|
Home > Archive > IIS Server Security > April 2004 > Update Authentication Issues
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Update Authentication Issues
|
|
| Nicodemas 2004-04-21, 2:34 am |
| Hello all, here's an update...
I have a testing account on my domain. I've set its IE security settings for Intranet Zones to Low, and granted it the NTFS Read + Read & Execute + List Folder Contents on the site's root folder (which is inherited by all the subfolders & files).
I access the site by typing in 'http://suspenses', so no periods in the URL or whatnot.
If I try to access the site under this test account, I am prompted for credentials a number of times, then returned a 401.3 error.
The default page that I attempt to access does not call any graphics, stylesheets, SSIs or what not. It is a static ASP page with no server-generated content whatsoever.
What I have learned, though, is that by trying to access an ASP file, I am prompted to enter my credentials. However, if I try to access only an HTML page, BOOM! No problems there.
Could this be a permissions issue with ASP.DLL ? Or some other system file?
| |
| Steve Carr 2004-04-22, 2:38 pm |
| just a stab in the dark but have those asp files been moved there from a
more restrictive folder where they kept their security settings and didn't
inherit the folder settings? I've seen that happen where you go into the
security tab of a file and it looks like it is inheriting settings etc but
it actually isn't. You could try un-inheriting the rights, chose copy as the
option, hit apply, then check to inherit rights again and hit ok. Just a
thought but who knows since it makes no sense that an html file is fine but
an asp file isn't (unless the global.asa file is in a non-available folder
rights-wise).
"Nicodemas" <anonymous@discussions.microsoft.com> wrote in message
news:A2EA473B-3ACB-4125-89D0-73BE3E825B88@microsoft.com...
> Hello all, here's an update...
>
> I have a testing account on my domain. I've set its IE security settings
for Intranet Zones to Low, and granted it the NTFS Read + Read & Execute +
List Folder Contents on the site's root folder (which is inherited by all
the subfolders & files).
>
> I access the site by typing in 'http://suspenses', so no periods in the
URL or whatnot.
>
> If I try to access the site under this test account, I am prompted for
credentials a number of times, then returned a 401.3 error.
>
> The default page that I attempt to access does not call any graphics,
stylesheets, SSIs or what not. It is a static ASP page with no
server-generated content whatsoever.
>
> What I have learned, though, is that by trying to access an ASP file, I am
prompted to enter my credentials. However, if I try to access only an HTML
page, BOOM! No problems there.
>
> Could this be a permissions issue with ASP.DLL ? Or some other system
file?
>
|
|
|
|
|