|
Home > Archive > IIS Server Security > December 2005 > Integrated Windows Authentication - 401: Access Denied
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Integrated Windows Authentication - 401: Access Denied
|
|
|
| Developing .NET application to acccess web services. In IIS, if Integrated
Windows Authentication is turned on, I get a 401: Access Denied error.
However, if I turn off Integrated Windows Authentication and turn on Basic
Authentication I am able to authenticate the user with no problem.
I am having the same problem with ASP.NET applications, unable to
authenticate the user through Windows prompt for Integrated Windows
Authentication, but Basic Authentication works fine.
This test is being run on the same machine (web server is the same machine
as the development machine).
Does anyone have any ideas?
| |
| David Wang [Msft] 2005-12-22, 2:58 am |
| IIS version?
If IIS6, if you use Integrated Authentication AND your machine is in a
domain AND you customized the Application Pool Identity AND you failed to
setspn the new identity as specified by documentation, then you can see this
due to user misconfiguration.
You may also look at any double-hop situation in your application because
that can also show up as a 401 using Integrated and succeed with basic --
because Basic is less secure.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Garth" <Garth@discussions.microsoft.com> wrote in message
news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com...
> Developing .NET application to acccess web services. In IIS, if
> Integrated
> Windows Authentication is turned on, I get a 401: Access Denied error.
> However, if I turn off Integrated Windows Authentication and turn on Basic
> Authentication I am able to authenticate the user with no problem.
>
> I am having the same problem with ASP.NET applications, unable to
> authenticate the user through Windows prompt for Integrated Windows
> Authentication, but Basic Authentication works fine.
>
> This test is being run on the same machine (web server is the same machine
> as the development machine).
>
> Does anyone have any ideas?
| |
|
| Thank you for the response.
IIS is ver 5.
Machine is not in a Domain, did not customize the app. pool id. I did add
the user account to the Debugger Users group. If I turn Integrated Windows
Authentication on and debug an ASP app from within VS.NET, I am automatically
logged in and identified, no problem. If I irun the same ASP application
from a browser (outside the IDE) the Integrated Windows Authentication fails.
Very Strange.
"David Wang [Msft]" wrote:
> IIS version?
>
> If IIS6, if you use Integrated Authentication AND your machine is in a
> domain AND you customized the Application Pool Identity AND you failed to
> setspn the new identity as specified by documentation, then you can see this
> due to user misconfiguration.
>
> You may also look at any double-hop situation in your application because
> that can also show up as a 401 using Integrated and succeed with basic --
> because Basic is less secure.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "Garth" <Garth@discussions.microsoft.com> wrote in message
> news:CE5EB4F4-E73C-4A0A-A2F2-5FF739EE1D15@microsoft.com...
>
>
>
| |
| Consultant 2005-12-23, 5:55 pm |
| try using iis authdiag, make sure all your permissions are squared away.
usually that is a kerberos issue, check this out:
http://support.microsoft.com/defaul...kb;en-us;215383
"Garth" <Garth@discussions.microsoft.com> wrote in message
news:3CED8F08-2CD4-48CB-A9C1-8C0CEC41B1B3@microsoft.com...[vbcol=seagreen]
> Thank you for the response.
>
> IIS is ver 5.
>
> Machine is not in a Domain, did not customize the app. pool id. I did add
> the user account to the Debugger Users group. If I turn Integrated
> Windows
> Authentication on and debug an ASP app from within VS.NET, I am
> automatically
> logged in and identified, no problem. If I irun the same ASP application
> from a browser (outside the IDE) the Integrated Windows Authentication
> fails.
>
> Very Strange.
>
> "David Wang [Msft]" wrote:
>
| |
|
| Followed steps in the article and got the expected results:
NTAuthenticationProviders : (STRING) "Negotiate,NTLM"
It has to be something simple, but haven't found it yet.
"Consultant" wrote:
> try using iis authdiag, make sure all your permissions are squared away.
> usually that is a kerberos issue, check this out:
>
> http://support.microsoft.com/defaul...kb;en-us;215383
>
>
> "Garth" <Garth@discussions.microsoft.com> wrote in message
> news:3CED8F08-2CD4-48CB-A9C1-8C0CEC41B1B3@microsoft.com...
>
>
>
| |
| Consultant 2005-12-28, 6:10 pm |
| did you create an spn?
"Garth" <Garth@discussions.microsoft.com> wrote in message
news:A73E3580-C344-4D45-B27D-D13F72B3409E@microsoft.com...[vbcol=seagreen]
> Followed steps in the article and got the expected results:
>
> NTAuthenticationProviders : (STRING) "Negotiate,NTLM"
>
> It has to be something simple, but haven't found it yet.
>
>
> "Consultant" wrote:
>
|
|
|
|
|