401.2 Denied by Server Configuration Errors w/ Windows 2003 Server

401.2 Denied by Server Configuration Errors w/ Windows 2003 Server

am 03.01.2008 17:37:02 von RichardRoche

I have a 2003 ASP.NET intranet application set to Windows Authentication in
my Web.config. In IIS (Windows 2003 Server) i've set only Integrated
Security. My clients are using IE7. I get almost the same number of 401.2
error and i do status code 200 Success.

What are the options to avoid the 401.2 errors?
--
Richard

Re: 401.2 Denied by Server Configuration Errors w/ Windows 2003 Server

am 03.01.2008 22:52:39 von Kristofer Gafvert

Hi Richard,

Is this a problem or an observation?

When Internet Explorer (and any other web browser) sends a request to a
website, it first tries to access it anonymously. If you have set up IIS to
only allow Windows Authentication, IIS will respond with 401.2 telling the
client "you must send credentials, you cannot access this resource
anonymously". If Internet Explorer automatically logs you on, you will not
see anything of this happening in the web browser, but it will be logged.

This would explain why you roughly have the same number of 401.2 as 200,
because if you have set up IIS to only allow Windows Authentication, they
will come together.

--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


"Richard Roche" skrev i meddelandet
news:19FD1463-77B4-4C2A-9209-377741583944@microsoft.com...
>I have a 2003 ASP.NET intranet application set to Windows Authentication in
> my Web.config. In IIS (Windows 2003 Server) i've set only Integrated
> Security. My clients are using IE7. I get almost the same number of 401.2
> error and i do status code 200 Success.
>
> What are the options to avoid the 401.2 errors?
> --
> Richard

Re: 401.2 Denied by Server Configuration Errors w/ Windows 2003 Se

am 03.01.2008 23:04:02 von RichardRoche

Thanks for taking time. To answer you question, i'm not sure, probably just
an observation. If there was a way to do the authentication once it would
save network traffic, obviously. I didn't know if there was some setting in
IIS to tell it to re-use the authentication.

--
Richard


"Kristofer Gafvert" wrote:

> Hi Richard,
>
> Is this a problem or an observation?
>
> When Internet Explorer (and any other web browser) sends a request to a
> website, it first tries to access it anonymously. If you have set up IIS to
> only allow Windows Authentication, IIS will respond with 401.2 telling the
> client "you must send credentials, you cannot access this resource
> anonymously". If Internet Explorer automatically logs you on, you will not
> see anything of this happening in the web browser, but it will be logged.
>
> This would explain why you roughly have the same number of 401.2 as 200,
> because if you have set up IIS to only allow Windows Authentication, they
> will come together.
>
> --
> Regards,
> Kristofer Gafvert
> http://www.gafvert.info/iis/ - IIS Related Info
>
>
> "Richard Roche" skrev i meddelandet
> news:19FD1463-77B4-4C2A-9209-377741583944@microsoft.com...
> >I have a 2003 ASP.NET intranet application set to Windows Authentication in
> > my Web.config. In IIS (Windows 2003 Server) i've set only Integrated
> > Security. My clients are using IE7. I get almost the same number of 401.2
> > error and i do status code 200 Success.
> >
> > What are the options to avoid the 401.2 errors?
> > --
> > Richard
>
>

Re: 401.2 Denied by Server Configuration Errors w/ Windows 2003 Se

am 04.01.2008 00:03:16 von Kristofer Gafvert

Hi,

So you see this 401.2 for each request by a client? For example, for one
client accessing 2 files on the webserver with only a few seconds between
the requests, you see this:

GET /file.htm 401.2
GET /file.htm 401.1
GET /file.htm 200
GET /anotherfile.htm 401.2
GET /anotherfile.htm 401.1
GET /anotherfile.htm 200

That is not how it is supposed to be (i thought you meant you had only one
401.2 per client and session). The authentication handshake should only
happen once per connection, so if you see this multiple times where the
connection should have been open, something closes the connection.

