Re: Cached Logon

From: Roland Hall (nobody_at_nowhere)
Date: 12/22/04


Date: Tue, 21 Dec 2004 21:53:29 -0600


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%23fCBKGh5EHA.2592@TK2MSFTNGP09.phx.gbl...
: Why did you reference domain1 and domain2 ?
: > domain1\administrator - domain2\administrator both have the same
password.
: What is their relationship to this?
: It appears that the IIS and the SQL are installed on one machine ?
: Is the XP used to access the asp pages allowed to provide "behind
: the scenes" windows authentication information?
: You are saying that the connection string used for ado is
: identical on all three pages ?

Domain1:
Win2K Adv. Server
DC
AD
DNS
MS SQL 2K
IIS

Domain2:
XP Pro SP2

The folder on IIS holds all 3 .asp files.
All 3 connect to MS SQL using the same exact code for the connection and
same authentication.
On the server I was logged in as domain1\administrator.
On XP, I was logged in as domain2\administrator.

When I tried to access StraightASP.asp, I was asked for credentials. I
typed in domain1\administrator and that password which is the same password
used for the domain2\administrator. IIS, on that web server, uses Basic and
Integrated authentication only. MS SQL was set for SQL and Windows
authentication.

Only access the first page prompted me for credentials and then told me
access was denied.
The pages that used XML did not. The only difference between those files is
CSS in StraightXML1.asp and XSL in StraightXML2.asp.

It was my understanding that Windows would try to authenticate with the
current credentials and only after failing would prompt for credentials. I
also assumed that domain1\administrator would be treated differently than
domain2\administrator even though they had the same password. It appeared
that part worked correctly by requesting credentials but then failed to
authenticate. Only a reboot of the server itself cleared the problem and
ONLY the first file failed. The two others worked fine. And, when I
renamed the first file, it also worked. Rename is back, it fails. Rename
it to something else again, it works.

So, where is it being cached by filename, failing authentication, but
allowing it for other files with the same code? I restarted IIS, SQL and
cleared IE cache and closed all IE windows and started fresh and still only
a reboot of the server cleared the apparent caching issue.

I've never seen this issue and other than what I listed before the reboot, I
cannot reproduce the error.

I knew it was not IE, but I tested all that I thought could possibly be
involved. IE from the server and from the workstation both failed with the
same file and the other two worked on both. It apparently was happening at
the server level but I cannot prove it.

This is the connection string in all 3 files: (The password is not blank.
It has just been removed from here.)

Function GetRecordset()
 Dim cnn
 Set cnn = CreateObject("ADODB.Connection")
 cnn.Open "Provider=SQLOLEDB.1;Initial Catalog=PUBS;Data Source=localhost",
"sa", ""
 Set GetRecordset = cnn.Execute("select * from authors")
End Function

The only thing different in the first file, when run the first time, was an
error in the file I received from MSFT. CatalogPUBS should have been
Catalog=PUBS. All I did was add an the = sign and the password.

-- 
Roland Hall
/* This information is distributed in the hope that it will be useful, but 
without any warranty; without even the implied warranty of merchantability 
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp


Relevant Pages

  • FW: Microsoft Security Advisory MS 03-007
    ... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
    (Focus-Microsoft)
  • Re: WM5 can not sync to exchange
    ... I checked all the authentication settings and they are as you requested. ... After running the internet connection wizard I had to uncheck the Require ... On the SBS 2003 Server open the Server Management console. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • RE: WM5 can not sync to exchange
    ... code 85010014 during ActiveSync with SBS. ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • Re: WM5 can not sync to exchange
    ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... Collect the IIS metabase on Exchange Server and send to me: ...
    (microsoft.public.windows.server.sbs)
  • Re: Nokia E50 ActiveSync problem with SBS2003 SP2
    ... Open IIS Manager ... Open properties of virtual directory OMA ... Click Start on your SBS server, ... And then please verify Authentication settings by the following steps. ...
    (microsoft.public.windows.server.sbs)