 |
|
 |
|
01-11-07 12:29 AM
Hi all,
Why is IE7 unable to login to our IIS websites? We've employed the same
configuration on our web servers for seven years now and never experienced
such a severe incompatibility issue with a web browser.
Our IIS configuration is as follows:
- Version: IIS 5
- Platform: W2KAS SP4
- SSL: none installed
- Anonymous Access: enabled
- Basic Authentication: disabled
- Digest Authentication: disabled
- Integrated Windows Authentication: enabled
Very straightforward. We have chosen these settings for their cross-browser
compatibility whilst allowing web directory security via NTFS permissions.
Again, this has worked flawlessly for seven years.
Needless to say, our support phones are ringing off the hook with, "my
password isn't working." It's hard not to laugh when telling our customers
that Microsoft's latest web browser is incompatible with Microsoft's own web
servers. :-D
Any help is greatly appreciated.
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
01-12-07 12:28 AM
So, is IE6 able to login against these same machines, while
simultaneously IE7 cannot?
And is this an Intranet or Internet scenario? Because that affects the
viability of Integrated Authentication.
In IE Options, there is a checkbox called "Enable Integrated Windows
Authentication" - if your Intranet uses Kerberos, make sure it is
checked. Otherwise, it will be using NTLM.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Dave wrote:
> Hi all,
>
> Why is IE7 unable to login to our IIS websites? We've employed the same
> configuration on our web servers for seven years now and never experienced
> such a severe incompatibility issue with a web browser.
>
> Our IIS configuration is as follows:
>
> - Version: IIS 5
> - Platform: W2KAS SP4
> - SSL: none installed
> - Anonymous Access: enabled
> - Basic Authentication: disabled
> - Digest Authentication: disabled
> - Integrated Windows Authentication: enabled
>
> Very straightforward. We have chosen these settings for their cross-brows
er
> compatibility whilst allowing web directory security via NTFS permissions.
> Again, this has worked flawlessly for seven years.
>
> Needless to say, our support phones are ringing off the hook with, "my
> password isn't working." It's hard not to laugh when telling our customer
s
> that Microsoft's latest web browser is incompatible with Microsoft's own w
eb
> servers. :-D
>
> Any help is greatly appreciated.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
01-12-07 12:28 AM
> So, is IE6 able to login against these same machines, while
> simultaneously IE7 cannot?
Yes. In fact, every version of IE can login, except IE7.
> And is this an Intranet or Internet scenario? Because that affects the
> viability of Integrated Authentication.
It is an "Internet" scenario in that these pages are accessible from the
public Internet. We employ ADSI scripting to automatically assign Active
Directory logins to our customers. Those permissions control access to
various resources on our network.
> In IE Options, there is a checkbox called "Enable Integrated Windows
> Authentication" - if your Intranet uses Kerberos, make sure it is
> checked. Otherwise, it will be using NTLM.
Hmmm.... I will try this, just to see.
Thank you for your kind reply, David!
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
> Dave wrote:
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
01-20-07 12:29 AM
Well, it appears that "Enable Windows Authentication" in IE7 has no effect.
That said, I have to backtrack <blush>. The aforementioned IIS settings wer
e
captured from the wrong server. Our IIS configuration is:
- Version: IIS 5
- Platform: W2KAS SP4
- SSL: none installed
- Anonymous Access: enabled
- Basic Authentication: enabled
- Digest Authentication: enabled
- Integrated Windows Authentication: disabled
Again, these are supposed to be the most cross-browser compatible settings
for securing web pages via NTFS file and directory permissions.
In reviewing the Microsoft Knowledgebase, I discovered one anomaly in my
server settings: we have NOT enabled "Store password using reversible
encryption for all users in the domain." According to the MS KB, this is a
requirement of Digest Authentication, suggesting that our users have, for
seven years now, been downgraded to Basic Authentication. [Cripes.] Th
is,
in itself, must be fixed, but to stay on topic, could this anomaly perhaps b
e
confusing IE7?
Thank you!
"David Wang" wrote:
> So, is IE6 able to login against these same machines, while
> simultaneously IE7 cannot?
>
> And is this an Intranet or Internet scenario? Because that affects the
> viability of Integrated Authentication.
>
> In IE Options, there is a checkbox called "Enable Integrated Windows
> Authentication" - if your Intranet uses Kerberos, make sure it is
> checked. Otherwise, it will be using NTLM.
>
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
> Dave wrote:
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
02-02-07 06:17 PM
Hi Dave,
we had a similar problem here.
We use Win CE 5.0 WebServers with BASIC and NTLM Authentication enabled.
All browsers in the past 'decided' to use BASIC Authentication. IE7 now
'decides' to use NTLM instead. Why NTLM now fails with a Microsoft
Server having it enabled - i don't know - and don't want to :-)
We have disabled NTLM at our servers now and everything works again like
before...
If the returned data from the server contains "WWW-Authenticate: NTLM"
the new IE7 uses NTLM for Authentication.
//joL
*** Sent via Developersdex http://www.codecomments.com ***
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
02-02-07 06:17 PM
Don't read this since you don't want to know, but others can read it. :-)
That's been the norm for quite awhile, including IE 6. If NTLM is available,
NTLM is used and Basic is never used, even if NTLM fails.
http://support.microsoft.com/kb/264921/en-us - in the "Orders of precedence"
sections:
"If both Basic and Windows Integrated are supported, the browser determines
which method is used. If the browser supports Kerberos or Windows NT Challen
ge/Response, it uses this method. It does not fall back to Basic. If Windows
NT Challenge/Response and Kerberos are not supported, the browser uses Basi
c, Digest, or Fortezza if it supports these. The order of precedence here is
Basic, Digest, and then Fortezza."
Ray
<joL> wrote in message news:uY7xjbuRHHA.3412@TK2MSFTNGP02.phx.gbl...
>
> Hi Dave,
>
> we had a similar problem here.
> We use Win CE 5.0 WebServers with BASIC and NTLM Authentication enabled.
> All browsers in the past 'decided' to use BASIC Authentication. IE7 now
> 'decides' to use NTLM instead. Why NTLM now fails with a Microsoft
> Server having it enabled - i don't know - and don't want to :-)
> We have disabled NTLM at our servers now and everything works again like
> before...
> If the returned data from the server contains "WWW-Authenticate: NTLM"
> the new IE7 uses NTLM for Authentication.
>
> //joL
>
>
>
>
>
> *** Sent via Developersdex http://www.codecomments.com ***
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
 |
 |
|
|
 |
All times are GMT. The time now is 01:14 AM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
