Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 11249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IIS Authentication problem

skar
Hello guys,

One of our users is trying to access an website where authentication is required. We are running Astaro 7.402. The destination webserver is IIS. I tried the following:

- Surf to the site with Internet Explorer, without proxy. Authentication window appears.
- Surf to the site with Internet Explorer, with proxy. Authentication window doesn't appear.
- Surf to the site with Mozilla Firefox, without proxy. Authentication window appears.
- Surf to the site with Mozilla Firefox, with proxy. Authentication window appears.

I also sniffed the headers from the destination site.

Without proxy: 
GET /x/x/index.html HTTP/1.1

Host: x.x.x.x

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 GTB5 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: nl,en-us;q=0.7,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Cache-Control: max-age=0



HTTP/1.x 401 Unauthorized

Content-Length: 1656

Content-Type: text/html

Server: Microsoft-IIS/6.0

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

X-Powered-By: ASP.NET

Date: Fri, 03 Jul 2009 06:50:05 GMT


With proxy: 
GET /x/x/index.html HTTP/1.1

Host: x.x.x.x

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 GTB5 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: nl,en-us;q=0.7,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Proxy-Connection: keep-alive

Cache-Control: max-age=0



HTTP/1.x 401 Unauthorized

Content-Type: text/html

Server: Microsoft-IIS/6.0

WWW-Authenticate: NTLM

X-Powered-By: ASP.NET

Date: Fri, 03 Jul 2009 06:50:59 GMT

Content-Length: 1656

Accept-Ranges: none

Proxy-Connection: Keep-Alive


It seems that Astaro strips one of the two WWW-Authenticate arguments. Is there an solution for this problem. I tried searching the forum, but didn't find a good solution for this. 

Thanks in advance,

Jasper


This thread was automatically locked due to age.
Parents
  • 0
    I have a similar issue with SharePoint hosted sites using NTLM authentification but no fix.

    Have you tried a bowser exception for this site?
  • 0 in reply to Kingbuzzo
    Just to try to find the bug, does your problem go away if you restart ntlm?

    var/mdw/scripts/ntlm restart

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sorry that I didn't mention it, but we do not need automated authentication using NTLM, but just a window which asks the login credentials. When surfing the web using Astaro, it seems that Astaro filters one of the two headers, which is the WWW-Authenticate: Negotiate argument which is probably the cause IE doesn't get what I want.
Reply
  • 0 in reply to BAlfson
    Sorry that I didn't mention it, but we do not need automated authentication using NTLM, but just a window which asks the login credentials. When surfing the web using Astaro, it seems that Astaro filters one of the two headers, which is the WWW-Authenticate: Negotiate argument which is probably the cause IE doesn't get what I want.
Children
No Data