Re: IIS Authentication page problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Andrey P (andrey_at_paramonov.pp.ru)
Date: 05/19/04 

Date: Wed, 19 May 2004 08:00:18 -0700

Vinodk wrote:

> Hi all,
>
> I faced a strange problem in one of our applications. We have a Web
> application. The virtual directory is set to anonymous authentication under
> the security. From the default page we redirect to a second page. This page
> is set to Integrated authentication. and from there on the application gets
> redirected to multiple pages.
>
> Now the scenaio:
>
> Under the IE options I've Prompt for Username and Password is set. Have been
> using IE 6.0 SP1 on all the machines.
>
> In Windows XP machine:
> 1. The user get the default page without asking any authentication
> requirements
> 2. On click of a submit button. He gets redirected to the second page
> and a popup asking for username password is prompted.
> 3. The user CANNOT navigate out of this page without any username and
> password. He is forced to enter the same. This is the desired behaviour. If
> the user refuses to enter then authentication error page is displayed. Cool
> and no problems so far.
>
> In Windows NT SP 6a and Windows 2000 SP4
> 1. The user get the default page without asking any authentication
> requirements
> 2. On click of a submit button. He gets redirected to the second page
> and a popup asking for username password is prompted.
> 3. The user clears all the username / password etc and presses on ok.
> This just authenticates him forward.
> Strangely, if this doesnt work, then try entering a valid username/pwd and
> set save pwd and go once to the second page. Close the previous instance and
> open a new browser instance, on click from first page the authentication
> information comes up. Now clear all the username/pwd fields and press OK.
> Now the page gets through.
>
> Is this any IIS error or a OS error. DO we have any patch or KB article
> explaining the same. Any pointers to the same would be of great help.
>
> Thanks,

Well,

I would check and re-check all the permissions on all the folders under
web root. NB! when you changed url in client's browser which requires
authentication *and* an user typed username/password - it's no anonymous
user for a web server anymore, and all the access to all the files is
granted based on *that* authenticated user permissions - so, check all
the includes / global.asa etc to have correct permissions.

If nothing help - try to track the problematic file using FileMon from
http://www.sysinternals.com

-Andrey

Relevant Pages

  • RE: Web Forms Auth fails when rfValidator triggered
    ... © 2002 Microsoft Corporation. ... | Content-Type: text/plain ... | | basically has a username field, ... | | If I enter garbage text in BOTH fields, the authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Adding a virtual FTP folder to IIS
    ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ...
    (microsoft.public.dotnet.framework)
  • Re: OWA login problems
    ... But anyway, since just using USERNAME works from the desktop, this indicates ... Maybe one of the authentication ... Outlook Web Access For PDA, ... the Virtual Directory named Exchange and select properties. ...
    (microsoft.public.exchange.connectivity)
  • RE: Web Forms Auth fails when rfValidator triggered
    ... | basically has a username field, ... | If I enter garbage text in BOTH fields, the authentication ... | controls do their job and display the "error text" stating ... | Jeff Ptak ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: RWW authentication
    ... By entering just the username without any ... Much of this RWW info is right inside of there. ... but the Isa firewall ... SSL authentication seems to work just fine however on the actual RWW login ...
    (microsoft.public.windows.server.sbs)