IIS Security strange things

Discussion in 'ASP .Net Security' started by Alexey Smirnov, Mar 1, 2004.

  1. I have intranet application based on ASP.NET on Win2000AS (Framework 1.1).

    Website uses an Integrated Windows Authentication as Authentication method
    in IIS and has following security configuration in the web.config

    ------------------------------------------
    <identity impersonate="false" />

    <authentication mode="Windows" />
    <authorization>
    <deny users="?" />
    </authorization>

    <customErrors defaultRedirect="CustomError.aspx" mode="Off">
    <error statusCode="401" redirect="Custom401.html"/>
    </customErrors>
    ------------------------------------------

    And everything goes fine for 99.9% users and not for one only, who always
    get a popup login window to login this website.
    He has WinXP box, with latest browser, like many others, but for any reason
    website cannot recognize that user as a valid internal user.

    Any ideas? Thank you
    Alexey Smirnov, Mar 1, 2004
    #1
    1. Advertising

  2. Hi ,
    In IE open Options -> select Security
    Select Custom LEVEL -> User Authentication
    Check if the user has checked Prompt for user name and password.
    If its marked make it to auttomatic login only in intranet zone.
    Arvind
    "Alexey Smirnov" <> wrote in message
    news:OSktyX5$...
    > I have intranet application based on ASP.NET on Win2000AS (Framework 1.1).
    >
    > Website uses an Integrated Windows Authentication as Authentication method
    > in IIS and has following security configuration in the web.config
    >
    > ------------------------------------------
    > <identity impersonate="false" />
    >
    > <authentication mode="Windows" />
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
    > <error statusCode="401" redirect="Custom401.html"/>
    > </customErrors>
    > ------------------------------------------
    >
    > And everything goes fine for 99.9% users and not for one only, who always
    > get a popup login window to login this website.
    > He has WinXP box, with latest browser, like many others, but for any

    reason
    > website cannot recognize that user as a valid internal user.
    >
    > Any ideas? Thank you
    >
    >
    Arvind P Rangan, Mar 1, 2004
    #2
    1. Advertising

  3. Hi, Arvind

    yes, he has the default level (medium low) for the intranet zone
    and in addition that site inserted in Local Intranet Site List
    (Security - Sites - Advanced...)

    Alexey


    "Arvind P Rangan" <> wrote in message
    news:%23vNeUd5$...
    > Hi ,
    > In IE open Options -> select Security
    > Select Custom LEVEL -> User Authentication
    > Check if the user has checked Prompt for user name and password.
    > If its marked make it to auttomatic login only in intranet zone.
    > Arvind
    > "Alexey Smirnov" <> wrote in message
    > news:OSktyX5$...
    > > I have intranet application based on ASP.NET on Win2000AS (Framework

    1.1).
    > >
    > > Website uses an Integrated Windows Authentication as Authentication

    method
    > > in IIS and has following security configuration in the web.config
    > >
    > > ------------------------------------------
    > > <identity impersonate="false" />
    > >
    > > <authentication mode="Windows" />
    > > <authorization>
    > > <deny users="?" />
    > > </authorization>
    > >
    > > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
    > > <error statusCode="401" redirect="Custom401.html"/>
    > > </customErrors>
    > > ------------------------------------------
    > >
    > > And everything goes fine for 99.9% users and not for one only, who

    always
    > > get a popup login window to login this website.
    > > He has WinXP box, with latest browser, like many others, but for any

    > reason
    > > website cannot recognize that user as a valid internal user.
    > >
    > > Any ideas? Thank you
    > >
    > >

    >
    >
    Alexey Smirnov, Mar 1, 2004
    #3
  4. Alexey,
    Click on Custom Level
    and in that See what is selected for User Authentication.
    Arvind
    "Alexey Smirnov" <> wrote in message
    news:%23Iydfq5$...
    > Hi, Arvind
    >
    > yes, he has the default level (medium low) for the intranet zone
    > and in addition that site inserted in Local Intranet Site List
    > (Security - Sites - Advanced...)
    >
    > Alexey
    >
    >
    > "Arvind P Rangan" <> wrote in message
    > news:%23vNeUd5$...
    > > Hi ,
    > > In IE open Options -> select Security
    > > Select Custom LEVEL -> User Authentication
    > > Check if the user has checked Prompt for user name and password.
    > > If its marked make it to auttomatic login only in intranet zone.
    > > Arvind
    > > "Alexey Smirnov" <> wrote in message
    > > news:OSktyX5$...
    > > > I have intranet application based on ASP.NET on Win2000AS (Framework

