|
Home > Archive > IIS Server Security > February 2006 > Problem with integrated IIS authentication on XP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problem with integrated IIS authentication on XP
|
|
| Tim Gorgs 2006-02-13, 6:03 pm |
| Hi all,
I have the following constellation:
Windows 2003 Server with IIS and integrated windows authentication as
the only authentication method
When I request a page like http://myserver.com/file.html, it works fine
with a Windows 2000 client (on the server I can log the requesting
user, just the way it should be).
When I request the same page with the same user from a Windows XP
client, I get the requested content in the browser window AND a dialog
window which asks me to enter username and password
In the IIS logfile I can see that the Windows XP client generated three
requests, one without supplied credentials, the next one with them
(this can happen as the IIS tells the Internet Explorer to send the
same request again after the first one, but this time with
credentials), and the third request without credentials again.
The HTTP codes are 401 for request 1, 200 for request 2 and 401 again
for request 3.
I don't understand why there are three and not two requests, and I
don't know why the browser displays the required content AND the dialog
box as well.
I tried to enable / disable "use integrated windows authentication" in
Internet Explorer, but neither of the settings changed anything.
I really don't have a clue what might be wrong, any help is very
appreciated.
Best regards
Tim
| |
| Ken Schaefer 2006-02-14, 2:49 am |
| Can you please post the IIS logfile entries here please?
Thanks
Cheers
Ken
"Tim Gorgs" <google@supertimmy.com> wrote in message
news:1139849922.081726.30580@o13g2000cwo.googlegroups.com...
: Hi all,
:
: I have the following constellation:
:
: Windows 2003 Server with IIS and integrated windows authentication as
: the only authentication method
:
: When I request a page like http://myserver.com/file.html, it works fine
: with a Windows 2000 client (on the server I can log the requesting
: user, just the way it should be).
:
: When I request the same page with the same user from a Windows XP
: client, I get the requested content in the browser window AND a dialog
: window which asks me to enter username and password
:
: In the IIS logfile I can see that the Windows XP client generated three
: requests, one without supplied credentials, the next one with them
: (this can happen as the IIS tells the Internet Explorer to send the
: same request again after the first one, but this time with
: credentials), and the third request without credentials again.
:
: The HTTP codes are 401 for request 1, 200 for request 2 and 401 again
: for request 3.
:
: I don't understand why there are three and not two requests, and I
: don't know why the browser displays the required content AND the dialog
: box as well.
:
: I tried to enable / disable "use integrated windows authentication" in
: Internet Explorer, but neither of the settings changed anything.
:
: I really don't have a clue what might be wrong, any help is very
: appreciated.
:
: Best regards
:
: Tim
:
| |
| Tim Gorgs 2006-02-14, 2:49 am |
| Hello Ken,
the entries in the logfile are:
**********
2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80 -
10.231.11.12 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
server.domain.com 401 2 2148074254 2540 318
2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80
DOMAIN\USER 10.231.11.12
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - server.domain.com
200 0 0 0 2273
2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80 -
10.231.11.12 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
server.domain.com 401 1 0 2443 2273
**********
As you can see, the first and third request produce a 401, request
number is fine - but why do I get the authenication window?
Thank you
Tim
--
Ken Schaefer schrieb:
> Can you please post the IIS logfile entries here please?
>
> Thanks
>
> Cheers
> Ken
>
> "Tim Gorgs" <google@supertimmy.com> wrote in message
> news:1139849922.081726.30580@o13g2000cwo.googlegroups.com...
> : Hi all,
> :
> : I have the following constellation:
> :
> : Windows 2003 Server with IIS and integrated windows authentication as
> : the only authentication method
> :
> : When I request a page like http://myserver.com/file.html, it works fine
> : with a Windows 2000 client (on the server I can log the requesting
> : user, just the way it should be).
> :
> : When I request the same page with the same user from a Windows XP
> : client, I get the requested content in the browser window AND a dialog
> : window which asks me to enter username and password
> :
> : In the IIS logfile I can see that the Windows XP client generated three
> : requests, one without supplied credentials, the next one with them
> : (this can happen as the IIS tells the Internet Explorer to send the
> : same request again after the first one, but this time with
> : credentials), and the third request without credentials again.
