine > > as the development machine). > > > > Does anyone have any ideas? > >
try using iis authdiag, make sure all your permissions are squared away.
usually that is a kerberos issue, check this out: http://support.microsoft.com/default.aspx?scid=kb;en-us;215383 [quoted text, click to view] "Garth" <Garth@discussions.microsoft.com> wrote in message news:3CED8F08-2CD4-48CB-A9C1-8C0CEC41B1B3@microsoft.com... > Thank you for the response. > > IIS is ver 5. > > Machine is not in a Domain, did not customize the app. pool id. I did add > the user account to the Debugger Users group. If I turn Integrated > Windows > Authentication on and debug an ASP app from within VS.NET, I am > automatically > logged in and identified, no problem. If I irun the same ASP application > from a browser (outside the IDE) the Integrated Windows Authentication > fails. > > Very Strange. > > "David Wang [Msft]" wrote: > >> IIS version? >> >> If IIS6, if you use Integrated Authentication AND your machine is in a >> domain AND you customized the Application Pool Identity AND you failed to >> setspn the new identity as specified by documentation, then you can see >> this >> due to user misconfiguration. >> >> You may also look at any double-hop situation in your application because >> that can also show up as a 401 using Integrated and succeed with basic -- >> because Basic is less secure. >> >> -- >> //David >> IIS >> http://blogs.msdn.com/David.Wang >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> // >> >> "Garth" <Garth@discussions.microsoft.com> wrote in message >> news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com... >> > Developing .NET application to acccess web services. In IIS, if >> > Integrated >> > Windows Authentication is turned on, I get a 401: Access Denied error. >> > However, if I turn off Integrated Windows Authentication and turn on >> > Basic >> > Authentication I am able to authenticate the user with no problem. >> > >> > I am having the same problem with ASP.NET applications, unable to >> > authenticate the user through Windows prompt for Integrated Windows >> > Authentication, but Basic Authentication works fine. >> > >> > This test is being run on the same machine (web server is the same >> > machine >> > as the development machine). >> > >> > Does anyone have any ideas? >> >> >>
Followed steps in the article and got the expected results:
NTAuthenticationProviders : (STRING) "Negotiate,NTLM" It has to be something simple, but haven't found it yet. [quoted text, click to view] "Consultant" wrote:
> try using iis authdiag, make sure all your permissions are squared away. > usually that is a kerberos issue, check this out: > > http://support.microsoft.com/default.aspx?scid=kb;en-us;215383 > > > "Garth" <Garth@discussions.microsoft.com> wrote in message > news:3CED8F08-2CD4-48CB-A9C1-8C0CEC41B1B3@microsoft.com... > > Thank you for the response. > > > > IIS is ver 5. > > > > Machine is not in a Domain, did not customize the app. pool id. I did add > > the user account to the Debugger Users group. If I turn Integrated > > Windows > > Authentication on and debug an ASP app from within VS.NET, I am > > automatically > > logged in and identified, no problem. If I irun the same ASP application > > from a browser (outside the IDE) the Integrated Windows Authentication > > fails. > > > > Very Strange. > > > > "David Wang [Msft]" wrote: > > > >> IIS version? > >> > >> If IIS6, if you use Integrated Authentication AND your machine is in a > >> domain AND you customized the Application Pool Identity AND you failed to > >> setspn the new identity as specified by documentation, then you can see > >> this > >> due to user misconfiguration. > >> > >> You may also look at any double-hop situation in your application because > >> that can also show up as a 401 using Integrated and succeed with basic -- > >> because Basic is less secure. > >> > >> -- > >> //David > >> IIS > >> http://blogs.msdn.com/David.Wang > >> This posting is provided "AS IS" with no warranties, and confers no > >> rights. > >> // > >> > >> "Garth" <Garth@discussions.microsoft.com> wrote in message > >> news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com... > >> > Developing .NET application to acccess web services. In IIS, if > >> > Integrated > >> > Windows Authentication is turned on, I get a 401: Access Denied error. > >> > However, if I turn off Integrated Windows Authentication and turn on > >> > Basic > >> > Authentication I am able to authenticate the user with no problem. > >> > > >> > I am having the same problem with ASP.NET applications, unable to > >> > authenticate the user through Windows prompt for Integrated Windows > >> > Authentication, but Basic Authentication works fine. > >> > > >> > This test is being run on the same machine (web server is the same > >> > machine > >> > as the development machine). > >> > > >> > Does anyone have any ideas? > >> > >> > >> > >
did you create an spn?
[quoted text, click to view] "Garth" <Garth@discussions.microsoft.com> wrote in message news:A73E3580-C344-4D45-B27D-D13F72B3409E@microsoft.com... > Followed steps in the article and got the expected results: > > NTAuthenticationProviders : (STRING) "Negotiate,NTLM" > > It has to be something simple, but haven't found it yet. > > > "Consultant" wrote: > >> try using iis authdiag, make sure all your permissions are squared away. >> usually that is a kerberos issue, check this out: >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;215383 >> >> >> "Garth" <Garth@discussions.microsoft.com> wrote in message >> news:3CED8F08-2CD4-48CB-A9C1-8C0CEC41B1B3@microsoft.com... >> > Thank you for the response. >> > >> > IIS is ver 5. >> > >> > Machine is not in a Domain, did not customize the app. pool id. I did >> > add >> > the user account to the Debugger Users group. If I turn Integrated >> > Windows >> > Authentication on and debug an ASP app from within VS.NET, I am >> > automatically >> > logged in and identified, no problem. If I irun the same ASP >> > application >> > from a browser (outside the IDE) the Integrated Windows Authentication >> > fails. >> > >> > Very Strange. >> > >> > "David Wang [Msft]" wrote: >> > >> >> IIS version? >> >> >> >> If IIS6, if you use Integrated Authentication AND your machine is in a >> >> domain AND you customized the Application Pool Identity AND you failed >> >> to >> >> setspn the new identity as specified by documentation, then you can >> >> see >> >> this >> >> due to user misconfiguration. >> >> >> >> You may also look at any double-hop situation in your application >> >> because >> >> that can also show up as a 401 using Integrated and succeed with >> >> basic -- >> >> because Basic is less secure. >> >> >> >> -- >> >> //David >> >> IIS >> >> http://blogs.msdn.com/David.Wang >> >> This posting is provided "AS IS" with no warranties, and confers no >> >> rights. >> >> // >> >> >> >> "Garth" <Garth@discussions.microsoft.com> wrote in message >> >> news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com... >> >> > Developing .NET application to acccess web services. In IIS, if >> >> > Integrated >> >> > Windows Authentication is turned on, I get a 401: Access Denied >> >> > error. >> >> > However, if I turn off Integrated Windows Authentication and turn on >> >> > Basic >> >> > Authentication I am able to authenticate the user with no problem. >> >> > >> >> > I am having the same problem with ASP.NET applications, unable to >> >> > authenticate the user through Windows prompt for Integrated Windows >> >> > Authentication, but Basic Authentication works fine. >> >> > >> >> > This test is being run on the same machine (web server is the same >> >> > machine >> >> > as the development machine). >> >> > >> >> > Does anyone have any ideas? >> >> >> >> >> >> >> >> >>
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |