0

I have an application buit partially in classic asp and in c#. The authentication used as

per the config file is windows. This is perfectly working.

Now I have to authenticate the users against active directory. (ie. if any AD users

requesting my application, it should authenticate the user (on login page load) and redirect

to the application home page instead of showing login page)

The login page is an asp page and I created an aspx page where the login.asp page will be

redirected during page load to autheticate with Active Directory. I hav e disabled anonymous

access in IIS and currently used only Integrated Windows Authentication. Also given

permission to "Authenticated Users" in Permissions.

While trying to access the login.asp page I am getting the following error.

You do not have permission to view this directory or page using the credentials that you

supplied because your Web browser is sending a WWW-Authenticate header field that the Web

server is not configured to accept.

Please try the following:

Contact the Web site administrator if you believe you should be able to view this directory

or page. Click the Refresh button to try again with different credentials. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. Internet Information Services (IIS)

Kindly help me to fix this issue.

Thanks, Priya

user355324
  • 11
  • 1
  • 2

1 Answers1

2

401.2 isn't usually an "error", per se. It's an authentication challenge. Your browser is not responding properly to the challenge it's being presented with. If the browser doesn't understand what's going on, it will just give up and show you 401.2 as an error.

The question is: what browser are you using? Try IE first. IE is very forgiving with NTLM and Kerberos challenges. If you're using Firefox, you will need to set it up to use integrated windows authentication by adding your domain names to the network.automatic-ntlm-auth.trusted-uris and network.negotiate-auth.trusted-uris settings in the about:config screen.

You could also be running into an issue where you have not properly defined a Service Principal Name for your service account. How that works would depend on how your website is running -- is it running under a domain account or under NETWORK SERVICE? If NETWORK SERVICE, this probably isn't your problem.

Dave Markle
  • 95,573
  • 20
  • 147
  • 170
  • Thank you for your reply.. I am using IE-7. Also,website is running under domain account. I have tried to Create a Service Account. For that, I have created a new 'Application Pool' and Configured my application with the new Application Pool. Then while trying to access the web file, "Service Unavailable" Error occurred. Thanks, Priya – user355324 Jun 01 '10 at 13:08
  • Are you attempting to use delegation to pass the identity of the web user along to your database? – Dave Markle Jun 01 '10 at 14:49
  • 1
    +1 for mentioning the `trusted-uris` settings. Adding `localhost` to those in firefox was exactly what I needed. – dlsso May 18 '17 at 22:26