Hello,
I have a ASP.Net 1.1 web application installed on a Windows 2003
Server. The application is set up in a virtual directory and it uses
Windows Integrated Security. The checkbox "allow anonymous access" is
also checked.

It has been working fine and is working fine for most users.

For 3 users I have a problem that on one particular aspx page in my
application, when they click a button (there is only one button in
that dialog) they get prompted for windows credentials!!! This is
really strange! As far as I can see, the server is in the trusted zone
and all other pages in the same directory works. After three tries
(nothing works) they get the infamous "Access is denied due to invalid
credentials.".
I use LocalSystem as the application pool account.
I don't use Impersonation.
The users are in a the same domain as the server, however there are
users from other domains also accessing the system.

My first thought was that the file security on the aspx file was
wrong, but that seems to be ok.

Any ideas?
Best regards
Johan

uu

Does this depend on users having the IE option "Enable Integrated Windows 
Authentication" set?
-- 
Phil Wilson
[Microsoft MVP Windows Installer]
 wrote in message 
news:1186397493.974741.146020@19g2000hsx.googlegroups.com...

> Hello,
> I have a ASP.Net 1.1 web application installed on a Windows 2003
> Server. The application is set up in a virtual directory and it uses
> Windows Integrated Security. The checkbox "allow anonymous access" is
> also checked.
>
> It has been working fine and is working fine for most users.
>
> For 3 users I have a problem that on one particular aspx page in my
> application, when they click a button (there is only one button in
> that dialog) they get prompted for windows credentials!!! This is
> really strange! As far as I can see, the server is in the trusted zone
> and all other pages in the same directory works. After three tries
> (nothing works) they get the infamous "Access is denied due to invalid
> credentials.".
> I use LocalSystem as the application pool account.
> I don't use Impersonation.
> The users are in a the same domain as the server, however there are
> users from other domains also accessing the system.
>
> My first thought was that the file security on the aspx file was
> wrong, but that seems to be ok.
>
> Any ideas?
> Best regards
> Johan
> 

Yes, they have the Trusted Sites set up so that IE will send the
credentials without prompting.
The only reason to show the dialog should be that it tries to access a
file that the user don't have permission to.
I've come a bit forward, it seems that Everyone has Read permissions
in the asp.net application directory, Everyone is to my surprise not
always Every One as one might think, so now I will give a try to give
all Domain Users from all domains Read Access. This seems to be over-
the-top but if that works it is definately a file permission issue.
/ Johan

On 7 Aug, 09:29, a95jo...@hotmail.com wrote:

> Yes, they have the Trusted Sites set up so that IE will send the
> credentials without prompting.
> The only reason to show the dialog should be that it tries to access a
> file that the user don't have permission to.
> I've come a bit forward, it seems that Everyone has Read permissions
> in the asp.net application directory, Everyone is to my surprise not
> always Every One as one might think, so now I will give a try to give
> all Domain Users from all domains Read Access. This seems to be over-
> the-top but if that works it is definately a file permission issue.
> / Johan


Found the solution.
Really strange. It turns out that IE 7 shows this credential error if
the asp.net does not respond for some reason (instead of giving a
timeout error or similar).
I had a database query that took too much time. Stupid of me not to
see but what a confusing behaviour!!
Thanks for help anyway.
/ Johan