Hi i got a strange problem but it's true i don't make thing like anyone...

First Config:
+ IIS5.0 SP2 (yes i know...)
WebSite Security
Root : Digest Authentication, NT Authenticated
SubFolders : Anonymous Login
Anonymous login is set to use a domain user to enable a sql server
authenticated connection. Permissions are based on Page/action/user Membersh
ip

So i know it is a bit strange but let me explain
1 I need a secured connection to a sql server
2 The Webserver is running multiple websites and i don't want to make it run
under an account
3 I should avoid to request user and pass

Now the way it works
1 Page default on the root is NT authenticated and i retrieve user and group
membership. I put this in a Cookie.
2 When i click on one of the page linked it checks if an entry in the
database exists for specified page, user(from the cookie), action. this page
is with Anonymous login and so it uses the Account i set as anonymous user.
3 If it's ok i show the form mixing querystring and form
4 on submit (javascript function) when i echo all the content of the request
i only see the querystring.

NOW if i put Basic authentication on the Page... i see the request.form and
the request.querystring...

But i don't want basic authentication as password is sent in clear text and
this is an administrative (System Admin) web site.


here is a page as you'll see it is simple... if anyone has an idea...



<HTML>
<head>

<link rel="stylesheet" href="/ERA/Lib/ERA.css" type="text/css">
<title>EB Automation : Da Vinci</title>



<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--



function SubmitBody(pstrSubmitAction)
{
document.frmBody.action = pstrSubmitAction ;
document.frmBody.submit() ;
}

function SubmitForm(pForm, pstrSubmitAction)
{
if ((document.getElementById)&& (document.getElementById(pForm)!=null)){
;
oForm = document.getElementById(pForm);
oForm.action = pstrSubmitAction ;
oForm.submit() ;
}
}


function targetopener(){
if (! (window.focus && window.opener))return true;
window.opener.focus();
window.close();
return false;
}

function popupform(myform, windowname){
if (! window.focus)return true;
window.open('', windowname, 'height=200,width=400,scrollbars=yes');
myform.target=windowname;
return true;
}

function PopupFormCustomize(myform, windowname, iHeight, iWidth){
if (! window.focus)return true;
window.open('', windowname, 'height=' + iHeight + ',' + 'width=' + iWidth +
',scrollbars=no');
myform.target=windowname;
return true;
}

function AlertPopup(msg){
if (window.confirm(msg))
{
form.submit();
}
else
{
//window.back();
parent.location='default.asp'
}
}

function DisplayMessage(sMessage)
{
window.alert(sMessage);
}


function RedirectAfterConfirm(sMessage, sURL)
{
if (window.confirm(sMessage))
{
window.location = sURL
}
else
{
//do nothing
}
}

function SubmitAfterConfirm(sMessage, sURL)
{
if (window.confirm(sMessage))
{
document.frmBody.action = sURL;
document.frmBody.submit();
}
else
{
//do nothing
}
}
function submitformwithaction(sValue)
{
document.myform.action.value=sValue;
document.myform.submit();
}


function VerifySoftFamily(sSoftFamilyVersion)
{
window.alert(document.Computer.SoftFamilyId.text);
if (sSoftFamilyVersion == '1.0')
{
//window.alert('The current Software Family Version is 1.0');
//window.alert(window.SoftFamilyId);
}
else
{
//do nothing
}
}

function  ChangeVisibility(oValueToCheck,oValue,oI
dToChange){
if ((document.getElementById)&&
(document.getElementById(oIdToChange)!=null)){
oToChange = document.getElementById(oIdToChange);
if((oToChange.style)&&(oToChange.style.visibility!=null)){
oToChange.style.visibility = 'visible';
}
if (oValueToCheck==oValue){
if (oToChange.style.visibility==null){
oToChange.style.visibility='hidden';
}else{
oToChange.style.visibility='visible';
}
}else{
oToChange.style.visibility='hidden';
}

