tags:

views:

1219

answers:

8
Q: 

IE7 with Integrated Security is asking for credentals, but Firefox does not any idea why?

Hi Folks,

We have a web-site configured for Integrated Security in IIS on the W2003 Server. When we attempt to connect using IE it is asking us for Network credentials. If we supply those credentials we get an Access Denied.

If we configure Firefox to allow that web-site as a trusted URI, we can connect and use the site without any problems.

Does anyone have a clue as to what is going on, or what I could do to resolve this. I've spent most of the morning trying to resolve this and have come up against a brick wall.

The site is on the local intranet, I've setup the server in the local internet zone in IE, but that still does not make a difference. We do have a proxy server but IE is configured to bypass that for local addresses.

Kind Regards Noel

A: 

IE will not always detect local addresses correctly. Try turning off the proxy for testing.

If it works add the server name to the "Do not use..." proxy settings.

chris  2009-04-22 11:49:21
Tried it with the proxy disabled but no luck.
Bigtoe  2009-04-22 11:58:33
A: 

Have you tried to use a tool like Fiddler or Wireshark to see what's really flowing between the client and the server? Maybe Firefox has saved credentials or the server is sending an authentication header that Firefox understands but IE doesn't.

If you could, post the headers the client sends and the server responds with for both -- the answer is likely in them.

Jonathan  2009-04-22 11:52:02
thanks Jonathan, was not aware of those utilities. Will try them now.
Bigtoe  2009-04-22 12:05:03
+1  A: 

Make sure that the site is in a trusted area that allows the forwarding of credentials. Also, make sure that the user that is trying to access the site has been given access through IIS and / or defined in your web.config

In the security area of your Local Intranet Zone make sure that the option to forward your Windows credentials is checked (I don't believe that it is natively)

MasterMax1313  2009-04-22 12:21:11
Had checked all that, still no luck.
Bigtoe  2009-04-22 13:03:17
A: 

Here's the IE/FireFox Request/Response traffic. Thanks for offer of to examine them.

Regards Noel.

IE Request/Responses - Up To Networks Credentials Dialogue.
=================================================================
GET /tp2v3.administration.website/default.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, */*
Accept-Language: en-ie
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)
Host: r1-08-qa
Connection: Keep-Alive

      HTTP/1.1 401 Unauthorized
      Content-Length: 83
      Content-Type: text/html
      Server: Microsoft-IIS/6.0
      WWW-Authenticate: Negotiate
      WWW-Authenticate: NTLM
      X-Powered-By: ASP.NET
      Date: Wed, 22 Apr 2009 12:58:16 GMT
      Proxy-Support: Session-Based-Authentication

      <html><head><title>Error</title></head><body>Error: Access is Denied.</body></html>

