|
Home > Archive > IIS Server Security > April 2007 > Digest Authentication - IIS6
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Digest Authentication - IIS6
|
|
| Pablo A. Allois 2007-04-19, 7:19 pm |
| Hi everybody,
First, I apology for my english.
I am fighting with a web site to setting up to use Digest
Authentication.
I set the domain correctly, DNS are ok, but I cant login to the
website.
If I setup the website with Basic authentication works fine (for the
server and for the sniffers).
I verify that the user password have a reversible encryption.
What does digest need to work ?
It happen on a Windows 2003 Server R2, IIS6, Application Pool was
running with System and with DomainGodCredentials ... and still not working.
Saludos y gracias!
| |
| DaveMo 2007-04-20, 1:23 pm |
| On Apr 19, 2:06 pm, "Pablo A. Allois" <pablo-lis...@allois.com.ar>
wrote:
> Hi everybody,
>
> First, I apology for my english.
>
> I am fighting with a web site to setting up to use Digest
> Authentication.
> I set the domain correctly, DNS are ok, but I cant login to the
> website.
> If I setup the website with Basic authentication works fine (for the
> server and for the sniffers).
> I verify that the user password have a reversible encryption.
>
> What does digest need to work ?
>
> It happen on a Windows 2003 Server R2, IIS6, Application Pool was
> running with System and with DomainGodCredentials ... and still not working.
>
> Saludos y gracias!
Hola Pablo,
Your english is better then most people who were born in the US 
Digest AuthN for domain accounts since Windows 2003 does not require
any settings or privilege levels different then what you would need to
configure in order to do regular Windows Integrated Authentication.
Digest can be a difficult protocol to work with, however, because the
user name is part of the hash value. Using an unexpected name form,
random capitalization, or a mismatch between the client and server can
all cause problems.
Are you using a domain account?
What version is the server running AD?
What is the client OS and what version?
What name form are you using for the user account? NetBIOS (domain
\user) and UPN forms should work for sure.
HTH,
Dave
| |
| Pablo A. Allois 2007-04-20, 1:23 pm |
| Thanks David for the english :D
So, the Digest is case sensitive ? this would be a problem ... I will have
thousands of users out of the organization validating validating ... this
could be a thousands of problems.
> Are you using a domain account?
Yes, for that reason I want to use digest
> What version is the server running AD?
Windows 2003 Ent R2
> What is the client OS and what version?
Could be any one.
The web server is Windows 2003 STD R2
> What name form are you using for the user account? NetBIOS (domain
> \user) and UPN forms should work for sure.
UPN
I need that the customer input UserPrincipalNamePrefix ... without the
UserPrincpalNameSuffix ... for that reason I choosse between Digest or
Basic.
And for security I prefer Digest.
Saludos!
"DaveMo" <david.mowers@gmail.com> wrote in message
news:1177082845.709855.179550@b75g2000hsg.googlegroups.com...
> On Apr 19, 2:06 pm, "Pablo A. Allois" <pablo-lis...@allois.com.ar>
> wrote:
>
> Hola Pablo,
>
> Your english is better then most people who were born in the US
>
> Digest AuthN for domain accounts since Windows 2003 does not require
> any settings or privilege levels different then what you would need to
> configure in order to do regular Windows Integrated Authentication.
>
> Digest can be a difficult protocol to work with, however, because the
> user name is part of the hash value. Using an unexpected name form,
> random capitalization, or a mismatch between the client and server can
> all cause problems.
>
> Are you using a domain account?
> What version is the server running AD?
> What is the client OS and what version?
> What name form are you using for the user account? NetBIOS (domain
> \user) and UPN forms should work for sure.
>
> HTH,
> Dave
>
| |
| Ken Schaefer 2007-04-23, 1:22 am |
|
"DaveMo" <david.mowers@gmail.com> wrote in message
news:1177082845.709855.179550@b75g2000hsg.googlegroups.com...
> On Apr 19, 2:06 pm, "Pablo A. Allois" <pablo-lis...@allois.com.ar>
> wrote:
>
> Hola Pablo,
>
> Your english is better then most people who were born in the US
>
> Digest AuthN for domain accounts since Windows 2003 does not require
> any settings or privilege levels different then what you would need to
> configure in order to do regular Windows Integrated Authentication.
This is not entirely true. It depends on the functional level that your
Active Directory domain is running as.
Cheers
Ken
> Digest can be a difficult protocol to work with, however, because the
> user name is part of the hash value. Using an unexpected name form,
> random capitalization, or a mismatch between the client and server can
> all cause problems.
>
> Are you using a domain account?
> What version is the server running AD?
> What is the client OS and what version?
> What name form are you using for the user account? NetBIOS (domain
> \user) and UPN forms should work for sure.
>
> HTH,
> Dave
>
| |
| Pablo A. Allois 2007-04-23, 7:19 am |
| Windows 2000 functional leve.
What consecuences brings that ?
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:umtdqOUhHHA.5008@TK2MSFTNGP02.phx.gbl...
>
> "DaveMo" <david.mowers@gmail.com> wrote in message
> news:1177082845.709855.179550@b75g2000hsg.googlegroups.com...
>
> This is not entirely true. It depends on the functional level that your
> Active Directory domain is running as.
>
> Cheers
> Ken
>
>
>
>
>
|
|
|
|
|