|
Home > Archive > IIS Server Security > January 2004 > Login problem
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| We have a development website.
In IIS, the authentication method is "Integrated Windows authentication".
Typically, when a person goes to this site, they get a standard pop-up
asking for username and password.
I just came across a person that doesn't get this pop-up. He just gets the
standard message:
"You are not authorized to view this page
You do not have permission to view this directory or page using the
credentials you supplied."
Could the organization he works for have some security settings on their end
that might be causing this?
Steve
| |
| Tom Kaminski [MVP] 2004-01-24, 2:01 am |
| "Steve" <sbohler@deletethis.stny.rr.com> wrote in message
news:QTXNb.18049$Su5.8488@twister.nyroc.rr.com...quote:
> We have a development website.
>
> In IIS, the authentication method is "Integrated Windows authentication".
>
> Typically, when a person goes to this site, they get a standard pop-up
> asking for username and password.
>
> I just came across a person that doesn't get this pop-up. He just gets the
> standard message:
>
> "You are not authorized to view this page
> You do not have permission to view this directory or page using the
> credentials you supplied."
>
> Could the organization he works for have some security settings on their
endquote:
> that might be causing this?
It means that his browser is properly configured to handle Windows
Integrated authentication and that his domain account does not have NTFS
permissions to the content.
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
| |
| Fred Yarbrough 2004-01-24, 2:01 am |
| Steve,
When you are using Integrated Windows authentication people should not
be prompted to login at all if the web server is in a domain and the users
are logging into the same domain. The web server automatically detects
their user context and either grants or denies access based on the NTFS
permissions.
The only time you should see a pop-up to login is if the web server
does not recognize the user context that is attempting to access it (like a
cross domain) hit.
Thanks,
Fred
"Steve" <sbohler@deletethis.stny.rr.com> wrote in message
news:QTXNb.18049$Su5.8488@twister.nyroc.rr.com...quote:
> We have a development website.
>
> In IIS, the authentication method is "Integrated Windows authentication".
>
> Typically, when a person goes to this site, they get a standard pop-up
> asking for username and password.
>
> I just came across a person that doesn't get this pop-up. He just gets the
> standard message:
>
> "You are not authorized to view this page
> You do not have permission to view this directory or page using the
> credentials you supplied."
>
> Could the organization he works for have some security settings on their
endquote:
> that might be causing this?
>
> Steve
>
>
| |
|
| Fred,
The user is with a completely different company and our web server is hosted
across the country with a hosting provider.
So, doesn't seem like this happening, does it?
Thanks,
Steve
"Fred Yarbrough" <fcyarbrough@yahoo.com> wrote in message
news:uHnbDRu3DHA.2648@tk2msftngp13.phx.gbl...quote:
> Steve,
> When you are using Integrated Windows authentication people should not
> be prompted to login at all if the web server is in a domain and the users
> are logging into the same domain. The web server automatically detects
> their user context and either grants or denies access based on the NTFS
> permissions.
>
> The only time you should see a pop-up to login is if the web server
> does not recognize the user context that is attempting to access it (like
aquote:
> cross domain) hit.
>
>
> Thanks,
> Fred
>
>
>
>
> "Steve" <sbohler@deletethis.stny.rr.com> wrote in message
> news:QTXNb.18049$Su5.8488@twister.nyroc.rr.com...
authentication".[QUOTE][color=darkred]
the[QUOTE][color=darkred]
> end
>
>
| |
| Tom Kaminski [MVP] 2004-01-24, 2:02 am |
| "Steve" <sbohler@deletethis.stny.rr.com> wrote in message
news:giTPb.66134$Su5.14541@twister.nyroc.rr.com...quote:
> Fred,
>
> The user is with a completely different company and our web server is
hostedquote:
> across the country with a hosting provider.
>
> So, doesn't seem like this happening, does it?
In that case, Windows Integrated authentication is not appropriate. It was
designed for use on an intranet where users are logged in to their computers
on the same Windows domain as the web server.
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
| |
| Fred Yarbrough 2004-01-24, 2:02 am |
| Exactly! Windows Integrated is for intranets only. You will need to use
Basic with an SSL certificate.
Fred
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:bupaqe$bl722@kcweb01.netnews.att.com...quote:
> "Steve" <sbohler@deletethis.stny.rr.com> wrote in message
> news:giTPb.66134$Su5.14541@twister.nyroc.rr.com...
> hosted
>
> In that case, Windows Integrated authentication is not appropriate. It
wasquote:
> designed for use on an intranet where users are logged in to their
computersquote:
> on the same Windows domain as the web server.
>
> --
> Tom Kaminski IIS MVP
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IISquote:
> http://mvp.support.microsoft.com/
> http://www.microsoft.com/windowsser...ty/centers/iis/
>
>
>
| |
|
| OK, I'll try that out. Thanks!
Steve
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:bupaqe$bl722@kcweb01.netnews.att.com...quote:
> "Steve" <sbohler@deletethis.stny.rr.com> wrote in message
> news:giTPb.66134$Su5.14541@twister.nyroc.rr.com...
> hosted
>
> In that case, Windows Integrated authentication is not appropriate. It
wasquote:
> designed for use on an intranet where users are logged in to their
computersquote:
> on the same Windows domain as the web server.
>
> --
> Tom Kaminski IIS MVP
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IISquote:
> http://mvp.support.microsoft.com/
> http://www.microsoft.com/windowsser...ty/centers/iis/
>
>
>
|
|
|
|
|