Discussion:
Using integrated Windows authentication over the Internet and 401.2 error?
(too old to reply)
Usenet User
2008-10-17 17:53:52 UTC
Permalink
I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
with port forwarding. The server is hosting an ASP.NET application as
well as SQL Reporting Services app. Both are supposed to be accessed
by external users who can provide valid Windows credentials. The
application directory has Windows Integrated Authentication only, so
does /Reports directory.

What I need is the option for users to login. But instead of the
browser login box, external users get the error from IIS:

HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.
Internet Information Services (IIS)


Any suggestions?
David Wang
2008-10-18 07:57:41 UTC
Permalink
Post by Usenet User
I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
with port forwarding.  The server is hosting an ASP.NET application as
well as SQL Reporting Services app. Both are supposed to be accessed
by external users who can provide valid Windows credentials. The
application directory has Windows Integrated Authentication only, so
does /Reports directory.
What I need is the option for users to login. But instead of the
HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.
Internet Information Services (IIS)
Any suggestions?
Either:
1. the browser does not support Windows Integrated Authentication
2. some proxy between the browser and server does connection pooling
and violates the constraints for Windows Integrated Authentication
(NTLM)

If the problem is #1, you must make the user run an appropriate
browser. No exceptions.
If the problem is #2, then you are out of luck since that is a
property of the networking between the browser and server, which you
cannot control

In general, due to #2, you will not be able to use Windows Integrated
Authentication (NTLM) with external users. Those users will have to
use Windows Integrated Authentication (Kerberos), which requires
proper exposure of AD to IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
Ken Schaefer
2008-10-23 11:53:05 UTC
Permalink
Alternatively, if the problem is #2, then run Reporting Services over
SSL/TLS. That will usually (99% of cases) fix the NTLM issue.

Cheers
Ken
Post by Usenet User
I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
with port forwarding. The server is hosting an ASP.NET application as
well as SQL Reporting Services app. Both are supposed to be accessed
by external users who can provide valid Windows credentials. The
application directory has Windows Integrated Authentication only, so
does /Reports directory.
What I need is the option for users to login. But instead of the
HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.
Internet Information Services (IIS)
Any suggestions?
Either:
1. the browser does not support Windows Integrated Authentication
2. some proxy between the browser and server does connection pooling
and violates the constraints for Windows Integrated Authentication
(NTLM)

If the problem is #1, you must make the user run an appropriate
browser. No exceptions.
If the problem is #2, then you are out of luck since that is a
property of the networking between the browser and server, which you
cannot control

In general, due to #2, you will not be able to use Windows Integrated
Authentication (NTLM) with external users. Those users will have to
use Windows Integrated Authentication (Kerberos), which requires
proper exposure of AD to IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
frsauvag
2008-11-06 07:41:00 UTC
Permalink
run Reporting Services over SSL/TLS : Great .... but .... How do you do that ??
I have exactly the same problem ... need your help !

Regards,
Francine
--
Francine Sauvage
French-paradox
Post by Ken Schaefer
Alternatively, if the problem is #2, then run Reporting Services over
SSL/TLS. That will usually (99% of cases) fix the NTLM issue.
Cheers
Ken
Post by Usenet User
I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
with port forwarding. The server is hosting an ASP.NET application as
well as SQL Reporting Services app. Both are supposed to be accessed
by external users who can provide valid Windows credentials. The
application directory has Windows Integrated Authentication only, so
does /Reports directory.
What I need is the option for users to login. But instead of the
HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.
Internet Information Services (IIS)
Any suggestions?
1. the browser does not support Windows Integrated Authentication
2. some proxy between the browser and server does connection pooling
and violates the constraints for Windows Integrated Authentication
(NTLM)
If the problem is #1, you must make the user run an appropriate
browser. No exceptions.
If the problem is #2, then you are out of luck since that is a
property of the networking between the browser and server, which you
cannot control
In general, due to #2, you will not be able to use Windows Integrated
Authentication (NTLM) with external users. Those users will have to
use Windows Integrated Authentication (Kerberos), which requires
proper exposure of AD to IIS.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
David Wang
2008-11-06 08:16:35 UTC
Permalink
I already described the solution. You need to figure out how to do it.
Start by searching each of the terms and understanding what you are
trying to accomplish.

If you want someone else to figure it out for you, then you either
hope that they willingly do it for free, or you'd have to compensate
them.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Post by frsauvag
run Reporting Services over SSL/TLS : Great .... but .... How do you do that ??
I have exactly the same problem ... need your help !
Regards,
Francine
--
Francine Sauvage
French-paradox
Post by Ken Schaefer
Alternatively, if the problem is #2, then run Reporting Services over
SSL/TLS. That will usually (99% of cases) fix the NTLM issue.
Cheers
Ken
Post by Usenet User
I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
with port forwarding. The server is hosting an ASP.NET application as
well as SQL Reporting Services app. Both are supposed to be accessed
by external users who can provide valid Windows credentials. The
application directory has Windows Integrated Authentication only, so
does /Reports directory.
What I need is the option for users to login. But instead of the
HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.
Internet Information Services (IIS)
Any suggestions?
1. the browser does not support Windows Integrated Authentication
2. some proxy between the browser and server does connection pooling
and violates the constraints for Windows Integrated Authentication
(NTLM)
If the problem is #1, you must make the user run an appropriate
browser. No exceptions.
If the problem is #2, then you are out of luck since that is a
property of the networking between the browser and server, which you
cannot control
In general, due to #2, you will not be able to use Windows Integrated
Authentication (NTLM) with external users. Those users will have to
use Windows Integrated Authentication (Kerberos), which requires
proper exposure of AD to IIS.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang- Hide quoted text -
- Show quoted text -
Loading...