Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   IIS Security strange things (http://www.velocityreviews.com/forums/t765862-iis-security-strange-things.html)

Alexey Smirnov 03-01-2004 02:01 PM

IIS Security strange things
 
I have intranet application based on ASP.NET on Win2000AS (Framework 1.1).

Website uses an Integrated Windows Authentication as Authentication method
in IIS and has following security configuration in the web.config

------------------------------------------
<identity impersonate="false" />

<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>

<customErrors defaultRedirect="CustomError.aspx" mode="Off">
<error statusCode="401" redirect="Custom401.html"/>
</customErrors>
------------------------------------------

And everything goes fine for 99.9% users and not for one only, who always
get a popup login window to login this website.
He has WinXP box, with latest browser, like many others, but for any reason
website cannot recognize that user as a valid internal user.

Any ideas? Thank you



Arvind P Rangan 03-01-2004 02:11 PM

Re: IIS Security strange things
 
Hi ,
In IE open Options -> select Security
Select Custom LEVEL -> User Authentication
Check if the user has checked Prompt for user name and password.
If its marked make it to auttomatic login only in intranet zone.
Arvind
"Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
news:OSktyX5$DHA.392@TK2MSFTNGP12.phx.gbl...
> I have intranet application based on ASP.NET on Win2000AS (Framework 1.1).
>
> Website uses an Integrated Windows Authentication as Authentication method
> in IIS and has following security configuration in the web.config
>
> ------------------------------------------
> <identity impersonate="false" />
>
> <authentication mode="Windows" />
> <authorization>
> <deny users="?" />
> </authorization>
>
> <customErrors defaultRedirect="CustomError.aspx" mode="Off">
> <error statusCode="401" redirect="Custom401.html"/>
> </customErrors>
> ------------------------------------------
>
> And everything goes fine for 99.9% users and not for one only, who always
> get a popup login window to login this website.
> He has WinXP box, with latest browser, like many others, but for any

reason
> website cannot recognize that user as a valid internal user.
>
> Any ideas? Thank you
>
>




Alexey Smirnov 03-01-2004 02:35 PM

Re: IIS Security strange things
 
Hi, Arvind

yes, he has the default level (medium low) for the intranet zone
and in addition that site inserted in Local Intranet Site List
(Security - Sites - Advanced...)

Alexey


"Arvind P Rangan" <arvind99@hotmail.com> wrote in message
news:%23vNeUd5$DHA.1212@TK2MSFTNGP12.phx.gbl...
> Hi ,
> In IE open Options -> select Security
> Select Custom LEVEL -> User Authentication
> Check if the user has checked Prompt for user name and password.
> If its marked make it to auttomatic login only in intranet zone.
> Arvind
> "Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
> news:OSktyX5$DHA.392@TK2MSFTNGP12.phx.gbl...
> > I have intranet application based on ASP.NET on Win2000AS (Framework

1.1).
> >
> > Website uses an Integrated Windows Authentication as Authentication

method
> > in IIS and has following security configuration in the web.config
> >
> > ------------------------------------------
> > <identity impersonate="false" />
> >
> > <authentication mode="Windows" />
> > <authorization>
> > <deny users="?" />
> > </authorization>
> >
> > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
> > <error statusCode="401" redirect="Custom401.html"/>
> > </customErrors>
> > ------------------------------------------
> >
> > And everything goes fine for 99.9% users and not for one only, who

always
> > get a popup login window to login this website.
> > He has WinXP box, with latest browser, like many others, but for any

> reason
> > website cannot recognize that user as a valid internal user.
> >
> > Any ideas? Thank you
> >
> >

