|
Home > Archive > IIS Server Security > May 2005 > webdav prompts for second password
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
webdav prompts for second password
|
|
|
| I have WebDav set up on a 2003 server and everything seems to be working
fine. When a user opens a web folder he/she gets prompted to enter
credentials and then can browse folders and subfolders that they have access
to.
The issue is that when they try to open a file like excel or word they get
prompted for their
credentials again. If they enter them again they can access the file and
then
save with no problems. But the second prompt seems unneccessary. Is there a
rights setting that needs to be ajusted or something else that needs to be
done to stop this second request for credentials? Thanks
| |
| David Wang [Msft] 2005-04-30, 2:57 am |
| Is the browser configured to auto-login because if it doesn't, then the
second prompt can show up.
In other words, this is usually not a server-side issue. The server will
always challenge the client for authentication when accessing a secured
resource. It is always up to the client to auto-login to prevent such login
prompts from reaching the user.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"tony" <none@none.com> wrote in message
news:Ojjs4MdRFHA.2136@TK2MSFTNGP14.phx.gbl...
I have WebDav set up on a 2003 server and everything seems to be working
fine. When a user opens a web folder he/she gets prompted to enter
credentials and then can browse folders and subfolders that they have access
to.
The issue is that when they try to open a file like excel or word they get
prompted for their
credentials again. If they enter them again they can access the file and
then
save with no problems. But the second prompt seems unneccessary. Is there a
rights setting that needs to be ajusted or something else that needs to be
done to stop this second request for credentials? Thanks
| |
|
| I have the save password box checked if thats what you mean. I keep getting
the second authentication box
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:eIoImtSTFHA.2392@TK2MSFTNGP10.phx.gbl...
> Is the browser configured to auto-login because if it doesn't, then the
> second prompt can show up.
>
> In other words, this is usually not a server-side issue. The server will
> always challenge the client for authentication when accessing a secured
> resource. It is always up to the client to auto-login to prevent such
> login
> prompts from reaching the user.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "tony" <none@none.com> wrote in message
> news:Ojjs4MdRFHA.2136@TK2MSFTNGP14.phx.gbl...
> I have WebDav set up on a 2003 server and everything seems to be working
> fine. When a user opens a web folder he/she gets prompted to enter
> credentials and then can browse folders and subfolders that they have
> access
> to.
>
>
> The issue is that when they try to open a file like excel or word they get
> prompted for their
> credentials again. If they enter them again they can access the file and
> then
> save with no problems. But the second prompt seems unneccessary. Is there
> a
> rights setting that needs to be ajusted or something else that needs to be
> done to stop this second request for credentials? Thanks
>
>
>
>
>
| |
| David Wang [Msft] 2005-05-14, 1:22 pm |
| I'm sorry, but there is no such thing as "don't ask for credentials more
than once" feature on the server, nor is there a privilege/permission/right
to adjust. HTTP is stateless, so a web server like IIS really has no idea
what "more than once" means. It just knows that it is configured to ask for
authentication for certain URLs, so it dutifully asks for authentication.
If the client successfully auto-authenticates, then you won't see any
password box. If the client fails, then you will see some password box.
I am not an IE expert, so I have no idea whether the "save password
checkbox" actually leds to IE auto-authenticating on the requests in
question, nor if it persists the authentication across different
connections. To prove that, you will need to take a network capture of
traffic between the client and server and make that available for viewing.
The network trace will definitively show what is going on and what is going
awry.
I can only say that WebDAV is definitely working for me on Windows Server
2003 without any prompts at all, so let's see what's missing in your
configuration...
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"tony" <none@none.com> wrote in message
news:%23cWeb09VFHA.1508@tk2msftngp13.phx.gbl...
I have the save password box checked if thats what you mean. I keep getting
the second authentication box
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:eIoImtSTFHA.2392@TK2MSFTNGP10.phx.gbl...
> Is the browser configured to auto-login because if it doesn't, then the
> second prompt can show up.
>
> In other words, this is usually not a server-side issue. The server will
> always challenge the client for authentication when accessing a secured
> resource. It is always up to the client to auto-login to prevent such
> login
> prompts from reaching the user.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "tony" <none@none.com> wrote in message
> news:Ojjs4MdRFHA.2136@TK2MSFTNGP14.phx.gbl...
