Question about windows integrated security

[NWx]

Hi,

I developed a small test app using ASP.NET. I left the vistual folder to be
accessible only with windows integrated security.
I try to access that app from another PC in my LAN. I don't have a domain
controller, the lan works with Workgroup.

When I access that page, I get a user login dialog, aking me to enter
username / password

I have an user account on that pc, and try to enter that username, and pass,
but autantication fail and I see that dialog again and again.

To be more specific

server pc is called TTMServer
PC I try to connect from is called TTMWS

On TTMServer I have a user account with administrative privileges, John,
password John22
On TTMWS I also have an account John, with pass John22, admin account type
too

I work on TTMWS, and I'm logged on account John

When I try to access my app

[url]http://ttmserver/Testapp[/url]

I get the user login window.

I try enter user John or user TTMServer\John, and pass John22, but no luck.
I'm not autenticated, so I cannot see that page

What I did wrong? How someone over internet, who have a user account on a PC
hosting the web server, can access a app which uses Windows autentication ?

Thank you for any help

[David Coe]

In the web.config file, under the <authorization> element, do you have

<authorization><allow users="John"/></authorization>

?? This section is where you define the users that are allowed (or denied) access to the application.

David Coe
Microsoft Certified Professional
ASP.NET, XML Web Services

----- NWx wrote: -----

Hi,

I developed a small test app using ASP.NET. I left the vistual folder to be
accessible only with windows integrated security.
I try to access that app from another PC in my LAN. I don't have a domain
controller, the lan works with Workgroup.

When I access that page, I get a user login dialog, aking me to enter
username / password

I have an user account on that pc, and try to enter that username, and pass,
but autantication fail and I see that dialog again and again.

To be more specific

server pc is called TTMServer
PC I try to connect from is called TTMWS

On TTMServer I have a user account with administrative privileges, John,
password John22
On TTMWS I also have an account John, with pass John22, admin account type
too

I work on TTMWS, and I'm logged on account John

When I try to access my app

[url]http://ttmserver/Testapp[/url]

I get the user login window.

I try enter user John or user TTMServer\John, and pass John22, but no luck.
I'm not autenticated, so I cannot see that page

What I did wrong? How someone over internet, who have a user account on a PC
hosting the web server, can access a app which uses Windows autentication ?

Thank you for any help

[Ken Schaefer]

Not only do you have enter a valid user account for the server, but that
user account needs to have appropriate NTFS permissions to the actual file
you want to read off the server's hard disk. I would check the NTFS
permissions on the server.

Cheers
Ken


"NWx" <test@test.com> wrote in message
news:%23Pcl30Y5DHA.1816@TK2MSFTNGP12.phx.gbl...
: Hi,
:
: I developed a small test app using ASP.NET. I left the vistual folder to
be
: accessible only with windows integrated security.
: I try to access that app from another PC in my LAN. I don't have a domain
: controller, the lan works with Workgroup.
:
: When I access that page, I get a user login dialog, aking me to enter
: username / password
:
: I have an user account on that pc, and try to enter that username, and
pass,
: but autantication fail and I see that dialog again and again.
:
: To be more specific
:
: server pc is called TTMServer
: PC I try to connect from is called TTMWS
:
: On TTMServer I have a user account with administrative privileges, John,
: password John22
: On TTMWS I also have an account John, with pass John22, admin account type
: too
:
: I work on TTMWS, and I'm logged on account John
:
: When I try to access my app
:
: [url]http://ttmserver/Testapp[/url]
:
: I get the user login window.
:
: I try enter user John or user TTMServer\John, and pass John22, but no
luck.
: I'm not autenticated, so I cannot see that page
:
: What I did wrong? How someone over internet, who have a user account on a
PC
: hosting the web server, can access a app which uses Windows autentication
?
:
: Thank you for any help
:
:
:

[NWx]

Hi,

> In the web.config file, under the <authorization> element, do you have
>
> <authorization><allow users="John"/></authorization>
>
> ?? This section is where you define the users that are allowed (or

denied) access to the application.

I don't have this, but I have instead
<authorization><allow users="*"/></authorization>

which I understood allow all users to use the application.

Anyway I changed to the setting you told me.
However, something was changed since I tried to use the application with Win
security last time, and now I get a different behaviour: user logon form
opened by browser has TTMSERVER\Guest filled automatically in user login,
and it is disabled (so I cannot change it to John anymore), so I can only
enter a password.

What could be the reason for this?

Thank you for your answer.

Regards.