}else{
/* alert('Erreur not compliant '); */
}

}
function outputList(ar, name, size) {
var strIDs = "<SELECT SIZE=\"" + size + "\" NAME=\"ro_lst" + name + "\">"
var sel = " SELECTED"
for (var i=0;i<ar.length;i++) {
strIDs += "<OPTION " + sel + " VALUE=\"" + ar[i][0] + "\">" + ar[
;i][1]
sel = ""
}
strIDs+="</SELECT>"
strIDs+="<INPUT NAME=\"" + name + "\" TYPE=hidden>"
return strIDs
}

function outputButton(bDir,name,val) {
return "<INPUT TYPE=button VALUE=\"" + val + "\" ONCLICK=\"move(this.form,"
+ bDir + ",'" + name + "')\">"
}

function move(f,bDir,sName) {
var el = f.elements["ro_lst" + sName]
var idx = el.selectedIndex
if (idx==-1)
alert("You must first select the item to reorder.")
else {
var nxidx = idx+( bDir? -1 : 1)
if (nxidx<0) nxidx=el.length-1
if (nxidx>=el.length) nxidx=0
var oldVal = el[idx].value
var oldText = el[idx].text
el[idx].value = el[nxidx].value
el[idx].text = el[nxidx].text
el[nxidx].value = oldVal
el[nxidx].text = oldText
el.selectedIndex = nxidx
}
}

function processForm(f) {
for (var i=0;i<f.length;i++) {
var el = f[i]
if (el.name.substring(0,6)=="ro_lst") {
var strIDs = ""
for (var j=0;j<f[i].options.length;j++)
strIDs += f[i].options[j].value + ", "
f.elements[f.elements[i].name.substring(6)].value =
strIDs.substring(0,strIDs.length-2)
}
}
}
function processFormAndSubmit(f,sAction) {

for (var i=0;i<f.length;i++) {
var el = f[i]
if (el.name.substring(0,6)=="ro_lst") {
var strIDs = ""
for (var j=0;j<f[i].options.length;j++)
strIDs += f[i].options[j].value + ", "
f.elements[f.elements[i].name.substring(6)].value =
strIDs.substring(0,strIDs.length-2)
}
}
SubmitForm(f.name, sAction);
}

function FilterAsYouType( sFormName, sListBox, sTextBox, level ) {

if ( isNaN( level ) ) { level = 1 }


var f = document.getElementById (sFormName);
var listbox = document.getElementById(sListBox);
var textbox = document.getElementById (sTextBox);

var soFar = textbox.value.toString();
level = soFar.length;
var soFarLeft = soFar.substring(0,level).toLowerCase();

var matched = false;
var suggestion = '';


for ( var m = 0; m < listbox.length; m++ ) {
suggestion = listbox.options[m].text.toString();
suggestion = suggestion.substring(0,level).toLowerCase();
if ( soFarLeft == suggestion ) {
listbox.options[m].selected = true;
matched = true;
break;
}
}
if ( matched && level < soFar.length ) { level++; suggestName(level) }
}

//-->
</SCRIPT>

</head>

<a name="Show_Environment_Create">

<TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
<TH>Create an Environment</TH>
<tr><td> </td></tr>
<tr>
<td colspan="2">
<FORM id="frmBody" name="frmBody" target="Contents" method="POST">
<TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
<tr>
<td class="pink">Name			</td>
<td class="pink"><input type='text' size=50 name='txtName' value=''
>
</td>
</TR>
<tr>
<td class="pink">ShortName			</td>
<td class="pink"><input type='text' size=8 name='txtShort' value=''
>
</td>
</TR>
<tr>
<td class="pink">Type</td>
<td class="pink">
<select size='1' name='cmbType' class='pink'>
<option value=''> </option>
<option value='1'>Physical  </option>
<option value='2'>Logical   </option>
<option value='3'>Rollout   </option>
</select>
</td>
</TR>
</table>
<input  type="button" value="Next" name="btNext" OnClick="return
SubmitBody('Environments.asp?Action=CreateDb')">
</form>
</td>
</tr>
</table>

</body>
</html>

[ Post a follow-up to this message ]

What is your actual question?

