Windows authentication doesn't work: 401.1

[BRG]

I'm having an issue getting Windows authentication to work on a couple
of machines. The problem is that if I connect to a Windows
authentication protected web page served by my local Windows XP
machine, I get an HTTP 401.1 (Logon Failed) error. No Windows logon
dialog appears at any time. Despite auditing for any security failures,
nothing shows up in my security event log. For all other purposes,
ASP.NET works fine.

If I take my project (simple ASPX page + web.config) and copy it to
another machine, it works great. My ASPX page prints out Context.User
info, and "MACHINENAME\Administrator" appears.

I am experiencing this issue on two Windows XP machines. On most other
machines, Windows authentication works. Can anyone think of any
machine-specific settings that would cause Windows authentication to
fail?

I'm just about at my wits end. Thanks in advance for any help you can
provide.

Settings:

IIS: Integrated Windows Authentication enabled, all others (including
anonymous) disabled
Windows: Windows XP SP2, .NET 1.1 SP1, Guest account disabled

web.config:

<configuration>
<system.web>
<authentication mode="Windows" />
<identity impersonate="true"/>
<authorization>
<allow roles="BUILTIN\Administrators"/>
<deny users="*"/>
</authorization>

... other default web.config settings ...

</system.web>
</configuration>

 

[Paul Clement]

¤ I'm having an issue getting Windows authentication to work on a couple
¤ of machines. The problem is that if I connect to a Windows
¤ authentication protected web page served by my local Windows XP
¤ machine, I get an HTTP 401.1 (Logon Failed) error. No Windows logon
¤ dialog appears at any time. Despite auditing for any security failures,
¤ nothing shows up in my security event log. For all other purposes,
¤ ASP.NET works fine.
¤
¤ If I take my project (simple ASPX page + web.config) and copy it to
¤ another machine, it works great. My ASPX page prints out Context.User
¤ info, and "MACHINENAME\Administrator" appears.
¤
¤ I am experiencing this issue on two Windows XP machines. On most other
¤ machines, Windows authentication works. Can anyone think of any
¤ machine-specific settings that would cause Windows authentication to
¤ fail?

Did you disable Anonymous authentication for the web application in IIS?


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[BRG]

Yes, Anonymous authentication is disabled, as I indicated in my
original post.

As a side note, however, on machines where Windows authentication does
work, I have found that it doesn't matter whether Anonymous
authentication is enabled or disabled. Windows authentication works
anyways.

Any other ideas on what the problem may be or even how I could debug it?

 

[Paul Clement]

¤ Yes, Anonymous authentication is disabled, as I indicated in my
¤ original post.
¤
¤ As a side note, however, on machines where Windows authentication does
¤ work, I have found that it doesn't matter whether Anonymous
¤ authentication is enabled or disabled. Windows authentication works
¤ anyways.
¤
¤ Any other ideas on what the problem may be or even how I could debug it?

Are you accessing the web app locally or from another machine? If from another machine, what
credentials (user ID) is being used?

Is this a workgroup environment or do you have a domain?


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[Joe Kaplan \(MVP - ADSI\)]

Is it possible that some of the browsers themselves have Windows Integrated
auth disabled or disabled for certain zones? Maybe it is the client that is
refusing to send the auth header to the server?

Joe K.

 

[BRG]

Paul and Joe, thank you very much for your help.

I figured out what the problem was: IIS had HTTP Keep-Alives disabled.
Apparently NTLM authentication does not work when HTTP Keep-Alives are
disabled because it needs to keep the connection open in order to
complete the handshake.