| Groups | Blog | Home |
iis security : Basic Authentication - Sometimes No Prompt
Server: Windows 2000, SP4, IIS 5.0, teamshare and SQL 2000. sub-site (Default web/cr) has Basic Authentication Checked, only. NTFS security for /cr folder allows Authenticated Users, Administrators, System and denys Anonymous Most of the time a user is prompted for an ID and password. The ID is pulled from Request.ServerVariables("Auth_User") and displayed on the page. Sometimes the user is not prompted for an ID/PW and the ID displayed on the page is the name of the last person to logon. The user would then click several links and eventually they will be prompted for an ID/PW. Each asp page has the following coded at the top: Response.Expires = 0 Response.Expiresabsolute = Now() - 1 Response.AddHeader "pragma","no-cache" Response.AddHeader "cache-control","private" Response.CacheControl = "no-cache" response.buffer=true Between the DSL modem and server is a firewall and switch. The IIS log shows the following: #Software: Microsoft Internet Information Services 5.0 #Version: 1.0 #Date: 2005-05-19 12:38:13 #Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Referer) (Note: Server is 127.0.0.0 401.5=id/pw prompt) 2005-05-19 12:38:13 127.0.0.1 - 127.0.0.1 80 GET /ucr/ - 401 5 4634 606 100 HTTP/1.1 127.0.0.1 ... 2005-05-19 12:38:24 127.0.0.1 - 127.0.0.1 80 GET /cr - 401 5 4634 748 10 HTTP/1.1 127.0.0.1 ... 2005-05-19 12:38:33 127.0.0.1 templateuser 127.0.0.1 80 GET /cr/ - 302 0 277 429 60 HTTP/1.1 127.0.0.1 ... 2005-05-19 12:38:37 127.0.0.1 templateuser 127.0.0.1 80 GET /cr/Default.asp - 200 0 0 430 3876 HTTP/1.1 127.0.0.1 ... 2005-05-19 12:38:37 127.0.0.1 templateuser 127.0.0.1 80 GET /cr/images/pic.gif - 304 0 265 400 60 HTTP/1.1 127.0.0.1 ... 2005-05-19 12:38:46 127.0.0.1 templateuser 127.0.0.1 80 GET /cr/report_summary.asp - 200 0 0 479 400 HTTP/1.1 127.0.0.1 ... 2005-05-19 12:39:30 127.0.0.1 - 127.0.0.1 80 GET /ucr/ - 401 5 4634 606 10 HTTP/1.1 127.0.0.1 ... (Note: Machine #1 401.5=id/pw prompt) 2005-05-19 12:41:24 192.85.47.1 - 192.168.0.11 80 GET /cr/ - 401 5 4618 476 0 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:29 192.85.47.1 dave 192.168.0.11 80 GET /cr/Default.asp - 200 0 0 281 60 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:29 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/pic.gif - 200 0 3927 276 130 HTTP/1.0 64.51.99.119 ... (Note: Machine #2 no prompt AND ID=Machine #1) 2005-05-19 12:41:52 192.85.47.1 dave 192.168.0.11 80 GET /cr/ - 302 0 307 237 0 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:52 192.85.47.1 dave 192.168.0.11 80 GET /cr/Default.asp - 200 0 0 238 20 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:52 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/pic.gif - 200 0 3927 233 100 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:56 192.85.47.1 dave 192.168.0.11 80 GET /cr/SelectTable.asp - 200 0 0 287 20 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:56 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/background.gif - 404 2 4184 255 60 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:41:56 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/pic.gif - 200 0 3927 248 80 HTTP/1.0 64.51.99.119 ... (Note: Machine #2 401.5 prompt after clicking link) 2005-05-19 12:41:58 192.85.47.1 - 192.168.0.11 80 GET /cr/SelectTable.asp action=ServerVariables 401 5 4618 650 10 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:42:06 192.85.47.1 templateuser 192.168.0.11 80 GET /cr/SelectTable.asp action=ServerVariables 200 0 0 380 20 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:42:06 192.85.47.1 templateuser 192.168.0.11 80 GET /cr/images/background.gif - 404 2 4184 333 0 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:42:06 192.85.47.1 templateuser 192.168.0.11 80 GET /cr/images/pic.gif - 200 0 3927 326 130 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:42:10 192.85.47.1 templateuser 192.168.0.11 80 GET /cr/default.asp - 200 0 0 376 40 HTTP/1.0 64.51.99.119 ... 2005-05-19 12:42:10 192.85.47.1 templateuser 192.168.0.11 80 GET /cr/images/pic.gif - 200 0 3927 299 90 HTTP/1.0 64.51.99.119 ...
