HTTP 401.2 - No permissions: login failed because of server configuration

Hi,

my configuration: windows xp prof sp2 with IIS 5.1.

I have several asp.net applications some using login/password (with
Anonymous authentification set in IIS) and others using the windows account
(with Integrated Windows Authentification).

When testing the application on the IIS server with administrator account,
for all applications using windows account i have to introduce an account/pw
in a little window. Even when clicking the option "remember the password",
the next time i get that windows. This does not happen for the application
using Anonymous auth.

If i push the cancel button of that windows, i get the error:
HTTP 401.2 - No permissions: login failed because of server configuration

Any way to get rid of that authentification window?
Thanks
Bob

Re: HTTP 401.2 - No permissions: login failed because of server

On Apr 14, 1:59=A0pm, "bob" wrote:
> Hi,
>
> my configuration: windows xp prof sp2 with IIS 5.1.
>
> I have several asp.net applications some using login/password (with
> Anonymous authentification set in IIS) and others using the windows accoun=
t
> (with Integrated Windows Authentification).
>
> When testing the application on the IIS server with administrator account,=

> for all applications using windows account i have to introduce an account/=
pw
> in a little window. Even when clicking the option "remember the password",=

> the next time i get that windows. This does not happen for the application=

> using Anonymous auth.
>
> =A0If i push the cancel button of that windows, i get the error:
> HTTP 401.2 - No permissions: login failed because of server configuration
>
> Any way to get rid of that authentification window?
> Thanks
> Bob


If the authentication window shows up with Integrated Windows
Authentication, it usually means something is wrong within your
configuration -- usually either Active Directory, networking, or Group
Policy issue.

ASP.Net login/password (aka "Forms Auth") uses Cookies to remember the
login, which has its own issues, but you haven't spotted them yet.

Bottom line, you get rid of that authentication window when your
machine is properly configured. By default, Integrated Windows
Authentication would work, so you've got something else going on that
is breaking things.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: HTTP 401.2 - No permissions: login failed because of server configuration

Thanks for replying.
I doublechecked everything and these are the settings for application
"myapp":
I'm logged as "admin" (member of administrators).
In the security of directory c:\inetpub\wwwroot\myapp ,
"admin" has full rights and is owner of the directory.

In IIS, "myapp" is a virtual directory and the Map Security option is set to
Integrated Windows
Authentication. Futher seems everything else ok ...

I must add this: i reinstalled windows xp without reformatting the disc but
created a new administrator account ("admin"). In directory "myapp", i can
see in the security an unknown account (S-1-5-21 -....). Has this something
to do with my problem?

I don't know where to seek ...
Thanks


"David Wang" schreef in bericht
news:0bb71308-3eb9-4240-88fb-299ac162596b@k10g2000prm.google groups.com...
On Apr 14, 1:59 pm, "bob" wrote:
> Hi,
>
> my configuration: windows xp prof sp2 with IIS 5.1.
>
> I have several asp.net applications some using login/password (with
> Anonymous authentification set in IIS) and others using the windows
> account
> (with Integrated Windows Authentification).
>
> When testing the application on the IIS server with administrator account,
> for all applications using windows account i have to introduce an
> account/pw
> in a little window. Even when clicking the option "remember the password",
> the next time i get that windows. This does not happen for the application
> using Anonymous auth.
>
> If i push the cancel button of that windows, i get the error:
> HTTP 401.2 - No permissions: login failed because of server configuration
>
> Any way to get rid of that authentification window?
> Thanks
> Bob


If the authentication window shows up with Integrated Windows
Authentication, it usually means something is wrong within your
configuration -- usually either Active Directory, networking, or Group
Policy issue.

ASP.Net login/password (aka "Forms Auth") uses Cookies to remember the
login, which has its own issues, but you haven't spotted them yet.

Bottom line, you get rid of that authentication window when your
machine is properly configured. By default, Integrated Windows
Authentication would work, so you've got something else going on that
is breaking things.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: HTTP 401.2 - No permissions: login failed because of server

When you get prompted for the username/password, if you enter the
correct credential, does it succeed or fail.

Is HTTP KeepAlive enabled. If disabled (commonly done on XP since
otherwise you hit the TCP connection limit), it prevents Integrated
Windows Authentication from working since IWA relies of HTTP
KeepAlive. Turning off HTTP KeepAlive usually means massive, anonymous
access.

