|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Can't run any ASP script when virtual catalog allows anonymous connectionsI've tired fighting with one strange problem. I have a virtual catalog. When authentication methods for this catalog are set either basic or integrated, I can open any ASP script. In case of basic authentication it asks for my credentials, in case of integrated it doesn't, so everything is ok. But when I allow anonymous connections no ASP scripts can be ran. For any ASP I get such result (when connect by telnet): HTTP/1.1 500 Connection: close Date: Thu, 16 Apr 2009 14:37:49 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDCASSCRQR=PDFDOAKDJJEMMNPDLEAEOBCB; path=/ Cache-control: private I tried to use different users as anonymous ones including my own. No luck. I added these users into Administrators group. No luck. Also I gave Everyone:FullControl permissions on the folder where scripts are and on the folder C:\WINDOWS\system32\inetsrv. Didn't help. What else can I do to make it work with anonymous access? Thank you in advance On Apr 16, 7:45 am, Ralfeus <ralf***@gmail.com> wrote:
Show quoteHide quote > Hi all The problem is with your virtual catalog application. Does it support> I've tired fighting with one strange problem. I have a virtual > catalog. When authentication methods for this catalog are set either > basic or integrated, I can open any ASP script. In case of basic > authentication it asks for my credentials, in case of integrated it > doesn't, so everything is ok. > But when I allow anonymous connections no ASP scripts can be ran. For > any ASP I get such result (when connect by telnet): > HTTP/1.1 500 > Connection: close > Date: Thu, 16 Apr 2009 14:37:49 GMT > Server: Microsoft-IIS/6.0 > X-Powered-By: ASP.NET > Content-Length: 0 > Content-Type: text/html > Set-Cookie: ASPSESSIONIDCASSCRQR=PDFDOAKDJJEMMNPDLEAEOBCB; path=/ > Cache-control: private > > I tried to use different users as anonymous ones including my own. No > luck. I added these users into Administrators group. No luck. Also I > gave Everyone:FullControl permissions on the folder where scripts are > and on the folder C:\WINDOWS\system32\inetsrv. Didn't help. > > What else can I do to make it work with anonymous access? > Thank you in advance anonymous authentication. For example, if it checked for AUTH_USER is not empty string, it would pass for basic/integrated, but fail for anonymous no matter what user account you set as the anonymous user. Setting Everyone:Full control on the folder obvious will not help because the application returned 500 -- if it was ACLs, it would be some sort of 401.3. Configuring different users (which worked when using basic/integrated auth) as anonymous user but still getting failure suggests that the virtual catalog itself does not work with anonymous authentication. This issue has nothing to do with IIS, and you cannot configure your way out of the issue. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // 
Other interesting topics
IIS Web Server 2008
Certificate Mapping - Debugging Domain Account used for IIS6 Anonymous Account Risks? web site access OK by IP but not by name Unable to access site with FQDN Restricting access from my site to other sites Certificate Installation SSL Certificate won't Bind to Default Web Site Server 2008 securing a browseable IIS directory Using "A share located on another computer" AND Authenticated acce |
|||||||||||||||||||||||
