| Groups | Blog | Home |
iis security : Integrated Authentication fails on XP Pro IIS Server
----------------------------------------------------------- HOST NAME: myworkstation IIS Ver5.1 Resides on a private non-routable IP subnet Is a member of a domain XP Firewall is currently off Logged in to workstation as a member of the domain Default website has Anonymous Authentication turned OFF Integrated Authenication is turned ON. 1 Virtual Directory / .NET Application (TEST) also with Anonymous Authentication turned OFF and Integrated Authenication is turned ON. Problem --------------------------------------------------------------- The TEST application has a single page called test.aspx which simply returns the values of Page.User.Indenity object; User Name, Authentication Type, and IsAuthenticated. In a perfect world the page would run, Integrated Authentication would do its then and the page would return with the required information. In my world different things happen under different scenarios. Scenario 1 ---------------- Logged on to myworkstation (Running Windows XP Pro) using a valid domain account Accessed page using the following url http://localhost/test/test.aspx Page returns displaying the logged on user info as expected. Scenario 2 ---------------- Logged on to myworkstation (Running Windows XP Pro) using a valid domain account Accessed page using the following url http://myworkstation.mydomain.local/test/test.aspx I get promted with the IE Logon Dialog No matter what I use as the logon name password I can't authenticated Scenario 3 ---------------- Logged on to myWin2k Server (Running Windows 2000 SBS) using a valid domain account Accessed page using the following url http://myworkstation.mydomain.local/test/test.aspx I get promted with the IE Logon Dialog this time also, but its because the logged on user does not have proper permissions to access this page. This is a good thing. I enter user name and password should have access and tada!!!! Page returns displaying the logged on user info as expected. Scenario 4 ---------------- Logged on to myotherworkstation (Running XP Pro) using a valid domain account Accessed page using the following url http://myworkstation.mydomain.local/test/test.aspx I get promted with the IE Logon Dialog No matter what I use as the logon name password I can't authenticated Anyone have an idea of what is going wrong here? Thank you in advance for you help with this issue Jeff Gochin A-SYS-T, Inc. jgochin@asystinc.com
Thanks.
That did the trick. I must admit, I did try what you suggested very early on but it did not work. I suspect I may have also needed to enable delegation for myworkstation on the AD Server which I just did recently. In any case it is now working... thanks for focusing me back on the obvious :) - Jeff [quoted text, click to view] "Miha Pihler [MVP]" wrote:
> Hi, > > Try to add URL "http://myworkstation.mydomain.local" (your "server" URL) to > Local Intranet Zone in IE. Integrated Authentication will only work for > Local Intranet Zone and by default only URLs like http://myworkstation are > in Local Intranet Zone. Not even http://10.10.10.10 where 10.10.10.10 is IP > address of your workstation would work since this would not fall under Local > Intranet zone. > > I hope it helps. If it doesn't post back and we will try to find another > solution. :-) > > -- > Mike > Microsoft MVP - Windows Security > > "jgochin" <jgochin@discussions.microsoft.com> wrote in message > news:7ED51B52-20C6-45A5-865F-C4BB91AF00A1@microsoft.com... > > Machine Config follows... > > ----------------------------------------------------------- > > HOST NAME: myworkstation > > IIS Ver5.1 > > Resides on a private non-routable IP subnet > > Is a member of a domain > > XP Firewall is currently off > > Logged in to workstation as a member of the domain > > Default website has Anonymous Authentication turned OFF > > Integrated Authenication is turned ON. > > 1 Virtual Directory / .NET Application (TEST) also with Anonymous > > Authentication turned OFF and Integrated Authenication is turned ON. > > > > > > Problem > > --------------------------------------------------------------- > > The TEST application has a single page called test.aspx which simply > > returns > > the values of Page.User.Indenity object; User Name, Authentication Type, > > and > > IsAuthenticated. > > > > In a perfect world the page would run, Integrated