GET /tp2v3.administration.website/default.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, */*
Accept-Language: en-ie
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)
Authorization: Negotiate YIIKQAYGKwYBBQUCoIIKNDCCCjCgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCCgYEggoCYIIJ/gYJKoZIhvcSAQICAQBuggntMIIJ6aADAgEFoQMCAQ6iBwMFACAAAACjggP9YYID+TCCA/WgAwIBBaEMGwpaQVJJT04uQ09NohswGaADAgECoRIwEBsESFRUUBsIcjEtMDgtcWGjggPBMIIDvaADAgEXoQMCATCiggOvBIIDq7C1jE6W4jMUYtnsMU9AWzIpvK5HReolYjn/P+j7d8LFRa0dpuNfYL2K/g6MBsP7CchH86C0GclXEIvZjxvX9mM9O3W9pZOoVQwsP/UTSe4Y19rZSDbMU3e7vhJy5jK8BYhRknncQ8aAKj3mQXLeQs5a7C3P6gZ8sJYgcvC29CTmjgV3BEMutrq0Z/6qmiB7pe6hB4RatCNSo2u9hmwR+prRmoV1fx4nd4q8QiQ9X3mfY3NbU4KIAoeTsEHV4vjHiLRx3SNuHaU5ug5PhOYCfF4ZAZLUy8Dy1q3I1+VRrrAlofJNKK8nG6KDwOKmE5mUSO2IPg3TlOrzJS4+qfMU7F1HFMs1naB7cC7fm976EM6CBchnTue3aLMlwsy+KrMmfjocxmHViCrKrrEADHj2aDkbzNy/wwdlqH58Jh5iLPhWwy9B/vLxmLl9s49AJ290KtoBNnrYMYr8pHI5r6JCz5nzcQfsyPA6I2uMUdugNCQGlHkZ1eNyJB81hNbEIxm5mplwsLJqoUYbkBtgThkomiA40CxUYT88bU/CL5O1uZqw+adBgh1+j8E8pg1XGKXX/xzdwYLLehSCgsU0/qlzDRU/vWC/RuaD2M+N3fBygSWaYq9M9gQwHzwoGaIm1j35W33DxUyg7XP9TOUFdw6HZNl6oaXDvBhgdSpRJXKdVbdPn7iUdNHWlw+GYAW75hKoS6zG4ZHyEtd/GiprooXh77WXLlCPO8GRJ+yfC1UPk7DB+hopVGV/a+Ipij6G2ZKqUt90L+nmAp731Sv+hkofudoxRrK6rmCnaqvy9OeKGezczKaWgYCp84TS0i84G8Xoa405AVOJIEvc7H8kUREAjD9H1ALAFv9Rm+4RUmsSB5bbkzf+q0RFtZpmJLnTsrPAQHI6dIcqL2DIIUk+8Lim7MXHvkl85wutcWl8DPt7PIs60p9iPZrLnznocf4N8tuEmBWomA9ELSGIwcyEH54qKg/0VREAKov5OwHe2QL0XcNg3l/cgOtvIygm3WsUgT5ECtHCl3+B40cu6EqOaGosc0e9iQE8SCi48VSZ5Z7EFFFHHFEKJCU7pF4IHTEfzbyAsFWt7MuywUmQ2KvUyMvSrM2/gBw02xcUX3Zlh5x7VxPH3WuYJenOJmQhUgsngvZgFvuDE1dBU601Klvr9Vb8wlpp27xHYS41bSfenww/3jlscIx7fu+uqiVNtAt/k83bb6yf5oKTykB5emsEqwTH4d3R6jfFA2cGx8VmIaSCBdEwggXNoAMCAReiggXEBIIFwH3aJUOOhnAvIFPRvPD3GEcFtKV35K9yhV6dZARcKIOdB2LtDhpAuVJP+qI8IO5NTkWGFRs2sKOiaylajmwJhxNBYSfDlYT/3uHtikblK3EMo4M5+Pg9w7GqnyCEOeIxfk5uu2PeGpbYRFJ2MblVcNDWnQYFlfE/Av3nnMAHljfKWpjrHfOobdovxVO8/e82+z0e8DkHQB5w1QZojhuqaez/1qprKeYDXJrABmnx515x9D7RC8JbULr6JK1umUwT/M2yJM9mfllWp4lmPhEmfWqGAFi9rgTO0TQ6/KzmI0KFgokdZwUpXEeTSCgkYYPP9kCZxSxFnUwxLyvft3CPwaFkuS/h8Nq4agnAmldYjtJ3pp/UdY53C9QxoE5Yv+PwfTJBNlDK1Yi01hUKhuKYkVVe06W/E6sXy/p3LQVgT8OipxDGRLK9alAijs2P4kKu3yrKJKxJdAzA1+8GeoTALCI3OMFTrZsaN2K+elJ6Pg2IM/ubuhyhQhl2urEMvAfROEShsuM6FOOWjmy7QoO/sMfjeY+k+XWJEVjJAM9b66zNqGtItLo4lJMgWPR4FNU4b6ihT/qCi6R6HgnfVJumIdj0pm4vZ5nLlSgU/QVVP9M94F+cb+b7b9r3x6ZJhxTcg0z8g1+ytbNIyGZ83gnfAsANnaiWFq5dL8Ize84RvFzWbLWKLivioo3UH6k9Q2hEvJ7bWhPZYrpyYo16pXL5JuBVNzDR1ue2O7ZA/IjAqZrINLpKS/rt1Z81N90hULihD8K3ReYs7GjaYLWp1MwU0AlACkconHZITZnFRiPFkeP4gYp7F/mRrcCWyndxUj3OTlURKspz7nt36okXn9cmov8hqmzwnDV6WeMW1kvbbygUVyFpITOoLSkMq3rmpWOJOVzd2WQ/YO5CsTNB9ZLcqCvHQf1Jtx3Ho+oyB4IR3XKA4HPKrtYtgi+9bha+wkki3VXreshSJhajYdaShNBVn6TgfiywNCG9YVQgac/GYEVO1m+fpYJjP95LkeqdX3vW5bhrmISyCg7yGAI5MwpthlMAA7B4i/BwLnoCfrDcaCtj5G0dj67LxsuOINNRs05rCmThcpVbDGoViBZII12oiaMQdSKBaoYiXOrPwHxrg9n1ks61MdgzzC7G6HMUISiHlkRE8LIldLLqcexjYhzKpSbH+Nvdf+Ku6GPCjOq/vMRExqZNQOjR6/DcLFKEl8yX3SXGkfIoCwW5aaG50gNRoL8/4UxODTfnsbxyrXUvpldSisU4HpVOFMK7lqmLUOkKUIIG855gaUnnPkUuPr1cW/XW0tSnIzluHOuxsSmSzAzQq4XnOYBC9zc+fYC+5xKzsej1xp66nI2f7hwvo4ruOEGjKXgVdzzQ6vHbIK1y5qUt42hRpi3Sj3kQXnIbHroni+z71xbrbBqR0lO5CQ0w7rnZ0jjIbj7jQeXQx2Dx/K5fBUL8YBAEcwDdsk1RyEbKODOvai/Tyxn33xmpOEjpbdck4vva5aNXtqy49pL2DxwUo/Ri9M8ZWWjaRShuok9exLz6JX3onjBPD9LAfPJrNoo7L3+z7NFw+OyHnCM1SA8xYmt/Jng+WTHd6SZUWJ/vOOfgUI3io1t7wegjmodb7yy+HAWUJO6fPhBWcGx6GquDc6CeVnGjtm+twgAUY0hQSjPZ9/yiHiYvhv+SbVBDHHK6RlkRP5CzwbXRVbkD9fI1ZmH1IBd9QRYAp0EnzeJSweYo8N5/DI+2/TesgFQw2bdBsn+xRlzA9S6SdmPJLp4Hhj2vSqgpCNxd2a0GKlfHbM6LIqJgKYLpI48e7DSH1pWzD7B43j8Fv6miuaGQU78RtxuTetnTo4njntoA/gR4LF7BqZuqoTeB+my3AoQSml83DvTfs68WcefxUDXbYdWh0LKWY7sZRHWefJ/miRNOxljvQf82c9jowkJFL5iKTQbaLKxRUe/6Yta39gaYO0c4
Connection: Keep-Alive
Host: r1-08-qa

      HTTP/1.1 401 Unauthorized
      Content-Length: 83
      Content-Type: text/html
      Server: Microsoft-IIS/6.0
      WWW-Authenticate: Negotiate oYGLMIGIoAMKAQGhCwYJKoZIgvcSAQIConQEcmBwBgkqhkiG9xIBAgIDAH5hMF+gAwIBBaEDAgEepBEYDzIwMDkwNDIyMTMwODQ5WqUFAgMC7LSmAwIBKakMGwpaQVJJT04uQ09NqiYwJKADAgEDoR0wGxsEaG9zdBsTcjEtMDgtcWEuemFyaW9uLmNvbQ==
      X-Powered-By: ASP.NET
      Date: Wed, 22 Apr 2009 13:08:49 GMT
      Proxy-Support: Session-Based-Authentication

      <html><head><title>Error</title></head><body>Error: Access is Denied.</body></html>


GET /tp2v3.administration.website/default.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, */*
Accept-Language: en-ie
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)
Host: r1-08-qa
Connection: Keep-Alive
Authorization: Negotiate oYIKDjCCCgqiggoGBIIKAmCCCf4GCSqGSIb3EgECAgEAboIJ7TCCCemgAwIBBaEDAgEOogcDBQAgAAAAo4ID/WGCA/kwggP1oAMCAQWhDBsKWkFSSU9OLkNPTaIbMBmgAwIBAqESMBAbBEhUVFAbCHIxLTA4LXFho4IDwTCCA72gAwIBF6EDAgEwooIDrwSCA6t/KEYVjGYGHuzZHMIgzUJCcBM+502dyaVZeY71+YzvCb7ha2SI4lTu+8oifn8MK1Uj23nqFgFNvRelFfffPDkJYf+oGuYLSkrWsb1sh2mwt42NTd9zj2U0WNrPIR5QNACouDUyTNr4sOJiF9oNWB6ttnd8GowqdyZFqQP5So0SRn0MseHnF1slSZo07PQNIobI9EC8vfPYu3k8xlIpqdpem6tXxn/pYptOID3pV1tv1wgLcyR6YWcYgjfE5ath7LRoqRPe0w2a0c7OUDyqgiWuoe440eKhGGlMS3FrIVPrqXM4sBvembyaNTXxuk9XBXwEo28FARbFaZUdY1kjBhh4ziMQtoc8tEMbDP5i2qveOCx3LOXu2oL2TV3x9H6eAfPCOqidecOKv+EL9LZDaJzD6VFvNuBRo8Wil+z7E9/XBd91fBS5PHGDhCrp2GMf6o9B9ogCeBEBjC+alOmeYxoYB2qWasgZeOq9DhZ+NlQgR9ITtlzNVCQwu4/sE4TVw1mnLU/JXz3sXpQIVhQdG1iKK6JiKVJ1jLYjPHPB5dQZUOAKMaiTQ24MsE5hJf43GrIqh3oG44hY0JfiBbbBF9Ss1cI4tvZ6nAsAcAvE0ea+J25P6KXcDsBO08kE8jDOUKsENE0l0hcF084fz9lricM2zVi7qMg7KtbRufAKjP7oyiZHIQjAe9JQh7+1YSMXXKEKbA/HAI0AZBLwZOT2LXDwoy+JKlK3FNesJe8PpzrcMFOFYRw4Bv50IKZhglsekAZHVcyG0Maoibt4JbpilvASxbGoKA1qhpXRDuZnBGkgapsm4CQHDepSTBtRP+RjxvXXHsK4R4fyAnR7OeJRfoegdrkKsBEnmLOBFCmClaW4Z1bdRMDbgU1EAT5u/dAK7BXWzFHRGgJ6aNx7lBCmMBau0PFDLJzslqAQ5yM+RCx9knIQ8I7m+XNtxKWpSAYqg1RW4LccN1zGsiZAJhFCQztMtUmnY0F9C8k2xPbJ8uU57wY/kCB9Zy8rzgqaTNSsxih1UxPUwDMBvnEhbVQlTuv+P0nsSB5ERPbIcRc/0OrrHlc+iLeWXFwWvi9zIofQdDQzGqX1a0FJy3/AQNpmkoRO33GHJpXHUuuz92aD7auoNTObfFJlv/Febo9S5k6++lwZP4PJm/UA/bdJ6scAdYqXrIE/RQ3zwoVVnPxrw3M/T6ZE7nplrxKXU3Y7r2JH1NdLZmlvOdn/2YFVo99N9s5//OrRhgmnRxrRRECkggXRMIIFzaADAgEXooIFxASCBcAo8OmqGmZIMmXyPQxyeHuiNXnOsbTtwF/mNvGct9fCJEBOAdr0JtPmD/4PZGvfgtgF5Wq3XCKeS5At79Jk4x1hYDb5geZdVTirrGpta7Jc8gbdSsagNhIB86sotgte5s7389f78a0xqY/t2EV6PJy/59tGJHIGmElP1tDCvoFLsGLXx17KsRyVCwepRhefQolUq8h2FxmGJa5J8CFvXmOJjq8sytR4650vcSAKyazUpE3ygvsiQSWgzmOqPm54+IlHT8Wx32rhMWqCSRYasTbcaxaZXq8X6gQN5hO4jozrrM8xoEhbHjhEOJWqbeX85eh4p5ANk4Ggaly2JoMxwTa95TQdur3esMc5GRV7Bd/XVNpMPs9Iovvu43c+cJuMFgOCo1+0kCeTOXqGOJ/2qK2HjriEPV71q/re2VUf0sRgBdFKwPGRBge1KKFj/aTneN9L0YITPW3jBQzo1tptgpYlUSoK6LcKHm2V+zoIW+dfUVJlT1Zvgj7dSFJHz/Up70pKe0s7/5sW42zbB4g2ooaIWI9m0IVrn9ZdkTNbwwsJ/b6zyf1S+5d1vs5Hpp3DUSQe5D2EuAQPYPWWNKjhDK3KYbOZ8N/26qYXGxr/mLYLbR7xrRj3iDTHPUUyp2/whI+Cp09Bp4rZX9oFeKu6wWVsevMZXNSqdGWcJAjeK1vZKKmgXRxCrdhEf1RBPq78t+QLuzZSbNSX7ZUUPrgIAf7OvzEKBq1zt+NSf30++mPOF+0QGXNyusZQVIESsy4STIEMguM94m/8jykFfRM+m6a5dAKFAVCfwk36+4Vj+kR+4ZrwjQ+vpmluzrAencKuWOuFABZvZrZ/zxEn+NgaatBhfi71bxAan+i0q4+bJf1g/Lgamhuywdo7B9SjnLU2Y5vsWAn5Q0hMQOwTA9mf7Ba/652pmHaox3nAmBZFhTILD3loPjCAhT7LtylTBLEyWV2Mo9jTos17rM0zxVLkFz1uwW6Lvok8bxucMfvv6nUSggeg4ZVdvkCBUDwpDwykskbxJpIlnL1BBPlqBr9qOLYhhZgCXJkBvvB8i50NEtCMfBAGgHJyZo5xx8oYVk+kilunhHPAS8Z3D1bOyMyI4UZbNmHjstKW1/j3AedwQcwcC9Ws3nIlZW929+NJOQtsErkUz1tAFbH+lOc/CCtJkBfV8psAbj6mhaF4ZzR6hiGaz3U4Mf68eupzrlRd2bEeYv/pqM32lHW9yurtBipLux9bCZ4jCbZ8XXHcLmr1f1rDLV/nGEkiv07BDx6xDWZW//jY2D3P/sVovlMkgl/Qqd95ZJZvEIN6xtL0Rm1Pn3M19gb0K1MSx5gDGiKRn0BvQHgi/D2EW0eZ2cmI75zQfh4ztkd2G1HmYRqnp9V67lX1OZApWQPeBLarakgEZ3SQAQ0m9JaHQIdLX+pkrmJtqti0U1vF6Hk1IetZynH/29JGOiO2cKCpV+OsJQi/IfCRAwfCFxjIT1FpBtTPPCVe2U/8ca3NlrA0ftQIGS4lTGv/4A20dTEQo16s/B1ty9WXhf4M/OPq4BwJK9y7+pXzskxIDUymnMa3XdYuz90WnebDFv9y2eqThXVQ34TDmV7TnMiNU7KDeZ6gm/XYl0g0NxMZpHqXT+XElSgF2aUa0gyu9SPfFhWnBfq95hB8Af6ydvzWBs/PKROjg9wYvXDnJUegQpb0RTrry1cHCv950tFC0zh7XtQIZtXF2GBwrGZPasjSP1MAfitzAGUOlyVj16cQId3wRO/6XqJO8FLsIe6vngtpHQ8cVmg9EXiiVprtE7aoo8yTHllCX4ZutvL4AToNJVGEnea6FsSCDwRhUQLwTgh0fnpTjW9hW3aWbjjwbIjiwJVvHkn4G3xv7urHdXAWy91xM8McrZXL7pU32eCRfNQmoeuSBkekOQZFjz3nwaWfmcSAQIlJHn87NlJMZeLDhAHDtZd8z+mOp5prBP9TVA==

      HTTP/1.1 401 Unauthorized
      Content-Length: 83
      Content-Type: text/html
      Server: Microsoft-IIS/6.0
      WWW-Authenticate: Negotiate oX0we6ADCgEBonQEcmBwBgkqhkiG9xIBAgIDAH5hMF+gAwIBBaEDAgEepBEYDzIwMDkwNDIyMTMwODQ5WqUFAgMDKb2mAwIBKakMGwpaQVJJT04uQ09NqiYwJKADAgEDoR0wGxsEaG9zdBsTcjEtMDgtcWEuemFyaW9uLmNvbQ==
      X-Powered-By: ASP.NET
      Date: Wed, 22 Apr 2009 13:08:49 GMT
      Proxy-Support: Session-Based-Authentication

      <html><head><title>Error</title></head><body>Error: Access is Denied.</body></html>

Network Credentials Dialogue then pop's up.

FireFox Requests/Responses Till the 1st Successful Request.

GET /tp2v3.administration.website/default.aspx HTTP/1.1
Host: r1-08-qa
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-ie
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

      HTTP/1.1 401 Unauthorized
      Content-Length: 83
      Content-Type: text/html
      Server: Microsoft-IIS/6.0
      WWW-Authenticate: Negotiate
      WWW-Authenticate: NTLM
      X-Powered-By: ASP.NET
      Date: Wed, 22 Apr 2009 13:11:04 GMT
      Proxy-Support: Session-Based-Authentication

      <html><head><title>Error</title></head><body>Error: Access is Denied.</body></html>


GET /tp2v3.administration.website/default.aspx HTTP/1.1
Host: r1-08-qa
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-ie
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogYABgAwAAAACAAIACgAAAAFASgKAAAAD05MWVNBR0hUWkFSSU9O

      HTTP/1.1 401 Unauthorized
      Content-Length: 83
      Content-Type: text/html
      Server: Microsoft-IIS/6.0
      WWW-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADgAAAAFgomiKWBzG8sls3wAAAAAAAAAAIIAggBEAAAABQLODgAAAA9aAEEAUgBJAE8ATgACAAwAWgBBAFIASQBPAE4AAQAQAFIAMQAtADAAOAAtAFEAQQAEABQAegBhAHIAaQBvAG4ALgBjAG8AbQADACYAcgAxAC0AMAA4AC0AcQBhAC4AegBhAHIAaQBvAG4ALgBjAG8AbQAFABQAegBhAHIAaQBvAG4ALgBjAG8AbQAAAAAA
      X-Powered-By: ASP.NET
      Date: Wed, 22 Apr 2009 13:11:04 GMT
      Proxy-Support: Session-Based-Authentication

      <html><head><title>Error</title></head><body>Error: Access is Denied.</body></html>

GET /tp2v3.administration.website/default.aspx HTTP/1.1
Host: r1-08-qa
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-ie
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHQAAAAYABgAjAAAAAwADABIAAAAEAAQAFQAAAAQABAAZAAAAAAAAACkAAAABYKIogUBKAoAAAAPWgBBAFIASQBPAE4AbgBsAHkAcwBhAGcAaAB0AE4ATABZAFMAQQBHAEgAVABY8nEGtCxA6AAAAAAAAAAAAAAAAAAAAADypTTGGfNQwTDfUA8dB2VSGiRZStKTPIU=

      HTTP/1.1 200 OK
      Date: Wed, 22 Apr 2009 13:11:04 GMT
      Server: Microsoft-IIS/6.0
      X-Powered-By: ASP.NET
      X-AspNet-Version: 2.0.50727
      Set-Cookie: ASP.NET_SessionId=30ys5zfxo1ove145a4zukkul; path=/; HttpOnly
      Cache-Control: private
      Content-Type: text/html; charset=utf-8
      Content-Length: 7501



      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

      <html xmlns="http://www.w3.org/1999/xhtml" >
      <head id="ctl00_Head1"><title>
       TP2v3 Administration
      </title><link href="App_Themes/MSN_CherryBlossom/default.css" type="text/css" rel="stylesheet" /><link href="/TP2v3.Administration.WebSite/Static/Css/Style.css" type="text/css" rel="stylesheet" /><script type="text/javascript" src="/TP2v3.Administration.WebSite/Static/Scripts/Constants.aspx"></script><script type="text/javascript" src="/TP2v3.Administration.WebSite/Static/Scripts/Common.js"></script></head>
      <body class="RootSectionColour">

          <form name="aspnetForm" method="post" action="default.aspx" id="aspnetForm">
      <div>
      <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTgyODQ0Mzk3MQ9kFgJmD2QWAgIBD2QWAgICDw8WAh4EVGV4dAUESG9tZWRkZJ5c9WxhLKzCw+RVx9xZf+7hTJ7f" />
      </div>

              <table border="0" cellpadding="5" cellspacing="0" style="width: 100%; height: 100%">
                  <tr>
                      <td style="width: 200px;" class="RootSectionColour" valign="top" >
                          <a href="/TP2v3.Administration.WebSite/"><img id="ctl00_Image2" border="0" src="static/images/adminlogo.gif" style="border-width:0px;" /></a>
                          <table border="0" cellpadding="0" cellspacing="5" style="width: 100%">
                              <tr>
                      <td valign="top">
                          <div class="Menu">
      <div class="CurrentUser">ZARION\nlysaght</div><br />
      <div class="MenuItem ApplicationsSectionColour MenuItemNotSelected"><img src="/TP2v3.Administration.WebSite/Static/Images/applications16x16.gif" /> <a href="/TP2v3.Administration.WebSite/ApplicationConfiguration">Servers</a>
      </div>
      <div class="MenuItem SystemSectionColour MenuItemNotSelected"><img src="/TP2v3.Administration.WebSite/Static/Images/system16x16.gif" /> <a href="/TP2v3.Administration.WebSite/SystemConfiguration">System</a>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/Attributes">Attributes</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/BaseFields">Base Fields</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/Classes">Classes</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/CommonConfiguration">Common Config</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/PooledUserGroups">Pooled User Groups</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/SqlConnections">SQL Connections</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/WorkQueues">Work Queues</a></div>
      <div class="MenuItem SystemSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/SystemConfiguration/Diagnostics">Diagnostics</a></div>
      </div>
      <div class="MenuItem ModulesSectionColour MenuItemNotSelected"><img src="/TP2v3.Administration.WebSite/Static/Images/modules16x16.gif" /> <a href="/TP2v3.Administration.WebSite/Modules">Modules</a>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/DocLink">Document Link</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/DRT">DEC</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/EmailGateway">Email Gateway</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/Metrics">Metrics</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/TP2Monitor">TP2 Monitor</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/WorkRating">Work Rating</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/Converter">Converter</a></div>
      <div class="MenuItem ModulesSectionColour"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="/TP2v3.Administration.WebSite/Modules/Acknowledgement">Acknowledgements</a></div>
      </div>
      <div class="MenuItem UsersSectionColour MenuItemNotSelected"><img src="/TP2v3.Administration.WebSite/Static/Images/user16x16.gif" /> <a href="/TP2v3.Administration.WebSite/Users">Users</a>
      </div>
      <div class="MenuItem GroupsSectionColour MenuItemNotSelected"><img src="/TP2v3.Administration.WebSite/Static/Images/group16x16.gif" /> <a href="/TP2v3.Administration.WebSite/Groups">Groups</a>
      </div>
      </div>

                      </td>
                  </tr>
              </table>
                      </td>
                      <td valign="top">
                          <div class=Breadcrumbs>
                          <table class="SimpleTable">
                          <tr>
                          <td>
                          <span id="ctl00_lblTrail">Home</span>
                          </tr>
                          </table>
                          </div>                    

                          <div class="Breadcrumbs RootSectionColour">
      <table class="SimpleTable"><tr><td>
      </td><td align="right">
      </td></tr></table>
      </div>



         <p><h1>touchpoint2 v3 Administration</h1></p>

         <table class="SimpleTable" cellpadding="4" cellspacing="12">
          <tr>
              <td class="ApplicationsSectionColour HomePageSection">
                  <a href="/TP2v3.Administration.WebSite/ApplicationConfiguration"><img src="/TP2v3.Administration.WebSite/Static/Images/Applications48x48.gif" />   
                  Servers</a>
                          </td>
              <td class="SystemSectionColour HomePageSection">
                   <a href="/TP2v3.Administration.WebSite/SystemConfiguration"><img src="/TP2v3.Administration.WebSite/Static/Images/System48x48.gif" />   
                 System</a> 
              </td>
          </tr>
          <tr>
              <td class="ModulesSectionColour HomePageSection">
                  <a href="/TP2v3.Administration.WebSite/Modules"><img src="/TP2v3.Administration.WebSite/Static/Images/Modules48x48.gif" />   
                 Modules</a>
              </td>
              <td class="UsersSectionColour HomePageSection">
                  <a href="/TP2v3.Administration.WebSite/Users"><img src="/TP2v3.Administration.WebSite/Static/Images/User48x48.gif" />   
                  Users</a> 
              </td>
          </tr>
          <tr>
              <td class="GroupsSectionColour HomePageSection">
                   <a href="/TP2v3.Administration.WebSite/Groups"><img src="/TP2v3.Administration.WebSite/Static/Images/Group48x48.gif" />   
                  Groups</a>
              </td>
              <td>         
              </td>
          </tr>
         </table>


                      </td>
                  </tr>
              </table>
          </form>
      </body>
      </html>

Page then displays successfully.

