[thelist] asp.net NTLM authentication fails on postback?
Scott Dexter
dexilalolai at yahoo.com
Wed Jun 8 10:34:24 CDT 2005
> : Integrated Windows Auth is turned on;
> : <authentication mode="Windows" /> in the web.config
>
> This, by itself, doesn't enable any sort of authentication at all.
> This just
> means that the user needs to present valid Window credentials in
> order to
> access the page. The type of authentication mechanism used (NTLM,
> Kerberos,
> Basic, Digest etc) is determined by what is set in the IIS
> Metabase. You can
> enable these various authentication mechanisms via the IIS Manager.
Fair enough. All I know is it's failing.
I just found out we're using Kerberos (not that I think it matters)
> :
> : The user is prompted with the login challenge message box, and
> after
> : three tries IIS fails the login, user gets a 403
>
*** Correction, it's a 401.1. Sorry
> Is this an IIS 6 box? Can you please post the corresponding log
> file entries?
> That will give us the HTTP substatus codes which help us determine
> why the
> user is being denied access.
Trying to get the log files (sigh)
>
> If you check out:
> www.adopenstatic.com/faq/IISRequestProcessing.aspx
> you can see that there's a fair number of reasons why you can get
> up with a
> 403
Great flowchart, bookmarked (thank you)
>
> >From the information presented, I don't think that's a conclusion
> you can
> draw. There seems to be a fair amount of confusion here already
> about what is
> actually enabled and being used. Let's no confuse it by dragging in
Well, regardless of what's actually being enabled, something is awry:
1) User supplies credentials, gains access to the page
2) User causes a postback of that page, credentials fail
3) User has access to other secured pages on the site
I'm not sure how Kerberos vs plain text vs MD5 authentication would
make a difference here?
shrug
More information about the thelist
mailing list