|
|
You're in the
iis security
group:IIS continually prompting users for their password
iis security:
is a Windows 2003 server (IIS 6.0) that has two web sites separated by host headers. The setup is really simple, with a mix of asp and static HTML pages. I haven't really done anything fancy configuration-wise. We secure some of our online learning resources via Basic Authentication (No SSL as yet I'm afraid) and NTFS permissions. The user clicks on a link to a resource and is prompted for their username and password, this is accepted and they are shown a menu of resources to choose. They click on one of the links and a login box appears again. This login box will not accept any username or password but if you press Cancel it displays the resource anyway. I've checked all the NTFS permissions up and down the folder structure and everything carries through correctly. I've also checked the IIS logs, but they do not throw up anything. The only thing I can think the problem can be is to do with the way IIS handles security of .js files as the resources use this within the HTML? Can anyone help me try to troubleshoot this? I would be forever grateful. Thanks in advance.
Sounds like you have anonymous authentication enabled for those URLs, and
the anonyomus user credential configured in IIS is invalid. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Stephen Ellis" <StephenEllis@discussions.microsoft.com> wrote in message I have a problem displaying some of the pages on our web server. The servernews:19896939-28F5-482C-A87C-127C1E8EAD9D@microsoft.com... is a Windows 2003 server (IIS 6.0) that has two web sites separated by host headers. The setup is really simple, with a mix of asp and static HTML pages. I haven't really done anything fancy configuration-wise. We secure some of our online learning resources via Basic Authentication (No SSL as yet I'm afraid) and NTFS permissions. The user clicks on a link to a resource and is prompted for their username and password, this is accepted and they are shown a menu of resources to choose. They click on one of the links and a login box appears again. This login box will not accept any username or password but if you press Cancel it displays the resource anyway. I've checked all the NTFS permissions up and down the folder structure and everything carries through correctly. I've also checked the IIS logs, but they do not throw up anything. The only thing I can think the problem can be is to do with the way IIS handles security of .js files as the resources use this within the HTML? Can anyone help me try to troubleshoot this? I would be forever grateful. Thanks in advance. Stephen
Hi David
Thanks for responding. I set Basic Authentication at the Virtual Directory level and it appears that this setting is carried down for all urls off of the VD. Is this what you meant? Thanks again Stephen [quoted text, click to view] "David Wang [Msft]" wrote:
> Sounds like you have anonymous authentication enabled for those URLs, and > the anonyomus user credential configured in IIS is invalid. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Stephen Ellis" <StephenEllis@discussions.microsoft.com> wrote in message > news:19896939-28F5-482C-A87C-127C1E8EAD9D@microsoft.com... > I have a problem displaying some of the pages on our web server. The server > is a Windows 2003 server (IIS 6.0) that has two web sites separated by host > headers. The setup is really simple, with a mix of asp and static HTML > pages. > I haven't really done anything fancy configuration-wise. We secure some of > our online learning resources via Basic Authentication (No SSL as yet I'm > afraid) and NTFS permissions. The user clicks on a link to a resource and is > prompted for their username and password, this is accepted and they are > shown > a menu of resources to choose. They click on one of the links and a login > box > appears again. This login box will not accept any username or password but > if > you press Cancel it displays the resource anyway. I've checked all the NTFS > permissions up and down the folder structure and everything carries through > correctly. I've also checked the IIS logs, but they do not throw up > anything. > The only thing I can think the problem can be is to do with the way IIS > handles security of .js files as the resources use this within the HTML? Can > anyone help me try to troubleshoot this? I would be forever grateful. > Thanks in advance. > > Stephen > >
[quoted text, click to view]
> The user clicks on a link to a resource and is > prompted for their username and password, this is accepted It sounds like Basic Authentication was enforced for the URL that the user first clicks [quoted text, click to view] > and they are shown a menu of resources to choose. > They click on one of the links and a login box > appears again. This login box will not accept any > username or password but if you press Cancel > it displays the resource anyway This sounds like the URL of the menus have other authentication enabled because if it was just Basic, then it should just display (browser should be configured to auto-authenticate using Basic and this should just automatically work). If it displays when you hit cancel, it probably means that anonymous authentication is enabled but anonymous user is misconfigured -- so the web browser keeps trying anonymous failing -- but when you hit cancel, the browser auto-authenticates using your user identity and that works, so it succeeds. The continuous prompting simply says that something is misconfigured on your server and has nothing to do with the resource type. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Stephen Ellis" <StephenEllis@discussions.microsoft.com> wrote in message Hi Davidnews:69BCFAFC-6E40-4841-A126-60A5DB3CED4E@microsoft.com... Thanks for responding. I set Basic Authentication at the Virtual Directory level and it appears that this setting is carried down for all urls off of the VD. Is this what you meant? Thanks again Stephen [quoted text, click to view] "David Wang [Msft]" wrote: > Sounds like you have anonymous authentication enabled for those URLs, and > the anonyomus user credential configured in IIS is invalid. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Stephen Ellis" <StephenEllis@discussions.microsoft.com> wrote in message > news:19896939-28F5-482C-A87C-127C1E8EAD9D@microsoft.com... > I have a problem displaying some of the pages on our web server. The server > is a Windows 2003 server (IIS 6.0) that has two web sites separated by host > headers. The setup is really simple, with a mix of asp and static HTML > pages. > I haven't really done anything fancy configuration-wise. We secure some of > our online learning resources via Basic Authentication (No SSL as yet I'm > afraid) and NTFS permissions. The user clicks on a link to a resource and is > prompted for their username and password, this is accepted and they are > shown > a menu of resources to choose. They click on one of the links and a login > box > appears again. This login box will not accept any username or password but > if > you press Cancel it displays the resource anyway. I've checked all the NTFS > permissions up and down the folder structure and everything carries through > correctly. I've also checked the IIS logs, but they do not throw up > anything. > The only thing I can think the problem can be is to do with the way IIS > handles security of .js files as the resources use this within the HTML? Can > anyone help me try to troubleshoot this? I would be forever grateful. > Thanks in advance. > > Stephen > > >
Hi David
Thanks for all your help. I rebuilt the website from scratch within IIS (took me about 30 mins) and everything seems to be working fine now. Thanks for giving me the pointers it's really appreciated. Stephen [quoted text, click to view] "David Wang [Msft]" wrote: > It sounds like Basic Authentication was enforced for the URL that the user > first clicks > This sounds like the URL of the menus have other authentication enabled > because if it was just Basic, then it should just display (browser should be > configured to auto-authenticate using Basic and this should just > automatically work). If it displays when you hit cancel, it probably means > that anonymous authentication is enabled but anonymous user is > misconfigured -- so the web browser keeps trying anonymous failing -- but > when you hit cancel, the browser auto-authenticates using your user identity > and that works, so it succeeds. > > The continuous prompting simply says that something is misconfigured on your > server and has nothing to do with the resource type. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights.
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |