Authentication with tomcat

TheMSsForum.com: The Microsoft Software Forum

Hello,

I have a problem with IIS (I think):

I'm doing a servlet that work under Tomcat 4.1. She ask for authentication
and check in a database for user and password.

She work fine directly in Tomcat access (8080 port).

But when I try to launch it trougth IIS (isapi_redirect.dll : IIS ->
ISAPII -> Tomcat), it doesn't work...
It's like if IIS make an own authentication...

In fact I see that the http header variable "Authorization" is always void
when I call the servlet trougth IIS and is setted trougth Tomcat (8080).

Anybody has idee?

Thanks a lot...
Top

Re: Authentication with tomcat by David

David
Tue Oct 21 23:18:40 CDT 2003

If you have authentication enabled on IIS and the client send Authorization
header, then IIS will negotiate authentication for you. Otherwise, IIS will
not.

If you want the application to handle its own authentication, then make sure
IIS is only running Anonymous authentication (i.e. no authentication). This
would be a configuration issue since there is no way for IIS to know whether
an application running on it is trying to do some other custom
authentication.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
news:3f94ed75@news.swissonline.ch...
Hello,

I have a problem with IIS (I think):

I'm doing a servlet that work under Tomcat 4.1. She ask for authentication
and check in a database for user and password.

She work fine directly in Tomcat access (8080 port).

But when I try to launch it trougth IIS (isapi_redirect.dll : IIS ->
ISAPII -> Tomcat), it doesn't work...
It's like if IIS make an own authentication...

In fact I see that the http header variable "Authorization" is always void
when I call the servlet trougth IIS and is setted trougth Tomcat (8080).

Anybody has idee?

Thanks a lot...



Top

Re: Authentication with tomcat by Pascal

Pascal
Wed Oct 22 02:33:48 CDT 2003

Thanks for quickly answer.

I try to change IIS config, but I alway have in header "Authorization" the
value "Negotiate TlRMTVNTUAABAAAAB4IAXXXAAAAAAAAAA=".

When I change password or username, this value don't change... I think that
IIS is sending anonymous authentication?

Strange...

Thanks

Pascal

"David Wang [Msft]" <someone@online.microsoft.com> a écrit dans le message
de news: OlmNWcFmDHA.1488@TK2MSFTNGP12.phx.gbl...
> If you have authentication enabled on IIS and the client send
Authorization
> header, then IIS will negotiate authentication for you. Otherwise, IIS
will
> not.
>
> If you want the application to handle its own authentication, then make
sure
> IIS is only running Anonymous authentication (i.e. no authentication).
This
> would be a configuration issue since there is no way for IIS to know
whether
> an application running on it is trying to do some other custom
> authentication.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
> news:3f94ed75@news.swissonline.ch...
> Hello,
>
> I have a problem with IIS (I think):
>
> I'm doing a servlet that work under Tomcat 4.1. She ask for authentication
> and check in a database for user and password.
>
> She work fine directly in Tomcat access (8080 port).
>
> But when I try to launch it trougth IIS (isapi_redirect.dll : IIS ->
> ISAPII -> Tomcat), it doesn't work...
> It's like if IIS make an own authentication...
>
> In fact I see that the http header variable "Authorization" is always void
> when I call the servlet trougth IIS and is setted trougth Tomcat (8080).
>
> Anybody has idee?
>
> Thanks a lot...
>
>
>


Top

Re: Authentication with tomcat by David

David
Wed Oct 22 13:40:18 CDT 2003

That indicates that you have "Integrated Authentication" turned on in the
vdir in IIS. Turn it all off except for Anonymous if you do NOT want IIS to
do any authentication handshakes.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
news:3f96331a$1@news.swissonline.ch...
Thanks for quickly answer.

I try to change IIS config, but I alway have in header "Authorization" the
value "Negotiate TlRMTVNTUAABAAAAB4IAXXXAAAAAAAAAA=".

