Websites require a login

[Juan T. Llibre]

re:

Every time I attempt to run a localhost website, it asks me for a login, as if I am not a user on
the local machine.

Just because you're logged into Windows
doesn't mean you don't have to logon to an http connection.

re:

I am using windows authentication

That's why the server is requiring a login.

re:

I am the admin of this machine, how can I not be authorized?

Because logging into Windows is different than logging into a web application.

re:

If anyone has any ideas of what to do, let me know!

Either :

a) use anonymous authentication
or
b) login when requested

 

[Kat]

Every time I attempt to run a localhost website, it asks me for a login, as
if I am not a user on the local machine. I am a user on the local machine,
I am an admin on the local machine. I am not on a network. I have windows
xp professional installed, iis is installed and until recently everything
worked fine. I am using windows authentication, and have changed everything
I can think of to full control, even the Everyone, the vs develoeprs, the
debugger users, and every account on this machine, just to see if
authorization is the problem. Still requires a login. If I login with the
same login I have already logged in with, it works, if I do not login I get
a "You are not authorized" message. I am the admin of this machine, how can
I not be authorized? If anyone has any ideas of what to do, let me know!
Thanks for your help.

 

[Juan T. Llibre]

re:
!> The point of integrated security is to use the authentication
!> of the user that is logged in.

Dead wrong.

The point of integrated security is to authenticate the user that *logs in*.

 

[Kat]

Not so. up until a few days ago, I did not have to log in to a web site
once I was already logged in to a system. I do not know what changed. The
point of integrated security is to use the authentication of the user that
is logged in.

 

[Guest]

Kat,
if it worked before, and now it suddenly does not work, then it is either an
IIS issue or some folder permissions have changed. Check the physical folder
where the application is pointed to by IIS, ensure that all the possible
accounts (IUSR, ASPNET, and your user account) are listed and have "full
control".
IIS should have both Anonymous and Integrated checked for the site.
Peter

 

[Ben Rush]

Okay.

It's *my* understanding (and I'm not a security expert) that when using
integrated windows authentication you are using NTLM authentication or
Kerberos, depending on the situation. NTLM is used, typically, outside an
Active Directory domain, or when the client is connecting to another Active
Directory forest. Kerberos, on the other hand, is used for authentication in
Windows 2000 and 2003 via Active Directory. I could be wrong on this, but
that's my understanding.

Also per my understanding is that Kerberos tokens can be passed; so the idea
is that you need to log in once and have your credentials passed around with
you - it's a convenience factor. In this sense, passing the credentials to
IIS lays on the shoulders of the web browser (well, in your particular
situation).

Please check the following bits of information (please get back to me as I
would be interested in whether these work):

Make sure IE's Intranet zone security is set to Automatic Logon only in
intranet zone. IE will only pass credentials automatically if it identifies
the URL which you are using points to an internal location; and so if there
are periods (.) in the address, IE will consider it an external address and
so no credentials will be passed automatically.

Make sure you're using Internet Explorer. I know, this is probably a
no-brainer, but for the sake of completeness I'm mentioning it.

Make sure Windows Integrated authentication is enabled in the IIS security
properties for that web site.

....basically it is on the shoulders of Internet Explorer to pass the
security credentials on to the server; so check there first.

You are sure you didn't accidentally turn on Basic or Digenst authentication
methods, correct?

 

[Kat]

I think I had a series of issues going on. I discovered several things:
The directory of the default website had changed, so I went back to using
inetpub/wwwroot. I suspect this had to do with folder permissions. The
site was set to anonymous acccess and integrated security. Since Anonymous
Access takes precedence over integrated security (I believe), it was
attempting to logon with anonymous first and being rejected. It's now up
and running as intended. Thanks for all your help.