Re: Digest Authentication

From: Kim Lots (nomail_at_forme.com)
Date: 05/08/04 

Date: Sat, 08 May 2004 13:37:58 GMT

Hi again!

And thanks for your answer, but I'm nearly giving up and I need your
help pls..

I know I have messed things up. And to correct the whole thing I have
read the instructions
on http://support.microsoft.com/?id=310344 &
http://support.microsoft.com/?id=301457
and followed the instructions at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;271071

But the users still get the ENTER NETWORK PASSWORD dialog box

What is wrong??

Folder properties

Admin full
Creator Owner full
Everyone Read & execute
Internet guest account x\IUSR read write
Launch IIS process Account x\IWAM Read & execute, list, read
NETWORK read & execute
SYSTEM full

IIS 5.x console properties for the virtual directory which is an
application.

Scripts source access
read
write

Directory security tab - edit

Anonymous box checked and anonymous user account x\IUSR with some
password I didn't choose. And basic authen..and integreted windows
boxes NOT checked. But the Digest authentication for windows domain is
checked and outgrayed, but this has no importance according to your
replay

What have I overlooked?

Thanks again

On Sat, 8 May 2004 20:47:20 +1000, "Ken Schaefer"
<kenREMOVE@THISadOpenStatic.com> wrote:

>Hi,
>
>If you are using a stand alone server that is not part of a Windows Domain,
>then you can not use Digest Authentication. Digest Authentication can only
>be used for Domain accounts, which requires the server to be part of a
>Windows Domain.
>
>You should not need "Script Source Access", nor Write unless you are using
>WebDAV publishing. Otherwise, leaving this on is a security risk.
>
>To enable anonymous access, you need to check the "Allow Anonymous Access"
>box. THis means IIS impersonates the configured anonymous user account.
>Otherwise, if you turn this off, the user must manually provide user
>credentials.
>
>For writing to databases, it depends on the database. If you are talking
>about an *access* database, or similar file-based database, then "yes", the
>account being impersonated by IIS (Anonymous User, or otherwise) needs
>appropriate permissions to the file, and the folder that the file is in. For
>Access, the account needs Read and Write, and Creator/Owner should have
>"Full Control". There is no requirement that this folder be inside the
>webroot. It would be safer to store it outside the Webroot.
>
>Cheers
>Ken
>
>"Kim Lots" <nomail@forme.com> wrote in message
>news:obbp905mma9l1qe4g53kbkuff3g4jnb8c6@4ax.com...
>: Hi
>:
>: I'm running IIS 5.x on a stand-alone windows 2000 pro connected to the
>: internet with all the latest security patches installed and using Zone
>: Alarm Pro as firewall. I have no PDC or BDC for that matter.
>:
>: When I check the box Integrated Windows authentication in the
>: authentication window it takes forever to load the asp 3.0 page. But
>: when I check the box Basic authentication.. instead the asp pages
>: loads almost immediately. The box Digest Authentication is checked but
>: grayed out and cannot be changed at least not from this window.
>:
>: My first question. Am I running an Active Directory Server? As I have
>: read that this has something to do with Digest Authentication. I don't
>: think so but how can I disable it. And is this the reason for the lag?
>:
>: Here are the NTFS permissions on the folder which is not buy the way
>: is located under wwwroot but on an other partition
>:
>: Admin full
>: IUSR read & execute & write
>: IWAM read & execute & write
>: NETWORK read & execute
>: SYSTEM full
>:
>:
>: Here are some particulars for the Virtual Directory
>:
>: The designated directory
>:
>: Scripts source access
>: read
>: write
>:
>: This is NOT an application but a more secure folder under the root.
>: Execute permissions Scripts Only
>:
>: My second questing is. Why does the users/clients get the login
>: window? Didn't I give the permissions
>: for anonymous access to the website with above settings?
>:
>: My third second question which might not belong here but I'm trying:
>: Does asp pages writing to a database always need the write permission
>: on the folder & virtual directory?
>:
>: Many thanks for your reply and attention to this matter on beforehand.
>:
>:
>:
>:
>:
>

Relevant Pages