> NOW if i put Basic authentication on the Page... i see the request.form
> and the request.querystring...
>
> But i don't want basic authentication as password is sent in clear text
> and this is an administrative (System Admin) web site.

If you don't want basic authentication, then do not set it on the page.  Why
are you setting Basic authentication and then complaining about your choice?

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Laurent Bertin" <LaurentBertin@discussions.microsoft.com> wrote in message
news:227F1AB7-C18E-4C9A-980B-FD2D49079AB8@microsoft.com...
Hi i got a strange problem but it's true i don't make thing like anyone...

First Config:
+ IIS5.0 SP2 (yes i know...)
WebSite Security
Root : Digest Authentication, NT Authenticated
SubFolders : Anonymous Login
Anonymous login is set to use a domain user to enable a sql server
authenticated connection. Permissions are based on Page/action/user
Membership

So i know it is a bit strange but let me explain
1 I need a secured connection to a sql server
2 The Webserver is running multiple websites and i don't want to make it run
under an account
3 I should avoid to request user and pass

Now the way it works
1 Page default on the root is NT authenticated and i retrieve user and group
membership. I put this in a Cookie.
2 When i click on one of the page linked it checks if an entry in the
database exists for specified page, user(from the cookie), action. this page
is with Anonymous login and so it uses the Account i set as anonymous user.
3 If it's ok i show the form mixing querystring and form
4 on submit (javascript function) when i echo all the content of the request
i only see the querystring.

NOW if i put Basic authentication on the Page... i see the request.form and
the request.querystring...

But i don't want basic authentication as password is sent in clear text and
this is an administrative (System Admin) web site.


here is a page as you'll see it is simple... if anyone has an idea...



<HTML>
<head>

<link rel="stylesheet" href="/ERA/Lib/ERA.css" type="text/css">
<title>EB Automation : Da Vinci</title>



<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--



function SubmitBody(pstrSubmitAction)
{
document.frmBody.action = pstrSubmitAction ;
document.frmBody.submit() ;
}

function SubmitForm(pForm, pstrSubmitAction)
{
if ((document.getElementById)&& (document.getElementById(pForm)!=null)){
;
oForm = document.getElementById(pForm);
oForm.action = pstrSubmitAction ;
oForm.submit() ;
}
}


function targetopener(){
if (! (window.focus && window.opener))return true;
window.opener.focus();
window.close();
return false;
}

function popupform(myform, windowname){
if (! window.focus)return true;
window.open('', windowname, 'height=200,width=400,scrollbars=yes');
myform.target=windowname;
return true;
}

function PopupFormCustomize(myform, windowname, iHeight, iWidth){
if (! window.focus)return true;
window.open('', windowname, 'height=' + iHeight + ',' + 'width=' + iWidth +
',scrollbars=no');
myform.target=windowname;
return true;
}

function AlertPopup(msg){
if (window.confirm(msg))
{
form.submit();
}
else
{
//window.back();
parent.location='default.asp'
}
}

function DisplayMessage(sMessage)
{
window.alert(sMessage);
}


function RedirectAfterConfirm(sMessage, sURL)
{
if (window.confirm(sMessage))
{
window.location = sURL
}
else
{
//do nothing
}
}

function SubmitAfterConfirm(sMessage, sURL)
{
if (window.confirm(sMessage))
{
document.frmBody.action = sURL;
document.frmBody.submit();
}
else
{
//do nothing
}
}
function submitformwithaction(sValue)
{
document.myform.action.value=sValue;
document.myform.submit();
}


function VerifySoftFamily(sSoftFamilyVersion)
{
window.alert(document.Computer.SoftFamilyId.text);
if (sSoftFamilyVersion == '1.0')
{
//window.alert('The current Software Family Version is 1.0');
//window.alert(window.SoftFamilyId);
}
else
{
//do nothing
}
}

function  ChangeVisibility(oValueToCheck,oValue,oI
dToChange){
if ((document.getElementById)&&
(document.getElementById(oIdToChange)!=null)){
oToChange = document.getElementById(oIdToChange);
if((oToChange.style)&&(oToChange.style.visibility!=null)){
oToChange.style.visibility = 'visible';
}
if (oValueToCheck==oValue){
if (oToChange.style.visibility==null){
oToChange.style.visibility='hidden';
}else{
oToChange.style.visibility='visible';
}
}else{
oToChange.style.visibility='hidden';
}