Authentication would do > > its then and the page would return with the required information. In my > > world different things happen under different scenarios. > > > > Scenario 1 > > ---------------- > > Logged on to myworkstation (Running Windows XP Pro) using a valid domain > > account > > Accessed page using the following url http://localhost/test/test.aspx > > Page returns displaying the logged on user info as expected. > > > > Scenario 2 > > ---------------- > > Logged on to myworkstation (Running Windows XP Pro) using a valid domain > > account > > Accessed page using the following url > > http://myworkstation.mydomain.local/test/test.aspx > > I get promted with the IE Logon Dialog > > No matter what I use as the logon name password I can't authenticated > > > > Scenario 3 > > ---------------- > > Logged on to myWin2k Server (Running Windows 2000 SBS) using a valid > > domain > > account > > Accessed page using the following url > > http://myworkstation.mydomain.local/test/test.aspx > > I get promted with the IE Logon Dialog this time also, but its because the > > logged on user does not have proper permissions to access this page. This > > is > > a good thing. I enter user name and password should have access and > > tada!!!! > > Page returns displaying the logged on user info as expected. > > > > Scenario 4 > > ---------------- > > Logged on to myotherworkstation (Running XP Pro) using a valid domain > > account > > Accessed page using the following url > > http://myworkstation.mydomain.local/test/test.aspx > > I get promted with the IE Logon Dialog > > No matter what I use as the logon name password I can't authenticated > > > > Anyone have an idea of what is going wrong here? > > > > Thank you in advance for you help with this issue > > Jeff Gochin > > A-SYS-T, Inc. > > jgochin@asystinc.com > > > > > > > > > >
I take it back the problem still exists. Only "Scenario" 4 was fixed by
adding the wildcard domain to the Intranet List of Sites. "Scenario 2" is still a problem. [quoted text, click to view] "Miha Pihler [MVP]" wrote:
> Hi, > > Try to add URL "http://myworkstation.mydomain.local" (your "server" URL) to > Local Intranet Zone in IE. Integrated Authentication will only work for > Local Intranet Zone and by default only URLs like http://myworkstation are > in Local Intranet Zone. Not even http://10.10.10.10 where 10.10.10.10 is IP > address of your workstation would work since this would not fall under Local > Intranet zone. > > I hope it helps. If it doesn't post back and we will try to find another > solution. :-) > > -- > Mike > Microsoft MVP - Windows Security > > "jgochin" <jgochin@discussions.microsoft.com> wrote in message > news:7ED51B52-20C6-45A5-865F-C4BB91AF00A1@microsoft.com... > > Machine Config follows... > > ----------------------------------------------------------- > > HOST NAME: myworkstation > > IIS Ver5.1 > > Resides on a private non-routable IP subnet > > Is a member of a domain > > XP Firewall is currently off > > Logged in to workstation as a member of the domain > > Default website has Anonymous Authentication turned OFF > > Integrated Authenication is turned ON. > > 1 Virtual Directory / .NET Application (TEST) also with Anonymous > > Authentication turned OFF and Integrated Authenication is turned ON. > > > > > > Problem > > --------------------------------------------------------------- > > The TEST application has a single page called test.aspx which simply > > returns > > the values of Page.User.Indenity object; User Name, Authentication Type, > > and > > IsAuthenticated. > > > > In a perfect world the page would run, Integrated Authentication would do > > its then and the page would return with the required information. In my > > world different things happen under different scenarios. > > > > Scenario 1 > > ---------------- > > Logged on to myworkstation (Running Windows XP Pro) using a valid domain > > account > > Accessed page using the following url http://localhost/test/test.aspx > > Page returns displaying the logged on user info as expected. > > > > Scenario 2 > > ---------------- > > Logged on to myworkstation (Running Windows XP Pro) using a valid domain > > account > > Accessed page using the following url > > http://myworkstation.mydomain.local/test/test.aspx > > I get promted with the IE Logon Dialog > > No matter what I use as the logon name password I can't authenticated > > > > Scenario 