IIS Server Security - Web Site Access requires UserID and Password - Resolved

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > October 2006 > Web Site Access requires UserID and Password - Resolved





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Web Site Access requires UserID and Password - Resolved
baker_tony@hotmail.com

2006-10-28, 1:40 pm

I copied over a new Default.htm file to a web server one day, and all
of a sudden whenever anyone went to our web site they were being
prompted to enter userId and password! Directory access was set to
anonymous.

Way I fixed it was to:
1) right click Default.htm and bring up properties
2) Go to security tab
3) Add "Everyone" user
4) set Everyone user to have Read access
5) Hit OK,

Problem solved, I hope this helps someone!

Tony.

David Wang

2006-10-28, 1:40 pm

While I am glad that your issue is resolved, your resolution is simply
inappropriate and incorrect.

Anonymous access does not mean that you never see an authentication
prompt. It means that IIS always logs in and uses a pre-defined user
account for all non-authenticated access to resources.

Your problem is that your somehow broke ACLs on your web content such
that the IIS Anonymous user no longer has permissions to read those
files - hence when you add "Everyone" permissions, IIS Anonymous user
is included and hence it appears to work. The problem with adding
Everyone is that EVERYONE is able to read, not just the IIS anonymous
user. This may not be what you intended and is overkill for getting
Anonymous authentication to function.

The correct solution is to make sure that the authenticated user
identity has read ACLs on the resources. For anonymous authentication,
the authenticated user identity is the IIS Anonymous user you
configured.

Read the following blog entries for the explanation:
http://blogs.msdn.com/david.wang/ar... mous_User.aspx

http://blogs.msdn.com/david.wang/ar...ode_Part_2.aspx

http://blogs.msdn.com/david.wang/ar...br /> rt_1.aspx



//David
http://w3-4u.blogspot.com
//



baker_t...@hotmail.com wrote:
> I copied over a new Default.htm file to a web server one day, and all
> of a sudden whenever anyone went to our web site they were being
> prompted to enter userId and password! Directory access was set to
> anonymous.
>
> Way I fixed it was to:
> 1) right click Default.htm and bring up properties
> 2) Go to security tab
> 3) Add "Everyone" user
> 4) set Everyone user to have Read access
> 5) Hit OK,
>
> Problem solved, I hope this helps someone!
>
> Tony.

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com