Question about windows integrated security

Discussion in 'ASP .Net Security' started by NWx, Jan 28, 2004.

  1. NWx

    NWx Guest

    Hi,

    I developed a small test app using ASP.NET. I left the vistual folder to be
    accessible only with windows integrated security.
    I try to access that app from another PC in my LAN. I don't have a domain
    controller, the lan works with Workgroup.

    When I access that page, I get a user login dialog, aking me to enter
    username / password

    I have an user account on that pc, and try to enter that username, and pass,
    but autantication fail and I see that dialog again and again.

    To be more specific

    server pc is called TTMServer
    PC I try to connect from is called TTMWS

    On TTMServer I have a user account with administrative privileges, John,
    password John22
    On TTMWS I also have an account John, with pass John22, admin account type
    too

    I work on TTMWS, and I'm logged on account John

    When I try to access my app

    http://ttmserver/Testapp

    I get the user login window.

    I try enter user John or user TTMServer\John, and pass John22, but no luck.
    I'm not autenticated, so I cannot see that page

    What I did wrong? How someone over internet, who have a user account on a PC
    hosting the web server, can access a app which uses Windows autentication ?

    Thank you for any help
     
    NWx, Jan 28, 2004
    #1
    1. Advertising

  2. NWx

    David Coe Guest

    In the web.config file, under the <authorization> element, do you have

    <authorization><allow users="John"/></authorization>

    ?? This section is where you define the users that are allowed (or denied) access to the application.

    David Coe
    Microsoft Certified Professional
    ASP.NET, XML Web Services

    ----- NWx wrote: -----

    Hi,

    I developed a small test app using ASP.NET. I left the vistual folder to be
    accessible only with windows integrated security.
    I try to access that app from another PC in my LAN. I don't have a domain
    controller, the lan works with Workgroup.

    When I access that page, I get a user login dialog, aking me to enter
    username / password

    I have an user account on that pc, and try to enter that username, and pass,
    but autantication fail and I see that dialog again and again.

    To be more specific

    server pc is called TTMServer
    PC I try to connect from is called TTMWS

    On TTMServer I have a user account with administrative privileges, John,
    password John22
    On TTMWS I also have an account John, with pass John22, admin account type
    too

    I work on TTMWS, and I'm logged on account John

    When I try to access my app

    http://ttmserver/Testapp

    I get the user login window.

    I try enter user John or user TTMServer\John, and pass John22, but no luck.
    I'm not autenticated, so I cannot see that page

    What I did wrong? How someone over internet, who have a user account on a PC
    hosting the web server, can access a app which uses Windows autentication ?

    Thank you for any help
     
    David Coe, Jan 29, 2004
    #2
    1. Advertising

  3. NWx

    Ken Schaefer Guest

    Not only do you have enter a valid user account for the server, but that
    user account needs to have appropriate NTFS permissions to the actual file
    you want to read off the server's hard disk. I would check the NTFS
    permissions on the server.

    Cheers
    Ken


    "NWx" <> wrote in message
    news:%...
    : Hi,
    :
    : I developed a small test app using ASP.NET. I left the vistual folder to
    be
    : accessible only with windows integrated security.
    : I try to access that app from another PC in my LAN. I don't have a domain
    : controller, the lan works with Workgroup.
    :
    : When I access that page, I get a user login dialog, aking me to enter
    : username / password
    :
    : I have an user account on that pc, and try to enter that username, and
    pass,
    : but autantication fail and I see that dialog again and again.
    :
    : To be more specific
    :
    : server pc is called TTMServer
    : PC I try to connect from is called TTMWS
    :
    : On TTMServer I have a user account with administrative privileges, John,
    : password John22
    : On TTMWS I also have an account John, with pass John22, admin account type
    : too
    :
    : I work on TTMWS, and I'm logged on account John
    :
    : When I try to access my app
    :
    : http://ttmserver/Testapp
    :
    : I get the user login window.
    :
    : I try enter user John or user TTMServer\John, and pass John22, but no
    luck.
    : I'm not autenticated, so I cannot see that page
    :
    : What I did wrong? How someone over internet, who have a user account on a
    PC
    : hosting the web server, can access a app which uses Windows autentication
    ?
    :
    : Thank you for any help
    :
    :
    :
     
