|
Home > Archive > IIS Server Security > December 2005 > Basic IIS authentication only works with administrator account
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Basic IIS authentication only works with administrator account
|
|
| Joemtz 2005-11-28, 6:04 pm |
| Hey everyone,
I'm familiar working with Windows 2k Servers. I restrict access to virtual
directories or websites either by uncheking the "allow anonymous" or
adjusting ACL's on the folder where the website is. Then asign a standard
user account to those ACL's.
Problem is that since I upgrated to Windows 2003 server (stand alone, clean
install), i'm unable to use a standard account to authenticate to this
websites. While checking the event viewer I get a "user/pass incorrect". The
exception to this is using an administrator acount to login, that for obvious
reasons, feels rather unconfortable to do that.
I tried a Power User account and failed to authenticate too.
Any suggestions?
Thank you
| |
|
| You mentionned your IIS is a stand alone machine, meaning not joined to a
domain? In that case, it would be normal (I think) that only local accounts
could authenticate therefore only Administrator...
Try creating a local user and test the authentication with that user. If the
IIS should remain stand alone, a Radius server could pass the authentication
to a domain.
Dave.
"Joemtz" wrote:
> Hey everyone,
>
> I'm familiar working with Windows 2k Servers. I restrict access to virtual
> directories or websites either by uncheking the "allow anonymous" or
> adjusting ACL's on the folder where the website is. Then asign a standard
> user account to those ACL's.
>
> Problem is that since I upgrated to Windows 2003 server (stand alone, clean
> install), i'm unable to use a standard account to authenticate to this
> websites. While checking the event viewer I get a "user/pass incorrect". The
> exception to this is using an administrator acount to login, that for obvious
> reasons, feels rather unconfortable to do that.
>
> I tried a Power User account and failed to authenticate too.
> Any suggestions?
>
> Thank you
| |
| Joemtz 2005-12-02, 7:49 am |
| Hi Dave, thank you for answering.
The scenario for this is basically a Windows XP user from the internet,
authenticating to the IIS server(stand alone) to access a virtual directory
on a website.
The IIS server is configured not to accept anonymous requests and "basic
authentication(clear text) is selected.
I created a test user account with standard user privileges and when
prompted for a user name and password(through Internet explorer), I get an
"access denied" (Even with the appropiate ACLS - full access- for the
physical folder of the test user)
If instead I use an administrator account to login to the same virtual
directory, i get through with no problem.
I hope my question is clearer.
Thanks again.
"DaveG" wrote:
[vbcol=seagreen]
> You mentionned your IIS is a stand alone machine, meaning not joined to a
> domain? In that case, it would be normal (I think) that only local accounts
> could authenticate therefore only Administrator...
> Try creating a local user and test the authentication with that user. If the
> IIS should remain stand alone, a Radius server could pass the authentication
> to a domain.
>
> Dave.
>
>
> "Joemtz" wrote:
>
| |
|
| Have you tried to authenticate as the test user by adding either the domain
or machine name in fron of the account (domain\username or
machinename\username)?
Sometimes this is required.
Dave.
"Joemtz" wrote:
[vbcol=seagreen]
> Hi Dave, thank you for answering.
>
> The scenario for this is basically a Windows XP user from the internet,
> authenticating to the IIS server(stand alone) to access a virtual directory
> on a website.
> The IIS server is configured not to accept anonymous requests and "basic
> authentication(clear text) is selected.
>
> I created a test user account with standard user privileges and when
> prompted for a user name and password(through Internet explorer), I get an
> "access denied" (Even with the appropiate ACLS - full access- for the
> physical folder of the test user)
>
> If instead I use an administrator account to login to the same virtual
> directory, i get through with no problem.
>
> I hope my question is clearer.
> Thanks again.
>
>
> "DaveG" wrote:
>
|
|
|
|
|