always ask windows user name and password
in [IIS]
|
Prev: IIS Password change pages 64bit
Next: FTP error 426
From: Newbie on 8 Mar 2010 15:14 Do you want to enable "Anonymous Access"? This means that *no* user credentials are required to be supplied by end users? Yes. To allow the first, enable "Anonymous Authentication" in IIS. Disable the other authentication options. Ensure that the configured Anonymous user account which IIS will impersonate for NTFS file access has Read (RX) permissions to the files/folders in your website Yes, we did. The server name is 'server01', IP address is '192.168.100.250'. Internal workstations IP address from 192.168.100.1 to 192.168.100.240. Those workstations can browse http://server01 without ask user name and password. If we change to http://192.168.100.250, then IE always pop up a windows to ask user name and password. Thanks
From: Dan on 9 Mar 2010 04:47
"Newbie" <Newbie(a)discussions.microsoft.com> wrote in message news:1A8F140C-B84D-4C2B-A399-EE3AFF723D47(a)microsoft.com... > Do you want to enable "Anonymous Access"? This means that *no* user > credentials are required to be supplied by end users? > > Yes. > > To allow the first, enable "Anonymous Authentication" in IIS. Disable the > other authentication options. Ensure that the configured Anonymous user > account which IIS will impersonate for NTFS file access has Read (RX) > permissions to the files/folders in your website > > Yes, we did. > > > > The server name is 'server01', IP address is '192.168.100.250'. > > Internal workstations IP address from 192.168.100.1 to 192.168.100.240. > Those workstations can browse http://server01 without ask user name and > password. > If we change to http://192.168.100.250, then IE always pop up a windows to > ask user name and password. > > Thanks That means that anonymous access is not working. What is happening is that when the users go to http://server01 that is treated as being in the Intranet Sites zone and IE by default will automatically send the current user credentials if asked to. Because anonymous access isn't working (the IIS anonymous account doesn't have the correct permissions for the site) IIS is sending a request to the browser, and IE is sending the user credentials automatically and those do then provide the permissions that IIS requires as it impersonates that user. When the user goes to http://192.168.1.250 then again IIS can't use anonymous access so asks the browser for user credentials. IE treats this site as being in the Internet zone because, and so doesn't automatically send the user credentials - that's why you get the popup asking for the user to enter them. Your answer to the second question above cannot be Yes - if you disabled all options except anonymous access then the popup would never appear, the user would simply see an error message from IIS. Turn off basic and integrated authentication in IIS, and start tracing which permissions need changing for IIS to work without needing the user credentials, and you'll get the result you want. -- Dan |