Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User Authentication Error in IIS

Status
Not open for further replies.
markdemanbey

markdemanbey

MIS
Dec 16, 2002
3
GB
Hi there.

I've seen similar issues to mine posted here, I've tried to use the follow up posts to help me with my issue, but no luck so far.

I'd also like to point out that I'm not a developer in any sense of the word... I look after a webserver (amongst other things), and have inherited a problem from a collegue long since departed.

My issue displays as the following in a browser:

Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'
/makd/shared/include/security.incl, line 73

The line of .asp code references is:

Set objUser = GetObject("WinNT://" & Replace(userName, "\", "/") & ",user")

Now, I know enough to believe that this is trying to grab the credentials of the browser and authenticate these against out domain. In terms of permissions, there are two groups that have various levels of NTFS permissions to the directory structure that contains the files in this URL. I'm a member of both of these groups.

When I comment out line 73 above, the error then displays at line 74...

If I log on locally to the webserver, open the IIS console and "browse" the MAKD directory, the site works as expected. However, if I fire up IE6 locally on the webserver, I get the same error.

Hope that someone is able to help.

Mark.
 
Sort by date Sort by votes
By default, when IIS executes ASP, it does so under the credentials of a local account named IUSR_MachineName

For the security of your web server, this default account has very few permissions, so that even if the account is compromised, the attacker's ability to exploit the server will be very limited.
 
Upvote 0 Downvote
OK - thank.

So the fact that the IUSR account has been removed completely from this directory might go some way towards explaining this???
 
Upvote 0 Downvote
Not exactly.

I can't tell for sure from the one line but it looks like perhaps this code is attempting to interact with the Active Directory.

If IIS is configured to execute the page in the security context of an intentionally weak local account then that account might not have permission take the requested action.

For testing purposes, try disabling anonymous access to this ASP so that the web server will run the script under the user's credentials instead. Remember to turn this off after the testing is over unless all of your potential users have a valid login to your IIS box.

 
Upvote 0 Downvote
Thanks for the reply.

Anonymous access is already disabled. Access is granted via 2 active directory groups which are granted NTFS permissions to the directory structure.

Interestingly access was OK up to December last year, then it started not to work.

Mark.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
iis woos (not displaying pages correctly)
Replies
1
Views
185
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
Wrong code in a href ?
Replies
1
Views
194
leifoet
leifoet
Krus1972
  • Locked
  • Question
msxml3.dll error '80072f7d' - An error occurred in the secure Channel support
Replies
7
Views
355
Krus1972
Krus1972
bslintx2021
  • Locked
  • Question
How to configure IIS 10 server to allow Classic ASP to connect to MSSQL server database on a domain
Replies
1
Views
523
penguinspeaks
penguinspeaks
Swi
  • Locked
  • Question
PDF Interrogation
Replies
0
Views
109
Swi
Swi

Part and Inventory Search

Sponsor

Back
Top