Otherwise -- You will need to determine the EXACT 401 that is returned
by IIS that causes the username/password prompt. It is NOT 401.2
because that happens after you push the cancel button, which causes
the browser to make an anonymous request to the web server, which
rejects it with 401.2 since you configured it to require ONLY
Integrated Windows Authentication. In other words, when you have
authentication involved, there are LOTS of requests/responses
happening underneath the covers that you're not aware of as an end-
user. All you see is you typed in a URL and you got to it. Never mind
the extra requests along the way to authenticate, redirect, etc...


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Apr 16, 11:48=A0am, "bob" wrote:
> Thanks for replying.
> I doublechecked everything and these are the settings for application
> "myapp":
> I'm logged as "admin" (member of administrators).
> In the security of directory c:\inetpub\wwwroot\myapp ,
> "admin" has full rights and is owner of the directory.
>
> In IIS, "myapp" is a virtual directory and the Map Security option is set =
to
> Integrated Windows
> Authentication. Futher seems everything else ok ...
>
> I must add this: i reinstalled windows xp without reformatting the disc bu=
t
> created a new administrator account ("admin"). In directory "myapp", i can=

> see in the security an unknown account (S-1-5-21 -....). Has this somethin=
g
> to do with my problem?
>
> I don't know where to seek ...
> Thanks
>
> "David Wang" schreef in berichtnews:0bb71308-3eb9-4240=
-88fb-299ac162596b@k10g2000prm.googlegroups.com...
> On Apr 14, 1:59 pm, "bob" wrote:
>
>
>
>
>
> > Hi,
>
> > my configuration: windows xp prof sp2 with IIS 5.1.
>
> > I have several asp.net applications some using login/password (with
> > Anonymous authentification set in IIS) and others using the windows
> > account
> > (with Integrated Windows Authentification).
>
> > When testing the application on the IIS server with administrator accoun=
t,
> > for all applications using windows account i have to introduce an
> > account/pw
> > in a little window. Even when clicking the option "remember the password=
",
> > the next time i get that windows. This does not happen for the applicati=
on
> > using Anonymous auth.
>
> > If i push the cancel button of that windows, i get the error:
> > HTTP 401.2 - No permissions: login failed because of server configuratio=
n
>
> > Any way to get rid of that authentification window?
> > Thanks
> > Bob
>
> If the authentication window shows up with Integrated Windows
> Authentication, it usually means something is wrong within your
> configuration -- usually either Active Directory, networking, or Group
> Policy issue.
>
> ASP.Net login/password (aka "Forms Auth") uses Cookies to remember the
> login, which has its own issues, but you haven't spotted them yet.
>
> Bottom line, you get rid of that authentication window when your
> machine is properly configured. By default, Integrated Windows
> Authentication would work, so you've got something else going on that
> is breaking things.
>
> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David. Wang
> //- Hide quoted text -
>
> - Show quoted text -

Re: HTTP 401.2 - No permissions: login failed because of server configuration

"When you get prompted for the username/password, if you enter the
correct credential, does it succeed or fail."

Yes

"Is HTTP KeepAlive enabled."

Yes

I can solve the problem by settings both Anonymous and Integrated Windows
Authentication, but is this good practice?



