Basic Authentication Problem

Results 1 to 3 of 3

Thread: Basic Authentication Problem

  1. #1
    Carl Revell Guest

    Default Basic Authentication Problem

    I have created an ASP application that enables our users to view and add logs to our Customer Support database. It works for almost all users but a few have trouble.<BR><BR>It is in a sub-directory off of the wwwroot called /itlogs. There are two files for the viewing app, a .stm (plain HTML with an include file, hence the .stm extension) and a .asp file (pulls data from the database and displays it).<BR><BR>The /itlogs directory is configured to have Basic NT security. When the user clicks on a link to the viewlogs.stm page the login/password box appears, they login (NT domain account) and then the page is displayed with picklists to period to view, etc..<BR><BR>They click on a button which launches the .asp which retrieves the data and displays it.<BR><BR>For MOST people, after the first authentication, the rest of the process happens without another login box and all is well.<BR><BR>For a couple of users, as soon as they hit the submit button on the .stm page another login/password dialog appears(!) and typing EXACTLY the same login/password as was used to display the .stm page in the first place returns the user back to the login/password dialog - no errors. After three attempts I get an HTML page saying "Access to this resource has been denied" - it&#039s not a 401.1 Unauthorized Logon Failed which is what you get if you deliberately type in an invalid user name/password.<BR><BR>If, after the users login/password has worked to display the .stm page I then use another users details to by-pass the second login/password after clicking on submit, then all works as it should.<BR><BR>Why are two login/password dialogs displayed - the first one should be all that is required for validation?<BR><BR>Why does the second login dialog fail to recognise the same details that were fine for the first dialog?<BR><BR>I am running IIS 4 on NT 4 SP6 with MDAC 2.5<BR><BR>Thanks,<BR><BR>Carl Revell

  2. #2
    Mark Guest

    Default RE: Basic Authentication Problem

    What are your IIS Authentication settings for your *.stm and *.asp file?<BR><BR>If you want to authenticate your users, make sure that you have the Anonymous Authentication box UNCHECKED. Also, make sure that you have both NT Challenge/Response and Basic Authentication CHECKED.<BR><BR>Once you enforce authenication in IIS, IIS will authenticate the user. If IIS can&#039t authenticate the user, then the page will not be served. If IIS can authenticate the user, then the file permissions of NT will determine if the authenticated user has rights to READ the file. If so, the page is served. If not, then access is denied and the page is not served.<BR><BR>1. Make sure that IIS is authenticating the user<BR>2. Make sure that NT File System has READ permission rights to any and all authenticated users.<BR><BR>I hope this helps!!

  3. #3
    Mark Guest

    Default RE: Basic Authentication Problem

    Also, keep in mind that users browsing with MSIE are seemlessly authenticated if the IIS allows NT Challenge/response Authentication. Users browsing with Netscape can only support Basic Authentication which involves a dialoge box.<BR><BR>When troubleshooting your pages, make sure that everything works OK with MSIE, then retest the pages using Netscape.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts