|
|
| Administrator 2004-12-27, 7:46 am |
| Greetings !
Have a CMS on a Intranet with a seperate AD....
All Users can access the site by calling http://servername/site/ and all
can browse the site so ar so good, but;
The Webconfig file had the forms login authentication, but are now set to
windows authentication...
1. Those who are administrators etc. doesn't get the webauthor link and they
are in the Administrator group etc.....
All administrators must call
http://servername/nr/system/access/manuallogin.asp
and after login they get the virtual Directory Listing denied and they must
call the http://servername/channels to get the webauthor - what's missing ?
2. The SCA allows guest on site and have a local machine account visitor -
should'nt that be a visitor account in the seperate AD ?
Can someone please help me ?
Tia
| |
| Stefan [MSFT] 2004-12-27, 7:46 am |
| Hi,
that is as expected.
If anonymous access is enabled and guest access is allowed, then all
unauthenticated requests to the site are accepted.
As IE never sends the credentials automatically but always waits for a 401
(authentication required) response the server never sees that the request
comes from an machine where an administrator is sitting in front.
The recommended way dealing with this is either to use forms authentication
or to have a second web entry point that does NOT have anonymous access
enabled. Authors or higher than have to use the second web entry point.
Cheers,
Stefan.
"Administrator" <somebody@microsoft.com> wrote in message
news:e1mfce$6EHA.2804@TK2MSFTNGP15.phx.gbl...
> Greetings !
>
> Have a CMS on a Intranet with a seperate AD....
>
> All Users can access the site by calling http://servername/site/ and all
> can browse the site so ar so good, but;
>
> The Webconfig file had the forms login authentication, but are now set to
> windows authentication...
>
> 1. Those who are administrators etc. doesn't get the webauthor link and
they
> are in the Administrator group etc.....
>
> All administrators must call
> http://servername/nr/system/access/manuallogin.asp
> and after login they get the virtual Directory Listing denied and they
must
> call the http://servername/channels to get the webauthor - what's missing
?
>
> 2. The SCA allows guest on site and have a local machine account visitor -
> should'nt that be a visitor account in the seperate AD ?
>
> Can someone please help me ?
>
> Tia
>
>
| |
| Administrator 2004-12-27, 7:46 am |
| Hi Stefan
We have the "automatic" administrator logon feature on our current 2001 CMS
installation....
I would like to do the same with the CMS 2002 - so administrators etc. gets
automatic "recognized" by the CMS / Server and have the webauthor by default
view...
Is that possible ?
"Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
news:e7hdhz$6EHA.1404@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> that is as expected.
> If anonymous access is enabled and guest access is allowed, then all
> unauthenticated requests to the site are accepted.
> As IE never sends the credentials automatically but always waits for a 401
> (authentication required) response the server never sees that the request
> comes from an machine where an administrator is sitting in front.
>
> The recommended way dealing with this is either to use forms
> authentication
> or to have a second web entry point that does NOT have anonymous access
> enabled. Authors or higher than have to use the second web entry point.
>
> Cheers,
> Stefan.
>
>
> "Administrator" <somebody@microsoft.com> wrote in message
> news:e1mfce$6EHA.2804@TK2MSFTNGP15.phx.gbl...
> they
> must
> ?
>
>
| |
| Stefan [MSFT] 2004-12-27, 5:48 pm |
| Hi,
this concept cannot be implemented with ASP.NET.
That is a limitation of ASP.NET and not a limiation of MCMS.
Cheers,
Stefan.
"Administrator" <somebody@microsoft.com> wrote in message
news:eRwox2A7EHA.2124@TK2MSFTNGP15.phx.gbl...
> Hi Stefan
>
> We have the "automatic" administrator logon feature on our current 2001
CMS
> installation....
>
> I would like to do the same with the CMS 2002 - so administrators etc.
gets
> automatic "recognized" by the CMS / Server and have the webauthor by
default
> view...
>
> Is that possible ?
