Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, January 17, 2016 5:02 PM
I am fairly new to windows server so forgive me for all the questions.
I am testing an intranet application on windows server 2012r2 IIS8. While on lunch I believe the server went ahead and restarted and applied some updates. Now when I try to access the local website I am being prompted to enter a username and password.
A username and passwordd are being requested by http://192.168.1.10. The site says: "Digest"
I have checked the security in the Server Manager and saw that Digest Authentication has not been installed and the the website that is being hosted is allowing anonymous authentication. Is there another spot that I should be looking?
All replies (7)
Wednesday, January 20, 2016 10:20 AM ✅Answered
I see. I seem to have been able to circumvent the issue. Initially I have been trying to run the site under the default IIS site, which for me is 192.168.1.10, under port 80. Again using this ip and port I am always prompted for authentication. However if I create a new site on different local ip I can successfully access the site without any issues or prompt for a username and password. I tried comparing the settings, authentication, and security rights and to me they seem identical so I can not pinpoint the issue. Are there special privileges/rights that the default IIS site has that new/other sites do not have?
Sunday, January 31, 2016 5:46 PM ✅Answered
Are there special privileges/rights that the default IIS site has that new/other sites do not have?
No
I tried comparing the settings, authentication, and security rights and to me they seem identical so I can not pinpoint the issue
Again, if there's nothing being logged in the IIS logfile, then the request is *not making it to IIS* - so there probably is no difference in any settings, however that is not where the problem lies.
Sunday, January 17, 2016 8:48 PM
Is any other authentication method other than Anonymous authentication enabled?
Also make sure your browser is not configured to use your corporate proxy server or similar, and is going direct to your testing web server.
Monday, January 18, 2016 12:28 AM
Sorry probably wasn't as descriptive. I am testing directly on the server so any network/proxy can be ruled out (I think). The only security enabled is Anonymous Authentication per Authentication in IIS manager. I have added the ip as a trusted site and enabled automatic logon only in intranet zone on IE but have not gotten any where with it. Digest authentication is not installed on the server so I am not sure where the "Site say Digest" is coming from.
What might be prompting the authentication when testing right on the hosting server?
Monday, January 18, 2016 1:06 AM
Sorry probably wasn't as descriptive. I am testing directly on the server so any network/proxy can be ruled out (I think).
That depends on your browser configuration. If your network uses WPAD or similar, your proxy is configured automatically for you. You should check the IIS logfiles to see what the client IP address is - the local machine, or a proxy server.
The only security enabled is Anonymous Authentication per Authentication in IIS manager.
Then, if the configured anonymous user account doesn't have permissions to the file, you should be getting Access Denied, however since no supported authentication mechanisms are being sent by IIS, your client should just give up.
Digest authentication is not installed on the server so I am not sure where the "Site say Digest" is coming from.
When you configure Basic or Digest authentication, you can configure the "Default Domain" and "Realm" options. This is what usually populates the browser dialogue field.
Can I suggest:
a) verify that the Anonymous user account being used has appropriate NTFS permissions to the files that make up the website
b) look in the IIS logfiles to see what the HTTP status/substatus codes are - feel free to post the actual logfile entries here.
Monday, January 18, 2016 12:26 PM
I checked the permissions for IUSR and IIS_ISUSR. Both groups have security settings set to read and write. Just to make sure there wasn't any issues I also set them to have full control. Unfortunately it does not look like the log files showed anything specific and the ip I am trying to hit is not registering in the log.
Tuesday, January 19, 2016 7:15 PM
Unfortunately it does not look like the log files showed anything specific and the ip I am trying to hit is not registering in the log
If there's nothing in the IIS logfiles, then the request is not reaching IIS.
The IIS logfile should show where the request is coming /from/ (the client). But to re-iterate, if IIS is not logging the requests to the IIS logfile for that website, the request is not making it to IIS (something else is causing the browser prompts - e.g. a corporate proxy).
I would use FidderTool or WireShark to understand exactly where the requests are going to.