}else{
/* alert('Erreur not compliant '); */
}

}
function outputList(ar, name, size) {
var strIDs = "<SELECT SIZE=\"" + size + "\" NAME=\"ro_lst" + name + "\">"
var sel = " SELECTED"
for (var i=0;i<ar.length;i++) {
strIDs += "<OPTION " + sel + " VALUE=\"" + ar[i][0] + "\">" + ar[
;i][1]
sel = ""
}
strIDs+="</SELECT>"
strIDs+="<INPUT NAME=\"" + name + "\" TYPE=hidden>"
return strIDs
}

function outputButton(bDir,name,val) {
return "<INPUT TYPE=button VALUE=\"" + val + "\" ONCLICK=\"move(this.form,"
+ bDir + ",'" + name + "')\">"
}

function move(f,bDir,sName) {
var el = f.elements["ro_lst" + sName]
var idx = el.selectedIndex
if (idx==-1)
alert("You must first select the item to reorder.")
else {
var nxidx = idx+( bDir? -1 : 1)
if (nxidx<0) nxidx=el.length-1
if (nxidx>=el.length) nxidx=0
var oldVal = el[idx].value
var oldText = el[idx].text
el[idx].value = el[nxidx].value
el[idx].text = el[nxidx].text
el[nxidx].value = oldVal
el[nxidx].text = oldText
el.selectedIndex = nxidx
}
}

function processForm(f) {
for (var i=0;i<f.length;i++) {
var el = f[i]
if (el.name.substring(0,6)=="ro_lst") {
var strIDs = ""
for (var j=0;j<f[i].options.length;j++)
strIDs += f[i].options[j].value + ", "
f.elements[f.elements[i].name.substring(6)].value =
strIDs.substring(0,strIDs.length-2)
}
}
}
function processFormAndSubmit(f,sAction) {

for (var i=0;i<f.length;i++) {
var el = f[i]
if (el.name.substring(0,6)=="ro_lst") {
var strIDs = ""
for (var j=0;j<f[i].options.length;j++)
strIDs += f[i].options[j].value + ", "
f.elements[f.elements[i].name.substring(6)].value =
strIDs.substring(0,strIDs.length-2)
}
}
SubmitForm(f.name, sAction);
}

function FilterAsYouType( sFormName, sListBox, sTextBox, level ) {

if ( isNaN( level ) ) { level = 1 }


var f = document.getElementById (sFormName);
var listbox = document.getElementById(sListBox);
var textbox = document.getElementById (sTextBox);

var soFar = textbox.value.toString();
level = soFar.length;
var soFarLeft = soFar.substring(0,level).toLowerCase();

var matched = false;
var suggestion = '';


for ( var m = 0; m < listbox.length; m++ ) {
suggestion = listbox.options[m].text.toString();
suggestion = suggestion.substring(0,level).toLowerCase();
if ( soFarLeft == suggestion ) {
listbox.options[m].selected = true;
matched = true;
break;
}
}
if ( matched && level < soFar.length ) { level++; suggestName(level) }
}

