Solved

Windows 2000 Server - IIS Basic Authentication not working

Posted on 2003-11-12
8
631 Views
Last Modified: 2008-03-17
Ok, I have setup on our server the ability for users to connect into a local intranet website via IP and type their windows domain username and password in to authenticate.  The website is setup with a certificate and 128-bit encyrption.  I don't think any of that matters, just a little background.

The problem is only administrators can successfully log in and get to the website.  If a user that doesn't have administrator privledges on the domain can't login.  According to all the documents I have read, this is not how Basic Authentication should function.  I have only that box checked under the directory security tab.

I have tried giving physical NTFS rights to a user to the directory in inetpub/wwwroot/, I have tried add members to the operators tab of the website, and seeing if they can authenticate that way and it hasn't worked.  I have also tried a mulitude of combinations with the directory security choices and came up with zero.  Any ideas?
0
Comment
Question by:gap0134
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
8 Comments
 

Expert Comment

by:JamesWillison
ID: 9740257
You need to create a user group on your web server and then assize all the user that you wish to connect through into this group, giving then the rights you want each of them to have.
Then give the Group admin right under the NTFS system permissions.
 

What this will do is give them the access to hit the web server. Within 2000 the basic rule is the most restrictive protocol is dominant.

there for they will not in reality have the admin rights
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9757964
Check the policies applied to that machine and make sure that everyone has "access this computer from the network."  Also, since you're using basic you will need "log on locally" rights for this group as well.  

An alternative to the above is to add the Domain Users group to the local users group on the IIS server.
0
 

Author Comment

by:gap0134
ID: 9767693
Marc, they are all ready in the Domain Users group.  And I don't know where to check the policy you are referring to.

James, yes this worked...however, we have alot of NTFS rights we would override for users giving them a new user like you said.  I did see however, a way to set your primary group.  If for instance I have a group for Marketing, and a share for Marketing on the system, I want them to be able to see the webpage AND their respective folder.  Can I use the primary group to my advantage in this case?
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9768697
I'm sure they're already in the Domain Users group, I'm talking about adding the Domain Users group to the local machines Users group.  Of course this applies only to member servers.  If this is a DC you will have to edit the default domain controllers policy to allow the two rights I previously mentioned.
0
 

Accepted Solution

by:
JamesWillison earned 125 total points
ID: 9769804
YES 100% the easiest way of doing this would be to  add the "marketing" group to

(WEB connect group) Whats ever you have called the group

In this way they will retain all the access rights they have on the Domain Controller. as long as they have the rights to see the folder on domain controller they will have the permission to see them when they are connected throuh the web inter face.

Let me know if you need any other information or if i have been unclear in any way.

P.s
what is the full intent of this if you dont mind me asking as i may have a much easier for you to action this this giving them the same access right all depends on what the users are going to use the interface for

best regards

(`'·.¸(`'·.¸ ~ ¸.·'´)¸.·'´)
«´.¸¸   JAMES    ¸¸.·`»
(¸.·'´(¸.·'´ ~ `'·.¸)`'·.¸)
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question