IIS Server Security - Re: HTTP POST data missing when ASP only authenticates by anoonymous

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > December 2005 > Re: HTTP POST data missing when ASP only authenticates by anoonymous





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: HTTP POST data missing when ASP only authenticates by anoonymous
David Wang [Msft]

2005-12-10, 7:53 am

I think the problem is with the ISAPI Filter because it has to correctly
process ReadRawData to be able to steal the request and send it to Tomcat.

Because if the problem is in IE, then it should not work when directly
against Tomcat (but you say it works).

Not being able to reproduce with Firefox suggests that the interaction may
be directly between IE and the Filter -- it does not mean that the filter is
bug-free.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<dankogan@yahoo.com> wrote in message
news:1134074299.066139.249070@o13g2000cwo.googlegroups.com...
Hi,

We are using a Java application running on IIS with an ISAPI filter to
process the requests to the Java app (Servlet Engine). We are
experiencing a similar issue. POST data sometimes does not get
submitted to the server. We are using anonymous authentication on the
entire web site. Tried the client side workaround from KB 251404, but
without any success. The issue only occurs in IE 6 when using our
application with IIS - we could not reproduce when using Firefox
against IIS or when using IE against Tomcat.
Could anything else cause this issue except what is described in
251404?
Is there anything else we can try to debug it?

Thanks,
Dan Kogan


David Wang [Msft] wrote:
> Not really an IIS issue.
>
>
http://blogs.msdn.com/david.wang/ar...br /> tion.aspx
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Glenn Nelson" <GlennNelson@discussions.microsoft.com> wrote in message
> news:F5C6FB37-9218-42FF-996E-40B155A284D5@microsoft.com...
> I've encountered this very weird problem and am far from expert in IIS, so
I
> really need some help!
>
> Basic Config info:
> IIS 6.0 (clean install, not 5.1 upgrade)
> Windows 2003 Server
> ASP are enabled
> Logged into console as local User (although same behavior for
Administrator)
> impersonate is true in web.config
>
> Works OK:
> Fillin form in 'htm' file, POST to 'asp' file, display the post params
using
> VBScript.
> IIS security has anonymous enabled and also Integrated Windows auth.
> IIS security also grants READ and LOG only. Of course the website allows
asp
> scripts.
>
> Does NOT Work:
> As above, but disable Integrated Windows, so only anonymous is enabled.
> The asp page output is OK, but displaying POST params shows me NOTHING.
IIS
> logs look the same as successful case - it seems that IIS thinks the POST
> request was handled OK. I guess the asp simply did not receive any POST
> data.
>
> I've tried many variations on IIS file security and NTFS file system
> permissions. I don't know much about IIS debugging, what else can I try?
>
> TIA
> --
> -----
> Glenn Nelson in Santa Cruz


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com