WIn Logon sucessful but IIS says not authorized to view page

I have set security on our management website to users and administrators only. Can logon with administrator accounts, but not any user accounts. The real mystery is that the W2K security logs show the logon attempt as being sucessful with user accounts, but IIS continues to ask for username/pwd until the "You are not authorized to view this page" message appears. Any suggestions will be appreciated!

Jonathan
Fri Jan 02 14:09:40 CST 2004

Hi,

Try adding "Authenticated Users" (with Read permission) to the NTFS security
on the folder(s)

--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.


"Curt Griggs" <prorally@earthlink.net> wrote in message
news:A7D7B697-F861-4F3D-B6DD-CD9B41D464F0@microsoft.com...
> I have set security on our management website to users and administrators
only. Can logon with administrator accounts, but not any user accounts.
The real mystery is that the W2K security logs show the logon attempt as
being sucessful with user accounts, but IIS continues to ask for
username/pwd until the "You are not authorized to view this page" message
appears. Any suggestions will be appreciated!

David
Fri Jan 02 16:36:33 CST 2004

Being able to log on a user is only part of authentication/authorization.
Once a user is logged on, they have to be authorized by ACLs on the resource
to access it. If either fails, you will get "access denied", and that's by
design.

If you turn off IE's "Show Friendly HTTP Errors" option, you can determine
which leg of authentication/authorization is failing, and then you can
address your configuration problem.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Curt Griggs" <prorally@earthlink.net> wrote in message
news:A7D7B697-F861-4F3D-B6DD-CD9B41D464F0@microsoft.com...
I have set security on our management website to users and administrators
only. Can logon with administrator accounts, but not any user accounts.
The real mystery is that the W2K security logs show the logon attempt as
being sucessful with user accounts, but IIS continues to ask for
username/pwd until the "You are not authorized to view this page" message
appears. Any suggestions will be appreciated!

prorally
Fri Jan 02 19:41:08 CST 2004

I've found it is an HTTP 401.3 error so am verifying all permissions related to IIS. Of further interest all Users cannot logon the server locally, even though local permissions are set to allow local logons. Thanks for any advise.

Jonathan
Fri Jan 02 20:21:29 CST 2004

What error do the local users get when they try to log on?

Are you using AD?

--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.


"Curt Griggs" <prorally@earthlink.net> wrote in message
news:91878519-CBAA-412B-9C77-DB7408270DE8@microsoft.com...
> I've found it is an HTTP 401.3 error so am verifying all permissions
related to IIS. Of further interest all Users cannot logon the server
locally, even though local permissions are set to allow local logons.
Thanks for any advise.

prorally
Fri Jan 02 21:51:20 CST 2004

No, not using AD. The server is not part of a domain.

prorally
Fri Jan 02 21:51:15 CST 2004

It's odd as a typical error is not given. Instead a Successful Logon (event 528) is logged, immediately followed by the logoff event (#538).

Jonathan
Fri Jan 02 23:15:49 CST 2004

Have you changed anything on the system recently?
Do you have a recent backup?

--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.


"Curt Griggs" <prorally@earthlink.net> wrote in message
news:B8CDD19D-39B3-4B22-A818-CA693251A386@microsoft.com...
> It's odd as a typical error is not given. Instead a Successful Logon
(event 528) is logged, immediately followed by the logoff event (#538).