• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4601
  • Last Modified:

WWW-Authenticate header error

I have a SonicWall SSL-VPN 2000 hardware VPN box that users use to connect to a 2003 Server.  The server hosts e-mail, files, and Sharepoint.  You can create links to internal web services and it passes the credentials to the resource.  When I follow a link to the sharepoint intranet site, I get the following error:

TTP/1.1 401 Unauthorized Content-Length: 1656 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="server.nwi.local" X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 6.0.2.6568 Date: Thu, 15 Jun 2006 16:09:02 GMT Connection: close You are not authorized to view this page
You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.  

I assume it's something to do with how the device is passing the credentials to the web server.  What settings would I need to change on the IIS site to allow it to accept WWW-Authenticate headers?
0
itgrouptn
Asked:
itgrouptn
  • 4
  • 3
  • 2
1 Solution
 
pjedmondCommented:
http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiauths.htm#enablebasic

Bear in mind that basic authentication *IS NOT* considered to be secure unless done over https. It is the simplest method of authentication, and as such virtually every browser supports it.

If you want to understand more about how it all works, then:

http://old.owasp.org/columns/jlima/joelima2.html

will give you a good overview.

HTH:)
0
 
ansh_guptaCommented:
Can you tell us whats there in IIS logs for this whole thing. Or just copy paste the whole communication frm the iis logs..
0
 
ansh_guptaCommented:
And does it work fine when being accessed from a directly connected machine?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
itgrouptnAuthor Commented:
This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when the VPN hardware device tries to authenticate on behalf of the client.  It may be an issue with trusted delegation.  Basic authentication and integrated windows authentication is enabled.  I'll post the IIS logs shortly.
0
 
itgrouptnAuthor Commented:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-18 17:58:36
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-18 17:58:36 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

2006-06-18 18:04:08 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

Here are two separate attempts to connect via the VPN box.
0
 
pjedmondCommented:
>This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when >the VPN hardware device tries to authenticate on behalf of the client

I think that you need to be looking at the configuration of the VPN Hardware rather than the client/server? VPN hardware is supposed to be (as neart as dammit!) transparent!
0
 
ansh_guptaCommented:
I think your vpn box is the problem. Its not able to forward the integrated authentication. So what you can do is you can use ssl with Basic authentication for Sharepoint website.

0
 
itgrouptnAuthor Commented:
I have basic authentication enabled for the sharepoint site and it is restricted to SSL.  The link I created to exchange webmail works fine, so I think it's something specific to SharePoint.
0
 
ansh_guptaCommented:
Yes sharepoint is not supposed to be working from outside. remember that.. Basic auth may not work with sharepoint coz it has ISAPI filters and extensions which ask for integrated auth. thats y its not supposed to work frm outside.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now