When I change password or username, this value don't change... I think that
IIS is sending anonymous authentication?

Strange...

Thanks

Pascal

"David Wang [Msft]" <someone@online.microsoft.com> a écrit dans le message
de news: OlmNWcFmDHA.1488@TK2MSFTNGP12.phx.gbl...
> If you have authentication enabled on IIS and the client send
Authorization
> header, then IIS will negotiate authentication for you. Otherwise, IIS
will
> not.
>
> If you want the application to handle its own authentication, then make
sure
> IIS is only running Anonymous authentication (i.e. no authentication).
This
> would be a configuration issue since there is no way for IIS to know
whether
> an application running on it is trying to do some other custom
> authentication.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
> news:3f94ed75@news.swissonline.ch...
> Hello,
>
> I have a problem with IIS (I think):
>
> I'm doing a servlet that work under Tomcat 4.1. She ask for authentication
> and check in a database for user and password.
>
> She work fine directly in Tomcat access (8080 port).
>
> But when I try to launch it trougth IIS (isapi_redirect.dll : IIS ->
> ISAPII -> Tomcat), it doesn't work...
> It's like if IIS make an own authentication...
>
> In fact I see that the http header variable "Authorization" is always void
> when I call the servlet trougth IIS and is setted trougth Tomcat (8080).
>
> Anybody has idee?
>
> Thanks a lot...
>
>
>



Top

Re: Authentication with tomcat by Pascal

Pascal
Thu Oct 23 08:00:13 CDT 2003

Yesssssss!!!! Thanks a lot!!!

Now It work fine. Maybe I'm nuts because I tryed some config in IIS
security...

Pascal

"David Wang [Msft]" <someone@online.microsoft.com> a écrit dans le message
de news: #burp3MmDHA.1408@TK2MSFTNGP11.phx.gbl...
> That indicates that you have "Integrated Authentication" turned on in the
> vdir in IIS. Turn it all off except for Anonymous if you do NOT want IIS
to
> do any authentication handshakes.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
> news:3f96331a$1@news.swissonline.ch...
> Thanks for quickly answer.
>
> I try to change IIS config, but I alway have in header "Authorization" the
> value "Negotiate TlRMTVNTUAABAAAAB4IAXXXAAAAAAAAAA=".
>
> When I change password or username, this value don't change... I think
that
> IIS is sending anonymous authentication?
>
> Strange...
>
> Thanks
>
> Pascal
>
> "David Wang [Msft]" <someone@online.microsoft.com> a écrit dans le message
> de news: OlmNWcFmDHA.1488@TK2MSFTNGP12.phx.gbl...
> > If you have authentication enabled on IIS and the client send
> Authorization
> > header, then IIS will negotiate authentication for you. Otherwise, IIS
> will
> > not.
> >
> > If you want the application to handle its own authentication, then make
> sure
> > IIS is only running Anonymous authentication (i.e. no authentication).
> This
> > would be a configuration issue since there is no way for IIS to know
> whether
> > an application running on it is trying to do some other custom
> > authentication.
> >
> > --
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "Pascal Fluck" <pascal.fluck@spiritsoft.ch.SPAM> wrote in message
> > news:3f94ed75@news.swissonline.ch...
> > Hello,
> >
> > I have a problem with IIS (I think):
> >
> > I'm doing a servlet that work under Tomcat 4.1. She ask for
authentication
> > and check in a database for user and password.
> >
> > She work fine directly in Tomcat access (8080 port).
> >
> > But when I try to launch it trougth IIS (isapi_redirect.dll : IIS ->
> > ISAPII -> Tomcat), it doesn't work...
> > It's like if IIS make an own authentication...
> >
> > In fact I see that the http header variable "Authorization" is always
void
> > when I call the servlet trougth IIS and is setted trougth Tomcat (8080).
> >
> > Anybody has idee?
> >
> > Thanks a lot...
> >
> >
> >
>
>
>


Top