    Ken Schaefer, Jan 29, 2004
    #3
  4. NWx

    NWx Guest

    Hi,

    > In the web.config file, under the <authorization> element, do you have
    >
    > <authorization><allow users="John"/></authorization>
    >
    > ?? This section is where you define the users that are allowed (or

    denied) access to the application.

    I don't have this, but I have instead
    <authorization><allow users="*"/></authorization>

    which I understood allow all users to use the application.

    Anyway I changed to the setting you told me.
    However, something was changed since I tried to use the application with Win
    security last time, and now I get a different behaviour: user logon form
    opened by browser has TTMSERVER\Guest filled automatically in user login,
    and it is disabled (so I cannot change it to John anymore), so I can only
    enter a password.

    What could be the reason for this?

    Thank you for your answer.

    Regards.


    >
    > David Coe
    > Microsoft Certified Professional
    > ASP.NET, XML Web Services
    >
    > ----- NWx wrote: -----
    >
    > Hi,
    >
    > I developed a small test app using ASP.NET. I left the vistual folder

    to be
    > accessible only with windows integrated security.
    > I try to access that app from another PC in my LAN. I don't have a

    domain
    > controller, the lan works with Workgroup.
    >
    > When I access that page, I get a user login dialog, aking me to enter
    > username / password
    >
    > I have an user account on that pc, and try to enter that username,

    and pass,
    > but autantication fail and I see that dialog again and again.
    >
    > To be more specific
    >
    > server pc is called TTMServer
    > PC I try to connect from is called TTMWS
    >
    > On TTMServer I have a user account with administrative privileges,

    John,
    > password John22
    > On TTMWS I also have an account John, with pass John22, admin account

    type
    > too
    >
    > I work on TTMWS, and I'm logged on account John
    >
    > When I try to access my app
    >
    > http://ttmserver/Testapp
    >
    > I get the user login window.
    >
    > I try enter user John or user TTMServer\John, and pass John22, but no

    luck.
    > I'm not autenticated, so I cannot see that page
    >
    > What I did wrong? How someone over internet, who have a user account

    on a PC
    > hosting the web server, can access a app which uses Windows

    autentication ?
    >
    > Thank you for any help
    >
    >
    >
    >
     
    NWx, Jan 30, 2004
    #4
  5. NWx

    NWx Guest

    Hi,

    > Not only do you have enter a valid user account for the server, but that
    > user account needs to have appropriate NTFS permissions to the actual file
    > you want to read off the server's hard disk. I would check the NTFS
    > permissions on the server.


    User account I try to logon with has admnistrator rights, so it can access
    and file and folder.

    Do you have any other suggestion?

    Thank you.



    >
    > Cheers
    > Ken
    >
    >
    > "NWx" <> wrote in message
    > news:%...
    > : Hi,
    > :
    > : I developed a small test app using ASP.NET. I left the vistual folder to
    > be
    > : accessible only with windows integrated security.
    > : I try to access that app from another PC in my LAN. I don't have a

    domain
    > : controller, the lan works with Workgroup.
    > :
    > : When I access that page, I get a user login dialog, aking me to enter
    > : username / password
    > :
    > : I have an user account on that pc, and try to enter that username, and
    > pass,
    > : but autantication fail and I see that dialog again and again.
    > :
    > : To be more specific
    > :
    > : server pc is called TTMServer
    > : PC I try to connect from is called TTMWS
    > :
    > : On TTMServer I have a user account with administrative privileges, John,
    > : password John22
    > : On TTMWS I also have an account John, with pass John22, admin account

