Microsoft KB Archive/175805

= PRB: "Access Is Denied" Error When You Expect Logon Dialog Box to Appear =

Article ID: 175805

Article Last Modified on 5/2/2006

-

APPLIES TO


 * Microsoft Visual InterDev 1.0 Standard Edition

-



This article was previously published under Q175805



SYMPTOMS
When using NT Challenge/Response authentication, individuals accessing the site from the Internet receive "Error: Access Is Denied" when trying to access a secure Web page or directory.

Users connecting to the site internally (via corporate LAN) and logged onto the authorized NT Domain are granted access.



CAUSE
NT Challenge/Response (NTLM) is unable to authenticate users who do not have a direct connection to the Internet Information Server (IIS) server. Therefore, users coming to a site through a corporate or ISP Proxy server will receive the "Error: Access Is Denied" message.



RESOLUTION
In order to secure the site for use from the Internet, Basic Authentication must be turned on and NTLM should be turned off. This will allow the individual accessing the page from the Internet the opportunity to enter a valid NT account name and password.



STATUS
This behavior is by design.



MORE INFORMATION
NT Challenge/Response is designed to be used primarily for corporate intranets that use the NT Domain authentication model. Basic security is provided for Web administrators who want to have user authorization on their public Internet site.

Steps to Reproduce Behavior

 * 1) Turn NT Challenge/Response On in Internet Service Manager.
 * 2) Create a secure directory on you Web server, thereby removing IUSR_machinename and Everyone from the access list
 * 3) Put or create a HTML page in the secure directory.
 * 4) Access the page coming from the public Internet.

