Hi there

My setup is as follows.
A Windows 2003 Server, IIS 6, WebDav, and a website (aspx/C#)
A Windows XP Pro sp2 ie6 sp2.

Problem:
From a webpage it is possible to choose between opening a folder in a
virtual directory with file://... or http:// (WebDav).

When a user opens the folder using WebDav, a login dialog appears, and the
user enters his/her credentials and presses OK,
then the dialog reappears, and does so forever, even though the "remember my
password" is checked.
If, however, the user enters the credentials once and the cancels the second
login dialog, then the webfolder is shown.
And if the user opens the folder with the file://.. then there are no
problems, except that it's impossible to open the folder as a webfolder
until the ie is closed and reopened.

Sometimes, if a file is dropped into a web-folder, the filename is
shortened, e.g. MyDoc.doc becomes Moc.doc, yD is simply missing.

I hope that this makes sence, and there is some kind of solution :-)

Best regards

Allan.

Hi Allan,

A possible cause is the anonymous account does have permission on the
webdav folder but doesn't have right on some files in it. So IIS prompts
you for authentication. When you click cancel, the folder is still opened
but some content may not be correctly displayed or opened in read-only.

Best regards,

WenJun Zhang
Microsoft Online Partner Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi WenJun

Thank you for your reply.

The website uses windows integrated authentication only.

The problem only exists on windows XP clients, and not on windows 2003
server clients, that is the same account opens the webfolder from a winXP
and Win2K3.

In the website, authenticated users has read access, and on the virtual
directory the authenticated user has read, write and browse rights.

Furthermore the accessrights for each individual folder is set using the
SetACL.exe, so there should be no access problems there.

As explained previously the "Connect to 'WebSiteName'" dialog appears and
this dialog keeps appearing even though the creadentials are correct. If the
cancel button is pressed after the first login attempt, the the user has
full access to the folder and all files in it.

If the user tries to open a word document, from a webfolder, then the user
is again prompted to enter credentials. If the user then chooses to cancel,
access to the document is denied, otherwise access is granted.

Another thing is that if the user first opens with file:// instead of
http:// then no prompt appears and the user has access through
\\servername\...\folder. If the user opens another webfolder, then it is
overruled and the user receives a explorerview with \\servername\...\folder.



I hope this helps to clarify my sitution :-)

""WenJun Zhang[msft]"" <wjzh***@online.microsoft.com> wrote in message
Show quoteHide quote

Hi Allan,

Probably this is a familar client-side issue due to the new security
restriction feature in XP SP2. Please follow the KB instruction below to
set DisableLoopbackCheck to 1 and see if this fixes the problem.

896861    You receive error 401.1 when you browse a Web site that uses
Integrated Authentication and is hosted on IIS 5.1 or IIS 6
http://support.microsoft.com/default.aspx?scid=kb;EN-US;896861

Best regards,

WenJun Zhang
Microsoft Online Partner Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Allan,

I just wonder how the issue is going now?

Best regards,

WenJun Zhang
Microsoft Online Partner Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Can Somone Tell Me If We Have a Hacker?
II6.0 ISAPI & MIME types
security error in IIS logs (401.2 error)
A little help (kerberos, netbios, and SPN... oh my!)
The IIS service does not seem to be serving up .asmx or .asp pages
Keeping a particular intruder out
New HTTPS web site and certificate installation
file security/authentication
Stop HTTP Access
IIS5: Renew certificate