    > 1.1).
    > > >
    > > > Website uses an Integrated Windows Authentication as Authentication

    > method
    > > > in IIS and has following security configuration in the web.config
    > > >
    > > > ------------------------------------------
    > > > <identity impersonate="false" />
    > > >
    > > > <authentication mode="Windows" />
    > > > <authorization>
    > > > <deny users="?" />
    > > > </authorization>
    > > >
    > > > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
    > > > <error statusCode="401" redirect="Custom401.html"/>
    > > > </customErrors>
    > > > ------------------------------------------
    > > >
    > > > And everything goes fine for 99.9% users and not for one only, who

    > always
    > > > get a popup login window to login this website.
    > > > He has WinXP box, with latest browser, like many others, but for any

    > > reason
    > > > website cannot recognize that user as a valid internal user.
    > > >
    > > > Any ideas? Thank you
    > > >
    > > >

    > >
    > >

    >
    >
    Arvind P Rangan, Mar 3, 2004
    #4
  5. User Authentication
    Logon
    Automatic logon only in Intranet zone

    -----------------
    Any ideas?

    Alexey



    "Arvind P Rangan" <> wrote in message
    news:uwNu$...
    > Alexey,
    > Click on Custom Level
    > and in that See what is selected for User Authentication.
    > Arvind
    > "Alexey Smirnov" <> wrote in message
    > news:%23Iydfq5$...
    > > Hi, Arvind
    > >
    > > yes, he has the default level (medium low) for the intranet zone
    > > and in addition that site inserted in Local Intranet Site List
    > > (Security - Sites - Advanced...)
    > >
    > > Alexey
    > >
    > >
    > > "Arvind P Rangan" <> wrote in message
    > > news:%23vNeUd5$...
    > > > Hi ,
    > > > In IE open Options -> select Security
    > > > Select Custom LEVEL -> User Authentication
    > > > Check if the user has checked Prompt for user name and password.
    > > > If its marked make it to auttomatic login only in intranet zone.
    > > > Arvind
    > > > "Alexey Smirnov" <> wrote in message
    > > > news:OSktyX5$...
    > > > > I have intranet application based on ASP.NET on Win2000AS (Framework

    > > 1.1).
    > > > >
    > > > > Website uses an Integrated Windows Authentication as Authentication

    > > method
    > > > > in IIS and has following security configuration in the web.config
    > > > >
    > > > > ------------------------------------------
    > > > > <identity impersonate="false" />
    > > > >
    > > > > <authentication mode="Windows" />
    > > > > <authorization>
    > > > > <deny users="?" />
    > > > > </authorization>
    > > > >
    > > > > <customErrors defaultRedirect="CustomError.aspx" mode="Off">
    > > > > <error statusCode="401" redirect="Custom401.html"/>
    > > > > </customErrors>
    > > > > ------------------------------------------
    > > > >
    > > > > And everything goes fine for 99.9% users and not for one only, who

    > > always
    > > > > get a popup login window to login this website.
    > > > > He has WinXP box, with latest browser, like many others, but for any
    > > > reason
    > > > > website cannot recognize that user as a valid internal user.
    > > > >
    > > > > Any ideas? Thank you
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    Alexey Smirnov, Mar 3, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alexey Smirnov

    IIS Security strange things

    Alexey Smirnov, Mar 1, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    1,823
    Alexey Smirnov
    Mar 3, 2004
  2. =?Utf-8?B?R2FyeQ==?=

    ASP.NET does strange things

    =?Utf-8?B?R2FyeQ==?=, May 3, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    433
    Steven Cheng[MSFT]
    May 5, 2005
  3. Replies:
    1
    Views:
    846
    Harish
    Jan 7, 2005
  4. =?Utf-8?B?V2lsbGlhbSBTdWxsaXZhbg==?=

    vs2005 publish website doing bad things, bad things

    =?Utf-8?B?V2lsbGlhbSBTdWxsaXZhbg==?=, Oct 25, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    585
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Oct 25, 2006
  5. Replies:
    6
    Views:
    274
    =?ISO-8859-1?Q?Arne_Vajh=F8j?=
    Oct 14, 2007
Loading...

Share This Page