Question about windows integrated security

  • Thread starter Thread starter NWx
  • Start date Start date
N

NWx

Hi,

I developed a small test app using ASP.NET. I left the vistual folder to be
accessible only with windows integrated security.
I try to access that app from another PC in my LAN. I don't have a domain
controller, the lan works with Workgroup.

When I access that page, I get a user login dialog, aking me to enter
username / password

I have an user account on that pc, and try to enter that username, and pass,
but autantication fail and I see that dialog again and again.

To be more specific

server pc is called TTMServer
PC I try to connect from is called TTMWS

On TTMServer I have a user account with administrative privileges, John,
password John22
On TTMWS I also have an account John, with pass John22, admin account type
too

I work on TTMWS, and I'm logged on account John

When I try to access my app

http://ttmserver/Testapp

I get the user login window.

I try enter user John or user TTMServer\John, and pass John22, but no luck.
I'm not autenticated, so I cannot see that page

What I did wrong? How someone over internet, who have a user account on a PC
hosting the web server, can access a app which uses Windows autentication ?

Thank you for any help
 
Not only do you have enter a valid user account for the server, but that
user account needs to have appropriate NTFS permissions to the actual file
you want to read off the server's hard disk. I would check the NTFS
permissions on the server.

Cheers
Ken


: Hi,
:
: I developed a small test app using ASP.NET. I left the vistual folder to
be
: accessible only with windows integrated security.
: I try to access that app from another PC in my LAN. I don't have a domain
: controller, the lan works with Workgroup.
:
: When I access that page, I get a user login dialog, aking me to enter
: username / password
:
: I have an user account on that pc, and try to enter that username, and
pass,
: but autantication fail and I see that dialog again and again.
:
: To be more specific
:
: server pc is called TTMServer
: PC I try to connect from is called TTMWS
:
: On TTMServer I have a user account with administrative privileges, John,
: password John22
: On TTMWS I also have an account John, with pass John22, admin account type
: too
:
: I work on TTMWS, and I'm logged on account John
:
: When I try to access my app
:
: http://ttmserver/Testapp
:
: I get the user login window.
:
: I try enter user John or user TTMServer\John, and pass John22, but no
luck.
: I'm not autenticated, so I cannot see that page
:
: What I did wrong? How someone over internet, who have a user account on a
PC
: hosting the web server, can access a app which uses Windows autentication
?
:
: Thank you for any help
:
:
:
 
Hi,
Not only do you have enter a valid user account for the server, but that
user account needs to have appropriate NTFS permissions to the actual file
you want to read off the server's hard disk. I would check the NTFS
permissions on the server.
Click to expand...

User account I try to logon with has admnistrator rights, so it can access
and file and folder.

Do you have any other suggestion?

Thank you.
 
It would be unusual for a local admin not to be able to access a page *but*
it is possible to remove access to admins from a page. Check the NTFS
permissions.

Next - I would enable auditing for "logon failures" if it's not currently
enabled. You will then see, in the security Event Log, and logon failure
event, recording the account that the server thinks it being used, and a
possible reason why the logon is failing.

What you have setup should work, but for some reason it's not, so we need to
try and work out where it's failing.

Cheers
Ken


: Hi,
:
: > Not only do you have enter a valid user account for the server, but that
: > user account needs to have appropriate NTFS permissions to the actual
file
: > you want to read off the server's hard disk. I would check the NTFS
: > permissions on the server.
:
: User account I try to logon with has admnistrator rights, so it can access
: and file and folder.
:
: Do you have any other suggestion?
:
: Thank you.
:
:
:
: >
: > Cheers
: > Ken
: >
: >
: > : > : Hi,
: > :
: > : I developed a small test app using ASP.NET. I left the vistual folder
to
: > be
: > : accessible only with windows integrated security.
: > : I try to access that app from another PC in my LAN. I don't have a
: domain
: > : controller, the lan works with Workgroup.
: > :
: > : When I access that page, I get a user login dialog, aking me to enter
: > : username / password
: > :
: > : I have an user account on that pc, and try to enter that username, and
: > pass,
: > : but autantication fail and I see that dialog again and again.
: > :
: > : To be more specific
: > :
: > : server pc is called TTMServer
: > : PC I try to connect from is called TTMWS
: > :
: > : On TTMServer I have a user account with administrative privileges,
John,
: > : password John22
: > : On TTMWS I also have an account John, with pass John22, admin account
: type
: > : too
: > :
: > : I work on TTMWS, and I'm logged on account John
: > :
: > : When I try to access my app
: > :
: > : http://ttmserver/Testapp
: > :
: > : I get the user login window.
: > :
: > : I try enter user John or user TTMServer\John, and pass John22, but no
: > luck.
: > : I'm not autenticated, so I cannot see that page
: > :
: > : What I did wrong? How someone over internet, who have a user account
on
: a
: > PC
: > : hosting the web server, can access a app which uses Windows
: autentication
: > ?
: > :
: > : Thank you for any help
: > :
: > :
: > :
: >
: >
:
:
 
Hi,
It would be unusual for a local admin not to be able to access a page *but*
it is possible to remove access to admins from a page. Check the NTFS
permissions.
Click to expand...

This is a test server, so it cannot be accessed over internet
The virtual folder is located on a FAT32 drive, do there is no file or
folder restriction available.
Next - I would enable auditing for "logon failures" if it's not currently
enabled. You will then see, in the security Event Log, and logon failure
event, recording the account that the server thinks it being used, and a
possible reason why the logon is failing.
Click to expand...

Sorry to ask, but how can I do this? I don't know much beside basic settings
(minimum necessary to be able to setup virtual folder for a web app -
ASP.NET, ASP or PHP) about managing IIS.

Actually, I tried connecting to the server again, but probaly I changed
something since last time, and now I get a different behaviour: user logon
form opened by browser has TTMSERVER\Guest filled automatically in user
login, and it is disabled (so I cannot change it to John anymore), so I can
only enter a password.

What could be the reason for this?

Many thanks for your patience.

Cheers
 
Back
Top