Microsoft KB Archive/297210

= Using Challenge Response Authentication on a Web Site that Incorporates Framesets =

Article ID: 297210

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 6.0

-



This article was previously published under Q297210



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you use frameset pages on a site that uses NT Challenge Response as the only authentication method, 401 errors may appear in the IIS logs during the user's session. The user can successfully access the file shortly after the errors occur, and may experience slight delays in accessing some files.



CAUSE
When Microsoft Internet Explorer attempts to open a page that is divided into multiple frames, it requests the different frames pages simultaneously on separate ports. IIS sees these as separate requests because they are coming in on separate ports, and requires each request to be authenticated individually.



MORE INFORMATION
This is by design for security reasons. Allowing the subsequent sockets to be opened without requiring authentication first leaves the server open to attack.

Additional query words: iis 5 iis5 iis 6 iis 6.0 iis6 IE 401 frame NTLM windows integrated authentication

Keywords: kbprb kbpending KB297210

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.