Solved

WWW-Authenticate header error

Posted on 2006-06-15
9
4,552 Views
Last Modified: 2008-05-29
I have a SonicWall SSL-VPN 2000 hardware VPN box that users use to connect to a 2003 Server.  The server hosts e-mail, files, and Sharepoint.  You can create links to internal web services and it passes the credentials to the resource.  When I follow a link to the sharepoint intranet site, I get the following error:

TTP/1.1 401 Unauthorized Content-Length: 1656 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="server.nwi.local" X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 6.0.2.6568 Date: Thu, 15 Jun 2006 16:09:02 GMT Connection: close You are not authorized to view this page
You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.  

I assume it's something to do with how the device is passing the credentials to the web server.  What settings would I need to change on the IIS site to allow it to accept WWW-Authenticate headers?
0
Comment
Question by:itgrouptn
  • 4
  • 3
  • 2
9 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16915481
http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiauths.htm#enablebasic

Bear in mind that basic authentication *IS NOT* considered to be secure unless done over https. It is the simplest method of authentication, and as such virtually every browser supports it.

If you want to understand more about how it all works, then:

http://old.owasp.org/columns/jlima/joelima2.html

will give you a good overview.

HTH:)
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16918282
Can you tell us whats there in IIS logs for this whole thing. Or just copy paste the whole communication frm the iis logs..
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16918291
And does it work fine when being accessed from a directly connected machine?
0
 

Author Comment

by:itgrouptn
ID: 16930354
This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when the VPN hardware device tries to authenticate on behalf of the client.  It may be an issue with trusted delegation.  Basic authentication and integrated windows authentication is enabled.  I'll post the IIS logs shortly.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:itgrouptn
ID: 16930410
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-18 17:58:36
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-18 17:58:36 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

2006-06-18 18:04:08 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

Here are two separate attempts to connect via the VPN box.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16930510
>This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when >the VPN hardware device tries to authenticate on behalf of the client

I think that you need to be looking at the configuration of the VPN Hardware rather than the client/server? VPN hardware is supposed to be (as neart as dammit!) transparent!
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16933183
I think your vpn box is the problem. Its not able to forward the integrated authentication. So what you can do is you can use ssl with Basic authentication for Sharepoint website.

0
 

Author Comment

by:itgrouptn
ID: 16940029
I have basic authentication enabled for the sharepoint site and it is restricted to SSL.  The link I created to exchange webmail works fine, so I think it's something specific to SharePoint.
0
 
LVL 4

Accepted Solution

by:
ansh_gupta earned 500 total points
ID: 16940304
Yes sharepoint is not supposed to be working from outside. remember that.. Basic auth may not work with sharepoint coz it has ISAPI filters and extensions which ask for integrated auth. thats y its not supposed to work frm outside.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now