 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / August 2006How to disable WinNT Login Prompt
I have a few websites setup on one system on the DMZ Accessing the website and web apps via an alias domain name (free DynDNS.Org) When I try to open default.htm I can view this page in three web apps. When I try to open the login.aspx, which accepts a querystring and will auto-login, or prompt for a login, instead I get a WinNT login Prompt. This does not occur on one of my web apps, I've dbl checked the site settings / properties and I'm not finding a difference to explain this behavior. I use this system to demo updates and changes to our clients during development. Currently when users try to access these sites via their phone the WinNT login does not display but they do get a login error msg. In other words they don't get to my login.aspx. Any info is appreciated. JeffP.... have you enabled anonymous acccess for your app in IIS? --- Dominick Baier, DevelopMentor http://www.leastprivilege.com > I have a few websites setup on one system on the DMZ > [quoted text clipped - 21 lines] > > JeffP.... I think so, I have all three setup the same and I can only access the one site, each is located under the same wwwroot. I have Anonymous accees enabled IUSER_BOXNAME with Let IIS control the Pwd checked as well as Integrated Windows Auth checked. All three sites setup the same are located the same machine and two were behaving badly. The WAP browser doesn't appear to enable a login, perhaps there is a hidden option. JeffP... > have you enabled anonymous acccess for your app in IIS? > [quoted text clipped - 27 lines] >> >> JeffP.... does the anonymous account and the worker process account have read access to all resources? --- Dominick Baier, DevelopMentor http://www.leastprivilege.com > I think so, I have all three setup the same and I can only access the > one site, each is located under the same wwwroot. [quoted text clipped - 41 lines] >>> >>> JeffP.... Are you suggesting that even though the three sites are setup the same, that access to one is immediate and the other two require the WinNT login because the anonymous account and worker process may not have read access to aspx pages but do to .htm pages? Note: I'm prompted when I try to access the site from my dynDNS and the other I don't, but the real problem is the phone WAP browser that doesn't pop the WinNT login dialog, but instead says login fails and never shows the web app's login page. TIA JeffP.... > does the anonymous account and the worker process account have read access > to all resources? [quoted text clipped - 48 lines] >>>> >>>> JeffP.... If you are using forms-based authentication, then you typically always just set the IIS settings to anonymous, not anon + IWA. In that case, you also need to make sure that both the worker process account and the anonymous user account have read access at the NT file system level to all the files you need to access. If the issue is related to an NT ACL problem, Filemon from sysinternals is very useful for tracking those down (assuming you can run it on the server). Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Are you suggesting that even though the three sites are setup the same, > that access to one is immediate and the other two require the WinNT login [quoted text clipped - 62 lines] >>>>> >>>>> JeffP.... Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.