|
Home > Archive > IIS Server Security > December 2004 > identify disabled users and bad bad passwords
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
identify disabled users and bad bad passwords
|
|
| Scilabop 2004-12-17, 5:52 pm |
| Hello,
We are using IIS5.0 and integrated windows authentication to protect network
resource.
The system takes both disabled accounts and bad username and password pairs
as HTTP401.1 error. My task is to distinguish these errors, and then take
corresponding actions. But I have problem to retreive the unauthorized
username.
I am really curious about what triggers those .htr files within
/inetsrv/iisadmpwd. Is that the iisadminpwd.dll file controls everything? If
I could look into the source code for the little popup authentication
window, my task would be easy to get done.
Any helps are appreciated.
Ally
| |
| Bernard 2004-12-21, 2:54 am |
| Well, 401.1 stands for login failed, hence it could be username/password
wrong, it could be account disabled and lockout. Not sure if the win32
status code field will give you more detail, but you can try enable it in
the w3c extended iis log format.
as for the login prompt, it's actually client browse control. IIS only
return authentication header and it's up to client browser to react.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Scilabop" <scilabop@Xuvic.ca> wrote in message
news:%23pBcz6H5EHA.1404@TK2MSFTNGP11.phx.gbl...
> Hello,
>
> We are using IIS5.0 and integrated windows authentication to protect
> network
> resource.
> The system takes both disabled accounts and bad username and password
> pairs
> as HTTP401.1 error. My task is to distinguish these errors, and then take
> corresponding actions. But I have problem to retreive the unauthorized
> username.
>
> I am really curious about what triggers those .htr files within
> /inetsrv/iisadmpwd. Is that the iisadminpwd.dll file controls everything?
> If
> I could look into the source code for the little popup authentication
> window, my task would be easy to get done.
>
> Any helps are appreciated.
>
> Ally
>
>
>
>
| |
| Scilabop 2004-12-21, 5:56 pm |
| Thank you, Bernard.
I tried. The sc-win32-status codes for disabled account and bad
username/passward are all "5".
But the security event log did give the specific failure reasons. I am now
wondering how I can program with the system log.
Here I got another question.
I suppose to be able to customize the HTTP error messages by mapping a file
or URL. But HTTP 401 (-1,-2,-3,-4, -5) just offer the option of mapping to a
file, but not URL, while all other HTTP errors have the options of both file
and URL. I found this problem when I was trying to redirect HTTP 401.1
message to an ASP script. Any one else ever had such problem?
Thanks a lot.
Ally
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:OwDkQoy5EHA.3368@TK2MSFTNGP10.phx.gbl...
> Well, 401.1 stands for login failed, hence it could be username/password
> wrong, it could be account disabled and lockout. Not sure if the win32
> status code field will give you more detail, but you can try enable it in
> the w3c extended iis log format.
>
> as for the login prompt, it's actually client browse control. IIS only
> return authentication header and it's up to client browser to react.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Scilabop" <scilabop@Xuvic.ca> wrote in message
> news:%23pBcz6H5EHA.1404@TK2MSFTNGP11.phx.gbl...
take[vbcol=seagreen]
everything?[vbcol=seagreen]
>
>
| |
| Bernard 2004-12-22, 2:47 am |
| My guess for 401 only support file is because 401.X is related to access
error. which probably related to dynamic scripting, etc, hence IIS only
allows you to send back static file content that doesn't need to be
'intepret' by all isapi filter. inetinfo.exe will read the content and send
it back to clients.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Scilabop" <scilabop@Xuvic.ca> wrote in message
news:e2z9ww65EHA.1452@TK2MSFTNGP11.phx.gbl...
> Thank you, Bernard.
>
> I tried. The sc-win32-status codes for disabled account and bad
> username/passward are all "5".
> But the security event log did give the specific failure reasons. I am now
> wondering how I can program with the system log.
>
> Here I got another question.
> I suppose to be able to customize the HTTP error messages by mapping a
> file
> or URL. But HTTP 401 (-1,-2,-3,-4, -5) just offer the option of mapping to
> a
> file, but not URL, while all other HTTP errors have the options of both
> file
> and URL. I found this problem when I was trying to redirect HTTP 401.1
> message to an ASP script. Any one else ever had such problem?
>
> Thanks a lot.
>
> Ally
>
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:OwDkQoy5EHA.3368@TK2MSFTNGP10.phx.gbl...
> take
> everything?
>
>
| |
| Ken Schaefer 2004-12-22, 2:47 am |
| In my experience, it doesn't really matter if you customise those files -
it's up to the browser to decide what to display, and they will display (a)
login prompt (for the first three goes), and then (b) Access Denied message
(after three unsuccessful attempts)
Cheers
Ken
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:uqT3Rv95EHA.3120@TK2MSFTNGP12.phx.gbl...
> My guess for 401 only support file is because 401.X is related to access
> error. which probably related to dynamic scripting, etc, hence IIS only
> allows you to send back static file content that doesn't need to be
> 'intepret' by all isapi filter. inetinfo.exe will read the content and
> send it back to clients.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Scilabop" <scilabop@Xuvic.ca> wrote in message
> news:e2z9ww65EHA.1452@TK2MSFTNGP11.phx.gbl...
>
>
|
|
|
|
|