«

I have Windows xp as workstation OS and Windows Server 2003 Standard
Edition for the server but Windows NT 4 as primary Domain controller. I
made a login.aspx and a home.aspx page to test windows authentication
with the lines of code needed in the web config file and code behind.
The Home.aspx page is set as the default page in IIS 6.0.
I have configured IIS for Basic authentication in the Directory
Security panel of IIS manager.
When I'm calling the site with the default Url home.aspx page is
displayed with nothing for User.identity.Name.

Then i tried with windows integreted authentication. I have made the
appropriate amendements in the web config file but when i test it still
nothing is displayed for User.identity.Name.

Could someone tell me what could be wrong.
Does NT integrated authetication work with a NT4 Primary DC and Server
2003 domain member server?

thanks in advance for any help

Eric

Hello Eric,

i guess IIS is not authenticating - disable anonymous access to the virtual
directory in IIS

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I have Windows xp as workstation OS and Windows Server 2003 Standard
> Edition for the server but Windows NT 4 as primary Domain controller.
> I
> made a login.aspx and a home.aspx page to test windows authentication
> with the lines of code needed in the web config file and code behind.
> The Home.aspx page is set as the default page in IIS 6.0.
> I have configured IIS for Basic authentication in the Directory
> Security panel of IIS manager.
> When I'm calling the site with the default Url home.aspx page is
> displayed with nothing for User.identity.Name.
> Then i tried with windows integreted authentication. I have made the
> appropriate amendements in the web config file but when i test it
> still nothing is displayed for User.identity.Name.
>
> Could someone tell me what could be wrong.
> Does NT integrated authetication work with a NT4 Primary DC and Server
> 2003 domain member server?
> thanks in advance for any help
>
> Eric
>

Hi Dominick,

For both basic and window authentication test i disabled in IIS all
authentication options except the one concerned by the test. Basic for
basic auth, windows integrated for windows NT auth.
I have already test all authentication model on a windows 2000 server
DC but its the first time that i test it on a Server 2003. As
everything is denied by default on server 2003 in opposite to Server
2000 . Do you have any idea of what could be the reason that when
calling the default web site page Home.aspx IIS doesn't redirect to
login.aspx for basic auth. while Authentication is set to Forms in the
web.config file?




Dominick a écrit :
> Hello Eric,
>
> i guess IIS is not authenticating - disable anonymous access to the virtual
> directory in IIS
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > I have Windows xp as workstation OS and Windows Server 2003 Standard
> > Edition for the server but Windows NT 4 as primary Domain controller.
> > I
> > made a login.aspx and a home.aspx page to test windows authentication
> > with the lines of code needed in the web config file and code behind.
> > The Home.aspx page is set as the default page in IIS 6.0.
> > I have configured IIS for Basic authentication in the Directory
> > Security panel of IIS manager.
> > When I'm calling the site with the default Url home.aspx page is
> > displayed with nothing for User.identity.Name.
> > Then i tried with windows integreted authentication. I have made the
> > appropriate amendements in the web config file but when i test it
> > still nothing is displayed for User.identity.Name.
> >
> > Could someone tell me what could be wrong.
> > Does NT integrated authetication work with a NT4 Primary DC and Server
> > 2003 domain member server?
> > thanks in advance for any help
> >
> > Eric
> >

Hello Eric,

so what do you want to do? basic or forms auth.

If you are using windows/basic auth in IIS - IIS will do the authentication
- the client will get a login dialog

If you are doing forms, you set IIS to do no authentication - and do it yourself
in ASP.NET by providing a custom login page.

In the case of forms - you also have to set ACLs in web.config - like

<authorization>
<deny users="?" />
</authorization>

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi Dominick,
>
> For both basic and window authentication test i disabled in IIS all
> authentication options except the one concerned by the test. Basic for
> basic auth, windows integrated for windows NT auth.
> I have already test all authentication model on a windows 2000 server
> DC but its the first time that i test it on a Server 2003. As
> everything is denied by default on server 2003 in opposite to Server
> 2000 . Do you have any idea of what could be the reason that when
> calling the default web site page Home.aspx IIS doesn't redirect to
> login.aspx for basic auth. while Authentication is set to Forms in the
> web.config file?
> Dominick a écrit :
>
>> Hello Eric,
>>
>> i guess IIS is not authenticating - disable anonymous access to the
>> virtu
>>
> al
>
>> directory in IIS
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I have Windows xp as workstation OS and Windows Server 2003 Standard
>>> Edition for the server but Windows NT 4 as primary Domain
>>> controller.
>>> I
>>> made a login.aspx and a home.aspx page to test windows
>>> authentication
>>> with the lines of code needed in the web config file and code
>>> behind.
>>> The Home.aspx page is set as the default page in IIS 6.0.
>>> I have configured IIS for Basic authentication in the Directory
>>> Security panel of IIS manager.
>>> When I'm calling the site with the default Url home.aspx page is
>>> displayed with nothing for User.identity.Name.
>>> Then i tried with windows integreted authentication. I have made the
>>> appropriate amendements in the web config file but when i test it
>>> still nothing is displayed for User.identity.Name.
>>> Could someone tell me what could be wrong.
>>> Does NT integrated authetication work with a NT4 Primary DC and
>>> Server
>>> 2003 domain member server?
>>> thanks in advance for any help
>>> Eric
>>>

Hello Dominick,

In Fact i have tried several way to authenticate a user.

Windows Integrated Authentication is working fine.

I tried then the basic authentication . IIS Configured as basic Auth.
config file with <authentication mode="windows"/> but when the windows
login box appear at client side (xp pro sp2) no accounts that i have
defined on server 2003 is valid and i can't authenticate any defined
user. Should user require to be member of a particular group other than
Domain users?

I have tried the same thing on windows 2000 server and i was working
fine.

_______


in a second test i tried forms authentication with credentials in
config file. IIS configured as anonymous authentication. Is it Correct?
As you say "set IIS to do no authentication" do you mean uncheck all
Authentication mode in IIS or just let anonymous authentication checked
with "Ask IIS to authenticate" unchecked and then choose a new account
for impersonation .

Config file with

<authentication mode="Forms"/>
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="username" password="password">
</credentials>
</forms >
</authentication>

<authorization>
<deny users="?" />
</authorization>

By doing this way and calling the default website url it goes directly
to the default page Home.aspx and display no User.Identity.name. the
user has not yet been authenticated and is not redirected to the login
page.

Except if I have not setup IIS correctly for autentication by choosing
the wrong options I don't understand why it behaves this way. Do you
have any clue?

Eric

Hello Dominick,

Finally I succeed to do NT integrated, basic and Froms Authentication
using IE on workstation but when testing on server it behaves not the
same as on workstation for NT Integrated Auth.
On Server for NT integrated Auth a Dialog Box is asking for login
whereas on workstation it doesn't (it's all right because he should
not).
Do you know why it asks for login when testing with IE on server side
meanwhile it doen't on client side?