>
>




Arvind P Rangan 03-03-2004 07:40 AM

Re: IIS Security strange things
 
Alexey,
Click on Custom Level
and in that See what is selected for User Authentication.
Arvind
"Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
news:%23Iydfq5$DHA.1700@TK2MSFTNGP12.phx.gbl...
> Hi, Arvind
>
> yes, he has the default level (medium low) for the intranet zone
> and in addition that site inserted in Local Intranet Site List
> (Security - Sites - Advanced...)
>
> Alexey
>
>
> "Arvind P Rangan" <arvind99@hotmail.com> wrote in message
> news:%23vNeUd5$DHA.1212@TK2MSFTNGP12.phx.gbl...
> > Hi ,
> > In IE open Options -> select Security
> > Select Custom LEVEL -> User Authentication
> > Check if the user has checked Prompt for user name and password.
> > If its marked make it to auttomatic login only in intranet zone.
> > Arvind
> > "Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
> > news:OSktyX5$DHA.392@TK2MSFTNGP12.phx.gbl...
> > > I have intranet application based on ASP.NET on Win2000AS (Framework

> 1.1).
> > >
> > > Website uses an Integrated Windows Authentication as Authentication

> method
> > > in IIS and has following security configuration in the web.config
> > >
> > > ------------------------------------------
> > > <identity impersonate="false" />
> > >
> > > <authentication mode="Windows" />
> > > <authorization>
> > > <deny users="?" />
> > > </authorization>
> > >
> > > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
> > > <error statusCode="401" redirect="Custom401.html"/>
> > > </customErrors>
> > > ------------------------------------------
> > >
> > > And everything goes fine for 99.9% users and not for one only, who

> always
> > > get a popup login window to login this website.
> > > He has WinXP box, with latest browser, like many others, but for any

> > reason
> > > website cannot recognize that user as a valid internal user.
> > >
> > > Any ideas? Thank you
> > >
> > >

> >
> >

>
>




Alexey Smirnov 03-03-2004 07:48 AM

Re: IIS Security strange things
 
User Authentication
Logon
Automatic logon only in Intranet zone

-----------------
Any ideas?

Alexey



"Arvind P Rangan" <arvind99@hotmail.com> wrote in message
news:uwNu$LPAEHA.1600@tk2msftngp13.phx.gbl...
> Alexey,
> Click on Custom Level
> and in that See what is selected for User Authentication.
> Arvind
> "Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
> news:%23Iydfq5$DHA.1700@TK2MSFTNGP12.phx.gbl...
> > Hi, Arvind
> >
> > yes, he has the default level (medium low) for the intranet zone
> > and in addition that site inserted in Local Intranet Site List
> > (Security - Sites - Advanced...)
> >
> > Alexey
> >
> >
> > "Arvind P Rangan" <arvind99@hotmail.com> wrote in message
> > news:%23vNeUd5$DHA.1212@TK2MSFTNGP12.phx.gbl...
> > > Hi ,
> > > In IE open Options -> select Security
> > > Select Custom LEVEL -> User Authentication
> > > Check if the user has checked Prompt for user name and password.
> > > If its marked make it to auttomatic login only in intranet zone.
> > > Arvind
> > > "Alexey Smirnov" <removeit.hello@smalig.com> wrote in message
> > > news:OSktyX5$DHA.392@TK2MSFTNGP12.phx.gbl...
> > > > I have intranet application based on ASP.NET on Win2000AS (Framework

> > 1.1).
> > > >
> > > > Website uses an Integrated Windows Authentication as Authentication

> > method
> > > > in IIS and has following security configuration in the web.config
> > > >
> > > > ------------------------------------------
> > > > <identity impersonate="false" />
> > > >
> > > > <authentication mode="Windows" />
> > > > <authorization>
> > > > <deny users="?" />
> > > > </authorization>
> > > >
> > > > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
> > > > <error statusCode="401" redirect="Custom401.html"/>
> > > > </customErrors>
> > > > ------------------------------------------
> > > >
> > > > And everything goes fine for 99.9% users and not for one only, who

> > always
> > > > get a popup login window to login this website.
> > > > He has WinXP box, with latest browser, like many others, but for any
> > > reason
> > > > website cannot recognize that user as a valid internal user.
> > > >
> > > > Any ideas? Thank you
> > > >
> > > >
> > >
> > >

> >
> >

>
>





All times are GMT. The time now is 07:23 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.