3 > > ---------------- > > Logged on to myWin2k Server (Running Windows 2000 SBS) using a valid > > domain > > account > > Accessed page using the following url > > http://myworkstation.mydomain.local/test/test.aspx > > I get promted with the IE Logon Dialog this time also, but its because the > > logged on user does not have proper permissions to access this page. This > > is > > a good thing. I enter user name and password should have access and > > tada!!!! > > Page returns displaying the logged on user info as expected. > > > > Scenario 4 > > ---------------- > > Logged on to myotherworkstation (Running XP Pro) using a valid domain > > account > > Accessed page using the following url > > http://myworkstation.mydomain.local/test/test.aspx > > I get promted with the IE Logon Dialog > > No matter what I use as the logon name password I can't authenticated > > > > Anyone have an idea of what is going wrong here? > > > > Thank you in advance for you help with this issue > > Jeff Gochin > > A-SYS-T, Inc. > > jgochin@asystinc.com > > > > > > > > > >
Yes I did. Like I said in the "Other" workstation now works. But the
workstation running IIS 5.1 still exhibits the problem. It only works correctly with "localhost". [quoted text, click to view] "Miha Pihler [MVP]" wrote:
> Did you add the site to Local Intranet Zone on the "other" Workstation? Can > you see Local Intranet Zone Icon in Right corner of the browser? > > My recommendation would also be to test this on server (e.g. IIS 5 or IIS 6) > and I am pretty sure it would work (it should) :-) > > -- > Mike > Microsoft MVP - Windows Security > > "jgochin" <jgochin@discussions.microsoft.com> wrote in message > news:7C7AC86E-F68C-47D2-A897-D7FCB5340E8B@microsoft.com... > >I take it back the problem still exists. Only "Scenario" 4 was fixed by > > adding the wildcard domain to the Intranet List of Sites. "Scenario 2" is > > still a problem. > > > > "Miha Pihler [MVP]" wrote: > > > >> Hi, > >> > >> Try to add URL "http://myworkstation.mydomain.local" (your "server" URL) > >> to > >> Local Intranet Zone in IE. Integrated Authentication will only work for > >> Local Intranet Zone and by default only URLs like http://myworkstation > >> are > >> in Local Intranet Zone. Not even http://10.10.10.10 where 10.10.10.10 is > >> IP > >> address of your workstation would work since this would not fall under > >> Local > >> Intranet zone. > >> > >> I hope it helps. If it doesn't post back and we will try to find another > >> solution. :-) > >> > >> -- > >> Mike > >> Microsoft MVP - Windows Security > >> > >> "jgochin" <jgochin@discussions.microsoft.com> wrote in message > >> news:7ED51B52-20C6-45A5-865F-C4BB91AF00A1@microsoft.com... > >> > Machine Config follows... > >> > ----------------------------------------------------------- > >> > HOST NAME: myworkstation > >> > IIS Ver5.1 > >> > Resides on a private non-routable IP subnet > >> > Is a member of a domain > >> > XP Firewall is currently off > >> > Logged in to workstation as a member of the domain > >> > Default website has Anonymous Authentication turned OFF > >> > Integrated Authenication is turned ON. > >> > 1 Virtual Directory / .NET Application (TEST) also with Anonymous > >> > Authentication turned OFF and Integrated Authenication is turned ON. > >> > > >> > > >> > Problem > >> > --------------------------------------------------------------- > >> > The TEST application has a single page called test.aspx which simply > >> > returns > >> > the values of Page.User.Indenity object; User Name, Authentication > >> > Type, > >> > and > >> > IsAuthenticated. > >> > > >> > In a perfect world the page would run, Integrated Authentication would > >> > do > >> > its then and the page would return with the required information. In > >> > my > >> > world different things happen under different scenarios. > >> > > >> > Scenario 1 > >> > ---------------- > >> > Logged on to myworkstation (Running Windows XP Pro) using a valid > >> > domain > >> > account > >> > Accessed page using the following url http://localhost/test/test.aspx > >> > Page returns displaying the logged on user info as expected. > >> > > >> > Scenario 2 > >> > ---------------- > >> > Logged on to myworkstation (Running Windows XP Pro) using a valid > >> > domain > >> > account > >> > Accessed page using the following url > >> > http://myworkstation.mydomain.local/test/test.aspx > >> > I get promted with the IE Logon Dialog > >> > No matter what I use as the logon name password I can't authenticated > >> > > >> > Scenario 3 > >> > ---------------- > >> > Logged on to myWin2k Server (Running Windows 2000 SBS) using a valid > >> > domain > >> > account > >> > Accessed page using the following url > >> > http://myworkstation.mydomain.local/test/test.aspx > >> > I get promted with the IE Logon Dialog this time also, but its because > >> > the > >> > logged on user does not have proper permissions to access this page. > >> > This > >> > is > >> > a good thing. I enter user name and password should have access and > >> > tada!!!! > >> > Page returns displaying the logged on user info as expected. > >> > > >> > Scenario 4 > >> > ---------------- > >> > Logged on to myotherworkstation (Running XP Pro) using a valid domain > >> > account > >> > Accessed page using the following url > >> > http://myworkstation.mydomain.local/test/test.aspx > >> > I get promted with the IE Logon Dialog > >> > No matter what I use as the logon name password I can't authenticated > >> > > >> > Anyone have an idea of what is going wrong here? > >> > > >> > Thank you in advance for you help with this issue > >> > Jeff Gochin > >> > A-SYS-T, Inc. > >> > jgochin@asystinc.com > >> > > >> > > >> > > >> > > >> > >> > >> > >
Hi,
Try to add URL "http://myworkstation.mydomain.local" (your "server" URL) to Local Intranet Zone in IE. Integrated Authentication will only work for Local Intranet Zone and by default only URLs like http://myworkstation are in Local Intranet Zone. Not even http://10.10.10.10 where 10.10.10.10 is IP address of your workstation would work since this would not fall under Local Intranet zone. I hope it helps. If it doesn't post back and we will try to find another solution. :-) -- Mike Microsoft MVP - Windows Security [quoted text, click to view] "jgochin" <jgochin@discussions.microsoft.com> wrote in message news:7ED51B52-20C6-45A5-865F-C4BB91AF00A1@microsoft.com... > Machine Config follows... > ----------------------------------------------------------- > HOST NAME: myworkstation > IIS Ver5.1 > Resides on a private non-routable IP subnet > Is a member of a domain > XP Firewall is currently off > Logged in to workstation as a member of the domain > Default website has Anonymous Authentication turned OFF > Integrated Authenication is turned ON. > 1 Virtual Directory / .NET Application (TEST) also with Anonymous > Authentication turned OFF and Integrated Authenication is turned ON. > > > Problem > --------------------------------------------------------------- > The TEST application has a single page called test.aspx which simply > returns > the values of Page.User.Indenity object; User Name, Authentication Type, > and > IsAuthenticated. > > In a perfect world the page would run, Integrated Authentication would do > its then and the page would return with the required information. In my > world different things happen under different scenarios. > > Scenario 1 > ---------------- > Logged on to myworkstation (Running Windows XP Pro) using a valid domain > account > Accessed page using the following url http://localhost/test/test.aspx > Page returns displaying the logged on user info as expected. > > Scenario 2 > ---------------- > Logged on to myworkstation (Running Windows XP Pro) using a valid domain > account > Accessed page using the following url > http://myworkstation.mydomain.local/test/test.aspx > I get promted with the IE Logon Dialog > No matter what I use as the logon name password I can't authenticated > > Scenario 3 > ---------------- > Logged on to myWin2k Server (Running Windows 2000 SBS) using a valid > domain > account > Accessed page using the following url > http://myworkstation.mydomain.local/test/test.aspx > I get promted with the IE Logon Dialog this time also, but its because the > logged on user does not have proper permissions to access this page. This > is > a good thing. I enter user name and password should have access and > tada!!!! > Page returns displaying the logged on user info as expected. > > Scenario 4 > ---------------- > Logged on to myotherworkstation (Running XP Pro) using a valid domain > account > Accessed page using the following url > http://myworkstation.mydomain.local/test/test.aspx > I get promted with the IE Logon Dialog > No matter what I use as the logon name password I can't authenticated > > Anyone have an idea of what is going wrong here? > > Thank you in advance for you help with this issue > Jeff Gochin > A-SYS-T, Inc. > jgochin@asystinc.com > > > >
