|
Home > Archive > IIS Server Security > December 2004 > Random 401.2 Error in ASP.NET app
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Random 401.2 Error in ASP.NET app
|
|
|
| I am getting this error at random in my ASP.NET app (i.e. at different
times on different pages):
You are not authorized to view this page
You do not have permission to view this directory or page using the
credentials you supplied.
HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services
IIS Configuration:
Virtual Directory security:
* Anonymous access disabled
* Only Integrated Windows authentication is enabled
Web.Config:
(abbreviated)
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow users="*" />
</authorization>
More...
Most of the time the users can access all the pages, but occasionally
they get the 401.2 error - on different pages at different times.
Anyone with an idea?
thanks in advance...
| |
| David Wang [Msft] 2004-11-25, 2:50 am |
| This is probably not an IIS nor ASP.Net issue.
Sounds like either your website and/or the users are behind a proxy or
something that DOES NOT UNDERSTAND Integrated Authentication -- which can
cause this issue. Either remove the proxy, get a better proxy that
understands Integrated Authentication, or change the authentication scheme
of your website.
The reason this happens is simple. Integrated authentication is
connection-based authentication that works best when client and server are
directly connected. If an intervening proxy pools connections between
client/servers (very possible, since Proxies are supposed to do that), it
can cause 401.2 because it incorrectly multiplexs an authenticated request
(which contains no handshake info since it is authenticated already) to an
unauthenticated connection to the server (which requires handshake info on
an unauthenticated connection). Because an anonymous request to an
Integrated auth'd server results in a 401.2, this will confuse the client
and cause a 401.2 to show up.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"JohnM" <john_murray_sp@hotmail.com> wrote in message
news:759b907f.0411180804.493ae2a4@posting.google.com...
I am getting this error at random in my ASP.NET app (i.e. at different
times on different pages):
You are not authorized to view this page
You do not have permission to view this directory or page using the
credentials you supplied.
HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services
IIS Configuration:
Virtual Directory security:
* Anonymous access disabled
* Only Integrated Windows authentication is enabled
Web.Config:
(abbreviated)
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow users="*" />
</authorization>
More...
Most of the time the users can access all the pages, but occasionally
they get the 401.2 error - on different pages at different times.
Anyone with an idea?
thanks in advance...
| |
| john_murray_sp@hotmail.com 2004-12-10, 7:54 am |
| Thanks for the reply David.
A couple of points:
1) There is no proxy - clients are connected directly to the server.
2) The Integrated Authentication is working (in general). This is
occurring randomly - i.e. the user hits the site, (is authenticated no
problem), starts using the site, no problem, then, at times, is
prompted with a logon dialog. Happens on different pages and different
times.
3) Sometimes it is a 401.1 error.
thanks,
john
| |
| David Wang [Msft] 2004-12-11, 3:36 am |
| Ok. Then another possibility could be due to the recycling of the worker
process. Try disabling all Application Pool recycling and see what happens.
Best way to do this is:
1. Create a new ApplicationPool for all ASP.Net applications
2. Assign this ApplicationPool to all ASP.Net applications
3. Configure this ApplicationPool to never recycle, idle timeout, etc. Only
enable the Private Memory based recycling based on 60% of RAM
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<john_murray_sp@hotmail.com> wrote in message
news:1102668876.960932.83640@z14g2000cwz.googlegroups.com...
Thanks for the reply David.
A couple of points:
1) There is no proxy - clients are connected directly to the server.
2) The Integrated Authentication is working (in general). This is
occurring randomly - i.e. the user hits the site, (is authenticated no
problem), starts using the site, no problem, then, at times, is
prompted with a logon dialog. Happens on different pages and different
times.
3) Sometimes it is a 401.1 error.
thanks,
john
| |
| john_murray_sp@hotmail.com 2004-12-13, 3:37 am |
| I didn't mention but it's running on IIS 5.
Also, .NET Framework version : 1.1.4322.510
thanks again,
john
| |
| David Wang [Msft] 2004-12-13, 6:38 pm |
| Ok, then I really do not have any other ideas.
However, the symptoms you describe is very similar to what can happen on
IIS6 with worker process recycling in the middle of Integrated
authentication -- so perhaps there are similar ways to get into that
situation on IIS5.
The only other thing I can think of is to get a Netmon trace of the entire
series of request/response when you get these "random" failures. The trace
will conclusively show whether the problem comes from the client or server
and we can move from there.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<john_murray_sp@hotmail.com> wrote in message
news:1102929484.888776.19390@c13g2000cwb.googlegroups.com...
I didn't mention but it's running on IIS 5.
Also, .NET Framework version : 1.1.4322.510
thanks again,
john
|
|
|
|
|