IIS challenge [modified]
-
I'm really stumped on this security issue. I get a windows challenge, pop-up, login dialog, whatever you want to call it, when I go to my website. Here is what I have so far: 1) I can get to services.xxx.com just fine ( no pop-up) 2) When I go to services.xxx.com/newsite I get the login pop up 3) services.xxx.com/newsite is a .NET 2.0 site with windows authentication in the web.config 4) services.xxx.com/newsite is running as an application in IIS 6.0 (not as a virtual directory it physically sits under the root in the windows directory) 5) If I click "Cancel" on the pop up I get a "HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS)" 6) If I enter the same login I use to remote desktop to that server, I gain access to the site 7) In windows security, the folder "newsite" inherits all it's permission from the parent directory. 8) If I open in IE on the web server itself like this http://localhost/newsite it opens w/o a login, but if I use the domain http://services.xxx.com/newsite then I get the pop-up I want to allow anyone on the web to see this site (eventually but not yet so I didn't post the actual url ) . Can anyone help? -- modified at 17:52 Wednesday 27th December, 2006
"Half this game is ninety percent mental." - Yogi Berra If you can read thank a teacher, if you can read in English, thank a Marine.
-
I'm really stumped on this security issue. I get a windows challenge, pop-up, login dialog, whatever you want to call it, when I go to my website. Here is what I have so far: 1) I can get to services.xxx.com just fine ( no pop-up) 2) When I go to services.xxx.com/newsite I get the login pop up 3) services.xxx.com/newsite is a .NET 2.0 site with windows authentication in the web.config 4) services.xxx.com/newsite is running as an application in IIS 6.0 (not as a virtual directory it physically sits under the root in the windows directory) 5) If I click "Cancel" on the pop up I get a "HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS)" 6) If I enter the same login I use to remote desktop to that server, I gain access to the site 7) In windows security, the folder "newsite" inherits all it's permission from the parent directory. 8) If I open in IE on the web server itself like this http://localhost/newsite it opens w/o a login, but if I use the domain http://services.xxx.com/newsite then I get the pop-up I want to allow anyone on the web to see this site (eventually but not yet so I didn't post the actual url ) . Can anyone help? -- modified at 17:52 Wednesday 27th December, 2006
"Half this game is ninety percent mental." - Yogi Berra If you can read thank a teacher, if you can read in English, thank a Marine.
Well it sounds like your system only trusts the local intranet. Review your firewall settings and your IIS configuration to make sure they all to all (in fact sometimes you should block local to stop worms). My best advice at this time (without being able to review your settings) is tha you should switch to Apache.
Brad Australian -CAUTION- The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.