//-->
</SCRIPT>

</head>

<a name="Show_Environment_Create">

<TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
<TH>Create an Environment</TH>
<tr><td> </td></tr>
<tr>
<td colspan="2">
<FORM id="frmBody" name="frmBody" target="Contents" method="POST">
<TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
<tr>
<td class="pink">Name </td>
<td class="pink"><input type='text' size=50 name='txtName' value=''
>
</td>
</TR>
<tr>
<td class="pink">ShortName </td>
<td class="pink"><input type='text' size=8 name='txtShort' value=''
>
</td>
</TR>
<tr>
<td class="pink">Type</td>
<td class="pink">
<select size='1' name='cmbType' class='pink'>
<option value=''> </option>
<option value='1'>Physical  </option>
<option value='2'>Logical   </option>
<option value='3'>Rollout   </option>
</select>
</td>
</TR>
</table>
<input  type="button" value="Next" name="btNext" OnClick="return
SubmitBody('Environments.asp?Action=CreateDb')">
</form>
</td>
</tr>
</table>

</body>
</html>

[ Post a follow-up to this message ]

My question is why the hell doesn't IE sends my form except if i put it on
basic authentication ???.
My form is NOT sent by IE to the server while netscape does. (i found this
only yesterday after post)

In fact after having tracked IE and netscape it seems IE always sends an
authorization request even on pages with anonymous access while normal stuff
should be
Client sends Request
Server sends 401
Client sends credentials
Server accept

Here IE sends "credentials" without the server has sent a 401.

And in the fine stuff there is also that IE doesn't send the complete
request. I see some stuff but nothing about the the requested posted except
for what is passed by querystring.

so in fact problem is not IIS but IE even if modfying some stuff on server
change the problem

"David Wang [Msft]" wrote:

> What is your actual question?
> 
>
> If you don't want basic authentication, then do not set it on the page.  W
hy
> are you setting Basic authentication and then complaining about your choic
e?
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights
.
> //
> "Laurent Bertin" <LaurentBertin@discussions.microsoft.com> wrote in messag
e
> news:227F1AB7-C18E-4C9A-980B-FD2D49079AB8@microsoft.com...
> Hi i got a strange problem but it's true i don't make thing like anyone...
>
> First Config:
> + IIS5.0 SP2 (yes i know...)
> WebSite Security
>  Root : Digest Authentication, NT Authenticated
>  SubFolders : Anonymous Login
>  Anonymous login is set to use a domain user to enable a sql server
> authenticated connection. Permissions are based on Page/action/user
> Membership
>
> So i know it is a bit strange but let me explain
> 1 I need a secured connection to a sql server
> 2 The Webserver is running multiple websites and i don't want to make it r
un
> under an account
> 3 I should avoid to request user and pass
>
> Now the way it works
> 1 Page default on the root is NT authenticated and i retrieve user and gro
up
> membership. I put this in a Cookie.
> 2 When i click on one of the page linked it checks if an entry in the
> database exists for specified page, user(from the cookie), action. this pa
ge
> is with Anonymous login and so it uses the Account i set as anonymous user
.
> 3 If it's ok i show the form mixing querystring and form
> 4 on submit (javascript function) when i echo all the content of the reque
st
> i only see the querystring.
>
> NOW if i put Basic authentication on the Page... i see the request.form an
d
> the request.querystring...
>
> But i don't want basic authentication as password is sent in clear text an
d
> this is an administrative (System Admin) web site.
>
>
> here is a page as you'll see it is simple... if anyone has an idea...
>
>
>
> <HTML>
> <head>
>
> <link rel="stylesheet" href="/ERA/Lib/ERA.css" type="text/css">
> <title>EB Automation : Da Vinci</title>
>
>
>
> <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
> <!--
>
>
>
> function SubmitBody(pstrSubmitAction)
> {
> document.frmBody.action = pstrSubmitAction ;
> document.frmBody.submit() ;
> }
>
> function SubmitForm(pForm, pstrSubmitAction)
> {
> if ((document.getElementById)&& (document.getElementById(pForm)!=null))

