Re: Digest Authentication
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 05/08/04
- Next message: Kim Lots: "Re: Digest Authentication"
- Previous message: Kim Lots: "Re: Digest Authentication"
- In reply to: Kim Lots: "Re: Digest Authentication"
- Next in thread: Kim Lots: "Re: Digest Authentication"
- Reply: Kim Lots: "Re: Digest Authentication"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 9 May 2004 01:05:17 +1000
Hi,
Seems like either IIS is using the wrong user account -or- IIS doesn't have
the current password for that account.
Easiest way to fix this might be the following:
a) Open IIS Manager, right-click folder -> security
b) Edit authentication methods
c) Where the anonymous user account is, choose "Browse", and locate the
IUSR_<machinename> account
d) Make sure "allow IIS to control password" is checked
e) Click OK to exit out of all the dialogues
f) restart IIS (just to be certain)
IIS should now pick up the password for the configured anonymous user
account, and (hopefully) everything will be OK. If not, something more
serious is wrong.
Cheers
Ken
"Kim Lots" <nomail@forme.com> wrote in message
news:hdqp90tso46nr3v8kivcecje97m9ghs1s5@4ax.com...
: Hi
:
: Yes you are right! There is a whole lot of the following
:
: Event ID 100
: Source W3SVC
: Description
:
: The server was unable to logon the Windows NT account 'P3\IUSR_P3' due
: to the following error: Logon failure: unknown user name or bad
: password. The data is the error code.
:
:
: Hope you have a solution for this.
:
: thanks again
:
:
: On Sat, 8 May 2004 23:47:31 +1000, "Ken Schaefer"
: <kenREMOVE@THISadOpenStatic.com> wrote:
:
: >Please look in the WIndows Event Log (Start -> Settings -> Control
Panel ->
: >Admin Tools -> Event Viewer). Do you see any errors? If so, please post
the
: >Event ID, Event Source and Description.
: >
: >It sounds like IIS is having problems impersonating the IUSR account, and
: >because it can't do so, it is asking the user to supply alternate valid
: >credentials.
: >
: >a) In IIS, you do not need Script Source or Write permissions unless you
: >using WebDAV. Enabling these things is a security risk (it allows people
to
: >write files to your server, and access the source code of ASP files etc)
: >
: >b) the IUSR and IWAM accounts should have NTFS Read (RX) permission only,
: >not NTFS Write permissions. Easiest thing to do is to just give the
: >Everyone group Read (RX) permissions.
: >
: >Cheers
: >Ken
: >
: >"Kim Lots" <nomail@forme.com> wrote in message
: >news:aiop90tn8e3cq1mc7nu1j47qr94ggeci6f@4ax.com...
: >: Hi again!
: >:
: >: And thanks for your answer, but I'm nearly giving up and I need your
: >: help pls..
: >:
: >: I know I have messed things up. And to correct the whole thing I have
: >: read the instructions
: >: on http://support.microsoft.com/?id=310344 &
: >: http://support.microsoft.com/?id=301457
: >: and followed the instructions at
: >: http://support.microsoft.com/default.aspx?scid=kb;EN-US;271071
: >:
: >: But the users still get the ENTER NETWORK PASSWORD dialog box
: >:
: >: What is wrong??
: >:
: >: Folder properties
: >:
: >: Admin full
: >: Creator Owner full
: >: Everyone Read & execute
: >: Internet guest account x\IUSR read write
: >: Launch IIS process Account x\IWAM Read & execute, list, read
: >: NETWORK read & execute
: >: SYSTEM full
: >:
: >:
: >: IIS 5.x console properties for the virtual directory which is an
: >: application.
: >:
: >: Scripts source access
: >: read
: >: write
: >:
: >: Directory security tab - edit
: >:
: >: Anonymous box checked and anonymous user account x\IUSR with some
: >: password I didn't choose. And basic authen..and integreted windows
: >: boxes NOT checked. But the Digest authentication for windows domain is
: >: checked and outgrayed, but this has no importance according to your
: >: replay
: >:
: >: What have I overlooked?
