473,387 Members | 1,497 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > security works for vpn users, doesnt for local

Join Bytes to post your question to a community of 473,387 software developers and data experts.

security works for VPN users, doesnt for local

sorry for the near-dupe post (also in .security), but im desperately
trying to find an answer to this...

i am attempting to configure security for an intranet web application
in ASP.NET 2. it uses Windows authentication, retrieving roles from
our Active Directory. nothing too unusual.

what is unusual: it works for users that are VPN'ing into our network
from the outside (using cisco vpn), but DOESNT work for normal desktop
users in the office.

for both the browser (IE) pops up the windows login dialog. afterward
VPN users get in and i can see their name, check their
User.IsInRole("foo"), etc.. no problems. in-network users? cant
authenticate their credentials.. get this after 3 failed attempts:

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
Internet Information Services (IIS)

....any ideas why?

Windows Server 2003, virtual directory under default website. in
"Directory Security" tab in IIS i have:

- unchecked "Enable anonymous access"

- checked "Integrated Windows authentication"

....my web.config of course uses the Windows authenication mode.

this is maddening! thanks for any help

sm
Jun 27 '08 #1
3 1926
What machine is the VPN machine? The web server by chance?

"SpaceMarine" <sp*********@mailinator.comwrote in message
news:1f**********************************@c58g2000 hsc.googlegroups.com...
sorry for the near-dupe post (also in .security), but im desperately
trying to find an answer to this...

i am attempting to configure security for an intranet web application
in ASP.NET 2. it uses Windows authentication, retrieving roles from
our Active Directory. nothing too unusual.

what is unusual: it works for users that are VPN'ing into our network
from the outside (using cisco vpn), but DOESNT work for normal desktop
users in the office.

for both the browser (IE) pops up the windows login dialog. afterward
VPN users get in and i can see their name, check their
User.IsInRole("foo"), etc.. no problems. in-network users? cant
authenticate their credentials.. get this after 3 failed attempts:

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
Internet Information Services (IIS)

...any ideas why?

Windows Server 2003, virtual directory under default website. in
"Directory Security" tab in IIS i have:

- unchecked "Enable anonymous access"

- checked "Integrated Windows authentication"

...my web.config of course uses the Windows authenication mode.

this is maddening! thanks for any help

sm

Jun 27 '08 #2
On May 22, 7:48*pm, "Jeff Dillon" <jeffdil...@hotmailremove.com>
wrote:
What machine is the VPN machine? The web server by chance?
unlikely, big enterprise, many machines. im not certain tho so ill try
to find out.
Jun 27 '08 #3
On May 22, 2:24*pm, SpaceMarine <spacemar...@mailinator.comwrote:
sorry for the near-dupe post (also in .security), but im desperately
trying to find an answer to this...

i am attempting to configure security for an intranet web application
in ASP.NET 2. it uses Windows authentication, retrieving roles from
our Active Directory. nothing too unusual.

what is unusual: it works for users that are VPN'ing into our network
from the outside (using cisco vpn), but DOESNT work for normal desktop
users in the office.

for both the browser (IE) pops up the windows login dialog. afterward
VPN users get in and i can see their name, check their
User.IsInRole("foo"), etc.. no problems. in-network users? cant
authenticate their credentials.. get this after 3 failed attempts:

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
Internet Information Services (IIS)

...any ideas why?
this was really wigging me out, especially since authentication works
in Firefox. i found the solution.

IE7 has a new, misnamed setting in Internet Options -Advanced ->
Security -"Enable Integrated Windows Authentication", checked by
default. this should really read, "Don't Roll-over from Kerberos to
NTLM protocol on Failure", because that's exactly what it does -- if
your server's Kerberos security protocol isnt working, leaving this
checked will cause the process to halt. if you uncheck it, the browser
will re-try the auth attempt using NTLM.

more here:

http://blog.super-networking.net/sys...uthentication/

...so unchecking that box will force NTML authentication. meanwhile,
you can try to figure out why your Kerberos isnt working :)
sm
Jul 3 '08 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
File.txt
by: A.M. | last post by:
Hi at all, how can I do to insert into a HTML page a file .txt stored in the same directory of the server where is the html file that must display the text file.txt? Thank you very much P.Pietro
Javascript
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
1
MS Access Security/Workgroup problem
by: Dom | last post by:
Hi, I have a problem in getting Access 2002 to read my workgroup file. I've created different groups and users and when the db is opened the user is prompted to enter a username and password...
Microsoft Access / VBA
10
Need help on a Web security thing
by: Jayme Pechan | last post by:
I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running...
C# / C Sharp
1
ASPNET Account Security Problem - Running a Web Application over a network share
by: CES | last post by:
All, If anyone has been following my trials over the last week see(Setting up a Web Application on IIS 5.1 and ASP.Net Security Problems). I'm having a problem running a Asp.Net Web...
ASP.NET
29
Security- access to Event Viewer
by: Patrick | last post by:
I have the following code, which regardless which works fine and logs to the EventViewer regardless of whether <processModel/> section of machine.config is set to username="SYSTEM" or "machine" ...
ASP.NET
4
security issue with windows control in aspx
by: androoo | last post by:
Hi I have a windows control I embed onto an aspx page which is grabbing a dataset from the client and sending it to the server through a webservice. This works fine in a windows app. However...
ASP.NET
0
Security Trimming on remote Server (ISP shared)
by: Paul | last post by:
On my local site, I have a folder that is security trimmed, so that only members of a Role can see it after they register and log on (I set the memberships). All works fine locally. However,...
ASP.NET
3
Remoting IPCChannel security with Service
by: Grant Schenck | last post by:
I have a simple remoting sample using IPCChannel. If I run the server code as a console app my client can connect just fine. However, if I the same server code runs in a service, the client gets...
C# / C Sharp
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!