23;
>     oForm = document.getElementById(pForm);
> oForm.action = pstrSubmitAction ;
> oForm.submit() ;
> }
> }
>
>
> function targetopener(){
>  if (! (window.focus && window.opener))return true;
>  window.opener.focus();
>  window.close();
>  return false;
> }
>
> function popupform(myform, windowname){
>  if (! window.focus)return true;
>  window.open('', windowname, 'height=200,width=400,scrollbars=yes');
>  myform.target=windowname;
>  return true;
> }
>
> function PopupFormCustomize(myform, windowname, iHeight, iWidth){
>  if (! window.focus)return true;
>  window.open('', windowname, 'height=' + iHeight + ',' + 'width=' + iWidth
 +
> ',scrollbars=no');
>  myform.target=windowname;
>  return true;
> }
>
> function AlertPopup(msg){
>   if (window.confirm(msg))
>     {
>     form.submit();
>     }
>  else
>     {
>     //window.back();
>     parent.location='default.asp'
>     }
> }
>
> function DisplayMessage(sMessage)
> {
> window.alert(sMessage);
> }
>
>
> function RedirectAfterConfirm(sMessage, sURL)
> {
>   if (window.confirm(sMessage))
>     {
>     window.location = sURL
>     }
>   else
>     {
>     //do nothing
>     }
> }
>
> function SubmitAfterConfirm(sMessage, sURL)
> {
>   if (window.confirm(sMessage))
>     {
>   document.frmBody.action = sURL;
>   document.frmBody.submit();
>     }
>   else
>     {
>     //do nothing
>     }
> }
> function submitformwithaction(sValue)
> {
>   document.myform.action.value=sValue;
>   document.myform.submit();
> }
>
>
> function VerifySoftFamily(sSoftFamilyVersion)
> {
>    window.alert(document.Computer.SoftFamilyId.text);
>    if (sSoftFamilyVersion == '1.0')
>    {
>       //window.alert('The current Software Family Version is 1.0');
>       //window.alert(window.SoftFamilyId);
>    }
>   else
>     {
>     //do nothing
>     }
> }
>
> function  ChangeVisibility(oValueToCheck,oValue,oI
dToChange){
>  if ((document.getElementById)&&
> (document.getElementById(oIdToChange)!=null)){
>     oToChange = document.getElementById(oIdToChange);
>     if((oToChange.style)&&(oToChange.style.visibility!=null)){
>       oToChange.style.visibility = 'visible';
>     }
>     if (oValueToCheck==oValue){
>       if (oToChange.style.visibility==null){
>   oToChange.style.visibility='hidden';
>       }else{
>   oToChange.style.visibility='visible';
>       }
>     }else{
>       oToChange.style.visibility='hidden';
>     }
>
>  }else{
>     /* alert('Erreur not compliant '); */
>  }
>
> }
> function outputList(ar, name, size) {
>  var strIDs = "<SELECT SIZE=\"" + size + "\" NAME=\"ro_lst" + name + "\">"
>  var sel = " SELECTED"
>  for (var i=0;i<ar.length;i++) {
>   strIDs += "<OPTION " + sel + " VALUE=\"" + ar[i][0] + "\">" + ar
[i][1]
>   sel = ""
>  }
>  strIDs+="</SELECT>"
>  strIDs+="<INPUT NAME=\"" + name + "\" TYPE=hidden>"
>  return strIDs
> }
>
> function outputButton(bDir,name,val) {
>  return "<INPUT TYPE=button VALUE=\"" + val + "\" ONCLICK=\"move(this.form
,"
> + bDir + ",'" + name + "')\">"
> }
>
> function move(f,bDir,sName) {
>  var el = f.elements["ro_lst" + sName]
