[thelist] IIS Directory Security Inheritance
Robert Gormley
robert at pennyonthesidewalk.com
Thu Oct 19 19:14:58 CDT 2006
On Thu, 19 Oct 2006 22:06:14 +1000
"Ken Schaefer" <Ken at adOpenStatic.com> wrote:
> : The folder has NTFS permissions to read.
>
> ?!? NTFS permissions for /which/ user or group?
"Users" group has Read & Execute, List Folder Contents,
Read permissions.
> : On further investigation, it appears that it is a
>symptom
> : of SSL. Allowing unsecured (but authentication
> I strongly doubt this has anything to do with it.
You'd be correct - I have since ruled this out.
> Can you post the relevant IIS logfile entries as well?
This is where it gets interesting - this is the only entry
recorded when attempting to browse the content that
otherwise gives a 401.2 error:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-10-20 00:02:29
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query
s-port cs-username c-ip cs(User-Agent) sc-status
sc-substatus sc-win32-status
2006-10-20 00:02:29 10.x.x.x GET /_vti_bin/owssvr.dll -
443 - 10.y.y.y
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727)
401 2 2148074254
2006-10-20 00:04:24 10.x.x.x GET /_vti_bin/owssvr.dll -
443 - 10.y.y.y
Mozille/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.8.0.7)+Gecko/20060909+Firefox/1.5.0.7
401 2 2148074254
the url attempting be retrieved is /Welcome/ so this is
odd. As I mentioned, the only thing coming to mind is
Sharepoint / .net application - same test on a different
web site instance that I used to rule out SSL seems to
confirm this, as specifying that the subdirectory does not
need SSL and attempting to browse to it results in a 403.4
Forbidden: SSL is required error... so I am guessing that
something in the root server config, or such, is
preventing IIS recognising overriden child values.
Rob
More information about the thelist
mailing list