Hi eveyone,

If anyone could advise on the following I would be truly greatful:

I have a fairly standard set up. An IIS 5.1 website set up with anonymous
access allowed in all areas of the site but a secure subdirectory called
/secure/

I am using windows forms authentication and this is configured in my web.config
file.

All of this works perfectly when using IE. If i attempt to jump straight
into the secure directory without logging in - it boots me back to the login
page. If I log in, it lets me through no problems.

The problem is that this doesnt work in firefox or netscape.

When I put in my username and password they either popup a box asking for
another username and password (which i don't know) or it takes me directly
to the standard 401.2 page which tells me the following:

[quoted text, click to view]
This is usually caused by a server-side script not sending the proper WWW-Authenticate
header field. Using Active Server Pages scripting this is done by using the
AddHeader method of the Response object to request that the client use a
certain authentication method to access the resource.

Can anyone advise me why IE is working and the other browsers arent. I have
read some information that suggests that it could be because the secure directory
is set up to use Windows Integrated Security but I'm sure that hasnt mattered
before with other sites and I don't know how else to set the sites up. I
don't want usernames etc sent in plain text etc

Thanks to anyone who can share any information

Thanks all

TCE

Hi,

In addition to David's question, can you clarify whether you are talking
about ASP.NET "Forms Authentication", or you are talking about Windows
Authentication (again configurable in web.config, but might also require
some configuration in IIS).

Cheers
Ken

--
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com


[quoted text, click to view]
: If the server is configured to require a particular authentication
protocol
: and the browser refuses to support it, then you get a 401.2. That behavior
: is by-design.
:
: Either fix the browser to support the authentication protocol of the
server,
: or change the authentication protocol required by the server.
:
: I do not know what you mean by "windows forms authentication " -- can you
: give me the Authentication configuration of /secure inside of IIS Manager
UI
: (web.config is not involved).
:
: I am pretty certain that Firefox supports Integrated Windows
Authentication.
: So, either your configuration is not what you said, or you've got
something
: else misconfigured.
:
: --
: //David
: IIS
: http://blogs.msdn.com/David.Wang
: This posting is provided "AS IS" with no warranties, and confers no
rights.
: //
[quoted text, click to view]
: Hi eveyone,
:
: If anyone could advise on the following I would be truly greatful:
:
: I have a fairly standard set up. An IIS 5.1 website set up with anonymous
: access allowed in all areas of the site but a secure subdirectory called
: /secure/
:
: I am using windows forms authentication and this is configured in my
: web.config
: file.
:
: All of this works perfectly when using IE. If i attempt to jump straight
: into the secure directory without logging in - it boots me back to the
login
: page. If I log in, it lets me through no problems.
:
: The problem is that this doesnt work in firefox or netscape.
:
: When I put in my username and password they either popup a box asking for
: another username and password (which i don't know) or it takes me directly
: to the standard 401.2 page which tells me the following:
:
: > HTTP 401.2 - Unauthorized: Logon failed due to server configuration
: > Background:
: This is usually caused by a server-side script not sending the proper
: WWW-Authenticate
: header field. Using Active Server Pages scripting this is done by using
the
: AddHeader method of the Response object to request that the client use a
: certain authentication method to access the resource.
:
: Can anyone advise me why IE is working and the other browsers arent. I
have
: read some information that suggests that it could be because the secure
: directory
: is set up to use Windows Integrated Security but I'm sure that hasnt
: mattered
: before with other sites and I don't know how else to set the sites up. I
: don't want usernames etc sent in plain text etc
:
: Thanks to anyone who can share any information
:
: Thanks all
:
: TCE
:
:
:

If the server is configured to require a particular authentication protocol
and the browser refuses to support it, then you get a 401.2. That behavior
is by-design.

Either fix the browser to support the authentication protocol of the server,
or change the authentication protocol required by the server.

I do not know what you mean by "windows forms authentication " -- can you
give me the Authentication configuration of /secure inside of IIS Manager UI
(web.config is not involved).

I am pretty certain that Firefox supports Integrated Windows Authentication.
So, either your configuration is not what you said, or you've got something
else misconfigured.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
Hi eveyone,

If anyone could advise on the following I would be truly greatful:

I have a fairly standard set up. An IIS 5.1 website set up with anonymous
access allowed in all areas of the site but a secure subdirectory called
/secure/

I am using windows forms authentication and this is configured in my
web.config
file.

All of this works perfectly when using IE. If i attempt to jump straight
into the secure directory without logging in - it boots me back to the login
page. If I log in, it lets me through no problems.

The problem is that this doesnt work in firefox or netscape.

When I put in my username and password they either popup a box asking for
another username and password (which i don't know) or it takes me directly
to the standard 401.2 page which tells me the following:

[quoted text, click to view]
This is usually caused by a server-side script not sending the proper
WWW-Authenticate
header field. Using Active Server Pages scripting this is done by using the
AddHeader method of the Response object to request that the client use a
certain authentication method to access the resource.

Can anyone advise me why IE is working and the other browsers arent. I have
read some information that suggests that it could be because the secure
directory
is set up to use Windows Integrated Security but I'm sure that hasnt
mattered
before with other sites and I don't know how else to set the sites up. I
don't want usernames etc sent in plain text etc

Thanks to anyone who can share any information

Thanks all

TCE

Sorry all,

Thanks for you're help so far.

I was meaning to say that Forms Authentication is configured is the web.config
and Integrated Windows Authentication is selected in the Authentication Methods
section of IIS.

The relevant section is the web.config file is:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="ICIAuthTicket" timeout="30" path="/"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then further along i have:

<location path="secure">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

I really never have figured out how IIS and ASP.net security works. And its
not for wnat of trying either. I find the resources on the subject all ambiguous
or contrary to something else that I've read :-(

I'd really appreciate any suggestions on how to tackle my current problem
though

Thanks again

TCE