Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IIS 7.0  Error (401.5) page overrules the original page

Posted on 2011-03-17
8
Medium Priority
?
1,680 Views
Last Modified: 2012-05-11
I have a classic ASP web site, running on IIS 7.0

When browsing the pages locally they show up correct, but from an an external IP/PC I get the "401 - Unauthorized: Access is denied due to invalid credentials."

According to the IIS log its a 401.5 error. (I get the 401.5 for the ASP page, while the images get a 304).

I have tried changing the credentials for both the application pool and the anonymous authentication, but its still the same error.

After a lot of trial-errors, it changed the custom errors (the Error Pages section). In here I changed it to show detailed errors for both external and internal browsers (before it was configured to show detailed error messages for internal browsers and custom errors for external) - and now I don't get the Authentication Error any more!

If I change the setting back to not showing detailed error messages, I get the Authentication error again!

What am I doing wrong? Or is it a bug in IIS?

Thanks.

/Jesper
0
Comment
Question by:jesperhp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:jesperhp
ID: 35158081
I have added a small screen cast of the problem. jesperhp-430027.flv
0
 
LVL 27

Expert Comment

by:BigRat
ID: 35164937
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Length: 2566
Content-Type: text/html; Charset=ISO-8859-1
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQQSDBCRB=ECPHPIKBLMDPDCPEMHCJPAON; path=/
X-Powered-By: ASP.NET
Date: Fri, 18 Mar 2011 12:37:00 GMT

is what I get together with a login form. Since this is the top level page there must be something wrong with the access rights to it (home and index page). The error reporting sounds like that access to those pages is also restricted. I'd first investigate why the top level login form returns a 401 response.
0
 

Author Comment

by:jesperhp
ID: 35165667
Hi BigRat,

Thank you for the comment. I have tried to figure out what element it is, which premissions is not OK - but so far it looks like its the entire default.asp page. And even then I still get the entire page loaded - there isn't any objects missing on the page from what I can tell!

The only thing I might think of, is if there is a reference to an seperate file like an image or so, which does not have the right permissions - but I can't see which file or object it could be.

Do you by any chance have a trick to identify the failing object?

Regards
Jesper
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:BigRat
ID: 35166336
Like I said I got a login page :-

<! This script is a part of InfoExpress Webmodul. Do not edit the script>
<! Copyright (c) InnDevelop Technologies. www.InnDevelop.com >

<!Version 2.7.1>



<meta http-equiv="Content-Language" content="da">
<link href="stylesheet.css" rel="stylesheet" type="text/css">






<html>
<head>


<title>InfoExpress Helpdesk</title>
</head>

<body onLoad="document.forms[0].userid.focus();" class="PageBody">
<table width="100%" border="0" cellpadding="0" cellspacing = "0" height="100%">
    <tr height="60px"><td><table align="left" width="100%" cellpadding="0" cellspacing="0" border = "0" class="style1">
    <tr>
        <td>
            
		<img src="./images/InfoExpressLogo.jpg" alt="">
		
        </td>
        <td>
            &nbsp;</td>
    </tr>
</table></td></tr>
    <tr height="30px"><td><table align="center" cellpadding="0" cellspacing="0" class="MenuStyle1" background="./images/MenuBackground_Blue.gif" width="100%">
    <tr height = "30px">
        <td>
        </td>
    </tr>
</table>
</td></tr>
    <tr><td valign=middle>
        <center>
        <small><font color="#FFFFFF"> &nbsp;&nbsp;Du er ikke registret som bruger.<BR> </FONT></small><BR>

          <table border="2" cellpadding="2" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="50%" id="AutoNumber1">
            <tr>
              <td width="100%" class="TabelHeader">
              <p align="center"><font class="TabelTextHeader">Angiv brugerID og kodeord</font></td>
            </tr>
            <tr>
              <td width="100%" bgcolor="#E0E0E0">

        <CENTER>

        <form method="POST" action="default.asp?id=">
        <p>&nbsp;</p>
        <table border="0" class="TabelRow">
        <tr>
          <td width="50%" ><font class="TabelText">BrugerID:</font></td>
          <td width="50%"><input type="text" name="userid" size="20"></td>
        </tr>
        <tr>
          <td width="50%"><font class="TabelText">Kodeord:</font></td>
          <td width="50%"><input type="password" name="password" size="20">
        </td>
        </tr>
        </table>
        <p><input type="submit" value="Login" name="Action"></p>

              </td>
            </tr>
          </table>

        

        </CENTER>
    </td></tr>
    <tr height = "10px" class="footertext" background= "./images/MenuBackground_Blue.gif"><td width = "100%">
    <font class="footertext">Powered by InnDevelop InfoExpress</font>

    </td></tr>
    </table>
</body>
</html>

Open in new window


which came with the 401 response. Is this the custom page for a 401 or is this the default page? For it is strange that a 401 should return a protected page.
0
 

Author Comment

by:jesperhp
ID: 35166806
This is the normal page (default.asp), which should be returned without any errors. It is not a custom 401 page.

The strange part is, that this page is expected to show under normal conditions, but according to both the IIS log and the server response I should get a 401 error message on the page and instead the get the correct page. If I enable custom error pages (instead of detailed error messages) it will show the default IIS 401 error page.

So basically the site is working if I disable the custom error page function and selects to show detailed errors! With this setting, I would expect IIS to show some kind of error on the default page as the header returns the 401, but there is no error shown and the default.asp renders as expected.

If possible I would like to get rid of the 401 error message in the log, even though the page is showing correctly, but I can't figure out what is causing the 401.5 error!
0
 
LVL 27

Accepted Solution

by:
BigRat earned 750 total points
ID: 35167332
As you can see by my pervious post, the 401 response does NOT contain a WWW-Authenticate header, so the contents get rendered normally.

The rest of the page comes in, nicely with 302 not modified responses, except for the request for favicon.ico, which is returned as NOT FOUND.

I think you must have a setting in IIS somewhere which demands authentication without saying in what form. This could happen in IIS 7.0 if you have edited the XML configuration file per hand. You might have to post that here if you can't find the source of the problem, but, unfortunately it is 18:15 on a Friday and the Rat has to go home for cheese!
0
 

Author Comment

by:jesperhp
ID: 35180239
Hi Bigrat,

Thanks again for your comments. I think I found the problem - at least when I disabled .net for the application pool, I was able to avoid the error, and now it looks like the error has gone.

0
 

Author Closing Comment

by:jesperhp
ID: 35180245
I had to dig around a bit for the final solution, but the comment definitly help to point to the direction of the solution.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question