Solved

Windows 2000 Server - IIS Basic Authentication not working

Posted on 2003-11-12
8
627 Views
Last Modified: 2008-03-17
Ok, I have setup on our server the ability for users to connect into a local intranet website via IP and type their windows domain username and password in to authenticate.  The website is setup with a certificate and 128-bit encyrption.  I don't think any of that matters, just a little background.

The problem is only administrators can successfully log in and get to the website.  If a user that doesn't have administrator privledges on the domain can't login.  According to all the documents I have read, this is not how Basic Authentication should function.  I have only that box checked under the directory security tab.

I have tried giving physical NTFS rights to a user to the directory in inetpub/wwwroot/, I have tried add members to the operators tab of the website, and seeing if they can authenticate that way and it hasn't worked.  I have also tried a mulitude of combinations with the directory security choices and came up with zero.  Any ideas?
0
Comment
Question by:gap0134
  • 2
  • 2
8 Comments
 

Expert Comment

by:JamesWillison
ID: 9740257
You need to create a user group on your web server and then assize all the user that you wish to connect through into this group, giving then the rights you want each of them to have.
Then give the Group admin right under the NTFS system permissions.
 

What this will do is give them the access to hit the web server. Within 2000 the basic rule is the most restrictive protocol is dominant.

there for they will not in reality have the admin rights
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9757964
Check the policies applied to that machine and make sure that everyone has "access this computer from the network."  Also, since you're using basic you will need "log on locally" rights for this group as well.  

An alternative to the above is to add the Domain Users group to the local users group on the IIS server.
0
 

Author Comment

by:gap0134
ID: 9767693
Marc, they are all ready in the Domain Users group.  And I don't know where to check the policy you are referring to.

James, yes this worked...however, we have alot of NTFS rights we would override for users giving them a new user like you said.  I did see however, a way to set your primary group.  If for instance I have a group for Marketing, and a share for Marketing on the system, I want them to be able to see the webpage AND their respective folder.  Can I use the primary group to my advantage in this case?
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9768697
I'm sure they're already in the Domain Users group, I'm talking about adding the Domain Users group to the local machines Users group.  Of course this applies only to member servers.  If this is a DC you will have to edit the default domain controllers policy to allow the two rights I previously mentioned.
0
 

Accepted Solution

by:
JamesWillison earned 125 total points
ID: 9769804
YES 100% the easiest way of doing this would be to  add the "marketing" group to

(WEB connect group) Whats ever you have called the group

In this way they will retain all the access rights they have on the Domain Controller. as long as they have the rights to see the folder on domain controller they will have the permission to see them when they are connected throuh the web inter face.

Let me know if you need any other information or if i have been unclear in any way.

P.s
what is the full intent of this if you dont mind me asking as i may have a much easier for you to action this this giving them the same access right all depends on what the users are going to use the interface for

best regards

(`'·.¸(`'·.¸ ~ ¸.·'´)¸.·'´)
«´.¸¸   JAMES    ¸¸.·`»
(¸.·'´(¸.·'´ ~ `'·.¸)`'·.¸)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2003 Terminal Server licenses 3 338
Exchange server 2003 sp2 local queue frozen mail 3 360
win2k service packs 5 645
Windows 16 342
Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now