On Apr 16, 11:48 am, "bob" wrote:
> Thanks for replying.
> I doublechecked everything and these are the settings for application
> "myapp":
> I'm logged as "admin" (member of administrators).
> In the security of directory c:\inetpub\wwwroot\myapp ,
> "admin" has full rights and is owner of the directory.
>
> In IIS, "myapp" is a virtual directory and the Map Security option is set
> to
> Integrated Windows
> Authentication. Futher seems everything else ok ...
>
> I must add this: i reinstalled windows xp without reformatting the disc
> but
> created a new administrator account ("admin"). In directory "myapp", i can
> see in the security an unknown account (S-1-5-21 -....). Has this
> something
> to do with my problem?
>
> I don't know where to seek ...
> Thanks
>
> "David Wang" schreef in
> berichtnews:0bb71308-3eb9-4240-88fb-299ac162596b@k10g2000prm .googlegroups.com...
> On Apr 14, 1:59 pm, "bob" wrote:
>
>
>
>
>
> > Hi,
>
> > my configuration: windows xp prof sp2 with IIS 5.1.
>
> > I have several asp.net applications some using login/password (with
> > Anonymous authentification set in IIS) and others using the windows
> > account
> > (with Integrated Windows Authentification).
>
> > When testing the application on the IIS server with administrator
> > account,
> > for all applications using windows account i have to introduce an
> > account/pw
> > in a little window. Even when clicking the option "remember the
> > password",
> > the next time i get that windows. This does not happen for the
> > application
> > using Anonymous auth.
>
> > If i push the cancel button of that windows, i get the error:
> > HTTP 401.2 - No permissions: login failed because of server
> > configuration
>
> > Any way to get rid of that authentification window?
> > Thanks
> > Bob
>
> If the authentication window shows up with Integrated Windows
> Authentication, it usually means something is wrong within your
> configuration -- usually either Active Directory, networking, or Group
> Policy issue.
>
> ASP.Net login/password (aka "Forms Auth") uses Cookies to remember the
> login, which has its own issues, but you haven't spotted them yet.
>
> Bottom line, you get rid of that authentication window when your
> machine is properly configured. By default, Integrated Windows
> Authentication would work, so you've got something else going on that
> is breaking things.
>
> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David. Wang
> //- Hide quoted text -
>
> - Show quoted text -

Re: HTTP 401.2 - No permissions: login failed because of server

In that case, you are only going down the Anonymous and ASP.Net Forms
Authentication path. You might as well not enable Integrated Windows
Authentication.

As for good practice -- it always depends on what you are trying to
accomplish. There are no hard/fast rules for security, only relative
degrees of security.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Apr 17, 11:33=A0am, "bob" wrote:
> "When you get prompted for the username/password, if you enter the
> correct credential, does it succeed or fail."
>
> Yes
>
> "Is HTTP KeepAlive enabled."
>
> Yes
>
> I can solve the problem by settings both Anonymous and Integrated Windows
> Authentication, but is this good practice?
>
> On Apr 16, 11:48 am, "bob" wrote:
>
>
>
> > Thanks for replying.
> > I doublechecked everything and these are the settings for application
> > "myapp":
> > I'm logged as "admin" (member of administrators).
> > In the security of directory c:\inetpub\wwwroot\myapp ,
> > "admin" has full rights and is owner of the directory.
>
> > In IIS, "myapp" is a virtual directory and the Map Security option is se=
t
> > to
> > Integrated Windows
> > Authentication. Futher seems everything else ok ...
>
> > I must add this: i reinstalled windows xp without reformatting the disc
> > but
> > created a new administrator account ("admin"). In directory "myapp", i c=
an
> > see in the security an unknown account (S-1-5-21 -....). Has this
> > something
> > to do with my problem?
>
> > I don't know where to seek ...
> > Thanks
>
> > "David Wang" schreef in
> > berichtnews:0bb71308-3eb9-4240-88fb-299ac162596b@k10g2000prm .googlegroup=
s.com...
> > On Apr 14, 1:59 pm, "bob" wrote:
>
> > > Hi,
>
> > > my configuration: windows xp prof sp2 with IIS 5.1.
>
> > > I have several asp.net applications some using login/password (with
> > > Anonymous authentification set in IIS) and others using the windows
> > > account
> > > (with Integrated Windows Authentification).
>
> > > When testing the application on the IIS server with administrator
> > > account,
> > > for all applications using windows account i have to introduce an
> > > account/pw
> > > in a little window. Even when clicking the option "remember the
> > > password",
> > > the next time i get that windows. This does not happen for the
> > > application
> > > using Anonymous auth.
>
> > > If i push the cancel button of that windows, i get the error:
> > > HTTP 401.2 - No permissions: login failed because of server
> > > configuration
>
> > > Any way to get rid of that authentification window?
> > > Thanks
> > > Bob
>
> > If the authentication window shows up with Integrated Windows
> > Authentication, it usually means something is wrong within your
> > configuration -- usually either Active Directory, networking, or Group
> > Policy issue.
>
> > ASP.Net login/password (aka "Forms Auth") uses Cookies to remember the
> > login, which has its own issues, but you haven't spotted them yet.
>
> > Bottom line, you get rid of that authentication window when your
> > machine is properly configured. By default, Integrated Windows
> > Authentication would work, so you've got something else going on that
> > is breaking things.
>
> > //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David. Wang
> > //- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -