IIS6 + Integrated Windows Authentication Issue
We've recently moved to new servers (Win2k3, IIS6) and when setting up the intranet I've run into some difficulties.
The original intranet is split down into departments with security as below:
Intranet Home - anonymous access allowed.
IntranetFinance - anonymous allowed.
IntranetIS - Integrated Windows Authentication*
So the problem comes down to the IS folder. Integrated Authentication is set up so we can have an IS corporate directory where each user maintains their own details.
On the new server however, I've set up the web root as Intranet (anonymous access allowed) and set the IS folder as a new application folder. I've removed anonymous access and added only Integrated Windows Authentication and Digest Windows Authentication.
However when connecting to any page on the new server, no authentication kicks in at all. Connecting to a page IntranetISinfo.asp that returns only the "Logon_User" information, returns a blank field...
View Replies
ADVERTISEMENT
I'm running IIS 6.0 on Windows SErver 2003 that is also a DC.
I have an asp page (default.asp) I am trying to access as my hom page for my
site. I am trying to use Windows authentication.
When I select only "integrated Windows authentication" I get prompted for
user information and then get an error: "The page cannot be displayed."
However, if I change the authentication method to "Basic authentication" and
enter the exact same logon information, it works without a problem.
I do not want to send passwords in clear text. I need to use Windows
authentication.
View Replies
View Related
Can someone direct me to a good tutorial on Windows Integrated Authentication and Active Directory. I am creating an intranet site and i want anyone that can sign on to our domain able to go to the intranet and not have it prompt them for username/password. I can't seem to find much info on it.
View Replies
View Related
What I'm trying to do: I'm using LDAP to check and see if a user that is trying to view my page has network credentials and I am also trying to see what User Groups they are in. I have been told that the code that I'm using does indeed work.
Problem: In IIS I have unchecked the Anonymous access option and have checked the Integrated Windows Authentication option. When I try and view the page, I keep receiving the Windows login box with my domain/username and password filled in.
This puzzles me because the code that I'm using is supposed to strip the domain, yet that continues to show. It also looks like this code is supposed to redirect me to the requested page once my credentials are recognized, but I can't seem to get past this Windows login box that is similar to a login box for an FTP site. Any suggestions?
View Replies
View Related
I developed some simple ASP 3.0 pages to add some operative functionality to my app. I configured IIS to use windows integrate authentication for this pages and it's working just fine.
For security reasons (audit) I need to trace down the username that requested this page. I already have a custom service called from ASP page that trace down some data I need. It's there a way to find out what is the windows username that requested the page so I can pass this information to my audit function?
View Replies
View Related
I'm trying to view a .aspx from a Win2003 server. When "Integrated Windows Authentication" is enabled, I can view the .aspx file. If I uncheck IWA, I get an HTTP 401.
Does anyone know why "Integrated Windows Authentication" is being forced and how I can disable it? I just want anonymous access. Code:
View Replies
View Related
I’ve got an ASP.NET 2.0 web application that requires SSL. In addition, the pages are configured to use Integrated Windows Authentication. I am having a problem getting automatic authentication to work for internal network users.
If they try to access the page using an internal server name in the Url, the authentication takes place automatically but they must first deal with a warning page (in IE7) that alerts them to a problem with the site’s security certificate since the names don’t match up. However, if they access the page using the fully-qualified domain they get a dialog box asking them to authenticate.
View Replies
View Related
I would like to know if there is a chance to make a login form, username/password, with
Integrated Windows Autentications IIS 5.0, I'm trying to implement an Intranet with this
type of autentication.
View Replies
View Related
I'm trying to bypass a Windows 2000 Integrated Windows Authentification within an ASP page...
Let me explain :
a user will login through a form on the web. The fields ar the username / password of an actual windows account on the server.
What i'm trying is to send the user to a secured folder and instead of the IWA popup, I want to "feed" the info of the user directly to the popup so he doesn't have to login through this popup. I should be all automatic..
