Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

IIS Authentication Problem

Options
  • 05-08-2004 3:35pm
    #1
    Talliesin
    Closed Accounts Posts: 9,314 ✭✭✭


    I'm trying to set Digest Authentication on a bit of a pet project. I'm handling the authentication in ASP (the users aren't users off the computer, indeed it's a shared box; I'm handling username & password assignment myself).

    All is well on a test server. However the Authorization header wasn't getting through to the ASP.

    First guess is that IIS had been set to handle authentication itself (that causes exactly those symptoms), but checking that with the ISP confirms that only anonymous is on - hence the header should be passed on through to the ASP.

    Examining the header being sent to the browser shows some strangeness. The header should be:
    WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"

    The header actually is:
    WWW-Authenticate: Basic realm=

    That's it, no actual value for the realm and completely the wrong type of authentication. It's not a proxy doing this, the same results happen when it's tested from inside the ISP.

    Any ideas?


Comments

  • Options
    #2
    Ivan Dunaev
    Closed Accounts Posts: 35 Ivan Dunaev


    show your code


  • Options
    #3
    Talliesin
    Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    Ivan Dunaev wrote:
    show your code
    Just doing 
    Response.Status = "401 Unauthorised"
Response.AddHeader("WWW-Authenticate",'Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"');
    reproduces the problem, which while rather pointless code does narrow things down to the bare essentials. It's not a code problem.
    I'm beginning to suspect the AV as tracking down another problem with a different machine led me to learn of a known issue with Norton Internet Security. Next time I talk to someone at the ISP I'll see if that might be it (though obviously if it is I won't be asking them to turn it off on a shared box).


  • Options
    #4
    steve-hosting36
    Closed Accounts Posts: 2,161 ✭✭✭steve-hosting36


    Shared web hosting servers would absolutely not be running norton av or internet security.


  • Options
    #5
    Talliesin
    Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    Well I was thinking it could be something of the same family of problems with something done for security reasons rather than an exact duplication of the Norton issue, since the Norton issue didn't have the same symptoms only similar.
    Anyway Steve, any theories?


  • Options
    #6
    steve-hosting36
    Closed Accounts Posts: 2,161 ✭✭✭steve-hosting36


    Drop a mail to support@hosting365.ie or move to http://forums.hosting365.ie - we cant really use boards for tech support :)


  • Advertisement
  • Options
    #7
    Talliesin
    Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    Yep, I must do that. Still, it's probably something that has come up elsewhere before that I should have done, so I thought I'd ask here.


Advertisement