The filter referred to would be an ISAPI filter of some kind, not a
web.config issue.
Cheers
Ken
: Thanks for both of your suggestions....
:
: I've even tried this from an IE5 browser (since use windows auth is
: default) to see if that would go through, but no joy. I've double
: checked my IE6 SP1 settings and I do have send windows auth through.
:
: What I get in the IIS logs (after both of your suggestions) is
:
: 17:43:23 127.0.0.1 GET /capex/user.aspx 401 4644 10
:
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
LR+1.0.3705)
: -
: 17:43:23 127.0.0.1 GET /capex/user.aspx 401 4383 0
:
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
LR+1.0.3705)
: -
: 17:43:23 127.0.0.1 GET /capex/user.aspx 401 4644 10
:
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
LR+1.0.3705)
: -
:
:
: Now the 401.4 is
:
: Unauthorized: Authorization failed by a filter installed on the Web
: server.
:
: Thing is, it's my localhost webserver. Now I'd guess that the
: "filter" it's referring to is the web.config log, no? I've even added
: a location to the file... so now it looks like
:
:
: <configuration>
: <location path="CapEx">
: <system.web>
: <authentication mode="Windows" />
: <authorization>
: <allow users="*" />
: </authorization>
: </system.web>
: </location>
: </configuration>
:
: and have even tried <deny users="?">
:
: An inspection of the system log file in Event Viewer says
:
: Event Type: Success Audit
: Event Source: Security
: Event Category: System Event
: Event ID: 515
: Date: 1/28/2004
: Time: 11:08:23 AM
: User: NT AUTHORITY\SYSTEM
: Computer: MYMACHINENAME
: Description:
: A trusted logon process has registered with the Local Security
: Authority. This logon process will be trusted to submit logon
: requests.
:
: Logon Process Name: KSecDD
:
: Does this information help any?
:
: Thank you both for taking time to help me... it is much appreciated.
:
:
:
:
:
:
: > Hi,
: >
: > I would suggest that you enable Windows file-access-failure auditing on
the
: > file in question. Then, attempt to browse the page from your
web-browser.
: > You should see something logged in the event log indicating what user
: > account the server thinks is being used to attempt to access the page,
and
: > then tweak your NTFS permissions appropriately.
: >
: > Also, be aware that NTLM doesn't work through most proxy servers, and
: > Kerberos authentication doesn't work through most firewalls (those are
the
: > two Integrated Authentication options), so if you're browsing from an
: > external site, keep that in mind.
: >
: > Cheers
: > Ken
: >
: >
: > --
: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: > : > : Hi Ken, thanks for the reply.
: > :
: > : No, I'm not using any basic authentication and prompting the user for
: > : the name/password. I'm trying to grab what they've already logged
: > : into the network with. This was a piece of cake in classic ASP, but
: > : I'm still having difficulties getting this to work.
: > :
: > : I also have under IIS the directory listed as an application, not as a
: > : virtual directory. Is there any other information I can provide you?
: > :
: > : Thanks --
: > :
: > :
: > :
: > : > : > Are you using a pop-up window in your browser asking you for a
: > : > username/password?
: > : >
: > : > Cheers
: > : > Ken
: > : >
: > : > : > : > : All --
: > : > :
: > : > : I've set up a directory where I simply want to know the person's
name
: > : > : when he comes into the directory. I've set up the following:
: > : > :
: > : > : * Uncheck allow anon in IIS
: > : > : * Uncheck basic authentication
: > : > : * Check 'Use windows authentication'
: > : > :
: > : > : My web.config file looks as follows:
: > : > :
: > : > : <configuration>
: > : > : <system.web>
: > : > : <authentication mode="Windows" />
: > : > : <authorization>
: > : > : <allow users="*" />
: > : > : </authorization>
: > : > :
: > : > : </system.web>
: > : > : </configuration>
: > : > :
: > : > :
: > : > : However, I cannot get to the page -- there's no error being
thrown.
: > : > : It seems that it just ignores everything. Checking the IIS logs
shows
: > : > : that a 401 has been issued, but there's no message sent to the
user.
: > : > :
: > : > : The physical folder has 'Everyone' with read permissions. All I
want
: > : > : is the user's DOMAIN\name sent to me so I can do something with
it,
: > : > : but it doesn't seem it's being passed.
: > : > :
: > : > : Any ideas?