View Replies
View Related
At the early testing stages of writing some simple ASP scripts hosted by my Windows 2003 Server but I have hit upon a problem.
When I open an asp page, IE just returns the script rather than expected web page. What have I or am I doing wrong?
View Replies
View Related
User clicks a link that displays a customer card and financial stats (has a
lot of database calls). Every 5 times the user clicks the same page/link it
takes about 30 seconds (normal response time is <1 second) to display. Code:
View Replies
View Related
Can someone tell me how I create a login page which
authenticates users against the servers user manager. I
want the login to be a form in my website not a pop up
window!
I would be grateful for any advice relating to this
subject. I have a script for windows 2000 active directory
but was wondering if you could achive the same with
windows NT 4 and IIS 4 Code:
View Replies
View Related
In my CMS application (authentication = windows), I've tried to force a reauthentication after a button click by returning:
Response.StatusCode = 401;
However instead of reauthenticating once, I'm asked for 3 times despite the correct userid and password.
Is this due to certain configurations? Or is there any other alternative available to achieve the same effect?
View Replies
View Related
If I have a website running ASP 3.0 on IIS 6 (server 2003), and am using
Integrated Windows Authentication, is there a way I can place in a session
variable something to identify the person who authenticated to the web site
so I can say right on the ASP page "Welcome UsernameHere" ??
View Replies
View Related
I want the ASP user login authenticated by the windows user, and to catch the user information as a session contained on the page. Then the login user can be redirected to its own folder (recognized by userid). How can I do that?
View Replies
View Related
I have this free calendar I downloaded off the net, that I am trying to tweak to meet company standards. A username/password is required, however I wanted to use Windows authentication... is there a way I can retrieve the username/password used to sign on the computer, for form validation??? If this is possible, could someone please advise me on how i would need to go about doing this??
View Replies
View Related
I wasn't sure which group to use but I'm developing a web application
that connects to a sql server. This application is for External Clients but
the information is sensitive. I thougth that if I do Windows Authentication,
would be the most secure one. I'm not sure if this is true. In any event, I
want to avoid the browser asking for username and password and allowing the
user to type on a username password textboxes on the web form. Is this
possible.
View Replies
View Related
I am coding a web page to put information into a database. The main feature I am looking to do is authenticate the webpage using the windows user name and password, I then want the user name to be entered into the database. Can anyone help me with this? I have an access database linked into a webpage and it is able to enter data.
View Replies
View Related
I wanted to secure my application and have decided to go with windows NT challenge reponse. I want to check against the Active directory for a valid user. Should i do both? which one comes first? I am not sure of the sequence.
View Replies
View Related
I have an IIS 6 server on Windows 2003 running in an AD domain attempting to enumerate the files on another Windows 2003 server on the same domain. The code and UNC path are sound as it works if I set anonymous access and enter domain credentials in the page properties but if I check "Integrated Windows Authentication" it gives a "Path not found" 800a004c error in the browser. The IIS logs report a 500 0 0 status but it does show that it attempts to use the end user's credentials as you can see them in the logs. The IIS server is set for "Trust this computer (for Kerberos only)" but the the other server is not.
The two significant lines in the classic ASP page (with the server, share &
folder names replaced) are:
spmsmmpath="serversharefolder"
SET ofolder=ofs.GetFolder(spmsmmpath)
What am I missing? Does the file server need to be trsuted too? Do I need to use a MapPath command or am I using the wrong slashes? Remmeber the code works as is if I pass literal credentials.
View Replies
View Related
I have developed a website using ASP.Net and C#. The issue I am facing is that on some of the links I get the default Windows authentication dialog. It happens only on some of the links even though the link points to the same page. i am clueless as this happens even on the development machine ie on localhost. The web.config has the setting as Authentication=None. why this might be happening.
View Replies
View Related
Can someone tell me a website/page that will show me how to use windows authentication in a vbscript page. I can't use .net, it has to be classic VB.