>
> David Coe
> Microsoft Certified Professional
> ASP.NET, XML Web Services
>
> ----- NWx wrote: -----
>
> Hi,
>
> I developed a small test app using ASP.NET. I left the vistual folder

to be

> accessible only with windows integrated security.
> I try to access that app from another PC in my LAN. I don't have a

domain

> controller, the lan works with Workgroup.
>
> When I access that page, I get a user login dialog, aking me to enter
> username / password
>
> I have an user account on that pc, and try to enter that username,

and pass,

> but autantication fail and I see that dialog again and again.
>
> To be more specific
>
> server pc is called TTMServer
> PC I try to connect from is called TTMWS
>
> On TTMServer I have a user account with administrative privileges,

John,

> password John22
> On TTMWS I also have an account John, with pass John22, admin account

type

> too
>
> I work on TTMWS, and I'm logged on account John
>
> When I try to access my app
>
> [url]http://ttmserver/Testapp[/url]
>
> I get the user login window.
>
> I try enter user John or user TTMServer\John, and pass John22, but no

luck.

> I'm not autenticated, so I cannot see that page
>
> What I did wrong? How someone over internet, who have a user account

on a PC

> hosting the web server, can access a app which uses Windows

autentication ?

>
> Thank you for any help
>
>
>
>

[NWx]

Hi,

> Not only do you have enter a valid user account for the server, but that
> user account needs to have appropriate NTFS permissions to the actual file
> you want to read off the server's hard disk. I would check the NTFS
> permissions on the server.

User account I try to logon with has admnistrator rights, so it can access
and file and folder.

Do you have any other suggestion?

Thank you.

>
> Cheers
> Ken
>
>
> "NWx" <test@test.com> wrote in message
> news:%23Pcl30Y5DHA.1816@TK2MSFTNGP12.phx.gbl...
> : Hi,
> :
> : I developed a small test app using ASP.NET. I left the vistual folder to
> be
> : accessible only with windows integrated security.
> : I try to access that app from another PC in my LAN. I don't have a

domain

> : controller, the lan works with Workgroup.
> :
> : When I access that page, I get a user login dialog, aking me to enter
> : username / password
> :
> : I have an user account on that pc, and try to enter that username, and
> pass,
> : but autantication fail and I see that dialog again and again.
> :
> : To be more specific
> :
> : server pc is called TTMServer
> : PC I try to connect from is called TTMWS
> :
> : On TTMServer I have a user account with administrative privileges, John,
> : password John22
> : On TTMWS I also have an account John, with pass John22, admin account

type

> : too
> :
> : I work on TTMWS, and I'm logged on account John
> :
> : When I try to access my app
> :
> : [url]http://ttmserver/Testapp[/url]
> :
> : I get the user login window.
> :
> : I try enter user John or user TTMServer\John, and pass John22, but no
> luck.
> : I'm not autenticated, so I cannot see that page
> :
> : What I did wrong? How someone over internet, who have a user account on

a

> PC
> : hosting the web server, can access a app which uses Windows

autentication

> ?
> :
> : Thank you for any help
> :
> :
> :
>
>

[Ken Schaefer]

It would be unusual for a local admin not to be able to access a page *but*
it is possible to remove access to admins from a page. Check the NTFS
permissions.

Next - I would enable auditing for "logon failures" if it's not currently
enabled. You will then see, in the security Event Log, and logon failure
event, recording the account that the server thinks it being used, and a
possible reason why the logon is failing.

What you have setup should work, but for some reason it's not, so we need to
try and work out where it's failing.

Cheers
Ken


"NWx" <test@test.com> wrote in message
news:er2NWP35DHA.2908@tk2msftngp13.phx.gbl...
: Hi,
:
: > Not only do you have enter a valid user account for the server, but that
: > user account needs to have appropriate NTFS permissions to the actual
file
: > you want to read off the server's hard disk. I would check the NTFS
: > permissions on the server.
:
: User account I try to logon with has admnistrator rights, so it can access
: and file and folder.
:
: Do you have any other suggestion?
:
: Thank you.
:
:
:
: >
: > Cheers
: > Ken
: >
: >
: > "NWx" <test@test.com> wrote in message
: > news:%23Pcl30Y5DHA.1816@TK2MSFTNGP12.phx.gbl...
: > : Hi,
: > :
: > : I developed a small test app using ASP.NET. I left the vistual folder
to
: > be
: > : accessible only with windows integrated security.
: > : I try to access that app from another PC in my LAN. I don't have a
: domain
: > : controller, the lan works with Workgroup.
: > :
: > : When I access that page, I get a user login dialog, aking me to enter
: > : username / password
: > :
: > : I have an user account on that pc, and try to enter that username, and
: > pass,
: > : but autantication fail and I see that dialog again and again.
: > :
: > : To be more specific
: > :
: > : server pc is called TTMServer
: > : PC I try to connect from is called TTMWS
: > :
: > : On TTMServer I have a user account with administrative privileges,
John,
: > : password John22
: > : On TTMWS I also have an account John, with pass John22, admin account
: type
: > : too
: > :
: > : I work on TTMWS, and I'm logged on account John
: > :
: > : When I try to access my app
: > :
: > : [url]http://ttmserver/Testapp[/url]
: > :
: > : I get the user login window.
: > :
: > : I try enter user John or user TTMServer\John, and pass John22, but no
: > luck.
: > : I'm not autenticated, so I cannot see that page
: > :
: > : What I did wrong? How someone over internet, who have a user account
on
: a
: > PC
: > : hosting the web server, can access a app which uses Windows
: autentication
: > ?
: > :
: > : Thank you for any help
: > :
: > :
: > :
: >
: >
:
:

[NWx]

Hi,

> It would be unusual for a local admin not to be able to access a page

*but*

> it is possible to remove access to admins from a page. Check the NTFS
> permissions.

This is a test server, so it cannot be accessed over internet
The virtual folder is located on a FAT32 drive, do there is no file or
folder restriction available.

> Next - I would enable auditing for "logon failures" if it's not currently
> enabled. You will then see, in the security Event Log, and logon failure
> event, recording the account that the server thinks it being used, and a
> possible reason why the logon is failing.

Sorry to ask, but how can I do this? I don't know much beside basic settings
(minimum necessary to be able to setup virtual folder for a web app -
ASP.NET, ASP or PHP) about managing IIS.

Actually, I tried connecting to the server again, but probaly I changed
something since last time, and now I get a different behaviour: user logon
form opened by browser has TTMSERVER\Guest filled automatically in user
login, and it is disabled (so I cannot change it to John anymore), so I can
only enter a password.

What could be the reason for this?

Many thanks for your patience.

Cheers

>
> What you have setup should work, but for some reason it's not, so we need

to

> try and work out where it's failing.
>
> Cheers
> Ken server
>
>
> "NWx" <test@test.com> wrote in message
> news:er2NWP35DHA.2908@tk2msftngp13.phx.gbl...
> : Hi,
> :
> : > Not only do you have enter a valid user account for the server, but

that

> : > user account needs to have appropriate NTFS permissions to the actual
> file
> : > you want to read off the server's hard disk. I would check the NTFS
> : > permissions on the server.
> :
> : User account I try to logon with has admnistrator rights, so it can

access

> : and file and folder.
> :
> : Do you have any other suggestion?
> :
> : Thank you.
> :
> :
> :
> : >
> : > Cheers
> : > Ken
> : >
> : >
> : > "NWx" <test@test.com> wrote in message
> : > news:%23Pcl30Y5DHA.1816@TK2MSFTNGP12.phx.gbl...
> : > : Hi,
> : > :
> : > : I developed a small test app using ASP.NET. I left the vistual

folder

> to
> : > be
> : > : accessible only with windows integrated security.
> : > : I try to access that app from another PC in my LAN. I don't have a
> : domain
> : > : controller, the lan works with Workgroup.
> : > :
> : > : When I access that page, I get a user login dialog, aking me to

enter

> : > : username / password
> : > :
> : > : I have an user account on that pc, and try to enter that username,

and

> : > pass,
> : > : but autantication fail and I see that dialog again and again.
> : > :
> : > : To be more specific
> : > :
> : > : server pc is called TTMServer
> : > : PC I try to connect from is called TTMWS
> : > :
> : > : On TTMServer I have a user account with administrative privileges,
> John,
> : > : password John22
> : > : On TTMWS I also have an account John, with pass John22, admin

account

> : type
> : > : too
> : > :
> : > : I work on TTMWS, and I'm logged on account John
> : > :
> : > : When I try to access my app
> : > :
> : > : [url]http://ttmserver/Testapp[/url]
> : > :
> : > : I get the user login window.
> : > :
> : > : I try enter user John or user TTMServer\John, and pass John22, but

no

> : > luck.
> : > : I'm not autenticated, so I cannot see that page
> : > :
> : > : What I did wrong? How someone over internet, who have a user account
> on
> : a
> : > PC
> : > : hosting the web server, can access a app which uses Windows
> : autentication
> : > ?
> : > :
> : > : Thank you for any help
> : > :
> : > :
> : > :
> : >
> : >
> :
> :
>
>