> :
> : The HTTP codes are 401 for request 1, 200 for request 2 and 401 again
> : for request 3.
> :
> : I don't understand why there are three and not two requests, and I
> : don't know why the browser displays the required content AND the dialog
> : box as well.
> :
> : I tried to enable / disable "use integrated windows authentication" in
> : Internet Explorer, but neither of the settings changed anything.
> :
> : I really don't have a clue what might be wrong, any help is very
> : appreciated.
> :
> : Best regards
> :
> : Tim
> :
| |
| Christian Paparelli 2006-02-14, 2:49 am |
| "Tim Gorgs" <google@supertimmy.com> ha scritto nel messaggio
news:1139904027.144567.311250@z14g2000cwz.googlegroups.com...
> Hello Ken,
>
> the entries in the logfile are:
> **********
> 2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80 -
> 10.231.11.12 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
> server.domain.com 401 2 2148074254 2540 318
>
> 2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80
> DOMAIN\USER 10.231.11.12
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - server.domain.com
> 200 0 0 0 2273
>
> 2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80 -
> 10.231.11.12 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
> server.domain.com 401 1 0 2443 2273
> **********
> As you can see, the first and third request produce a 401, request
> number is fine - but why do I get the authenication window?
ok take a look here
http://support.microsoft.com/defaul...b;en-us;Q253667
and here
http://support.microsoft.com/defaul...kb;en-us;871179
--
Christian Paparelli
http://www.ithost.ch
| |
| Ken Schaefer 2006-02-15, 3:02 am |
| Hi Tim,
The user-agent in those requests appears to be Windows 2000 (Windows+NT+5.0)
rather than Windows XP (Windows+NT+5.1)
Are you sure the requests are not being routed through a proxy server or
similar?
Cheers
Ken
"Tim Gorgs" <google@supertimmy.com> wrote in message
news:1139904027.144567.311250@z14g2000cwz.googlegroups.com...
: Hello Ken,
:
: the entries in the logfile are:
: **********
: 2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80 -
: 10.231.11.12 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
: server.domain.com 401 2 2148074254 2540 318
:
: 2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80
: DOMAIN\USER 10.231.11.12
: Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - server.domain.com
: 200 0 0 0 2273
:
: 2006-02-13 16:42:08 W3SVC1 10.230.31.1 GET /general/unblock.xml - 80 -
: 10.231.11.12 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
: server.domain.com 401 1 0 2443 2273
: **********
: As you can see, the first and third request produce a 401, request
: number is fine - but why do I get the authenication window?
:
: Thank you
:
: Tim
: --
:
:
:
: Ken Schaefer schrieb:
:
: > Can you please post the IIS logfile entries here please?
: >
: > Thanks
: >
: > Cheers
: > Ken
: >
: > "Tim Gorgs" <google@supertimmy.com> wrote in message
: > news:1139849922.081726.30580@o13g2000cwo.googlegroups.com...
: > : Hi all,
: > :
: > : I have the following constellation:
: > :
: > : Windows 2003 Server with IIS and integrated windows authentication as
: > : the only authentication method
: > :
: > : When I request a page like http://myserver.com/file.html, it works
fine
: > : with a Windows 2000 client (on the server I can log the requesting
: > : user, just the way it should be).
: > :
: > : When I request the same page with the same user from a Windows XP
: > : client, I get the requested content in the browser window AND a dialog
: > : window which asks me to enter username and password
: > :
: > : In the IIS logfile I can see that the Windows XP client generated
three
: > : requests, one without supplied credentials, the next one with them
: > : (this can happen as the IIS tells the Internet Explorer to send the
: > : same request again after the first one, but this time with
: > : credentials), and the third request without credentials again.
: > :
: > : The HTTP codes are 401 for request 1, 200 for request 2 and 401 again
: > : for request 3.
: > :
: > : I don't understand why there are three and not two requests, and I
: > : don't know why the browser displays the required content AND the
dialog
: > : box as well.
: > :
: > : I tried to enable / disable "use integrated windows authentication" in
: > : Internet Explorer, but neither of the settings changed anything.
: > :
: > : I really don't have a clue what might be wrong, any help is very
: > : appreciated.
: > :
: > : Best regards
: > :
: > : Tim
: > :
:
|
|
|
|
|