    type
    > : too
    > :
    > : I work on TTMWS, and I'm logged on account John
    > :
    > : When I try to access my app
    > :
    > : http://ttmserver/Testapp
    > :
    > : I get the user login window.
    > :
    > : I try enter user John or user TTMServer\John, and pass John22, but no
    > luck.
    > : I'm not autenticated, so I cannot see that page
    > :
    > : What I did wrong? How someone over internet, who have a user account on

    a
    > PC
    > : hosting the web server, can access a app which uses Windows

    autentication
    > ?
    > :
    > : Thank you for any help
    > :
    > :
    > :
    >
    >
     
    NWx, Jan 30, 2004
    #5
  6. NWx

    Ken Schaefer Guest

    It would be unusual for a local admin not to be able to access a page *but*
    it is possible to remove access to admins from a page. Check the NTFS
    permissions.

    Next - I would enable auditing for "logon failures" if it's not currently
    enabled. You will then see, in the security Event Log, and logon failure
    event, recording the account that the server thinks it being used, and a
    possible reason why the logon is failing.

    What you have setup should work, but for some reason it's not, so we need to
    try and work out where it's failing.

    Cheers
    Ken


    "NWx" <> wrote in message
    news:...
    : Hi,
    :
    : > Not only do you have enter a valid user account for the server, but that
    : > user account needs to have appropriate NTFS permissions to the actual
    file
    : > you want to read off the server's hard disk. I would check the NTFS
    : > permissions on the server.
    :
    : User account I try to logon with has admnistrator rights, so it can access
    : and file and folder.
    :
    : Do you have any other suggestion?
    :
    : Thank you.
    :
    :
    :
    : >
    : > Cheers
    : > Ken
    : >
    : >
    : > "NWx" <> wrote in message
    : > news:%...
    : > : Hi,
    : > :
    : > : I developed a small test app using ASP.NET. I left the vistual folder
    to
    : > be
    : > : accessible only with windows integrated security.
    : > : I try to access that app from another PC in my LAN. I don't have a
    : domain
    : > : controller, the lan works with Workgroup.
    : > :
    : > : When I access that page, I get a user login dialog, aking me to enter
    : > : username / password
    : > :
    : > : I have an user account on that pc, and try to enter that username, and
    : > pass,
    : > : but autantication fail and I see that dialog again and again.
    : > :
    : > : To be more specific
    : > :
    : > : server pc is called TTMServer
    : > : PC I try to connect from is called TTMWS
    : > :
    : > : On TTMServer I have a user account with administrative privileges,
    John,
    : > : password John22
    : > : On TTMWS I also have an account John, with pass John22, admin account
    : type
    : > : too
    : > :
    : > : I work on TTMWS, and I'm logged on account John
    : > :
    : > : When I try to access my app
    : > :
    : > : http://ttmserver/Testapp
    : > :
    : > : I get the user login window.
    : > :
    : > : I try enter user John or user TTMServer\John, and pass John22, but no
    : > luck.
    : > : I'm not autenticated, so I cannot see that page
    : > :
    : > : What I did wrong? How someone over internet, who have a user account
    on
    : a
    : > PC
    : > : hosting the web server, can access a app which uses Windows
    : autentication
    : > ?
    : > :
    : > : Thank you for any help
    : > :
    : > :
    : > :
    : >
    : >
    :
    :
     
    Ken Schaefer, Jan 31, 2004
    #6
  7. NWx

    NWx Guest

    Hi,

    > It would be unusual for a local admin not to be able to access a page

    *but*
    > it is possible to remove access to admins from a page. Check the NTFS
    > permissions.


    This is a test server, so it cannot be accessed over internet
    The virtual folder is located on a FAT32 drive, do there is no file or
    folder restriction available.

