473,378 Members | 1,384 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,378 software developers and data experts.

HTTP 401.2 - Unauthorized: Logon failed due to...

I have set up an ASP script (with some help from microsoft.public.inetserver.asp.general!) that grabs the windows username of the user and puts it into an Access database.

It is setup on IIS5 as a virtual directory and will only be used internally on our network.

The script works fine with the authentication set as "basic authentication" but this prompts the user for a login and password.

I want it to be automated which I believe would use the "Integrated Windows Authentication". However when I select this I get the following error below. I think the answer may lie in adding some headers to my ASP code, but as an ASP newbie I don't really know where to start with that. I've included my ASP code at the bottom for reference.

Thanks

--------------------------------------------------------------------------------
HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services
--------------------------------------------------------------------------------

Technical Information (for support personnel)

Background:
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource.

--------------------------------------------------------------------------------
CODE:
<% @ Language="VBScript" %><%'force authentication- put this at top of ASP code

'declare your variables
dim connection
dim sSQL,sConnString
dim Username

If Request.ServerVariables("LOGON_USER") = "" Then
Response.Status = "401 access denied"
End If
Username=(Request.ServerVariables("LOGON_USER"))
'declare SQL statement that will query the database
'sSQL="INSERT INTO Log (FirstName, SurName) VALUES (Username, 'Wall')"

sSQL="INSERT INTO Log (Name) VALUES ('" & replace(Username,"'","''") & "')"
'define the connection string, specify database
' driver and the location of database
sConnString="DRIVER={Microsoft Access Driver (*.mdb)};" & _
"DBQ=" & Server.MapPath("ServerLog.mdb") & ";"

'create an ADO connection object
Set connection = Server.CreateObject("ADODB.Connection")
'Open the connection to the database
connection.Open(sConnString)

'execute the SQL
connection.execute(sSQL)

'check to see if there were any errors
If err.number=0 Then
response.write "the data was inserted successfully."
Else
response.write "there was a problem entering the data."
End If

'close the object and free up resources
Connection.Close
Set Connection = Nothing
%>
Jul 19 '05 #1
1 15040
401.2 indicates that the browser is unable to authenticate with the server
using a mutually agreed-upon protocol.

This can happen when you use Netscape against IIS that has only Integrated
Windows Authentication enabled because Netscape does not know how to do
Integrated Windows Authentication.

BTW, Integrated Windows Authentication does not mean "automated".
Automating authentication simply means that the browser automatically passes
your credentials to the server -- which can be done for any authentication
protocol. It is not done for Basic since it is clear-text (so clearly, for
security reasons, browsers cannot automatically broadcast your
username/password in clear-text). Integrated Windows Authentication, on the
other hand, does not send username/password at all (it sends a hash of it),
so it's a bit safer to send.

Your ASP page is also broken because it sends a 401 response when LOGON_USER
is empty string (which happens only on anonymous access), but it does NOT
set any WWW-Authenticate headers and is breaking authentication protocol.
Your ASP page is also open to SQL injection attacks.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Newbie" <an*******@discussions.microsoft.com> wrote in message
news:43**********************************@microsof t.com...
I have set up an ASP script (with some help from
microsoft.public.inetserver.asp.general!) that grabs the windows username of
the user and puts it into an Access database.

It is setup on IIS5 as a virtual directory and will only be used internally
on our network.

The script works fine with the authentication set as "basic authentication"
but this prompts the user for a login and password.

I want it to be automated which I believe would use the "Integrated Windows
Authentication". However when I select this I get the following error
below. I think the answer may lie in adding some headers to my ASP code,
but as an ASP newbie I don't really know where to start with that. I've
included my ASP code at the bottom for reference.

Thanks

----------------------------------------------------------------------------
----
HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services
----------------------------------------------------------------------------
----

Technical Information (for support personnel)

Background:
This is usually caused by a server-side script not sending the proper
WWW-Authenticate header field. Using Active Server Pages scripting this is
done by using the AddHeader method of the Response object to request that
the client use a certain authentication method to access the resource.

----------------------------------------------------------------------------
----
CODE:
<% @ Language="VBScript" %><%'force authentication- put this at top of ASP
code

'declare your variables
dim connection
dim sSQL,sConnString
dim Username

If Request.ServerVariables("LOGON_USER") = "" Then
Response.Status = "401 access denied"
End If
Username=(Request.ServerVariables("LOGON_USER"))
'declare SQL statement that will query the database
'sSQL="INSERT INTO Log (FirstName, SurName) VALUES (Username, 'Wall')"

sSQL="INSERT INTO Log (Name) VALUES ('" & replace(Username,"'","''") & "')"
'define the connection string, specify database
' driver and the location of database
sConnString="DRIVER={Microsoft Access Driver (*.mdb)};" & _
"DBQ=" & Server.MapPath("ServerLog.mdb") & ";"

'create an ADO connection object
Set connection = Server.CreateObject("ADODB.Connection")
'Open the connection to the database
connection.Open(sConnString)

'execute the SQL
connection.execute(sSQL)

'check to see if there were any errors
If err.number=0 Then
response.write "the data was inserted successfully."
Else
response.write "there was a problem entering the data."
End If

'close the object and free up resources
Connection.Close
Set Connection = Nothing
%>
Jul 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Sparkplug | last post by:
I have used the simple example of HTTP Authentication from the PHP website as follows: <?php if (!isset($_SERVER)) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401...
0
by: sirumalla | last post by:
These posting i have seen in so many sites but none of them solved the problem. Iam trying to fix this problem past 2 days but iam not able to do so. I doubt whether iam missing any peice of code ...
2
by: Gidrazas | last post by:
Hi all. I want to get data from Sybase ASA9 to report named Subjektai.rpt in web form. I made ODBC connection to DB and it looks OK. But whe i run project i get an error like this. Logon...
0
by: Lloyd Dupont | last post by:
I create a sample test project and it while it works well with IE, when I try to connect to it with Mozilla I get the error page for HTTP 401.2 - Unauthorized: Logon failed due to server...
1
by: sck10 | last post by:
Hello, I have custom errors turned on, and am able to catch errors and send the user to a friendly page. I have one site with "authentication" turned on. I would like to send a person who...
2
by: Sachin | last post by:
Scenario: Machine A: ASP.NET Web UI IIS 6.0 Windows Server 2003 Impersonation Account: domain\Acct1 Machine B: ASP.NET Web Service IIS 6.0
0
by: muzafferhusain | last post by:
Hi, Please help me out in one problem with ASP.NET page. The scenario is something like that, my page contains one data grid and that grid contains around 5000 records (no paging is there)....
2
by: Iain Adams | last post by:
I currently have a web service set that returns data. When I use these services through a browser, everything works fine and the resulting xml is displayed. However sometimes when I connect to the...
1
by: dmorand | last post by:
I have a scheduled task that I setup in the CF administrator. It calls a page which runs some queries and inserts some data into tables. I checked the output file, and I'm getting this error: ...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.