Did you add the site to Local Intranet Zone on the "other" Workstation? Can
you see Local Intranet Zone Icon in Right corner of the browser? My recommendation would also be to test this on server (e.g. IIS 5 or IIS 6) and I am pretty sure it would work (it should) :-) -- Mike Microsoft MVP - Windows Security [quoted text, click to view] "jgochin" <jgochin@discussions.microsoft.com> wrote in message news:7C7AC86E-F68C-47D2-A897-D7FCB5340E8B@microsoft.com... >I take it back the problem still exists. Only "Scenario" 4 was fixed by > adding the wildcard domain to the Intranet List of Sites. "Scenario 2" is > still a problem. > > "Miha Pihler [MVP]" wrote: > >> Hi, >> >> Try to add URL "http://myworkstation.mydomain.local" (your "server" URL) >> to >> Local Intranet Zone in IE. Integrated Authentication will only work for >> Local Intranet Zone and by default only URLs like http://myworkstation >> are >> in Local Intranet Zone. Not even http://10.10.10.10 where 10.10.10.10 is >> IP >> address of your workstation would work since this would not fall under >> Local >> Intranet zone. >> >> I hope it helps. If it doesn't post back and we will try to find another >> solution. :-) >> >> -- >> Mike >> Microsoft MVP - Windows Security >> >> "jgochin" <jgochin@discussions.microsoft.com> wrote in message >> news:7ED51B52-20C6-45A5-865F-C4BB91AF00A1@microsoft.com... >> > Machine Config follows... >> > ----------------------------------------------------------- >> > HOST NAME: myworkstation >> > IIS Ver5.1 >> > Resides on a private non-routable IP subnet >> > Is a member of a domain >> > XP Firewall is currently off >> > Logged in to workstation as a member of the domain >> > Default website has Anonymous Authentication turned OFF >> > Integrated Authenication is turned ON. >> > 1 Virtual Directory / .NET Application (TEST) also with Anonymous >> > Authentication turned OFF and Integrated Authenication is turned ON. >> > >> > >> > Problem >> > --------------------------------------------------------------- >> > The TEST application has a single page called test.aspx which simply >> > returns >> > the values of Page.User.Indenity object; User Name, Authentication >> > Type, >> > and >> > IsAuthenticated. >> > >> > In a perfect world the page would run, Integrated Authentication would >> > do >> > its then and the page would return with the required information. In >> > my >> > world different things happen under different scenarios. >> > >> > Scenario 1 >> > ---------------- >> > Logged on to myworkstation (Running Windows XP Pro) using a valid >> > domain >> > account >> > Accessed page using the following url http://localhost/test/test.aspx >> > Page returns displaying the logged on user info as expected. >> > >> > Scenario 2 >> > ---------------- >> > Logged on to myworkstation (Running Windows XP Pro) using a valid >> > domain >> > account >> > Accessed page using the following url >> > http://myworkstation.mydomain.local/test/test.aspx >> > I get promted with the IE Logon Dialog >> > No matter what I use as the logon name password I can't authenticated >> > >> > Scenario 3 >> > ---------------- >> > Logged on to myWin2k Server (Running Windows 2000 SBS) using a valid >> > domain >> > account >> > Accessed page using the following url >> > http://myworkstation.mydomain.local/test/test.aspx >> > I get promted with the IE Logon Dialog this time also, but its because >> > the >> > logged on user does not have proper permissions to access this page. >> > This >> > is >> > a good thing. I enter user name and password should have access and >> > tada!!!! >> > Page returns displaying the logged on user info as expected. >> > >> > Scenario 4 >> > ---------------- >> > Logged on to myotherworkstation (Running XP Pro) using a valid domain >> > account >> > Accessed page using the following url >> > http://myworkstation.mydomain.local/test/test.aspx >> > I get promted with the IE Logon Dialog >> > No matter what I use as the logon name password I can't authenticated >> > >> > Anyone have an idea of what is going wrong here? >> > >> > Thank you in advance for you help with this issue >> > Jeff Gochin >> > A-SYS-T, Inc. >> > jgochin@asystinc.com >> > >> > >> > >> > >> >> >>
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |