Windows authentication doesn't work: 401.1

Discussion in 'ASP .Net Security' started by BRG, Jul 5, 2005.

  1. BRG

    BRG Guest

    I'm having an issue getting Windows authentication to work on a couple
    of machines. The problem is that if I connect to a Windows
    authentication protected web page served by my local Windows XP
    machine, I get an HTTP 401.1 (Logon Failed) error. No Windows logon
    dialog appears at any time. Despite auditing for any security failures,
    nothing shows up in my security event log. For all other purposes,
    ASP.NET works fine.

    If I take my project (simple ASPX page + web.config) and copy it to
    another machine, it works great. My ASPX page prints out Context.User
    info, and "MACHINENAME\Administrator" appears.

    I am experiencing this issue on two Windows XP machines. On most other
    machines, Windows authentication works. Can anyone think of any
    machine-specific settings that would cause Windows authentication to
    fail?

    I'm just about at my wits end. Thanks in advance for any help you can
    provide.

    Settings:

    IIS: Integrated Windows Authentication enabled, all others (including
    anonymous) disabled
    Windows: Windows XP SP2, .NET 1.1 SP1, Guest account disabled

    web.config:

    <configuration>
    <system.web>
    <authentication mode="Windows" />
    <identity impersonate="true"/>
    <authorization>
    <allow roles="BUILTIN\Administrators"/>
    <deny users="*"/>
    </authorization>

    ... other default web.config settings ...

    </system.web>
    </configuration>
    BRG, Jul 5, 2005
    #1
    1. Advertising

  2. BRG

    Paul Clement Guest

    On 5 Jul 2005 07:05:05 -0700, "BRG" <> wrote:

    ¤ I'm having an issue getting Windows authentication to work on a couple
    ¤ of machines. The problem is that if I connect to a Windows
    ¤ authentication protected web page served by my local Windows XP
    ¤ machine, I get an HTTP 401.1 (Logon Failed) error. No Windows logon
    ¤ dialog appears at any time. Despite auditing for any security failures,
    ¤ nothing shows up in my security event log. For all other purposes,
    ¤ ASP.NET works fine.
    ¤
    ¤ If I take my project (simple ASPX page + web.config) and copy it to
    ¤ another machine, it works great. My ASPX page prints out Context.User
    ¤ info, and "MACHINENAME\Administrator" appears.
    ¤
    ¤ I am experiencing this issue on two Windows XP machines. On most other
    ¤ machines, Windows authentication works. Can anyone think of any
    ¤ machine-specific settings that would cause Windows authentication to
    ¤ fail?

    Did you disable Anonymous authentication for the web application in IIS?


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Jul 6, 2005
    #2
    1. Advertising

  3. BRG

    BRG Guest

    Yes, Anonymous authentication is disabled, as I indicated in my
    original post.

    As a side note, however, on machines where Windows authentication does
    work, I have found that it doesn't matter whether Anonymous
    authentication is enabled or disabled. Windows authentication works
    anyways.

    Any other ideas on what the problem may be or even how I could debug it?
    BRG, Jul 6, 2005
    #3
  4. BRG

    Paul Clement Guest

    On 6 Jul 2005 06:55:16 -0700, "BRG" <> wrote:

    ¤ Yes, Anonymous authentication is disabled, as I indicated in my
    ¤ original post.
    ¤
    ¤ As a side note, however, on machines where Windows authentication does
    ¤ work, I have found that it doesn't matter whether Anonymous
    ¤ authentication is enabled or disabled. Windows authentication works
    ¤ anyways.
    ¤
    ¤ Any other ideas on what the problem may be or even how I could debug it?

    Are you accessing the web app locally or from another machine? If from another machine, what
    credentials (user ID) is being used?

    Is this a workgroup environment or do you have a domain?


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Jul 6, 2005
    #4
  5. Is it possible that some of the browsers themselves have Windows Integrated
    auth disabled or disabled for certain zones? Maybe it is the client that is
    refusing to send the auth header to the server?

    Joe K.

    "BRG" <> wrote in message
    news:...
    > Yes, Anonymous authentication is disabled, as I indicated in my
    > original post.
    >
    > As a side note, however, on machines where Windows authentication does
    > work, I have found that it doesn't matter whether Anonymous
    > authentication is enabled or disabled. Windows authentication works
    > anyways.
    >
    > Any other ideas on what the problem may be or even how I could debug it?
    >
    Joe Kaplan \(MVP - ADSI\), Jul 6, 2005
    #5
  6. BRG

    BRG Guest

    Paul and Joe, thank you very much for your help.

    I figured out what the problem was: IIS had HTTP Keep-Alives disabled.
    Apparently NTLM authentication does not work when HTTP Keep-Alives are
    disabled because it needs to keep the connection open in order to
    complete the handshake.
    BRG, Jul 6, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel Bass
    Replies:
    5
    Views:
    5,461
    shijobaby
    Feb 6, 2010
  2. Peter Bradley
    Replies:
    2
    Views:
    1,161
    Peter Bradley
    Jan 19, 2007
  3. Andrew Brook

    Windows Authentication and 401

    Andrew Brook, May 24, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    284
    Andrew Brook
    May 31, 2007
  4. Daniel Bass
    Replies:
    3
    Views:
    132
  5. DownUnder
    Replies:
    4
    Views:
    480
    DownUnder
    Aug 19, 2004
Loading...

Share This Page