> I have WebDav set up on a 2003 server and everything seems to be working
> fine. When a user opens a web folder he/she gets prompted to enter
> credentials and then can browse folders and subfolders that they have
> access
> to.
>
>
> The issue is that when they try to open a file like excel or word they get
> prompted for their
> credentials again. If they enter them again they can access the file and
> then
> save with no problems. But the second prompt seems unneccessary. Is there
> a
> rights setting that needs to be ajusted or something else that needs to be
> done to stop this second request for credentials? Thanks
>
>
>
>
>
| |
|
| what do I do if I want to use NTFS permissions on a weddav folder. I am
already using NTFS permissions but when I enable web sharing, every single
user in my domain can log into the share via webdav.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:%232F3ySDWFHA.2660@TK2MSFTNGP10.phx.gbl...
> I'm sorry, but there is no such thing as "don't ask for credentials more
> than once" feature on the server, nor is there a
> privilege/permission/right
> to adjust. HTTP is stateless, so a web server like IIS really has no idea
> what "more than once" means. It just knows that it is configured to ask
> for
> authentication for certain URLs, so it dutifully asks for authentication.
>
> If the client successfully auto-authenticates, then you won't see any
> password box. If the client fails, then you will see some password box.
>
> I am not an IE expert, so I have no idea whether the "save password
> checkbox" actually leds to IE auto-authenticating on the requests in
> question, nor if it persists the authentication across different
> connections. To prove that, you will need to take a network capture of
> traffic between the client and server and make that available for viewing.
>
> The network trace will definitively show what is going on and what is
> going
> awry.
>
> I can only say that WebDAV is definitely working for me on Windows Server
> 2003 without any prompts at all, so let's see what's missing in your
> configuration...
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "tony" <none@none.com> wrote in message
> news:%23cWeb09VFHA.1508@tk2msftngp13.phx.gbl...
> I have the save password box checked if thats what you mean. I keep
> getting
> the second authentication box
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:eIoImtSTFHA.2392@TK2MSFTNGP10.phx.gbl...
>
>
>
| |
| David Wang [Msft] 2005-05-23, 5:59 pm |
| That sounds like user misconfiguration of ACLs or Authentication. Either you
configured IIS to not authenticate and then gave the anonymous user (or a
group the anonymous user is member of) access, or you misconfigured NTFS
permissions on the files/folders themselves. Without knowing more
configuration details, it is hard to say what you did wrong.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"tony" <none@none.com> wrote in message
news:eGZr9YyWFHA.2976@TK2MSFTNGP10.phx.gbl...
what do I do if I want to use NTFS permissions on a weddav folder. I am
already using NTFS permissions but when I enable web sharing, every single
user in my domain can log into the share via webdav.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:%232F3ySDWFHA.2660@TK2MSFTNGP10.phx.gbl...
> I'm sorry, but there is no such thing as "don't ask for credentials more
> than once" feature on the server, nor is there a
> privilege/permission/right
> to adjust. HTTP is stateless, so a web server like IIS really has no idea
> what "more than once" means. It just knows that it is configured to ask
> for
> authentication for certain URLs, so it dutifully asks for authentication.
>
> If the client successfully auto-authenticates, then you won't see any
> password box. If the client fails, then you will see some password box.
>
> I am not an IE expert, so I have no idea whether the "save password
> checkbox" actually leds to IE auto-authenticating on the requests in
> question, nor if it persists the authentication across different
> connections. To prove that, you will need to take a network capture of
> traffic between the client and server and make that available for viewing.
>
> The network trace will definitively show what is going on and what is
> going
> awry.
>
> I can only say that WebDAV is definitely working for me on Windows Server
> 2003 without any prompts at all, so let's see what's missing in your
> configuration...
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "tony" <none@none.com> wrote in message
> news:%23cWeb09VFHA.1508@tk2msftngp13.phx.gbl...
> I have the save password box checked if thats what you mean. I keep
> getting
> the second authentication box
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:eIoImtSTFHA.2392@TK2MSFTNGP10.phx.gbl...
>
>
>
|
|
|
|
|