Bigtoe  2009-04-22 13:20:49
Sorry, I should have mentioned this when I asked you to post the headers. Edit out the encoded content of those 'Authentication' headers. In theory, someone could try to take them apart to figure out your password (though I don't know how hard it is in practice).
Jonathan  2009-04-22 13:56:06
A: 

Given the other answers: what if you set up a dummy domain name in your client's hosts file, to fool Internet Explorer in thinking it's not a local address?

And maybe the following will get you into the right direction, though I doubt it:

I've set up many instances of Tomcat server sitting behind IIS (because part of the functionality of the site needed IIS to get, don't ask, Microsoft DRM running). If memory serves me well, Tomcat (or the ISAPI Tomcat Connector) would never be given the Basic Authentication headers supplied by Internet Explorer, as IIS took those away after failing to use the credentials for the Windows Authentication (which I did not ask for when sending the Authorization Required response in Tomcat...). However, in Firefox I could trick IIS by hitting Cancel in the login dialog. Next, a second dialog would be shown, which would then work fine. That second dialog would also show the realm specified in Tomcat, while the first would show some generic IIS message. Disabling Integrated Security in IIS did the trick for us.

So: are the prompts the same in Internet Explorer and Firefox? And maybe you can play around with hitting Cancel upon first login -- of course, that won't solve your problem, but maybe you get more details... Or maybe you can change the order of the supported authentication methods in IIS, or remove Basic Authentication altogether?

Arjan  2009-04-22 13:23:26
A: 

not sure if this will work but when i was mucking around with spnego authentication and firefox i hade to:

about:config

search for negotiate

add the server to trusted-uris

EDIT: looks like firefox is using old NTLM and IE is doing negotiate authentication which kinda explains why firefox is working. i susepct if you add your server to the trusted spnego urls firefox will stop working as well.

drscroogemcduck  2009-04-22 13:37:45
Firefox is working fine. It's IE that is the problem.
Bigtoe  2009-04-22 13:38:53
+1  A: 

Ah, this sounds familiar. This sounds just like an issue we've been having with our SharePoint server -- Firefox would get redirected to the login and work like a charm, but IE would get challenged and fail.

SharePoint, Office Live Add-in and 403 Forbidden

Since you didn't mention SharePoint here, I'm guessing that's not the server-side product involved, but it sounds like a very similar problem (and I see the problematic office headers in the request you posted). Do you have this problem from another machine with IE 7 but not that "Office Live Add-in"? Maybe your server app is doing similar checking for Office that SharePoint does.

Jonathan  2009-04-22 13:50:25
A: 

Hi Folks, Thanks for all the replies, we eventually tracked this down to a WinHttp proxy services that was running on the server. For some reason it was interfering with IE requests but not with Firefox. Once we disabled it everything worked fine. The service was called

WinHTTP Web Proxy Auto-Discovery Service

Bigtoe  2009-06-11 07:48:01

related questions

Prevent Use of the Back Button (in IE)
How to stop IIS asking authentication for default website on localhost
Why do I cannot jQuery my page under Internet Explorer
How To Write a Plug-In for IE
Firefox vs. IE: innerHTML handling
Detect DOM modification in Internet Explorer
Good reasons for not letting the browser launch local applications
Printing DOM Changes
IE6 security login (debugging via VirtualPC)
What is your best tool or techniques for getting the same display on IE6/7 and Firefox?
IE 7+ Favorites
IE Securty Zone Issues
JavaScript Profiler in IE
IE6 - can't load a normal JPG
Opening Explorer shell with admin priveleges on XP (with IE7 installed)
Should we support IE6 anymore?
How do I add a pre tag inside a code tag with jQuery?
How can I get Unicode characters to display properly for the tooltip for the IMG ALT in IE7?
Weird event behavior in IE7
Firebug for IE
Debugging Javascript in Internet Explorer and Safari
IE6: To support or not to support.
Tabbed file browsing in Windows
Debugging: IE6 + SSL + AJAX + post form = 404 error
Javascript troubleshooting tools in IE