LDAP Problem with firefox

Discussion in 'ASP General' started by CJM, Aug 1, 2006.

  1. CJM

    CJM Guest

    I have a number of applications that use a particular technique to
    authenticate users using IWA and LDAP.

    These are for intranet application where the users all use IE6, however I'm
    trying to debug some javascript code and I find that easier to do with FF.
    However my applications that use this authentication technique have problems
    when running through FF.

    I get an 'error '80072020' authuser.asp, line 20', which point to an LDAP
    call:

    Sub AuthUser()
    Set oADSysInfo = CreateObject("ADSystemInfo")
    Set oCurrentUser = GetObject("LDAP://" & oADSysInfo.UserName)
    '<==== error
    etc...
    End Sub

    When I run this apps via FF I need to manually authenticate (ie type in
    domain name\username & password) since true IWA is not supported. I assume
    the fact that FF doesnt handle IWA is at the centre of the issue, but I
    don't know exactly what the problem is, nor if/how I can solve it.

    Any ideas?

    Thanks

    CJM
     
    CJM, Aug 1, 2006
    #1
    1. Advertising

  2. "CJM" <> wrote in message
    news:%...
    > I have a number of applications that use a particular technique to
    > authenticate users using IWA and LDAP.
    >
    > These are for intranet application where the users all use IE6, however

    I'm
    > trying to debug some javascript code and I find that easier to do with FF.
    > However my applications that use this authentication technique have

    problems
    > when running through FF.
    >
    > I get an 'error '80072020' authuser.asp, line 20', which point to an LDAP
    > call:
    >
    > Sub AuthUser()
    > Set oADSysInfo = CreateObject("ADSystemInfo")
    > Set oCurrentUser = GetObject("LDAP://" & oADSysInfo.UserName)
    > '<==== error
    > etc...
    > End Sub
    >
    > When I run this apps via FF I need to manually authenticate (ie type in
    > domain name\username & password) since true IWA is not supported. I assume
    > the fact that FF doesnt handle IWA is at the centre of the issue, but I
    > don't know exactly what the problem is, nor if/how I can solve it.
    >
    > Any ideas?
    >


    add the DNS name you are using to access the server to the following setting
    in about:config on FF:-

    network.automatic-ntlm-auth.trusted-uris

    Now FF will automatically attempt NTML authentication with the server just
    as IE does with things in the Local Intranet zone.


    > Thanks
    >
    > CJM
    >
    >
    >
     
    Anthony Jones, Aug 1, 2006
    #2
    1. Advertising

  3. CJM

    CJM Guest

    "Anthony Jones" <> wrote in message
    news:%...
    >
    >>

    >
    > add the DNS name you are using to access the server to the following
    > setting
    > in about:config on FF:-
    >
    > network.automatic-ntlm-auth.trusted-uris
    >
    > Now FF will automatically attempt NTML authentication with the server just
    > as IE does with things in the Local Intranet zone.
    >
    >


    Anthony,

    Thanks for the response, but I'm afraid your suggestion didnt work (I get
    the same error). Any further ideas?

    Chris
     
    CJM, Aug 1, 2006
    #3
  4. "CJM" <> wrote in message
    news:...
    >
    > "Anthony Jones" <> wrote in message
    > news:%...
    > >
    > >>

    > >
    > > add the DNS name you are using to access the server to the following
    > > setting
    > > in about:config on FF:-
    > >
    > > network.automatic-ntlm-auth.trusted-uris
    > >
    > > Now FF will automatically attempt NTML authentication with the server

    just
    > > as IE does with things in the Local Intranet zone.
    > >
    > >

    >
    > Anthony,
    >
    > Thanks for the response, but I'm afraid your suggestion didnt work (I get
    > the same error). Any further ideas?
    >
    > Chris
    >


    Have tried some response writes of the server variables AUTH_USER and
    LOGON_USER just to confirm what user security token the request is running
    under?

    The page in question does not allow anonymous or other types of
    authentication just IWA right?

    Note that FF by default uses more connections per server than IE does. It
    is connections that are authenticated so this could have a bearing.

    It might be worth using Fiddler to compare the exchanges that IE makes with
    the server with the ones FF makes.

    Anthony.
     
    Anthony Jones, Aug 1, 2006
    #4
  5. "Anthony Jones" <> wrote in message
    news:...
    >
    > Have tried some response writes of the server variables AUTH_USER and
    > LOGON_USER just to confirm what user security token the request is running
    > under?
    >
    > The page in question does not allow anonymous or other types of
    > authentication just IWA right?
    >
    > Note that FF by default uses more connections per server than IE does. It
    > is connections that are authenticated so this could have a bearing.
    >
    > It might be worth using Fiddler to compare the exchanges that IE makes
    > with
    > the server with the ones FF makes.
    >
    > Anthony.
    >
    >


    Fiddler (or Netmon) sounds like a good way to go with this.

    If the server is set up for kerberos delegation, you might find that the
    core problem is a difference in authentication headers between IE and FF. IE
    will try Negotiate, I'm afraid I don't know much about FF.

    NTLM authentication doesn't provide a delegable (eg, good for two hops)
    credential, but Basic usually does (depending on the LogonMethod metabase
    property) - you might consider stepping down to Basic to get FF working (and
    use SSL to protect the credential transfer).

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.

    TristanK
    http://blogs.technet.com/tristank/
    --
     
    Tristan Kington [MSFT], Aug 2, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    556
    Raymond DeCampo
    Feb 21, 2006
  2. rcmn
    Replies:
    1
    Views:
    375
    =?ISO-8859-1?Q?Michael_Str=F6der?=
    Nov 6, 2006
  3. Jason Wold

    using LDAP Controls in ruby-ldap

    Jason Wold, Nov 4, 2004, in forum: Ruby
    Replies:
    5
    Views:
    282
  4. Ian Macdonald
    Replies:
    0
    Views:
    239
    Ian Macdonald
    Mar 15, 2005
  5. James Hughes
    Replies:
    4
    Views:
    351
    James Hughes
    Dec 13, 2005
Loading...

Share This Page