IIS 7 requiring authentication 1

[TechMasterNate]

I have installed a new 2008 R2 server and added the IIS role to it. I've imported our web certificate over to IIS and created a new website. I've configured our internal DNS server and external provider to point to this server. When connected to the network the website comes up. I have configured the authentication part of IIS to allow Anonymous Authentication. This server is a part of our domain. When I try to access the website from a computer outside our network I get a credentials pop up. It says:

"Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)." Then it prompts me for a username and password.

I get a similar message in all browsers I try to use.

I want users to be able to access this website without getting any connection prompt from outside the network. I can not seem to get IIS to let unauthenticated users to go straight to the site even though I have Anonymous authentication enabled and Application user set to pass-through authentication.

Any help would be much appreciated.

Thanks,
Nathan

 

[1DMF]

is the folder the website resides in set for specific permissions?



"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download

 

[TechMasterNate]

I haven't modified any permissions. only added group to the folder is the IUSR group.

 

[1DMF]

I do not have any IUSR permissions on any folders, IIS7 doesn't work the same way as IIS6 from what I can tell.

You open the IIS console, add new site, point to the folder you want the website to run and ensure under IIS authentication at the 'server' level it has annonymous enabled.

you can apply additional authentication at a granular level as required.

It seems you have basic authntication turned on somewhere.

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download

 

[ChrisHirst]

I haven't modified any permissions. only added group to the folder is the IUSR group.

We have EXACTLY the same problem with a Windows web server after "upgrading" (using the term VERY loosely), from Server 2003 to Server 2008. Which obviously require anonymous access.

You would probably not be surprised by just how annoying and frustrating is it to have login over RDP and reset permissions whenever somebody adds a FTP user in Plesk, or changes their user password and then a "Enter a user name and password" dialog appears when they try to open the site in a browser!!!!!

It seems that the existing permissions are removed from the site structure whenever any changes are made. permissions are set to inherit from the parent yet still it happens from time to time.

Searching for a solution reveals many with the same/similar problem but no definitive and permanent fix being offered.
Maybe it's a Microsoft "we'll fix that in Server 2012" upgrade ploy.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[1DMF]

Maybe it's a Microsoft "we'll fix that in Server 2012" upgrade ploy.

Don't you mean that's "We'll break something else in Server 2012"

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download

 

[TechMasterNate]

Problem solved.. Well after a few days of looking into issue I find out all my IIS settings were correct. Come to find out their was a routing problem. Internally DNS was pointing to the right server and that was working for everyone. When checking the firewall I went through our NAT settings and the external IP I registered to come back inside our network was pointing to another server that had IIS with basic authentication. Probably should have been something I looked into first but I have only been on this network for 3 weeks and all my other support had no idea about our NAT rules. Thanks for everyone's suggestion's!!

Nathan

 

[1DMF]

No Probs, glad you solved the problem, NAT can be a nightmare when it isn't obvious that is what is causing the problem!

Though I am still confused over the IUSR account permission as none of our websites have that account set and everything works fine?

There is a discussion on this on the IIS forum

http://forums.iis.net/p/1166598/1939873.aspx

Where it still has not been fully explained, but I would double check and perhaps remove any additional permissions you have added for the IUSR account as this could have opened up a security hole!

Things are very different in IIS7 to IIS6, and you need to be carefull when applying the same logic in IIS7 as you did in IIS6. I found out the hard way with HTTP Redirection, that causes a 'page cannot be displayed' due to a cyclical looping issue when redirecting to same web folder via two host headers!

Yes IIS7 still doesn't allow host header redirect without selecting a web folder of the website that doesn't exist! (go figure!)

Regards,
1DMF




"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download