Error 401.1

Discussion in 'ASP .Net Security' started by Nay, Jun 5, 2006.

  1. Nay

    Nay Guest

    Hi
    I work with windows authentication, not allow anonymous, and with custom
    pool(domain user)
    The problem is that I get this error only if the url is by server name. If
    it's by IP number, I have no problem.

    What can the problem be?
    Nay, Jun 5, 2006
    #1
    1. Advertising

  2. Is it possible there might be a problem with Kerberos configuration? Do you
    see any errors in the server's system event log from Kerberos? If you
    enable auditing of logon events, what type of logon processes the user when
    it fails?

    Typically, using an IP address in the URL will force a downgrade to NTLM.
    That might be why things are working.

    When using Kerberos auth, both the user and server are authenticated. The
    server is authenticated via its servicePrincipalName. I bet you that the
    SPN for the server name that you are using in the URL is associated with the
    computer account for the server, not your custom domain user. As such, the
    app pool itself cannot be authenticated.

    Typically, the way to correct this is to move the SPN that is being used
    from the computer account to the custom account. You can also fix this by
    creating a different DNS name for the service (with an A record, not a
    CNAME, as Kerberos will resolve CNAME back to the A record!) and set your
    special service account to have that SPN.

    HTH!

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Nay" <> wrote in message
    news:...
    > Hi
    > I work with windows authentication, not allow anonymous, and with custom
    > pool(domain user)
    > The problem is that I get this error only if the url is by server name. If
    > it's by IP number, I have no problem.
    >
    > What can the problem be?
    Joe Kaplan \(MVP - ADSI\), Jun 5, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vijayakrishna Pondala

    The remote server returned an error: (401) Unauthorized

    Vijayakrishna Pondala, Aug 22, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    27,960
    William C.
    Aug 22, 2005
  2. San

    WebException: error: (401)

    San, Jul 7, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    381
  3. Jim Cheshire [MSFT]

    RE: Custom Error Page - Error 401 not Working

    Jim Cheshire [MSFT], Jul 19, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    1,290
    Jim Cheshire [MSFT]
    Jul 21, 2004
  4. obeOnline
    Replies:
    2
    Views:
    20,487
    obeOnline
    Jan 27, 2005
  5. rote
    Replies:
    4
    Views:
    1,723
    Alexey Smirnov
    Aug 4, 2008
Loading...

Share This Page