Can we get an excerpt from the log (you can remove any data you do not want
to share with the world) to better understand this?

--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


"Richard Roche" skrev i meddelandet
news:0BD87B4E-C927-426B-A65F-6D8AEC44FF14@microsoft.com...
> Thanks for taking time. To answer you question, i'm not sure, probably
> just
> an observation. If there was a way to do the authentication once it would
> save network traffic, obviously. I didn't know if there was some setting
> in
> IIS to tell it to re-use the authentication.
>
> --
> Richard
>
>
> "Kristofer Gafvert" wrote:
>
>> Hi Richard,
>>
>> Is this a problem or an observation?
>>
>> When Internet Explorer (and any other web browser) sends a request to a
>> website, it first tries to access it anonymously. If you have set up IIS
>> to
>> only allow Windows Authentication, IIS will respond with 401.2 telling
>> the
>> client "you must send credentials, you cannot access this resource
>> anonymously". If Internet Explorer automatically logs you on, you will
>> not
>> see anything of this happening in the web browser, but it will be logged.
>>
>> This would explain why you roughly have the same number of 401.2 as 200,
>> because if you have set up IIS to only allow Windows Authentication, they
>> will come together.
>>
>> --
>> Regards,
>> Kristofer Gafvert
>> http://www.gafvert.info/iis/ - IIS Related Info
>>
>>
>> "Richard Roche" skrev i
>> meddelandet
>> news:19FD1463-77B4-4C2A-9209-377741583944@microsoft.com...
>> >I have a 2003 ASP.NET intranet application set to Windows Authentication
>> >in
>> > my Web.config. In IIS (Windows 2003 Server) i've set only Integrated
>> > Security. My clients are using IE7. I get almost the same number of
>> > 401.2
>> > error and i do status code 200 Success.
>> >
>> > What are the options to avoid the 401.2 errors?
>> > --
>> > Richard
>>
>>

Re: 401.2 Denied by Server Configuration Errors w/ Windows 2003 Se

am 04.01.2008 00:07:46 von Kristofer Gafvert

Can you please also tell us if you use NTLM or Kerberos?

--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


"Richard Roche" skrev i meddelandet
news:0BD87B4E-C927-426B-A65F-6D8AEC44FF14@microsoft.com...
> Thanks for taking time. To answer you question, i'm not sure, probably
> just
> an observation. If there was a way to do the authentication once it would
> save network traffic, obviously. I didn't know if there was some setting
> in
> IIS to tell it to re-use the authentication.
>
> --
> Richard
>
>
> "Kristofer Gafvert" wrote:
>
>> Hi Richard,
>>
>> Is this a problem or an observation?
>>
>> When Internet Explorer (and any other web browser) sends a request to a
>> website, it first tries to access it anonymously. If you have set up IIS
>> to
>> only allow Windows Authentication, IIS will respond with 401.2 telling
>> the
>> client "you must send credentials, you cannot access this resource
>> anonymously". If Internet Explorer automatically logs you on, you will
>> not
>> see anything of this happening in the web browser, but it will be logged.
>>
>> This would explain why you roughly have the same number of 401.2 as 200,
>> because if you have set up IIS to only allow Windows Authentication, they
>> will come together.
>>
>> --
>> Regards,
>> Kristofer Gafvert
>> http://www.gafvert.info/iis/ - IIS Related Info
>>
>>
>> "Richard Roche" skrev i
>> meddelandet
>> news:19FD1463-77B4-4C2A-9209-377741583944@microsoft.com...
>> >I have a 2003 ASP.NET intranet application set to Windows Authentication
>> >in
>> > my Web.config. In IIS (Windows 2003 Server) i've set only Integrated
>> > Security. My clients are using IE7. I get almost the same number of
>> > 401.2
>> > error and i do status code 200 Success.
>> >
>> > What are the options to avoid the 401.2 errors?
>> > --
>> > Richard
>>
>>