>  var idx = el.selectedIndex
>  if (idx==-1)
>   alert("You must first select the item to reorder.")
>  else {
>   var nxidx = idx+( bDir? -1 : 1)
>   if (nxidx<0) nxidx=el.length-1
>   if (nxidx>=el.length) nxidx=0
>   var oldVal = el[idx].value
>   var oldText = el[idx].text
>   el[idx].value = el[nxidx].value
>   el[idx].text = el[nxidx].text
>   el[nxidx].value = oldVal
>   el[nxidx].text = oldText
>   el.selectedIndex = nxidx
>  }
> }
>
> function processForm(f) {
>  for (var i=0;i<f.length;i++) {
>   var el = f[i]
>   if (el.name.substring(0,6)=="ro_lst") {
>    var strIDs = ""
>    for (var j=0;j<f[i].options.length;j++)
>      strIDs += f[i].options[j].value + ", "
>    f.elements[f.elements[i].name.substring(6)].value =
> strIDs.substring(0,strIDs.length-2)
>   }
>  }
> }
> function processFormAndSubmit(f,sAction) {
>
>  for (var i=0;i<f.length;i++) {
>   var el = f[i]
>   if (el.name.substring(0,6)=="ro_lst") {
>    var strIDs = ""
>    for (var j=0;j<f[i].options.length;j++)
>      strIDs += f[i].options[j].value + ", "
>    f.elements[f.elements[i].name.substring(6)].value =
> strIDs.substring(0,strIDs.length-2)
>   }
>  }
>  SubmitForm(f.name, sAction);
> }
>
> function FilterAsYouType( sFormName, sListBox, sTextBox, level ) {
>
> if ( isNaN( level ) ) { level = 1 }
>
>
> var f = document.getElementById (sFormName);
> var listbox = document.getElementById(sListBox);
> var textbox = document.getElementById (sTextBox);
>
> var soFar = textbox.value.toString();
> level = soFar.length;
> var soFarLeft = soFar.substring(0,level).toLowerCase();
>
> var matched = false;
> var suggestion = '';
>
>
> for ( var m = 0; m < listbox.length; m++ ) {
>   suggestion = listbox.options[m].text.toString();
>   suggestion = suggestion.substring(0,level).toLowerCase();
>   if ( soFarLeft == suggestion ) {
>    listbox.options[m].selected = true;
>    matched = true;
>    break;
>   }
> }
> if ( matched && level < soFar.length ) { level++; suggestName(level) 
}
> }
>
> //-->
> </SCRIPT>
>
> </head>
>
> <a name="Show_Environment_Create">
>
> <TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
> <TH>Create an Environment</TH>
> <tr><td> </td></tr>
> <tr>
> <td colspan="2">
> <FORM id="frmBody" name="frmBody" target="Contents" method="POST">
> <TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
> <tr>
> <td class="pink">Name </td>
> <td class="pink"><input type='text' size=50 name='txtName' value='' 
>          </td>
> </TR>
> <tr>
> <td class="pink">ShortName </td>
> <td class="pink"><input type='text' size=8 name='txtShort' value='' 
>          </td>
> </TR>
> <tr>
> <td class="pink">Type</td>
> <td class="pink">
> <select size='1' name='cmbType' class='pink'>
> <option value=''> </option>
> <option value='1'>Physical  </option>
> <option value='2'>Logical   </option>
> <option value='3'>Rollout   </option>
> </select>
> </td>
> </TR>
> </table>
> <input  type="button" value="Next" name="btNext" OnClick="return
> SubmitBody('Environments.asp?Action=CreateDb')">
> </form>
> </td>
> </tr>
> </table>
>
> </body>
> </html>
>
>
>

