Re: NT Authentication with ASP
From: Tom Kaminski [MVP] ((A_at_T))
Date: 04/20/04
- Next message: Tom Kaminski [MVP]: "Re: NT Authentication with ASP"
- Previous message: Andrew Banks: "COnvert word document to html on server"
- In reply to: Roland Hall: "Re: NT Authentication with ASP"
- Next in thread: Tom Kaminski [MVP]: "Re: NT Authentication with ASP"
- Reply: Tom Kaminski [MVP]: "Re: NT Authentication with ASP"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 20 Apr 2004 08:21:49 -0400
"Roland Hall" <nobody@nowhere> wrote in message
news:eCJKJTnJEHA.628@TK2MSFTNGP11.phx.gbl...
> "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
> news:c60e2f$8s98@kcweb01.netnews.att.com...
> : "Roland Hall" <nobody@nowhere> wrote in message
> : news:%23saAVL9IEHA.2656@TK2MSFTNGP11.phx.gbl...
> : > If you INCLUDE anonymous logons, they will be checked first and thus
> : > everyone will logon anonymously. So, IIS security works the opposite
of
> a
> : > router routing packets. A router will check to see if the destination
> : > network has a defined route, and if not route through the DFG (default
> : > gateway). IIS uses the DFG if it exists, no matter what defined
routes
> : > exist.
> :
> : FWIW, IIS will first use the credentials provided by the browser, if
they
> : exist. Without credentials, IIS will assume anonymous access. In other
> : words, once a user has authenticated, he will continue to browse as an
> : authenticated user for the lifetime of the client browser session (until
> the
> : browser is closed), even on anonymous content - so it is like the router
> : example.
>
> Thanks for the reply Tom but I have to disagree with you unless MSFT has
bad
> documentation which is not unknown to happen.
>
> Note
>
> a.. If Anonymous authentication is enabled, IIS will always try to
> authenticate using it first, even if other methods are enabled.
>
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iiabasc.htm
That's true, unless the browser has already authenticated. Go ahead and try
it. Create some content that allows anonymous but does not explicitly give
NTFS permissions to the authenticated user. Browse to some other content
that does not allow anonymous so the browser must authenticate. Then try to
browse to the anonymous content that does not allow NTFS permissions for the
user used to authenticate. If I'm wrong, then there's something wrong with
my environment.
See also http://support.microsoft.com/?kbid=264921
NOTES:
* When your browser establishes a connection with a Web site by using Basic
or NTLM authentication, it does not fall back to Anonymous during the rest
of that session with the server. If you try to connect to a Web page that is
marked for Anonymous only after authenticating, you will be denied. (This
may or may not hold true for Netscape).
* When Internet Explorer has established a connection with the server by
using Basic or NTLM authentication, it passes the credentials for every new
request for the duration of the session.
If someone from MS would care to comment, it would be appreciated.
-- Tom Kaminski IIS MVP http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://mvp.support.microsoft.com/ http://www.microsoft.com/windowsserver2003/community/centers/iis/
- Next message: Tom Kaminski [MVP]: "Re: NT Authentication with ASP"
- Previous message: Andrew Banks: "COnvert word document to html on server"
- In reply to: Roland Hall: "Re: NT Authentication with ASP"
- Next in thread: Tom Kaminski [MVP]: "Re: NT Authentication with ASP"
- Reply: Tom Kaminski [MVP]: "Re: NT Authentication with ASP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
