|
Home > Archive > IIS Server Security > March 2004 > integrated Windows authentication failure
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
integrated Windows authentication failure
|
|
|
| I am trying to use Internet Explorer (IE) 6 on a Windows XP Home client to access a virtual directory in the default Web site on a Windows XP Pro Web server. Both client and server are linked to a single router. In the virtual directory, the account use
d for anonymous access is set to the Internet guest account. Anonymous access works, but I want to use integrated Windows authentication (IWA) instead. In IE on the client, I enabled IWA. In the virtual directory, I turned IWA on and turned anonymous a
ccess off. When I tried to access the directory from the client, I was prompted for a username and password. I entered the name of the server's Internet guest account (or that of another account that I added to the server's Guests group) and the corresp
onding password, but access was denied; after 3 tries, I got an HTTP 401.1 error message ("You are not authorized to view this page"). How do I get integrated Windows authentication working?
| |
| Tom Kaminski [MVP] 2004-03-22, 3:35 pm |
| "Barry" <anonymous@discussions.microsoft.com> wrote in message
news:589AC6DD-B2D1-4976-A561-4C033781E898@microsoft.com...
> I am trying to use Internet Explorer (IE) 6 on a Windows XP Home client to
access a virtual directory in the default Web site on a Windows XP Pro Web
server. Both client and server are linked to a single router. In the
virtual directory, the account used for anonymous access is set to the
Internet guest account. Anonymous access works, but I want to use
integrated Windows authentication (IWA) instead. In IE on the client, I
enabled IWA. In the virtual directory, I turned IWA on and turned anonymous
access off. When I tried to access the directory from the client, I was
prompted for a username and password. I entered the name of the server's
Internet guest account (or that of another account that I added to the
server's Guests group) and the corresponding password, but access was
denied; after 3 tries, I got an HTTP 401.1 error message ("You are not
authorized to view this page"). How do I get integrated Windows
authentication working?
First of all, Windows Integrated authentication is best suited for an
intranet environment where everyone is on a windows domain - IE/IIS will use
the domain account that the user has logged on to the client computer with.
Basic authentication is probably a better choice in your case. In addition
to setting the authentication method, you need to restrict access by setting
NTFS permissions on your content. You would then logon with an account that
you have given permissions to the content.
IIS 5.1 on WXP is essentially the same as IIS 5 on W2K:
IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control
HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
Make sure you disable simple file sharing in XP
http://support.microsoft.com/defaul...kb;en-us;304040
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
| |
|
| Thanks. Disabling simple file sharing did the trick. It's interesting that disabling simple file sharing is needed even when the virtual directory points to a folder on a FAT32 drive.
|
|
|
|
|