The only non-server initiated requests appear to be from: 192.85.47.1. In
which case, what IP addresses are Machine1 and Machine2 supposed to have? Cheers Ken -- Blog: www.adopenstatic.com/cs/blogs/ken/ Web: www.adopenstatic.com [quoted text, click to view] "Smitty" <Smitty@discussions.microsoft.com> wrote in message : Why is prompting for ID/PW random?news:252A23A4-4F9D-45F4-B775-F8F888E99D9D@microsoft.com... : : Server: Windows 2000, SP4, IIS 5.0, teamshare and SQL 2000. : sub-site (Default web/cr) has Basic Authentication Checked, only. : NTFS security for /cr folder allows Authenticated Users, Administrators, : System and denys Anonymous : : Most of the time a user is prompted for an ID and password. : The ID is pulled from Request.ServerVariables("Auth_User") and displayed on : the page. : Sometimes the user is not prompted for an ID/PW and : the ID displayed on the page is the name of the last person to logon. : The user would then click several links and eventually they will be prompted : for an ID/PW. : : Each asp page has the following coded at the top: : Response.Expires = 0 : Response.Expiresabsolute = Now() - 1 : Response.AddHeader "pragma","no-cache" : Response.AddHeader "cache-control","private" : Response.CacheControl = "no-cache" : response.buffer=true : : Between the DSL modem and server is a firewall and switch. : : : The IIS log shows the following: : #Software: Microsoft Internet Information Services 5.0 : #Version: 1.0 : #Date: 2005-05-19 12:38:13 : #Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem : cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken : cs-version cs-host cs(User-Agent) cs(Referer) : (Note: Server is 127.0.0.0 401.5=id/pw prompt) : 2005-05-19 12:38:13 127.0.0.1 - 127.0.0.1 80 GET /ucr/ - 401 5 4634 606 100 : HTTP/1.1 127.0.0.1 ... : 2005-05-19 12:38:24 127.0.0.1 - 127.0.0.1 80 GET /cr - 401 5 4634 748 10 : HTTP/1.1 127.0.0.1 ... : 2005-05-19 12:38:33 127.0.0.1 templateuser 127.0.0.1 80 GET /cr/ - 302 0 277 : 429 60 HTTP/1.1 127.0.0.1 ... : 2005-05-19 12:38:37 127.0.0.1 templateuser 127.0.0.1 80 GET /cr/Default.asp : - 200 0 0 430 3876 HTTP/1.1 127.0.0.1 ... : 2005-05-19 12:38:37 127.0.0.1 templateuser 127.0.0.1 80 GET : /cr/images/pic.gif - 304 0 265 400 60 HTTP/1.1 127.0.0.1 ... : 2005-05-19 12:38:46 127.0.0.1 templateuser 127.0.0.1 80 GET : /cr/report_summary.asp - 200 0 0 479 400 HTTP/1.1 127.0.0.1 ... : 2005-05-19 12:39:30 127.0.0.1 - 127.0.0.1 80 GET /ucr/ - 401 5 4634 606 10 : HTTP/1.1 127.0.0.1 ... : (Note: Machine #1 401.5=id/pw prompt) : 2005-05-19 12:41:24 192.85.47.1 - 192.168.0.11 80 GET /cr/ - 401 5 4618 476 : 0 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:29 192.85.47.1 dave 192.168.0.11 80 GET /cr/Default.asp - : 200 0 0 281 60 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:29 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/pic.gif : - 200 0 3927 276 130 HTTP/1.0 64.51.99.119 ... : (Note: Machine #2 no prompt AND ID=Machine #1) : 2005-05-19 12:41:52 192.85.47.1 dave 192.168.0.11 80 GET /cr/ - 302 0 307 : 237 0 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:52 192.85.47.1 dave 192.168.0.11 80 GET /cr/Default.asp - : 200 0 0 238 20 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:52 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/pic.gif : - 200 0 3927 233 100 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:56 192.85.47.1 dave 192.168.0.11 80 GET /cr/SelectTable.asp : - 200 0 0 287 20 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:56 192.85.47.1 dave 192.168.0.11 80 GET : /cr/images/background.gif - 404 2 4184 255 60 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:41:56 192.85.47.1 dave 192.168.0.11 80 GET /cr/images/pic.gif : - 200 0 3927 248 80 HTTP/1.0 64.51.99.119 ... : (Note: Machine #2 401.5 prompt after clicking link) : 2005-05-19 12:41:58 192.85.47.1 - 192.168.0.11 80 GET /cr/SelectTable.asp : action=ServerVariables 401 5 4618 650 10 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:42:06 192.85.47.1 templateuser 192.168.0.11 80 GET : /cr/SelectTable.asp action=ServerVariables 200 0 0 380 20 HTTP/1.0 : 64.51.99.119 ... : 2005-05-19 12:42:06 192.85.47.1 templateuser 192.168.0.11 80 GET : /cr/images/background.gif - 404 2 4184 333 0 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:42:06 192.85.47.1 templateuser 192.168.0.11 80 GET : /cr/images/pic.gif - 200 0 3927 326 130 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:42:10 192.85.47.1 templateuser 192.168.0.11 80 GET : /cr/default.asp - 200 0 0 376 40 HTTP/1.0 64.51.99.119 ... : 2005-05-19 12:42:10 192.85.47.1 templateuser 192.168.0.11 80 GET : /cr/images/pic.gif - 200 0 3927 299 90 HTTP/1.0 64.51.99.119 ... :
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |