Re: security works for VPN users, doesnt for local

From: "Jeff Dillon" <jeffdillon@xxxxxxxxxxxxxxxxx>
Date: Thu, 22 May 2008 17:48:17 -0700

What machine is the VPN machine? The web server by chance?

"SpaceMarine" <spacemarine@xxxxxxxxxxxxxx> wrote in message
news:1fabae7d-8d8e-407d-99cb-3488b40b6d43@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

sorry for the near-dupe post (also in .security), but im desperately
trying to find an answer to this...

i am attempting to configure security for an intranet web application
in ASP.NET 2. it uses Windows authentication, retrieving roles from
our Active Directory. nothing too unusual.

what is unusual: it works for users that are VPN'ing into our network
from the outside (using cisco vpn), but DOESNT work for normal desktop
users in the office.

for both the browser (IE) pops up the windows login dialog. afterward
VPN users get in and i can see their name, check their
User.IsInRole("foo"), etc.. no problems. in-network users? cant
authenticate their credentials.. get this after 3 failed attempts:

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
Internet Information Services (IIS)

...any ideas why?

Windows Server 2003, virtual directory under default website. in
"Directory Security" tab in IIS i have:

- unchecked "Enable anonymous access"

- checked "Integrated Windows authentication"

...my web.config of course uses the Windows authenication mode.

this is maddening! thanks for any help

sm

Follow-Ups:
- Re: security works for VPN users, doesnt for local
  - From: SpaceMarine

References:
- security works for VPN users, doesnt for local
  - From: SpaceMarine

Prev by Date: SqlDataSource against aspnet_users
Next by Date: Detecting browser
Previous by thread: security works for VPN users, doesnt for local
Next by thread: Re: security works for VPN users, doesnt for local
Index(es):
- Date
- Thread

Relevant Pages

RE: Login Failure to Frontpage Admin
... compromise security to my websites and my server as the follwing procedure ... did popup a security message. ... My websites by default were ALL set to "Integrated Windows Authentication" ...
(microsoft.public.frontpage.extensions.windowsnt)
security works for VPN users, doesnt for local
... i am attempting to configure security for an intranet web application ... it uses Windows authentication, retrieving roles from ... "Directory Security" tab in IIS i have: ... unchecked "Enable anonymous access" ...
(microsoft.public.dotnet.framework.aspnet)
iis6 passthrough authentication from outside the domain
... i havent found one to make things ... the web server i am dealing with runs outside of our domain, ... is fine for 99% of the things we need to run with public access. ... windows authentication in the domain. ...
(microsoft.public.inetserver.iis.security)
IIS6.0 use anonymous and integrated security a the same time
... I set up a IIS 6.0 sever a while ago when we were young and innocent and decided to implement a few simple security baseline for the intranet web site: ... The problem is we don't share an active directory or any NT domain relationship at all, so I need to activate the anonymous access on the web site and if I do that, I cannot use the windows authentication anymore... ... continue using the IIS/NTFS authentication for my domain users OR still get the security information with the anonymous acces activated. ...
(microsoft.public.inetserver.iis.security)
Re: right to files on mapped drives throught IIS and ASP.NET
... the third system doesn't know who the ... because the web server was never given the user's password to pass along. ... integrated windows authentication. ... >> Instead of setting anonymous user in the IIS properties, ...
(microsoft.public.dotnet.framework.aspnet)