Re: Windows 2003 - IIS 6 - local CGI Authentication problem.

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 10/06/04 

Date: Wed, 6 Oct 2004 03:18:44 -0700

Unfortunately, I cannot repro your remaining question regarding Integrated
authentication + CGI on the local machine. Many of our tests run in this
fashion without any unexpected 401 (that is what triggers the browser to
popup the login dialog). They just use the default values. 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jacques Garcia Vazquez" <jgv at FlexsysBelgium dot com> wrote in message
news:uwKYwX3qEHA.2564@TK2MSFTNGP10.phx.gbl...
Many thanks David,
>>this is a browser behavior, not server.
I agree with you. But our cgi is in the same directory tree. ie:
http://localhost/toto/index.htm will call
http://localhost/toto/bin/exe.exe/ttoto
So since the entire site is under authentication control and the browser
correctly identify the user on all page but the cgi, then I think there is a
problem elsewhere.
Further more, if I trace the call to the cgi with authdiag in real time, I
see some authentication tokens sent by the browser. So my question
unfortunatly remains open.
For the CGI error, then I will try to install the SP1.
Thanks again
Jacques
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:OHXgDk2qEHA.3876@TK2MSFTNGP15.phx.gbl...
> Regarding the authentication dialogs -- that is by design.  Browsers may
> choose to auto-authenticate depending on how you access the server -- so
> this is a browser behavior, not server.
>
> i.e.
> http://127.0.0.1/secure/cgi.exe
> http://localhost/secure/cgi.exe
> http://server/secure/cgi.exe
> http://server.domain.com/secure/cgi.exe
>
> Can all have different authentication behaviors.
>
>
> Regarding the CGI failure over Remote Desktop -- it looks like a
> previously
> reported issue that has been fixed in Windows Server 2003 SP1.
>
> This only happens when you are browsing the website LOCALLY on the server,
> against a CGI, involving NTLM authentication, and optionally over Remote
> Desktop (just need a different console Desktop, and Remote Desktop is one
> way to do that).  Basically, these circumstances affect the type of user
> token that IIS obtains which eventually prevents IIS calling
> CreateProcessAsUser to launch the CGI EXE, and hence you get 500.
>
> -- 
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Jacques Garcia Vazquez" <jgv at FlexsysBelgium dot com> wrote in message
> news:uIsHxgvqEHA.1964@TK2MSFTNGP12.phx.gbl...
> Hi All,
>
> We have a web site (virtual directory) with authentication set to
> "integrated windows authentication".
> This web site call a cgi (.exe).
> The directory (since the cgi is part of the site directory) is secured
> correctly - (well I hope).
> The CGI is correctly defined in the Web service extensions.
>
> Everything is working correctly when working from the network that means
> that IE don't request a user name and password and authenticate the user
> correctly (which means for me that IE send the correct user).
>
> If we try to work on the server directly on the console, the logon dialog
> is
> displayed when the cgi is called (but not with the normal html pages). If
> we
> reintroduce the same user account as the one currently logged in, every
> thing is fine till IE is closed. This behavior is constant whatever
> account
> we used, even with the local administrator account. The security log don't
> show any error.
>
> The first question is how to make working the integrated authentication
> when
> working on the console ?
>
> Now if we connect with an XP desktop with a remote desktop connection, and
> we start browsing then we get a 500 error when trying to use the CGI. Any
> idea are welcome.
>
> Thanks for your time.
> Jacques Garcia Vazquez
>
>
>
>
>
>
>
>

Relevant Pages

  • Re: Windows 2003 - IIS 6 - local CGI Authentication problem.
    ... But the Remote desktop problem is still there. ... > authentication + CGI on the local machine. ... But our cgi is in the same directory tree. ... >> Desktop (just need a different console Desktop, ...
    (microsoft.public.inetserver.iis)
  • Re: Delegated Kerberos through a CGI
    ... Does anyone know how to use the Windows Security API to generate a new ... I'm trying to get a CGI to use delegated Kerberos authentication. ... "Test1.asp" (both running on the server B in the same virtual directory ...
    (microsoft.public.inetserver.iis.security)
  • Re: HTTP_AUTHORIZATION header
    ... HTML file from one virtual directory, and then immediately execute a CGI from ... Authentication happens when I request the HTML ... header is not expected for every request for NTLM ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows 2003 - IIS 6 - local CGI Authentication problem.
    ... Regarding the authentication dialogs -- that is by design. ... Browsers may ... not server. ... CreateProcessAsUser to launch the CGI EXE, ...
    (microsoft.public.inetserver.iis)
  • Re: HTTP_AUTHORIZATION header
    ... authentication sequence. ... this in your setup by directly accessing the CGI EXE a couple of timems. ... i.e. the HTTP_AUTHORIZATION header gets sent every time ... I use WFetch to make a Basic authenticated POST request against my CGI ...
    (microsoft.public.inetserver.iis.security)