the site in IIS and they type a URL that does not have a host header they
will be directed to the Default Website with the All Unassigned Header This
is usually locked down.
Rick
-----Original Message-----
From: Chunshen Li [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 7:48 AM
To: CF-Talk
Subject: Challenge/Response and IIS Security
A client informed me that his site (on NT class OS and IIS web server) now
required Network password to logon.
I suspected it's NT Challenge/Response and IIS Security problem with his new
setup.
Did quick research to confirm my suspicion, seems that my suspicion is
valid, it seems at least two situations would result in the above-mentioned
problem:
1) Anonymous Access with an NT/its class OS IIS user account,
IUSR_{machineOrHostName} has been disabled under Integrated Windows
Authentication schema (haven't tested other two authen. schemas).
2) The default IIS user account, IUSER_{machineOrHostName) has been
disabled.
I've tested the above two scenarios separately with same result, that is, NT
logon is prompted when accessing a site.
Is there/ are there any further scenarios that cause the same NT access
problem? Security gurus, you'll make my days.
TIA.
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