[ Post a follow-up to this message ]

and sorry if the way i write is a bit "agressive" it wasn't intended to be;
my english is far from being perfect.

"Laurent Bertin" wrote:
[vbcol=seagreen]
> My question is why the hell doesn't IE sends my form except if i put it on
> basic authentication ???.
> My form is NOT sent by IE to the server while netscape does. (i found this
> only yesterday after post)
>
> In fact after having tracked IE and netscape it seems IE always sends an
> authorization request even on pages with anonymous access while normal stu
ff
> should be
> Client sends Request
> Server sends 401
> Client sends credentials
> Server accept
>
> Here IE sends "credentials" without the server has sent a 401.
>
> And in the fine stuff there is also that IE doesn't send the complete
> request. I see some stuff but nothing about the the requested posted excep
t
> for what is passed by querystring.
>
> so in fact problem is not IIS but IE even if modfying some stuff on server
> change the problem
>
> "David Wang [Msft]" wrote:
> 

[ Post a follow-up to this message ]

The behavior you describe is called "Mixed Authentication" and it doesn't
work with anonymous and Integrated.

http://support.microsoft.com/defaul...kb;en-us;251404

It most often happens when you have custom authentication of some sort,
where you have an anonymous POST form of some sort and everything else is
authenticated.  IE optimizes to not send POST entity body on requests which
it THINKS will be authenticated with NTLM (because NTLM rejects first
request with 401, so POST entitybody is wasted bandwidth). This optimization
fails when you make IE think the website is authenticated with NTLM and then
have the POST form accept anonymous authentication.

Only solutions are to:
1. Have uniform authentication on the server
2. Change the browser's optimization.

FYI: your basic idea of how authentication works is ok, but you are missing
details about how authentication really interacts in real-life with HTTP.


> Client sends Request
> Server sends 401
> Client sends credentials
> Server accept
>
> Here IE sends "credentials" without the server has sent a 401.


Actually, the sequence looks like this for Basic:
1. Client sends Request without Authorization header
2. Server sends 401 response with WWW-Authenticate header requesting "Basic"
3. Client re-sends Request with Authorization Basic header
4. Server accepts or rejects

Realize that since HTTP is stateless, the fact that entity body sent on #1
is not used by #3 -- so entity body of request can be sent twice for the
single "request" (to the user, anyway).

Questions to you
-- suppose in step #1, Client is sending a 100MB POST request, should the
client send  the entire100MB POST if the server will reject it?
-- should the server wait to receive all 100MB prior to sending back a 401
response?
-- Should the client effectively send 200MB of data for every authenticated
POST request of 100MB of data (client dumbly sends 100MB in steps #1 and #3)

IE actually says "no, we're not sending 200MB for every authenticated POST
request", but the optimization gets foiled if the website uses non-uniform
authentication.  And since IE is not clairvoyant, it does not know ab out
your configuration ahead of its requests and can get confused.  You're
looking at an IE confusion. :-)


--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Laurent Bertin" <LaurentBertin@discussions.microsoft.com> wrote in message
news:367453BE-8CC2-46EB-AA0B-3D4D1B4947C2@microsoft.com...
and sorry if the way i write is a bit "agressive" it wasn't intended to be;
my english is far from being perfect.

"Laurent Bertin" wrote:

> My question is why the hell doesn't IE sends my form except if i put it on
> basic authentication ???.
> My form is NOT sent by IE to the server while netscape does. (i found this
> only yesterday after post)
>
> In fact after having tracked IE and netscape it seems IE always sends an
> authorization request even on pages with anonymous access while normal
stuff
> should be
> Client sends Request
> Server sends 401
> Client sends credentials
> Server accept
>
> Here IE sends "credentials" without the server has sent a 401.
>
> And in the fine stuff there is also that IE doesn't send the complete
> request. I see some stuff but nothing about the the requested posted
except[vbcol=seagreen]
> for what is passed by querystring.
>
> so in fact problem is not IIS but IE even if modfying some stuff on server
> change the problem
>
> "David Wang [Msft]" wrote:
> 
request.form[vbcol=seagreen] 
text[vbcol=seagreen] 
Why[vbcol=seagreen] 
choice?[vbcol=seagreen] 
rights.[vbcol=seagreen] 
message[vbcol=seagreen] 
anyone...[vbcol=seagreen] 
run[vbcol=seagreen] 
group[vbcol=seagreen] 
page[vbcol=seagreen] 
user.[vbcol=seagreen] 
request[vbcol=seagreen] 
and[vbcol=seagreen] 
and[vbcol=seagreen] 
iWidth +[vbcol=seagreen] 
"\">"[vbcol=seagreen] 
ONCLICK=\"move(this.form,"[vbcol=seagreen] 

[ Post a follow-up to this message ]