Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 11249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IIS Authentication problem

skar
Hello guys,

One of our users is trying to access an website where authentication is required. We are running Astaro 7.402. The destination webserver is IIS. I tried the following:

- Surf to the site with Internet Explorer, without proxy. Authentication window appears.
- Surf to the site with Internet Explorer, with proxy. Authentication window doesn't appear.
- Surf to the site with Mozilla Firefox, without proxy. Authentication window appears.
- Surf to the site with Mozilla Firefox, with proxy. Authentication window appears.

I also sniffed the headers from the destination site.

Without proxy: 
GET /x/x/index.html HTTP/1.1

Host: x.x.x.x

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 GTB5 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: nl,en-us;q=0.7,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Cache-Control: max-age=0



HTTP/1.x 401 Unauthorized

Content-Length: 1656

Content-Type: text/html

Server: Microsoft-IIS/6.0

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

X-Powered-By: ASP.NET

Date: Fri, 03 Jul 2009 06:50:05 GMT


With proxy: 
GET /x/x/index.html HTTP/1.1

Host: x.x.x.x

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 GTB5 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: nl,en-us;q=0.7,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Proxy-Connection: keep-alive

Cache-Control: max-age=0



HTTP/1.x 401 Unauthorized

Content-Type: text/html

Server: Microsoft-IIS/6.0

WWW-Authenticate: NTLM

X-Powered-By: ASP.NET

Date: Fri, 03 Jul 2009 06:50:59 GMT

Content-Length: 1656

Accept-Ranges: none

Proxy-Connection: Keep-Alive


It seems that Astaro strips one of the two WWW-Authenticate arguments. Is there an solution for this problem. I tried searching the forum, but didn't find a good solution for this. 

Thanks in advance,

Jasper


This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember
    I did receive a reply from the web developer of our site, who put in a bogus Basic Authentication w/ SSL page up to test, and of course IE popped right up with a dialog when hitting it, so that's going to be the fix for us. NTLM was likely left enabled by the hosting company.
  • 0 in reply to FormerMember
    I hope Schnelle comes back to comment on this.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
  • 0 in reply to BAlfson
    I have a customer who also now has this issue. We are running an ASG320 with 7.404 loaded.

    When the user goes to a site where he needs to authenticate against a sharepoint server the authentication dialogue pops up but he cannot authenticate. The authentication box just pops up again after he enters his details. I have tried making an exception with every check,AV,authentication etc switched off and it still does not work. 

    Anybody found a workaround before I go to Astaro support?

    Thanks
    Richard