: >:
: >: Thanks again
: >:
: >:
: >:
: >:
: >:
: >:
: >: On Sat, 8 May 2004 20:47:20 +1000, "Ken Schaefer"
: >: <kenREMOVE@THISadOpenStatic.com> wrote:
: >:
: >: >Hi,
: >: >
: >: >If you are using a stand alone server that is not part of a Windows
: >Domain,
: >: >then you can not use Digest Authentication. Digest Authentication can
: >only
: >: >be used for Domain accounts, which requires the server to be part of a
: >: >Windows Domain.
: >: >
: >: >You should not need "Script Source Access", nor Write unless you are
: >using
: >: >WebDAV publishing. Otherwise, leaving this on is a security risk.
: >: >
: >: >To enable anonymous access, you need to check the "Allow Anonymous
: >Access"
: >: >box. THis means IIS impersonates the configured anonymous user
account.
: >: >Otherwise, if you turn this off, the user must manually provide user
: >: >credentials.
: >: >
: >: >For writing to databases, it depends on the database. If you are
talking
: >: >about an *access* database, or similar file-based database, then
"yes",
: >the
: >: >account being impersonated by IIS (Anonymous User, or otherwise) needs
: >: >appropriate permissions to the file, and the folder that the file is
in.
: >For
: >: >Access, the account needs Read and Write, and Creator/Owner should
have
: >: >"Full Control". There is no requirement that this folder be inside the
: >: >webroot. It would be safer to store it outside the Webroot.
: >: >
: >: >Cheers
: >: >Ken
: >: >
: >: >"Kim Lots" <nomail@forme.com> wrote in message
: >: >news:obbp905mma9l1qe4g53kbkuff3g4jnb8c6@4ax.com...
: >: >: Hi
: >: >:
: >: >: I'm running IIS 5.x on a stand-alone windows 2000 pro connected to
the
: >: >: internet with all the latest security patches installed and using
Zone
: >: >: Alarm Pro as firewall. I have no PDC or BDC for that matter.
: >: >:
: >: >: When I check the box Integrated Windows authentication in the
: >: >: authentication window it takes forever to load the asp 3.0 page. But
: >: >: when I check the box Basic authentication.. instead the asp pages
: >: >: loads almost immediately. The box Digest Authentication is checked
but
: >: >: grayed out and cannot be changed at least not from this window.
: >: >:
: >: >: My first question. Am I running an Active Directory Server? As I
have
: >: >: read that this has something to do with Digest Authentication. I
don't
: >: >: think so but how can I disable it. And is this the reason for the
lag?
: >: >:
: >: >: Here are the NTFS permissions on the folder which is not buy the way
: >: >: is located under wwwroot but on an other partition
: >: >:
: >: >: Admin full
: >: >: IUSR read & execute & write
: >: >: IWAM read & execute & write
: >: >: NETWORK read & execute
: >: >: SYSTEM full
: >: >:
: >: >:
: >: >: Here are some particulars for the Virtual Directory
: >: >:
: >: >: The designated directory
: >: >:
: >: >: Scripts source access
: >: >: read
: >: >: write
: >: >:
: >: >: This is NOT an application but a more secure folder under the root.
: >: >: Execute permissions Scripts Only
: >: >:
: >: >: My second questing is. Why does the users/clients get the login
: >: >: window? Didn't I give the permissions
: >: >: for anonymous access to the website with above settings?
: >: >:
: >: >: My third second question which might not belong here but I'm trying:
: >: >: Does asp pages writing to a database always need the write
permission
: >: >: on the folder & virtual directory?
: >: >:
: >: >: Many thanks for your reply and attention to this matter on
beforehand.
: >: >:
: >: >:
: >: >:
: >: >:
: >: >:
: >: >
: >:
: >
:
- Next message: Kim Lots: "Re: Digest Authentication"
- Previous message: Kim Lots: "Re: Digest Authentication"
- In reply to: Kim Lots: "Re: Digest Authentication"
- Next in thread: Kim Lots: "Re: Digest Authentication"
- Reply: Kim Lots: "Re: Digest Authentication"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