    > Next - I would enable auditing for "logon failures" if it's not currently
    > enabled. You will then see, in the security Event Log, and logon failure
    > event, recording the account that the server thinks it being used, and a
    > possible reason why the logon is failing.


    Sorry to ask, but how can I do this? I don't know much beside basic settings
    (minimum necessary to be able to setup virtual folder for a web app -
    ASP.NET, ASP or PHP) about managing IIS.

    Actually, I tried connecting to the server again, but probaly I changed
    something since last time, and now I get a different behaviour: user logon
    form opened by browser has TTMSERVER\Guest filled automatically in user
    login, and it is disabled (so I cannot change it to John anymore), so I can
    only enter a password.

    What could be the reason for this?

    Many thanks for your patience.

    Cheers

    >
    > What you have setup should work, but for some reason it's not, so we need

    to
    > try and work out where it's failing.
    >
    > Cheers
    > Ken server
    >
    >
    > "NWx" <> wrote in message
    > news:...
    > : Hi,
    > :
    > : > Not only do you have enter a valid user account for the server, but

    that
    > : > user account needs to have appropriate NTFS permissions to the actual
    > file
    > : > you want to read off the server's hard disk. I would check the NTFS
    > : > permissions on the server.
    > :
    > : User account I try to logon with has admnistrator rights, so it can

    access
    > : and file and folder.
    > :
    > : Do you have any other suggestion?
    > :
    > : Thank you.
    > :
    > :
    > :
    > : >
    > : > Cheers
    > : > Ken
    > : >
    > : >
    > : > "NWx" <> wrote in message
    > : > news:%...
    > : > : Hi,
    > : > :
    > : > : I developed a small test app using ASP.NET. I left the vistual

    folder
    > to
    > : > be
    > : > : accessible only with windows integrated security.
    > : > : I try to access that app from another PC in my LAN. I don't have a
    > : domain
    > : > : controller, the lan works with Workgroup.
    > : > :
    > : > : When I access that page, I get a user login dialog, aking me to

    enter
    > : > : username / password
    > : > :
    > : > : I have an user account on that pc, and try to enter that username,

    and
    > : > pass,
    > : > : but autantication fail and I see that dialog again and again.
    > : > :
    > : > : To be more specific
    > : > :
    > : > : server pc is called TTMServer
    > : > : PC I try to connect from is called TTMWS
    > : > :
    > : > : On TTMServer I have a user account with administrative privileges,
    > John,
    > : > : password John22
    > : > : On TTMWS I also have an account John, with pass John22, admin

    account
    > : type
    > : > : too
    > : > :
    > : > : I work on TTMWS, and I'm logged on account John
    > : > :
    > : > : When I try to access my app
    > : > :
    > : > : http://ttmserver/Testapp
    > : > :
    > : > : I get the user login window.
    > : > :
    > : > : I try enter user John or user TTMServer\John, and pass John22, but

    no
    > : > luck.
    > : > : I'm not autenticated, so I cannot see that page
    > : > :
    > : > : What I did wrong? How someone over internet, who have a user account
    > on
    > : a
    > : > PC
    > : > : hosting the web server, can access a app which uses Windows
    > : autentication
    > : > ?
    > : > :
    > : > : Thank you for any help
    > : > :
    > : > :
    > : > :
    > : >
    > : >
    > :
    > :
    >
    >
     
    NWx, Jan 31, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. STom
    Replies:
    0
    Views:
    316
  2. Carlos Fersura

    HttpHandler and Windows Integrated Security

    Carlos Fersura, Oct 29, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    425
    Carlos Fersura
    Oct 29, 2003
  3. NWx
    Replies:
    4
    Views:
    1,969
  4. =?Utf-8?B?UmF6dmFu?=
    Replies:
    1
    Views:
    403
    Scott Allen
    Jun 11, 2005
  5. Mr Newbie
    Replies:
    6
    Views:
    558
    Mr Newbie
    Dec 4, 2005
Loading...

Share This Page