>
>
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
> news:e7hdhz$6EHA.1404@TK2MSFTNGP11.phx.gbl...
401[vbcol=seagreen]
request[vbcol=seagreen]
all[vbcol=seagreen]
to[vbcol=seagreen]
missing[vbcol=seagreen]
>
>
| |
| Stefan [MSFT] 2004-12-27, 5:48 pm |
| Short side note:
You could implement a http module as a workaround that requests
authentiction and - if the authentication is not successful does a login as
guest.
This would simulate the behaviour of the automatic logon of MCMS 2001.
Cheers,
Stefan.
"Administrator" <somebody@microsoft.com> wrote in message
news:eRwox2A7EHA.2124@TK2MSFTNGP15.phx.gbl...
> Hi Stefan
>
> We have the "automatic" administrator logon feature on our current 2001
CMS
> installation....
>
> I would like to do the same with the CMS 2002 - so administrators etc.
gets
> automatic "recognized" by the CMS / Server and have the webauthor by
default
> view...
>
> Is that possible ?
>
>
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
> news:e7hdhz$6EHA.1404@TK2MSFTNGP11.phx.gbl...
401[vbcol=seagreen]
request[vbcol=seagreen]
all[vbcol=seagreen]
to[vbcol=seagreen]
missing[vbcol=seagreen]
>
>
| |
| Administrator 2004-12-29, 7:49 am |
| Hi Stefan
maybe we misunderstand each other....;0)
I want a enviroment where no one needs to login but get regonized by the CMS
2002 (that looks at the Active Diretory server) and if the user are
administrator (or editor, moderator) he gets the webauthor with the right
possibilities.
1. Require this that I have to disable the guest account in the CMS and in
the IIS 6.0 ?
2. Is there a how-to guide for setting up the IIS 6.0 and CMS 2002 at a
Windows 2003 box - for a Intranet with AD
thx for your time !
"Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
news:OCa4jSC7EHA.2196@TK2MSFTNGP14.phx.gbl...
> Short side note:
> You could implement a http module as a workaround that requests
> authentiction and - if the authentication is not successful does a login
> as
> guest.
>
> This would simulate the behaviour of the automatic logon of MCMS 2001.
>
> Cheers,
> Stefan.
>
> "Administrator" <somebody@microsoft.com> wrote in message
> news:eRwox2A7EHA.2124@TK2MSFTNGP15.phx.gbl...
> CMS
> gets
> default
> 401
> request
> all
> to
> missing
>
>
| |
| Stefan [MSFT] 2004-12-29, 7:49 am |
| Hi,
how should MCMS regonize someone without authentication? This is technically
impossible.
You need to authenticate as authentication is the method to identify
someone.
There is no way to prevent this. This is also done in CMS 2001.
But with CMS 2001 this was done silently. And if it did not reconize you
successfully a s known person you were authenticated as a guest.
The same can be achieved using the method I outlined below.
Cheers,
Stefan
"Administrator" <somebody@microsoft.com> wrote in message
news:eEkSdVY7EHA.1452@TK2MSFTNGP11.phx.gbl...
> Hi Stefan
>
> maybe we misunderstand each other....;0)
>
> I want a enviroment where no one needs to login but get regonized by the
CMS
> 2002 (that looks at the Active Diretory server) and if the user are
> administrator (or editor, moderator) he gets the webauthor with the right
> possibilities.
>
> 1. Require this that I have to disable the guest account in the CMS and in
> the IIS 6.0 ?
>
> 2. Is there a how-to guide for setting up the IIS 6.0 and CMS 2002 at a
> Windows 2003 box - for a Intranet with AD
>
> thx for your time !
>
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
> news:OCa4jSC7EHA.2196@TK2MSFTNGP14.phx.gbl...
a[vbcol=seagreen]
access[vbcol=seagreen]
point.[vbcol=seagreen]
and[vbcol=seagreen]
set[vbcol=seagreen]
they[vbcol=seagreen]
>
>
| |
| Administrator 2004-12-29, 7:49 am |
| Hi Stefan
we do want authentication - and the IIS is set to not accept anonomyus
access - but we are still prompted for login and password when we try to
view a page in the CMS....we are logged on at our client machines and
veryfied against the AD before request to the cms server.
"Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
news:OXDEcHZ7EHA.1392@tk2msftngp13.phx.gbl...
> Hi,
>
> how should MCMS regonize someone without authentication? This is
> technically
> impossible.
> You need to authenticate as authentication is the method to identify
> someone.
>
> There is no way to prevent this. This is also done in CMS 2001.
> But with CMS 2001 this was done silently. And if it did not reconize you
> successfully a s known person you were authenticated as a guest.
>
> The same can be achieved using the method I outlined below.
>
> Cheers,
> Stefan
>
> "Administrator" <somebody@microsoft.com> wrote in message
> news:eEkSdVY7EHA.1452@TK2MSFTNGP11.phx.gbl...
> CMS
> a
> access
> point.
> and
> set
> they
>
>
| |
| Stefan [MSFT] 2004-12-29, 7:49 am |
| Which zone is shown in IE when the login prompt shows up?
Intranet or Internet?
Look at the right side of the status bar in Internet explorer.
Cheers,
Stefan.
"Administrator" <somebody.nobody.nospam@nospam.microsoft.com> wrote in
message news:#boZWQZ7EHA.2124@TK2MSFTNGP14.phx.gbl...
> Hi Stefan
>
> we do want authentication - and the IIS is set to not accept anonomyus
> access - but we are still prompted for login and password when we try to
> view a page in the CMS....we are logged on at our client machines and
> veryfied against the AD before request to the cms server.
>
>
>
>
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
> news:OXDEcHZ7EHA.1392@tk2msftngp13.phx.gbl...
the[vbcol=seagreen]
right[vbcol=seagreen]
2001.[vbcol=seagreen]
etc.[vbcol=seagreen]
all[vbcol=seagreen]
for[vbcol=seagreen]
now[vbcol=seagreen]
link[vbcol=seagreen]
>
>
| |
| Administrator 2004-12-29, 7:49 am |
| Hi Stefan
the zone are local Intranet ....
"Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
news:uufSbYZ7EHA.2572@tk2msftngp13.phx.gbl...
> Which zone is shown in IE when the login prompt shows up?
> Intranet or Internet?
> Look at the right side of the status bar in Internet explorer.
>
> Cheers,
> Stefan.
>
>
> "Administrator" <somebody.nobody.nospam@nospam.microsoft.com> wrote in
> message news:#boZWQZ7EHA.2124@TK2MSFTNGP14.phx.gbl...
> the
> right
> 2001.
> etc.
> all
> for
> now
> link
>
>
| |
| Stefan [MSFT] 2004-12-29, 8:46 pm |
| Ok, then IE should send the credentials automatically.
And if you enter the same credentials again you are logged on at your
machine you get the login prompt?
Please verify your IE settings that the credentials are really automatically
sent (can be checked in the zone settings). If yes you need to take a
network monitor trace to verify if IE really sends the (correct)
credentials.
Cheers,
Stefan.
"Administrator" <somebody.nobody.nospam@nospam.microsoft.com> wrote in
message news:eBFAy6Z7EHA.1408@TK2MSFTNGP10.phx.gbl...
> Hi Stefan
>
> the zone are local Intranet ....
>
>
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> skrev i en meddelelse
> news:uufSbYZ7EHA.2572@tk2msftngp13.phx.gbl...
to[vbcol=seagreen]
at[vbcol=seagreen]
current[vbcol=seagreen]
then[vbcol=seagreen]
waits[vbcol=seagreen]
the[vbcol=seagreen]
front.[vbcol=seagreen]
anonymous[vbcol=seagreen]
entry[vbcol=seagreen]
account[vbcol=seagreen]
>
>
|
|
|
|