Basic Authentication in IIS6 not accepting username/password

We have a remotely hosted dedicated server running Windows Server 2003.  We have a bunch of Virtual Directories setup and for one of them we want to restrict access using Basic Authentication.

When we enable both Integrated and Basic, the login prompt appears as expected and our username/password is accepted.  However, if we disable Integrated (which our client is asking us to do but we don't know why), the Basic Auth prompt appears, we put the same username/password in and it just re-shows the login prompt with the usual 3-strikes and your out result.

We've tried adding a domain name to the HTTP Headers list and then typing this in the defaultdomain field in the ISS properties of the Virtual Directory but it makes no difference.

If we enable the 'allow anonymous' option then the Virtual Directory works fine.  Why not with Basic Auth?

Jay.
jammy-d0dgerAsked:
Who is Participating?
 
DarthModConnect With a Mentor Commented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0
 
canaliCommented:
Can you report the error  received (401.1   401.2 )?
can u post some line of the log file ?
tried at the auth prompt to enter: nameOfTheServer\username  and password
Gas
0
 
jammy-d0dgerAuthor Commented:
Hi Canali,

We get this error:
"HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration."

An example of a log entry when auth fails is:
2006-06-19 22:09:54 W3SVC19066 88.xxx.xxx.xxx GET /secureba/ - 80 - 84.xxx.xxx.xxx HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) - - 401 2148074254 1873 327 31

Tried name of server and username... makes no difference :(

Boy I hope you can help... Integrated Auth works fine.... So confused!
0
 
jammy-d0dgerAuthor Commented:
to anyone that falls foul of Fasthosts Dedicated Servers.... we have solved the issue ourselves:

I don't think you'd have ever guessed the problem as it did indeed turn out to be related to the setup of dedicated servers at Fasthosts.  They have a system called Matrix Control Panel which among other things has a security option on it.  You can enable secure folders through their web-based gui, and it gives you a dialog very similar to the standard challenge/response when you try and browse to a secure folder.  However, it uses it's own ISAPI Filter which is applied at the top level 'Web Sites' properties level.  So even if you haven't got this bespoke security enabled on the domain in question, it is still intercepting any Login attempts.  As soon as we removed the Filter and restarted IIS, the Basic Authentication started working properly.  Many thanks for your initial reply Canali.

I just wanted to share this solution for any other unsuspecting Fasthosts customers.

Case closed.
0
 
canaliCommented:

ok
Bye Gas
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.