We have a website in IIS6 that we have protected using Integrated Windows
authentication with Anonymous access disabled. The normal behaviour in IE6
when hitting this site over the Internet is to prompt for credentials.
However, we have run across 3 IE6 installations (6.0.2900.2180) that do not
prompt. This is even after setting the User Authentication to "Prompt for
user name and password" in all 4 security zones. When hitting the site,
instead of prompting for credentials, "401.2 - Unauthorized" is returned. Is
there another setting in Internet Explorer or IIS that we need to change in
order to force the prompt? Any advice would be appreciated.

Thank-you
--
Mark

[ Post a follow-up to this message ]

On Apr 19, 8:52 am, Mark <Ler...@noemail.noemail> wrote:
> We have a website in IIS6 that we have protected using Integrated Windows
> authentication with Anonymous access disabled. The normal behaviour in IE6
> when hitting this site over the Internet is to prompt for credentials.
> However, we have run across 3 IE6 installations (6.0.2900.2180) that do no
t
> prompt. This is even after setting the User Authentication to "Prompt for
> user name and password" in all 4 security zones. When hitting the site,
> instead of prompting for credentials, "401.2 - Unauthorized" is returned. 
Is
> there another setting in Internet Explorer or IIS that we need to change i
n
> order to force the prompt? Any advice would be appreciated.
>
> Thank-you
> --
> Mark

401.2 indicates that the authentication protocol required by the
server was not performed/supported by the client.

- Verify the authentication protocol required by the vdir on IIS.
- Verify that you do not have custom ISAPI Filter altering IIS
behavior to require different authentication. Just because you set it
in the vdir does not mean it takes effect - ISAPI Filter can make
anything else happen regardless of your configuration
- Verify that the browser is configured to use the verified
authentication protocol from the server

What you indicate is not normal behavior for default installations of
both IIS nor IE, so you need to be extra vigilant on tracking what is
unusual with your client/server setup.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

[ Post a follow-up to this message ]

With respect to your point 3, aside from the User Authentication section of
each Security Zone, where else in Internet Explorer is the allowed
authentication protocol set?

-Mark

[ Post a follow-up to this message ]

Hi Mark,

In IE Internet Options->Advanced, there is an option 'enable integrated
windows authentication'. When this option is checked, IE will use Kerberos
protocol to perform integrated auth with IIS. When it's turned off, NTLM
protocol will be used.

The following article lists all the situations that IE may prompt inputting
username/password for integrated windows auth. You can verify the
problematic IE6 clients do not match which points.

Internet Explorer May Prompt You for a Password
http://support.microsoft.com/?id=258063

Please update here on any findings or results.

Have a nice weekend.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

 ========================================
==========

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscript...ault.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscript...t/default.aspx.

 ========================================
==========

This posting is provided "AS IS" with no warranties, and confers no rights.

[ Post a follow-up to this message ]