View Replies
View Related
I want to know how can we use windows Authentication in asp projects ? & what is the object need?
View Replies
View Related
I want to authenticate a user based on Windows Login. If a user is able to logon to the system, he/she should be able to logon to the page. I'm able to retrieve the system username using Request.ServerVariables("LOGON_USER") after disabling anonymous access in IIS Manager.
But whenever i open my page, it prompts for the username and password. But i dont want to prompt for the username and password, but logon to the site based on windows login.
View Replies
View Related
I am creating an application that I would like to have the user type in their User ID, password and domain, and it do Windows Authentication to verify they are a valid user. Can someone provide me with any assistance on this by sample code, or a pointer to a site
that goes over this?
View Replies
View Related
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no boxes come up. I want an ASP page to sit between the user and the ISAPI application.
The rest of my application is using authentication that is database driven and wouldn't want the users to know the userid and password. Is this possible? If so how would I
accomplish it.
View Replies
View Related
I have a client who wants me to use his login screen to authenticate
users, then send them to their correct folder's index page. There
will only ever be 4 or so users logging into this, so it doesn't need
to be huge.
So, I can't just set the password on the folder using windows or else
the windows box pops up, and he doesn't want to use a database, and he
doesn't want the pages inside the folder to have to have a .asp
extension.
View Replies
View Related
i want to implement authorization with windows authentication and don't
have the slightest clue of how to do this implementation. the basic
windows authentication for this .NET application is already setup. my
problem lies within my inability to manipulate the username captured in
the authentication process and my knowledge of how IIS is involved.
specifically, i have the following questions:
1) what object(s) can be used so that the user's username can be
manipulated for the authorization process?
2) in order to apply roles, do the users need to be placed in groups in
IIS? if so, how does this work?
3) is all the code that the application uses for roles in web.config?
or does global.asax play a role in this matter?
4) does the web.config file know to communicate with IIS because the
authorization type is set to windows?
5) once authorization is in place, can a section of an .aspx file be
visible to a group or can only entire files be secured for a group?
View Replies
View Related
Does anyone know if there is a way to end a user's logged on Windows Authentication session?
I have some .asp files that make calls to our SQL Server which can only be accessed through Windows Basic Aunthentication in using SSL to encrypt everything and was wondering if there was a way to end the user's windows authentication session and force them to relogon if a certain time expired or if they didn't close the browser?
I'm familiar with ending asp session variables but in this case this wouldn't apply since the user is already in using windows basic authentication.
View Replies
View Related
i design form to take input from user(username,password). How do i autheticate if the user is Windows Domain user and once it has authenticated successfully, how do i forward to the success page.
View Replies
View Related
how can I avoid the windows authentication screen for viewing a report in Reporting Service.
View Replies
View Related
I have being told my our web developers team that it is not possible to use Windows Authentication on a SQL Server 2000 database and ASP application. That it can only be possible on a ASP.NET. On the other hand thur seraching the web I found out that this task can be accomplished by just turn on Windows Authentication and shut off Anonymous access in your website properties using IIS Manager on the Web server.
View Replies
View Related
We're trying to setup an Intranet site with one portion of the site restricted using Windows Integrated Authentication. The rest of the site is accessed using anonymous access. Here are the details of the site
1) The restricted portion of the site is protected using NTFS permissions for authorized users
2) ONLY Anonymous user has NTFS permissions to the rest of the Intranet (all files / folders EXCEPT the restricted portion)
3) The IIS setting throughout the site has both anonymous access and Windows Integrated Authentication enabled
4) The restricted portion of the site is also the application start-point (in IIS) for an ASP application
5) The restricted portion of the site launches in a new browser window (using target="_blank")
Authorized users are able to access the restricted portion of the site. The problem is that when they try to get back to any of the anonymous access pages, they are prompted with the Windows Authentication dialog.
Is there any solution to this? Are there any web server settings that I need to look for?
View Replies
View Related