Windows Authentication on iis new website not working (fine on default website) - Inetserver

If you're being met with an authentication window then it's definitely IIS
and nothing else. Port numbers have nothing with authentication - just where
the web request is sent/picked up. File level security would give you the
access denied or ACL error if those were not right.

Is the server a MS or a SA server? Do users have the proper access
permissions/rights to that machine your web runs on? There's some variables
here!

Something somewhere isn't right with the web site's own
authentication/directory security settings. If authentication baffles you
then you're in for the long haul. Understanding that will keep you from
allow malicious activity on your site(s). Dig thru the following to
troubleshoot the auth issue.

http://www.microsoft.com/technet/pro...f4f7991cc.mspx

http://www.microsoft.com/technet/pro...58d072c09.mspx

http://www.iisfaq.com/

http://www.iisanswers.com/

"pdbaker@perse.co.uk" wrote:

> I'd be really grateful for some help on this one...I'm really not a
> security whiz though so please don't baffle me )
>
> Trying to move the contents on the default website onto a new website
> on the same IIS server but using a different port number (81 instead of
> 80).
>
> Scenario:
>
> Full IIS (on 2003 server) running on a domain network.
>
> Created a new website (IIS --> Add website), in addition to the default
> web site.
>
> Both default and new site set to use windows authentication. Copied the
> wwwroot folder inside inetpub and renamed to projectroot (left it in
> inetpub). Copied all the ntfs permissions across to the projectroot
> folder. default website home directory is still wwwroot. new website
> home directory is projectroot.
>
> Accessing both sites (pmsweb01:80 and pmsweb01:81) from the local
> server itself works fine (integrated authentication ok).
>
> But from elsewhere on the network, the new site (pmsweb01:81) is met
> with an authentication challenge. Entering a valid username and
> password into this challenge is rejected.
>
> I've ruled out the following:
>
> Not the different port number - changed default website to run on port
> 82 and no problem.
>
> Not the ntfs permissions on the folder - changed the home directory of
> default website to point to projectroot and it works fine.
>
> Got baffled by all the kerebos/ntlm authentication stuff, found a page
> on Microsoft suggesting I force IIS to use ntlm
> authentication...followed the suggestions to edit the iis metabase but
> found that authenticationproviders already set to NTLM
> (see
> http://www.microsoft.com/technet/pro...07c3f2615.mspx)
>
> Found a suggestion that it might be to do with Server 2003 SP1 and
> LoopBack checking so disabled that...no good.
> (see http://support.microsoft.com/?kbid=896861)
>
> Any thoughts/suggestions very gratefully received.
>
>

Got something which looks like the same...

if your not with SP1 maybe is this article usefull
http://support.microsoft.com/?scid=k...097&sid=global

in my case if i try using Domain\user (normally it shouldn't be prompted...)
it will always fail; if i try user@domain making it multiple times it
sometimes passes. (multiple refresh and alway writing exactly same values
for user/pass)

"Nick Clark" wrote:

> If you're being met with an authentication window then it's definitely IIS
> and nothing else. Port numbers have nothing with authentication - just where
> the web request is sent/picked up. File level security would give you the
> access denied or ACL error if those were not right.
>
> Is the server a MS or a SA server? Do users have the proper access
> permissions/rights to that machine your web runs on? There's some variables
> here!
>
> Something somewhere isn't right with the web site's own
> authentication/directory security settings. If authentication baffles you
> then you're in for the long haul. Understanding that will keep you from
> allow malicious activity on your site(s). Dig thru the following to
> troubleshoot the auth issue.
>
> http://www.microsoft.com/technet/pro...f4f7991cc.mspx
>
> http://www.microsoft.com/technet/pro...58d072c09.mspx
>
> http://www.iisfaq.com/
>
> http://www.iisanswers.com/
>
> "pdbaker@perse.co.uk" wrote:
>
> > I'd be really grateful for some help on this one...I'm really not a
> > security whiz though so please don't baffle me )
> >
> > Trying to move the contents on the default website onto a new website
> > on the same IIS server but using a different port number (81 instead of
> > 80).
> >
> > Scenario:
> >
> > Full IIS (on 2003 server) running on a domain network.
> >
> > Created a new website (IIS --> Add website), in addition to the default
> > web site.
> >
> > Both default and new site set to use windows authentication. Copied the
> > wwwroot folder inside inetpub and renamed to projectroot (left it in
> > inetpub). Copied all the ntfs permissions across to the projectroot
> > folder. default website home directory is still wwwroot. new website
> > home directory is projectroot.
> >
> > Accessing both sites (pmsweb01:80 and pmsweb01:81) from the local
> > server itself works fine (integrated authentication ok).
> >
> > But from elsewhere on the network, the new site (pmsweb01:81) is met
> > with an authentication challenge. Entering a valid username and
> > password into this challenge is rejected.
> >
> > I've ruled out the following:
> >
> > Not the different port number - changed default website to run on port
> > 82 and no problem.
> >
> > Not the ntfs permissions on the folder - changed the home directory of
> > default website to point to projectroot and it works fine.
> >
> > Got baffled by all the kerebos/ntlm authentication stuff, found a page
> > on Microsoft suggesting I force IIS to use ntlm
> > authentication...followed the suggestions to edit the iis metabase but
> > found that authenticationproviders already set to NTLM
> > (see
> > http://www.microsoft.com/technet/pro...07c3f2615.mspx)
> >
> > Found a suggestion that it might be to do with Server 2003 SP1 and
> > LoopBack checking so disabled that...no good.
> > (see http://support.microsoft.com/?kbid=896861)
> >
> > Any thoughts/suggestions very gratefully received.
> >
> >